What is VLAN and Hoe Does it Works?

VLAN stands for Virtual Local Area Network.

A VLAN is a specialized network made up of one or more local area networks. It enables the integration of devices from several networks into a unified logical network. As a result, a virtual LAN is generated that may be administered in the same way that a physical LAN is.

How does VLAN Works?

The switch only sends data to the port on which the VLAN is configured on the special port, performing address learning, filtering, and loop elimination process like a separate physical bridge. The VLAN is created in an Ethernet switch, and then the switch’s ports are allocated to the newly created VLAN.

Difference between LAN & WAN?

VLANs are typically used in their data center when there are more than 200 devices in the LAN to separate specific traffic within a business. Because the number of switches with various network portions grows. LAN traffic makes it difficult for users to manage the remainder of the network. In a VLAN network, a single switch functions as a layer 2 or many switches of the OSI mode.

Types of VLAN

VLANs are mainly classified into five types. They are

  • Voice VLAN
  • Data VLAN
  • Default VLAN
  • Management VLAN
  • Native VLAN

What is Gateway in networking?

Default VLAN:-

When the switch first powers up, all switch ports join the default VLAN (usually, all switches have a default VLAN named VLAN 1), making them all part of the same broadcast domain. Using default VLAN allows every network device attached to any switch port to communicate with other network devices connected to other switch ports. One distinguishing feature of the Default VLAN is that it cannot be renamed or deleted.

Data VLAN:-

Data VLANs are used to separate a network into two groups. There are two groups of users and two groups of gadgets. This VLAN, often known as a user VLAN, is only used for user-generated data. This VLAN simply transports data. It does not transmit management traffic or voice.

Voice VLAN:-

The Voice VLAN is set up to carry voice traffic. Voice VLANs typically have higher transmission priority than other types of network traffic. We must have a separate voice VLAN to ensure voice over IP (VoIP) quality (delay of fewer than 150 milliseconds (ms) over the network), as this will preserve bandwidth for other applications.

Management VLAN:-

A management VLAN is set up to gain access to a switch’s management capabilities (traffic like system logging, and monitoring). VLAN 1 is the administration VLAN by default (VLAN 1 would be a bad choice for the management VLAN). If the administrator has not established a unique VLAN to act as the management VLAN, any of the switch VLANs might be defined as the management VLAN. This VLAN ensures that management bandwidth is accessible even when user traffic is high.

Native VLAN:-

This VLAN identifies traffic arriving from both ends of a trunk link. A native VLAN can only be assigned to an 802.1Q trunk port. The 802.1Q trunk port routes untagged traffic (traffic from no VLAN) to the native VLAN. The native VLAN should be configured as an unused VLAN.

What are the Security Concerns on a LAN?

One of the advantages of a LAN is the ease with which users can access network resources and resources on other network devices. This can easily become a liability as well; when each network user has complete access to every other device, there should always be some cause for concern. In this regard, a LAN can pose a security issue.

Consider a less-than-trustworthy network user. Because of the nature of a LAN, he has access to all of the network’s resources. That rogue user might have complete access to all devices, and if they wanted to steal all network data from another user, it’s practically impossible to prevent that from happening without a high-end switch with significant Layer 2 functionality.

What are the ranges of VLAN?

Ranges of VLAN

Range Description
VLAN 0-4095 It is referred to as Reserved VLAN, which cannot be seen or used.
VLAN 1: This is a switch’s default VLAN. This VLAN cannot be deleted or edited, but it can be used.
VLAN 2-1001: It is a standard VLAN range. It is possible to create, amend, and delete it.
VLAN 1002-1005: For token rings and FDDI, these are the CISCO defaults. This VLAN cannot be deleted.
VLAN 1006-4094: It is called an extended range of VLANs.

Characteristics of VLAN

The important characteristics of VLAN are

  • Virtual LANs provide structure for grouping devices, even though their networks are not the same.
  • It expands the number of broadcast domains that can be used in a LAN.
  • Implementing VLANs reduces security threats by reducing the number of hosts connected to the broadcast domain.
  • This is accomplished by creating a separate virtual LAN for only the hosts that contain sensitive data.
  • It has a flexible networking approach that organises users based on departments rather than network geography.
  • It can alleviate congestion by sharing traffic because each VLAN operates as a distinct LAN.
  • Each port on a workstation can be used with full bandwidth.
  • Terminal reallocations are now simple.
  • A VLAN can be shared by numerous switches.
  • The trunk link can handle traffic for many LANs.

VLAN Application/Purpose

The following are some of the most important applications of VLAN:

  • VLAN is utilised when your LAN has more than 200 devices.
  • It can be very useful when there is high traffic on LAN
  • VLAN is suitable when a group of users requires increased security or is slowed by several broadcasts.
  • When users are not on the same broadcast domain, it is used.
  • Convert a single switch into several switches.

Advantages and Disadvantages of VLAN

Advantages of VLAN

  • VLAN gives more security
  • It helps to reduce the broadcast domains
  • It boosts the network’s security.
  • Easy to manage the device by using VLAN
  • It improves performance and reduces network latency
  • VLAN can be used to keep hosts apart.

Disadvantages of VLAN

  • A packet can be transferred from one VLAN to another.
  • An inserted packet could result in a cyber-attack.
  • A single threat in a single system can propagate a virus over a whole logical network.
  • In large networks, an additional router is required to control the workload.
  • Interoperability issues may arise.
  • A VLAN cannot communicate with other VLANs.