Stop Ransomware
Stop Ransomware


What is VLAN? Types, Advantages, Example

What exactly is a VLAN?
A virtual local area network, or VLAN, is a custom network that is created by combining multiple local area networks. It makes it possible to combine into a single logical network a collection of devices that are distributed across multiple physical networks. As a consequence, a virtual LAN is produced, which must be managed in the same way as a physical LAN. Virtual Local Area Network is the full form that VLAN is abbreviated to when written out.

The topology shown below illustrates a network in which all hosts are contained within the same virtual LAN:

network in which all hosts are located within the same VLAN

Without the use of virtual local area networks (VLANs), a broadcast that is sent from a host can easily reach all of the network devices. Every single device will be responsible for processing broadcast received frames. It is possible for it to increase the amount of CPU overhead on each device and lower the network’s overall security.

If you configure the interfaces on both switches to belong to different VLANs, a broadcast sent from host A will only be able to communicate with devices that are part of the same VLAN. Hosts on VLANs won’t even be aware that a communication has taken place between the two networks. This is demonstrated in the image that follows:

Only devices that are accessible within the same VLAN are accessible to Host A.

A virtual local area network, or VLAN, is an extension of a local area network (LAN). A local area network, or LAN, is a network that connects multiple computers and other electronic devices in a confined space, such as a single building, such as a school, laboratory, home, or office. It is a very helpful network that allows users to share resources such as files, printers, games, and other applications with one another.

How VLAN works

In networking, virtual local area networks (VLANs) are identified by a number.

A Valid range is 1-4094. When configuring a VLAN switch, you will need to assign each port with the appropriate VLAN number.

After that, the switch will make it possible for data to be transmitted between different ports that belong to the same VLAN.

Because almost all networks are larger than a single switch, there ought to be a way to send traffic between the switches that are used in those networks.

The assignment of a port on each network switch to a VLAN and the subsequent installation of a cable between the switches is a method that is both straightforward and uncomplicated.
Illustration of a VLAN

The following illustration shows that there are 6 hosts connected to 6 switches that each have their own unique VLAN. In order to connect two switches together, you will need six ports. This indicates that even if you have 45 port switches, you will only be able to accommodate 24 hosts even if you have 24 different VLANs.

VLAN Ranges

Here are the important ranges of VLAN:

Range Description
VLAN 0-4095 Reserved VLAN, which cannot be seen or used.
VLAN 1: This is a default VLAN of switches. You cannot delete or edit this VLAN, but it can be used.
VLAN 2-1001: It is a normal VLAN range. You can create, edit, and delete it.
VLAN 1002-1005: These ranges are CISCO defaults for token rings and FDDI. You cannot delete this VLAN.
VLAN 1006-4094: It is an extended range of VLANs.

Example of VLAN

Virtual LANs provide a framework for creating groups of devices, even when those devices are connected to different networks.

It raises the maximum number of broadcast domains that a LAN can support.

The number of hosts that are connected to the broadcast domain will decrease when VLANs are implemented, which will result in a reduction in the security risks.

This is accomplished by configuring a separate virtual LAN that is accessible to only the hosts that contain sensitive information.

It makes use of a flexible networking model that organises users into groups according to the departments they belong to rather than by their network location.

Changing hosts or users on a VLAN is a fairly straightforward process. It merely requires a new configuration at the port level.

Characteristics of VLAN

Sharing traffic across multiple VLANs, each of which functions independently as its own LAN, can help ease congestion on a network.

It is possible to use a workstation with the maximum bandwidth at each port.

The process of reallocating terminals is simplified.

A VLAN may span more than one switch at a time.

Multiple local area networks’ traffic can be carried over by the trunk’s link.

Different categories of virtual local area networks (VLANs)

The most important categories of VLANs are as follows:

Types of VLANs

Grouping virtual local area networks based on ports is what port-based VLANs do. One distinguishing characteristic of this kind of virtual LAN is that a switch port’s membership in a VLAN can be set up manually.

Because every other port is set up with a VLAN number that is very similar to this one, any devices that are connected to this port will automatically become members of the same broadcast domain.

The difficulty that comes with using a network of this type is determining which ports are suitable for each VLAN. When looking at the physical port of a switch, it is not possible to determine which VLAN the port belongs to. Checking the information pertaining to the configuration will give you the answer.

A VLAN That Is Based On Protocol

This variety of virtual local area network (VLAN) processes traffic based on a protocol that can be employed to define filtering criteria for tags, which are packets that are untagged.

In this particular Virtual Local Area Network, the layer-3 protocol is what the frame carries, and it is used to determine membership in the VLAN. It is functional in environments that use multiple protocols. In a network that relies primarily on IP, this approach is impractical and cannot be used.

VLAN Based on MAC Addresses

Through the use of MAC-based VLANs, incoming untagged packets can be assigned a virtual LAN, and traffic can then be categorised in accordance with the source address of the packets. Configuring the mapping of an entry in the MAC table to the VLAN table is how you give a MAC address to VLAN mapping its definitive form.

The source Mac address is used to specify this entry along with the correct VLAN ID. All of the device ports share the same table configurations with one another.
The Value Added by VLAN

The following is a list of the most significant advantages and benefits of VLAN:

  • It is an answer to a problem with broadcasting.
  • The size of broadcast domains is decreased by using VLAN.
  • The use of VLAN enables you to add an extra layer of security to your network.
  • It has the potential to simplify and facilitate device management.
  • A more logical classification of the devices can be achieved by grouping them according to their functions rather than their locations.
  • It gives you the ability to create groups of devices that can logically communicate with one another and act as though they are part of their own network.
  • It is possible to logically divide networks into departments, project teams, or functions based on their contents.
  • VLAN allows you to more easily geographically organise your network in order to support your expanding business.
  • Improved performance at the expense of less latency.

Performance is improved with the use of VLANs.

Users may be working on confidential information that should not be viewed by any other users while they are working on it.

  • The VLAN protocol does away with the physical boundary.
  • It enables you to easily separate different parts of your network.
  • It works to improve the overall security of your network.
  • VLAN allows you to maintain the separation of hosts.
  • Because you do not need any additional hardware or cabling, you are able to save money as a result of this.
  • Because the IP subnet of the user can be changed in software, it offers operational benefits that are advantageous.
  • It lessens the overall quantity of devices required for a specific network topology.
  • The management of physical devices is simplified thanks to VLAN.

Disadvantages of VLAN

The following is a list of the significant disadvantages or drawbacks of VLAN:

  • It is possible for a packet to travel from one VLAN to another.
  • A cyberattack could be triggered by a packet that was maliciously injected.
  • A virus could be propagated throughout an entire logical network by a threat that originated in a single system.
  • In order to maintain control of the workload in large networks, you will need an additional router.
  • There is a possibility of encountering difficulties with interoperability.
  • It is not possible for one VLAN to forward network traffic to another VLAN.
  • The Function/Use of a Virtual Local Area Network

The following are the significant applications of VLAN:

When you have more than 200 devices connected to your LAN, you will need to use VLAN.

When there is a lot of traffic on a LAN, it can be helpful to do this.

When a group of users needs additional security or is being slowed down by many broadcasts, VLAN is the perfect solution.

It is implemented in situations in which users are not on the same broadcast domain.

Transform a single switch into several individual switches.