Understanding Virtual LAN (VLAN) Technology

Updated on Oct 8, 2021

What Is VLAN and Why It Is Used?

Technically, VLAN (virtual local area network) is also known as a virtual LAN. This technology can logically partition and isolate one or more physical LANs into multiple broadcast domains. And each broadcast domain is regarded as one VLAN. Generally, only devices under the same VLAN can communicate with each other. Why VLAN is used? Before VLAN, there was a single broadcast domain over the specified network, which is called as LAN (local area work). Just like the following LAN application topology showed, in order to communicate with host B, host A will broadcast its ARP (address resolution protocol) request to all the switches and other hosts over the same local area network.

However, when the network is bombarded with hosts and switches, it’s likely to lead to broadcast storms. Consequently, the hosts’ CPU and the bandwidth of the whole network will be greatly consumed. To solve that, VLAN arrives.

By configuring VLANs, you can divide a network into different broadcast domains. Packets sent from workstations on one network segment are transmitted by Bridges or switches that do not forward conflicts but broadcast to each network device. This simplifies many of the potential complications caused by Lans, including excessive network traffic and conflicts. In this way, network resources and bandwidth will be greatly saved, improving network flexibility and performance.

Types of VLANs

Typically, there are five basic VLAN types: interface-based VLAN, MAC address-based VLAN, IP subnet-based VLAN, protocol-based VLAN, and policy-based VLAN.

Port-based VLAN

Port-based VLAN, also called interface-based VLAN, is a technology that enables network administrators manually assign VLANs for each switch port. It suits for a small-sized network without the need to frequently change the network infrastructure.

MAC Address-based VLAN

MAC address-based VLAN refers to assign VLANs according to the source MAC addresses of frames. Applying this technology can greatly improve network security and flexibility. Even if the users frequently change their physical locations, the network administrator won’t need to reconfigure VLANs.

IP subnet-based VLAN

IP subnet-based VLAN can assign VLANs according to devices’ IP subnets. It will be an effective solution for a public network with a higher demand for mobility and simplified management and lower demand for security. With this technology, users can automatically join a new VLAN ID after their IP changed.

Protocol-based VLAN

Applied for a network with multiple protocols, protocol-based VLAN can assign VLANs according to the protocol types and encapsulation formats of frames.

Policy-based VLAN

Policy-based VLAN can be described as a combination of the above. It can assign VLANs according to the policies like combinations of MAC addresses and IP addresses. By the combination of policies to realize inter-VLAN access control, network security and flexibility will be greatly enhanced.

How Does VLAN Work?

Intra-VLAN Communication

Intra-VLAN communication refers to the communication of users in the same network segment and VLAN. Generally, this type of VLAN is applied into two scenarios: intra-VLAN communication through the same device and intra-VLAN communication through multiple devices. No matter what type, the whole transmission process mainly goes through the following two steps:

1. The ARP request sent from the source host: Before sending, the source host will compare its IP address with the designation’s. If the source host finds that they are in the same network segment, it will get destination host’s MAC address and fill the destination field MAC address of the frame with the obtained MAC address. On the contrary, the broadcast packet needs to be sent to the gateway. The MAC address of gateway will be used by the source host as its destination MAC address.

2. Adding and removing VLAN tags during the communication between devices: When frames processed in a switch, VLAN tags need to be carried.

Inter-VLAN Communication

Since broadcast packets are limited in the same VLAN, hosts in different VLANs are unable to directly communicate with each other in layer 2. Therefore, inter-VLAN routing that can forward network traffic from one VLAN to another is used to solve this problem. There are three options available in order to enable routing between different VLANs:

Inter-VLAN Routing with Separate Physical Interfaces

This inter-VLAN routing way is to connect an additional port from each VLAN with a router. Each VLAN needs one physical port on the router, which causes the great cost of routers. Therefore, this type of inter-VLAN routing has been rarely used due to its high cost and poor scalability.

Router-on-a-Stick Inter-VLAN Routing

This type of VLAN routing enables one single physical interface to achieve traffic forwarding between VLANs. After configuring the connection between the router and the switch as a trunk link, the router can receive frames with VLAN tags on the trunk interface from the connected switch, and forward the routed packets out to VLAN tagged destinations via the same interface.

Inter-VLAN Routing with Layer 3 Switch

The last method is to use layer 3 switches with routing function. Users need to create a SVI (Switch Virtual Interface) for each VLAN and configure an IP address for it. This IP address can be used for computers as their default gateway. In that way, the packets from one VLAN will be sent to the SVI to be routed to the other VLANs to realize the inter-VLAN communication.

Advantages of VLAN

VLAN Reduces the Size of Broadcast Domains.

By confining the broadcast domains, end-stations on a VLAN are prevented from listening to or receiving broadcasts not intended for them. Moreover, if a router is not connected between the VLANs, the end-stations of a VLAN cannot communicate with the end-stations of the other VLANs. Confinement of broadcast domains on a network significantly reduces traffic.

VLAN Can Enhance Network Security.

Virtual boundaries created by a VLAN can only be crossed by routers. Therefore, access to the VLAN can be restricted using standard router-based security measures. In addition, VLANS can enhance network security through packet filtering. Network administrators control each port and any resources they allow to be used, separating groups with sensitive data from the rest of the network and reducing the chance of confidential information leaking.

VLANs Are Easy to Manage.

VLAN makes network management easier because users with similar network requirements share the same VLAN. When a new switch is provided, you can quickly add or change network nodes on the web management page of the switch. All policies and procedures configured for a specific VLAN are implemented when ports are allocated. IT staff can also easily identify the functionality of a VLAN by giving It an appropriate name.

VLAN Makes It Easy to Manage Other Devices.

VLANs simplify project and application management and aggregate users and network devices to support business or geographic needs. Having separate capabilities makes it easier to manage projects or use dedicated applications, and devices can be logically grouped based on functionality rather than location.

You might be interested in