more control on your data packets. Check out how VLANs
can help you achieve this. by Mahesh Rathod
is a group of PCs, servers and other network resources
that behave as if they were connected to a single, network
IEEE has defined the 802.1q standard for VLAN, to ensure
the interoperability of VLAN implementations between
switches and NICs from different vendors
rapid pace at which Information Technology changes has
compelled many an IT manager to upgrade his/her knowledge
on an ongoing basis. The new technologies and tools
that emerge every now and then demand more network bandwidth,
better workstations and faster applications. Network
managers are under a lot of pressure to upgrade networks.
Virtual LANs (VLANs) might be the very solution to these
pressures and these networks can also improve over-all
efficiency. Read on to find out how all this is possible.
What are VLANs?
can be defined as a group of devices on different physical
LAN sections or on a single LAN section, which can interact
with each other as if they were all on the same physical
LAN segment. In other words, a VLAN is a group of PCs,
servers and other network resources that behave as if
they were connected to a single, network segment even
though they are not, physically. To understand VLANs
better, let's take an example of a two-floor network
(Figure - 1), each floor having both the marketing and
the accounts people.
If we assign all the account people (that is port 1,2
of switch #1, and port 4,5,6,7 of switch #2) to a single
VLAN A, they will be able to share resources and bandwidth
as if they were connected to the same section. Similarly
we can form a VLAN B (port 3,4,5,6,7,8 of switch #1,
and port 1,2,3,8 of switch #2) for the marketing people.
A member of VLAN A may not be able to share resources
of VLAN B and vice-versa.
Switches with VLAN capability can create the same division
of the network into separate LANs or broadcast domains.
It is similar to "color coding" your ports.
In the figure-1, red ports can communicate with other
red ports, and green ports can communicate with the
other green ports.
there are three ways of assigning a member to a VLAN.
In a port based VLAN, the administrator assigns each
port of a switch to a VLAN. For example, ports 6-10
might be assigned to the Manufacturing VLAN, ports 1-4
to the Sales VLAN and ports 4-6 to the Accounts VLAN.
The main drawback of VLANs defined by port is that the
systems manager must reconfigure VLAN membership when
a user moves from one port to another.
In MAC address-based VLANs, membership is defined by
the source or destination MAC. The main advantage of
this model is that the switch doesn't need to be reconfigured
when a user makes a move to a different port. The main
problem with MAC address-based VLANs is that a single
MAC address cannot easily be a member of multiple VLANs.
VLANs based on Layer 3 information take into account
protocol type (IP, NetBIOS) and Layer 3 addresses in
determining VLAN membership. One of the main benefits
of this method is that users can physically move their
workstation without having to reconfigure their workstation's
network address. The shortcoming of VLANs based on Layer
3 is the slow performance.
Yields from VLANs
are significant benefits of using VLANs. The main reason
for VLAN implementation is a reduction in the cost of
handling user moves and changes. Any node moved or added,
can be dealt with quickly and conveniently from the
management console rather than the wiring closet. VLANs
provide a flexible, easy and less costly way to modify
logical groups in changing environments.
Forming 'virtual workgroups' is another compelling advantage
of VLAN. VLANs provide independence from the physical
topology of the network by allowing physically diverse
workgroups to be logically connected within a single
broadcast domain. It now becomes easier to add ports
in new locations to existing VLANs if a department expands
VLANs can increase performance of switched networks
over shared media devices, by reducing the number of
collision domains. Forming logical networks will improve
performance by limiting broadcast traffic to users performing
similar functions or within individual workgroups.
VLANs can enhance network security in a shared media
network environment. In a switched network, frames are
delivered only to the intended recipients, and broadcast
frames only to other members of the VLAN. This enables
network managers to segment users requiring access to
sensitive information into separate VLANs from the general
user community regardless of physical distance.
What about VLAN standards?
to various types of VLAN definitions, each vendor has
developed its own unique and proprietary VLAN solution
and product. Hence switches from one vendor will not
interoperate entirely with VLANs from other vendors.
The IEEE has defined 802.1q standard for VLAN, to ensure
the interoperability of VLAN implementations between
switches and NICs from different vendors. A second IEEE
specification, 802.1p, defines the use of priority bits,
which are part of the explicit VLAN tag as defined in
802.1q. There are two different VLAN models specified
in the 802.1q specification: the shared model and the
Usage of VLANs
of the main application areas for VLANs these days is
Hosting Centers. Customers of hosting centers often
avoid routes through the Internet (ISP networks) to
access the hosting centers, because they want to minimize
exposure to hackers. Data centers can reduce their investments
by using VLANs to create a separate dedicated LAN to
each customer's server with the same physical LAN infrastructure.
Because each VLAN uses its own IP subnet, the customer's
private address spaces can also be preserved.
Another application of VLAN is in Ethernet Metropolitan
Area Network (MAN). Service providers use VLANs to provide
logical segregation of the traffic from different customers
within a metro area, thus creating the equivalent of
an X.25 "closed user group."
Mahesh Rathod can be reached at firstname.lastname@example.org