Introduction to VLANs
In this article, we’ll talk about VLANs (Virtual LAN). It is a buzzword (we should use it) in today’s networks, and sometimes we don’t understand why we use this concept.
Today, you will understand why?! 🙂
First, let’s see this topology:
This is a simple example of a switched network of a company. You can see that we have many departments. In fact, in real networks, you’ll find more departments than those represented on this architecture, and of course, a lot of switches.
Do you think that it’s a good topology design? I don’t think so, because we can ask a lot of questions when we see this types of topologies:
- What happens when a computer connected to switch engineering sends a broadcast packet like ARP?
- Do you think that Engineers will have fast internet connectivity?
- And how can we deal with security aspects in this type of design?
In fact, this topology is source of many problems. When a computer sends a broadcast frame on the network, all devices connected to this network will receive this frame, and this happens because we have one broadcast domain.
Before we continue, I want to make sure you understand well broadcast domains. I am sure you are familiar with it, just to refresh our minds!
In this network we have one broadcast domain, because every host in this network can receive the broadcasted frames. But do you think that routers can forward broadcast traffic? NO, Routers don’t forward broadcast frames so they limit our broadcast domains. As we have Internet in the left side of our architecture, it remains another broadcast domain. That means we have 2 broadcast domains in this architecture. You can see this on the following picture:
Note that broadcasting frames also happens when a switch don’t have the MAC address destination of the frame in his MAC Address table.
You probably understand that the more frames are broadcasted, the more performance of our network is affected. It means that will take more time to access a server on the network for example.
And finally, it is really hard to deal with security in this type of architecture, you can filter MAC addresses but it is not secure, because if you take a look at security in layer 2 networks, you’ll find that MAC spoofing is the first threats you have to deal with.
Is there any solution to solve these problems? Yes, it’s VLANs.
Look how we can improve our design of architecture to solve all these problems.
You can’t see all departments, but I think that you got the idea.
Keep in mind that a VLAN is a “virtual” LAN. It means that we have a logical topology. In fact, the physical topology is the way how our switches are connected, logical topology is the way how our hosts and servers communicate on the network.
Here are some advantages of using VLANs:
- Each Vlan is a broadcast domain, this means that the frame is broadcasted only in the VLAN where the frame is originating from. For example, if a laptop in VLAN engineering (Yellow) sends a broadcast frame, only hosts in the same Vlan will receive this frame:
- Users on different VLAN are not able to communicate, unless we activate Routing between VLANs.
- With VLANs, the network performance is less affected.
- And finally, users in different locations can be in the same VLAN.
That’s all for VLANs. Now, I am sure that you know why we should use this concept. I hope this article was helpful for you, and if so, just leave a small comment!!