What Is VLAN and Why Is It Used?

0 comments

Ⅰ. What Is Virtual LAN (VLAN)?

VLAN, Virtual Local Area Network, is a technology that allows network administrators to create independent, isolated networks on the same physical infrastructure. VLANs logically segment network traffic and divide devices into different broadcast domains even if they are physically located on the same network switch. It will reduce network congestion, enhance network security, and provide better control of network resources for different departments or user groups. VLANs are typically configured via switches and use the IEEE 802.1Q standard to label network traffic to distinguish between different VLANs.

Ⅱ. Why Is It Used?

Why are VLANs widely used? Let’s look at this simple example!

PC 1 needs to communicate with PC 2. In Ethernet-based communication, the target MAC address must be specified in the data frame for normal communication. Therefore, PC 1 must broadcast the "ARP Request Message " first to try to get the MAC address of PC 2.

When switch A receives a broadcast frame (ARP request), it forwards it to all ports except the receiving port, which is called flooding.

Then switch B floods when it receives the broadcast frame, and switch C floods as well. Eventually, ARP requests are forwarded to all computers on the same network, which is a network storm.

Without VLAN

This ARP request from computer 1 was originally made to obtain the MAC address of computer B. That is, as long as computer 2 can receive it. But in fact, the data frame spread all over the network, and all the computers received it.

In this way, on the one hand, broadcast information consumes the overall bandwidth of the network. On the other hand, the computer receiving the broadcast information also consumes part of the CPU time to process it. It causes a large amount of unnecessary consumption of network bandwidth and CPU computing power, which may cause network paralysis.

Now that we know why VLANs are needed, let's look at how switches use VLANs to split broadcast domains.

First, on a Layer 2 switch with no VLAN set, any broadcast frame will be forwarded to flood all ports except the receiving port. For example, when computer A sends a broadcast message, it is forwarded to ports 2, 3, and 4.

Broadcast Frame

In this case, if two black and blue VLANs are generated on the switch.

Broadcast_Domain

 

Set ports 1 and 2 to the black VLAN, and ports 3 and 4 to the blue VLAN. Once A broadcast frame is sent from A, the switch will only forward it to other ports that belong to the same VLAN. That is, port 2 of the same black VLAN will not be forwarded to the port of the blue VLAN. Similarly, when C sends broadcast information, it is forwarded only to other ports of the blue VLAN, but not to the ports of the black VLAN. In this way, the VLAN divides the broadcast domain by limiting the forwarding range of broadcast frames.

Note that in the figure above, black and blue are used to identify different VLANs. In actual use, there is no color distinction. "VLAN ID "is used to distinguish VLANs. Hosts in different VLANs need to communicate with each other through network devices such as routers or Layer-3 switches.

Ⅲ. Advantages and Disadvantages of VLANs

Advantages of VLANs

  • Improved Security: VLANs divide the network into multiple logically isolated subnets, effectively isolating sensitive data and devices, preventing unauthorized access, and reducing security risks.
  • Simplified Network Management: VLANs allow logical grouping of devices by function, department, or application, which makes network management easier. Administrators can set different network policies and configurations for a specific VLAN.
  • Reduced Broadcast Traffic: VLANs restrict broadcast traffic to the same VLAN by creating independent broadcast domains. This reduces unnecessary data propagation throughout the network, reducing network congestion and improving overall network performance.
  • Increased Network Flexibility: VLANs make network deployment more flexible. Devices can be easily moved or reconfigured without changes to the physical network infrastructure, which helps to respond quickly to changing business requirements.
  • Optimize Network Performance: The proper division of VLANs can effectively manage traffic, prevent data from being sent to unwanted devices, and improve network resource utilization.

Disadvantages of VLANs

  • VLAN Configuration Complexity: Setting up and managing VLANs requires professional network knowledge and careful planning. Misconfiguration can lead to network problems, such as incorrect segmentation or security vulnerabilities.
  • VLAN Jump Risk: If the VLAN is not properly configured and protected, an attacker may use the vulnerability to bypass the VLAN isolation mechanism, perform VLAN jump, and access network resources that should not be accessed.
  • Switch Restrictions: The number of VLANs that can be created is usually limited by the capabilities of the network switch. Older or less powerful switches may not support a large number of VLANs, which limits network scalability.
  • Troubleshooting Is Difficult: Since VLANs introduce logical segmentation, especially in large multi-VLAN networks, troubleshooting network problems is more complicated and requires more time and professional skills.
  • Cross-VLAN Communication Requirements: Communication between different VLANs needs to be implemented through routers or Layer 3 switches, which increases the complexity and cost of the network architecture.

Ⅳ. Other Related Topics about VLAN

A.VLAN and Subnet

Subnet

A Subnet is a logical segment in a network that divides a large network into smaller, manageable parts. Subnets usually define the network and host parts of an IP address through a Subnet Mask.

  • Definition: The subnet is defined by the subnet mask, which determines the division of the network part and the host part.
  • Purpose: Each subnet has its own network address range, which helps to improve network performance and security, and allocate IP addresses more efficiently. It can reduce the size of broadcast domains, control communication permissions between different subnets, and simplify network management.
  • Configuration: When configuring the device, you can manually or automatically assign subnet addresses to establish a VPN communication tunnel. For example, in the InCloud Manager, you can assign subnet addresses to devices either automatically or manually.

