VLAN stands for Virtual Local Area Network and is defined as a group of devices on one or more LANs that are configured so that they looks like they are connected to one LAN. The Main functions of a VLAN are to segment a LAN, form logical Groups and to limit the broadcasts to legitimate users only that helps in increasing security.
A Local Area Connection is a network of computer within the same area (Old Definition) But Now a LAN is defined as a single broadcast domain i.e. if a broadcast is sent over a LAN that will propagate throughout the LAN.
For a Larger Network Broadcasts are not good. They can choke the whole network.Prior to VLANs broadcasts were reduced by use of routers to form different LAN Groups. This earlier method of limiting broadcasts was too costy. For this Reason VLANs were introduced as an alternative solution to using routers for confining local traffic or Broadcasts.
VLANs form virtual boundaries and can logically segment a LAN into different Broadcast domains as shown in Figure 1.
Figure 1: Logical segmentation through VLAN
The second main function of VLAN is logical Grouping i.e without the use of a single router for network isolation, different users having different group are isolated from each other and are grouped together with same group users like a LAN as shown in Figure below
Figure 2 shows Logical Grouping that even users from a single department (like Sales) are on different physical locations (floors) yet they are grouped together like a LAN. Technically a PC on Third floor can hear the Broadcast of a PC on first floor if their group (VLAN) is same.
Types of Vlan
Different type of VLANs exists on campus network are
Vlan Range:
Data vlan range: 1 to 1001
Reserved Vlans: 1002 to 1005
Extended Vlans: 1006 to 4096
A Local Area Connection is a network of computer within the same area (Old Definition) But Now a LAN is defined as a single broadcast domain i.e. if a broadcast is sent over a LAN that will propagate throughout the LAN.
For a Larger Network Broadcasts are not good. They can choke the whole network.Prior to VLANs broadcasts were reduced by use of routers to form different LAN Groups. This earlier method of limiting broadcasts was too costy. For this Reason VLANs were introduced as an alternative solution to using routers for confining local traffic or Broadcasts.
VLANs form virtual boundaries and can logically segment a LAN into different Broadcast domains as shown in Figure 1.
Figure 1: Logical segmentation through VLAN
The second main function of VLAN is logical Grouping i.e without the use of a single router for network isolation, different users having different group are isolated from each other and are grouped together with same group users like a LAN as shown in Figure below
Figure 2: Logical Grouping through VLANs
|
Figure 2 also shows that since these three department connects to same physical device (switch) on same Physical Location (floor) but yet they cannot send traffic to each other directly. they are logically segmented i.e. they cannot hear each other broadcasts.
VLANs also aids in Security. As VLANs limit broadcasts so unwanted broadcasts are now stopped from being sent out to an illegitimate user thus reducing the risk of an attack.
VLANs also aids in Security. As VLANs limit broadcasts so unwanted broadcasts are now stopped from being sent out to an illegitimate user thus reducing the risk of an attack.
Types of Vlan
Different type of VLANs exists on campus network are
- Default VLAN: This is a VLAN where all ports exits by default. Technically this is VLAN 1 and it cannot be deleted from switch
- Data VLAN: This is a VLAN where normal traffic is carried out and where the user data pass through LAN
- VOICE VLAN: The Voice VLAN is where the QoS policies are applied in order to prioritize voice traffic to send it through LAN. Voice traffic is always distinguished from data traffic.
- Native VLAN: Its an 802.1Q only concept. By default on a Cisco switch traffic belonging to Native Vlan is not tagged. by default VLAN 1 is the default VLAN as well as Native VLAN. However it can be changed and one can select any VLAN as Native VLAN and its better security practice to change it from default. Moreover on both ends of a trunk link Native VLAN must match.
- Manangement VLAN: This VLAN is used for management purpose on a LAN. This VLAN normally carries sensitive traffic from a control perspective. Some of the protocols that this VLAN carries are FTP, TFTP, SSH, TELNET etc.
- Reserved VLAN: These VLANs are reserved internally on Cisco switch for the use of other environment like FDD, Token Ring. The reserved VLANs range is 1002-1005.
- Extended VLAN: These are special VLANs and are used by service providers to allow the provisioning of Number of customers. They are configured when a switch is in VTP Transparent Mode. If you enter an extended-range VLAN ID when the switch is not in VTP transparent mode, an error message is generated when you exit from config-vlan mode, and the extended-range VLAN is not created.
- Private VLAN: These are the VLANs having different category/concept from typical VLANs.
Vlan Range:
Data vlan range: 1 to 1001
Reserved Vlans: 1002 to 1005
Extended Vlans: 1006 to 4096
No comments:
Post a Comment
We’re eager to see your comment. However, use of any abusive language is strictly prohibited . All the abusive words and posts will be deleted and Please Keep in mind that all comments are moderated manually by our human reviewers. Let’s enjoy a personal and evocative conversation. Thank You