A Brief Introduction to VLANs

A Brief Introduction to VLANs

A LAN is a grouping of two or more devices on a network. A VLAN is a virtual LAN, a subgroup within a local network.

VLANs make it easy for network administrators to separate a single switched network into multiple groups to match the functional and security requirements of their systems. However, VLANs are entirely virtual. They can be implemented without having to run new cables or make major changes in the existing network infrastructure.

In the above diagram, one switch is supporting two virtual networks–two VLANs. The users on VLAN-10 cannot access the devices on VLAN-20, and vice-versa.

Some of the benefits of VLANs are:

• They improve network performance by reducing the size of broadcast domains. In a broadcast domain, every device can send packets to every other device, and every packet must be received and processed. When a broadcast domain becomes very large, this can degrade the performance of switches on the network due to the high volumes of broadcast data.
• VLANs allow for the adding of additional layers of security. For example, a specific VLAN can be created for users with specific security clearances.
• VLANs make device management easier. If a user moves to a new physical location, the physical workstation of that user does not need to be reconfigured. Also, if a user stays in the same location but changes jobs, only the VLAN membership of the workstation needs to be changed.

For multiple VLANs to communicate with each other, a router is required. Routers between VLANs filter broadcast traffic, enhance network security, perform address summarization, and mitigate network congestion.

One real-world example where VLANs are very useful is in ITS (Intelligent Transportation System) applications. ITS network transmission data includes critical traffic control signals, security surveillance video streams, and digital sign board data. Different data types have different urgencies and data security requirements. When there is a conflict between different types of data, critical traffic control signals must have the highest transmission priority, and this data must not be dropped. For this purpose, it is recommended to use VLANs for data separation and QoS (Quality of Service) classification. The traffic control signal data, on its own VLAN, will be assigned a high priority level so that the transmissions will be given priority when network traffic is heavy.

VLANs can improve the performance of switched networks. Creating logical sub-networks limits broadcast traffic in workgroups or to a defined set of users.

VLANs enhance network security, as frames are delivered only to the intended recipients, and broadcast frames are only sent to members of the same VLAN. Users that require access to sensitive information can be segmented into separate VLANs from the general user group, regardless of physical distance.

A VLAN is not limited to a single switch if trunk ports are used to connect multiple switches. A VLAN can have a different number of ports of different switches. The link between trunk ports provides the connection between VLAN ports on each switch. VLANs are an effective and logical tool for managing large networks.