What Is the Difference Between VLAN and Subnet?

VLAN and Subnet are both technologies for network segmentation, but they have different purposes and implementations:

VLAN

Subnet

Layer

Layer 2 (Data link Layer)

Layer 3 (Network Layer)

Purpose

 VLANs are used for logical grouping and security control

Subnets are used for IP address management and network performance optimization

Implementation Mode

VLANs are configured on switches

Subnets are configured on routers and IP addresses.

 

B.Is VLAN better than LAN?

A VLAN(Virtual Local Area Network) and a LAN(local area Network) serve different purposes, and which one is better depends on the specific needs and environment of the network.

VLAN

Subnet

Security

Enhances security by isolating network segments. For example, you can separate sensitive data traffic from general traffic, reducing the risk of unauthorized access.

Usually less secure because all devices on the same LAN can communicate directly with each other.

Flexibility

Offers greater flexibility by allowing devices to be grouped logically rather than physically.

Devices are grouped based on their physical connections, which can limit flexibility.

Scalability

More scalable because it allows the network to be more easily scaled and reconfigured without physical changes.

Less scalable, especially in large networks, because adding new devices may require significant changes to the physical network infrastructure.

Cost

More advanced and expensive network equipment may be required

Initial setup costs are low, especially for small networks

Network Management

Simplifies network management and makes it easier for administrators to manage and configure network segments. vlan reduces broadcast traffic and improves network performance.

In larger networks, management can be more complex because all devices are in the same broadcast domain.

 

Ⅴ. Know More Network Solutions and Devices at InHand Networks

InHand Networks devoted to comprehensive product portfolios that include M2M communication devices and cloud/edge IoT solutions over 20 years. We hope to promote the efficient development of various industries in the connected world, with a strong R & D team and our solid technical foundation in the field of Industrial IoT. If you are looking for a network solution, please feel free to contact us.

Phone: +1 (703) 348-2988 (US) 010-84170010 (CN)
Email: support@inhandgo.com
Website: https://inhandgo.com/

Leave a comment

https://www.youtube.com/embed/WrFWaDsNV2wISE2003D | 3-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 2-Pin Anti-Reverse Terminal, 2*10/100 Base-T(X), 1*100 Base-FX RJ45 Ports, QoS, BSP, Plug and Play
ISE2003D | 3-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 2-Pin Anti-Reverse Terminal, 2*10/100 Base-T(X), 1*100 Base-FX RJ45 Ports, QoS, BSP, Plug and Play
$59
 In stock
https://www.youtube.com/embed/Ca7W6bkbKjIISE2005D | 5-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 5*10/100 Base-T(X) RJ45 Ports, DIN-Rail Mounting, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
ISE2005D | 5-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 5*10/100 Base-T(X) RJ45 Ports, DIN-Rail Mounting, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
$49
 In stock
https://www.youtube.com/embed/fzs7XABjhfQISE2008D | 8-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 8*10/100 Base-T(X) RJ45 Ports, DIN-Rail Mounting, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
ISE2008D | 8-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 8*10/100 Base-T(X) RJ45 Ports, DIN-Rail Mounting, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
$59
 In stock
https://www.youtube.com/embed/QmJqXo9iuIkISE5005D | 5-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 5*10/100/1000 Base-T(X), DIN-Rail Mounting, Wide Temperature -40 ~ +75℃, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
ISE5005D | 5-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 5*10/100/1000 Base-T(X), DIN-Rail Mounting, Wide Temperature -40 ~ +75℃, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
$85
 In stock
https://www.youtube.com/embed/dAtxlvIexysISE5008D | 8-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 8*10/100/1000Base-T(X), DIN-Rail Mounting, Wide Temperature -40 ~ +75℃, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
ISE5008D | 8-Port Unmanaged Industrial Ethernet Switch with Certificate of UL, CE, FCC, 8*10/100/1000Base-T(X), DIN-Rail Mounting, Wide Temperature -40 ~ +75℃, 2-Pin Anti-Reverse Terminal, QoS, BSP, Plug and Play
$85
 In stock
ISM5012D | Industrial Grade Managed Ethernet Switch with Certificate of CE , FCC, 4*100/1000Base SFP Ports, 8x10/100/1000 Base-T(X) RJ45 Ports, Wide Temperature -40 ~ +85 ℃, QoS, BSPISM5012D | Industrial Grade Managed Ethernet Switch with Certificate of CE , FCC, 4*100/1000Base SFP Ports, 8x10/100/1000 Base-T(X) RJ45 Ports, Wide Temperature -40 ~ +85 ℃, QoS, BSP
ISM5012D | Industrial Grade Managed Ethernet Switch with Certificate of CE , FCC, 4*100/1000Base SFP Ports, 8x10/100/1000 Base-T(X) RJ45 Ports, Wide Temperature -40 ~ +85 ℃, QoS, BSP
$355
 In stock, 199 units
From
Only 0 units left
Liquid error (sections/blog-sidebar line 506): product form must be given a product