VLAN – What are VLANs?

Scalability and Flexibility of VLAN technology has sent the hubs into oblivion

You must have got some idea that the layer-2 switches have nothing to do with Network layer protocol but it only read frames for filtering. It forwards all the broadcasts, by default. In order to build and execute VLANs, you necessarily need to build smaller broadcast domains at layer-2 switches. In other words, the broadcasts sent in one VLAN from one node won’t be passed on to ports that are configured to be in some other VLAN. So, the users or switch ports can be easily assigned to groups of VLAN (known as a switch fabric ), you can flexibly add into that broadcast domain the users of your choice no matter where they physically exist. This setup also helps in blocking the storms of broadcast that a  faulty network interface card (NIC) can cause, and it also saves an application from spreading the storms all over the internetwork. Such incidents can still take place on the VLAN from where the issue started, but the problem will simply be limited to that one infected VLAN. There is one more advantage that when a VLAN becomes too large, you can build more VLANs so that the broadcasts do not consume too much bandwidth—this means when there are few users in a VLAN, then the number of affected users by broadcasts will be few too.

Although it is good but you must have an idea and understanding about the network services especially when you build your VLAN. There is no harm in keeping and trying all services, except for the internet access and e-mail that all of us need, local to every user when attainable. In order to know how a VLAN look to a switch and understand, the best thing is to look at a traditional network first.  In the figure you can see how a network was built by linking/connecting physical LANs to a router with the use of hubs.

broadcast domain

In the figure you can clearly see that every network was linked with a hub port to the router (every segment had a particular logical network number, but this is not clear from the figure).

The communication on the internetwork is possible only if the node connected to a specific physical network matches the network number. Here you can notice that each and every department had a separate LAN of its own, in order to include a new user to Office 1, by plugging them into the Office 1 LAN and in this way they will automatically become a part of the broadcast domain as well as Office 1 collision domain. This old system and design worked well for several years. There was a big defect in it: when the hub for  Office 1 is fully occupied and you want to include another user to the  Office 1 LAN then what will happen? In other words, what will happen if there’s no space available for the new user or employee? In case, if there is enough space in the Office 2 department of the building then the new employee have to adjust with the Office 2 people, which means that the poor employee will be accomodated/ plugged into the Office 2 hub. As a result the new user will become a part of the Office 2 LAN, which is not good for several reasons. The first reason is the security problem, as the new employee now is part of the Office 2 broadcast domain and so all the same servers and network services will be visible to this new user like it is visible to other users of Office 2.

Another reason is that this new employee can only access the Office 1 network services through the router in order to login to the server of the Office 1—and this option is not at all efficient. Now let’s check out what a switch achieves. From the figure here you can see how switches eliminate/remove the physical boundary in order to resolve our issue.

switch vlan network

In this figure you can figure out the use of two VLANs (these are 2 and 5) to establish a broadcast domain for each segment/department.

In the next step each switch port is actually assigned a VLAN membership administratively, and it all depends on the type of host as well as on the broadcast domain it exist in. This means, that in order to add a new user to the Office 1 VLAN (VLAN 2), the only need is to assign the port to VLAN 2, no matter where the new user of Office 1 team physically exist.

This explains the comparison, the importance and advantages of new design of network with VLANs over the older one. Now it is so simple and clear that every host that is supposed to be in the Office 1 VLAN is only assigned to VLAN 2. You can notice that assigning started in this manner-VLANs with VLAN number 2 whichis an irrelevant number and you must be thinking about VLAN 1. Actually that VLAN serve as an administrative VLAN, and it can also be utilized for workgroup purpose, as per Cisco it is  recommended that this should be only used for administrative reasons.

It is not possible to edit or delete the VLAN 1 name, and by default, all the ports present on a switch are the VLAN 1 members unless you edit it. Each VLAN must have a specific subnet number as each is considered as broadcast domain. In case if you are using IPX, then remember that it is important to assign a particular IPX network number to every single VLAN. Now let’s talk about the misconception that because of switches, there is no need of routers. You can check out in the figure that there are three broadcast domains or VLANs, counting VLAN 1.

It is easy for the nodes within every VLAN to interact or communicate with each other, but not possible to communicate with anything in another VLAN, due to the reason that the nodes in a given VLAN actually think that it exist in a crashed backbone. With the help of router the hosts can interact to a node or host on other networks. Passing through a router or a layer-3 device is must for those nodes the way their configuration is done for VLAN communication. This works in a similar way as it is done for connecting various physical networks. In other words, it is must for the communication between VLANs to pass through a layer-3 device. So there are no chances that routers will disappear so soon.

 

 

Leave a Reply