What are VLANs? VLANs

At the moment, many modern organizations and enterprises practically do not use such a very useful, and often necessary, opportunity, as the organization of a virtual local area network (VLAN) within the framework of an integrated infrastructure provided by most modern switches. This is due to many factors, so it is worth considering this technology from the position of the possibility of its use for such purposes.

general description

First of all, it is necessary to decide what VLANs are. By this means a group of computers connected to the network, which are logically combined into a domain for broadcasting broadcast messages on a specific basis. For example, groups can be allocated depending on the structure of the enterprise or by the types of work on the project or task together. VLANs offer several advantages. For starters, this is a much more efficient use of bandwidth (compared to traditional local networks), increased protection of information that is transmitted, as well as a simplified administration scheme.

Since when using VLAN, the whole network is split into broadcast domains, the information inside such a structure is transferred only between its members, and not all computers in the physical network. It turns out that broadcast traffic, which is generated by servers, is limited to a predefined domain, that is, it is not broadcast to all stations in this network. In this way, it is possible to achieve an optimal distribution of network bandwidth between dedicated groups of computers: servers and workstations from different VLANs simply do not see each other.

How do all processes proceed?

In such a network, information is fairly well protected from unauthorized access, since data is exchanged within one particular group of computers, that is, they can not receive traffic generated in some other similar structure.

If we talk about what VLANs are, then it's appropriate to note the merit of this method of organization, like simplified network administration. This affects such tasks as adding new items to the network, moving them, and deleting. For example, if a VLAN user moves to another room, the network administrator does not need to reconnect the cables. It should simply configure the network equipment from its workstation. In some implementations of such networks, control of the movement of team members can be performed automatically, without even needing administrator intervention. He only needs to know how to configure the VLAN to perform all the necessary operations. It can create new logical groups of users, even without getting up from the place. This all very saves working time, which can be useful for solving problems of no less importance.

Ways to organize VLANs

There are three different options: on the basis of ports, third-level protocols or MAC-addresses. Each method corresponds to one of the three lower layers of the OSI model: physical, network, and channel, respectively. If we talk about what VLANs are, then we should also note the existence of the fourth method of organization - on the basis of rules. Now it is used extremely rarely, although it provides more flexibility. You can consider in more detail each of the listed ways to understand what features they have.

Port-based VLANs

Here, it is assumed that the physical physical ports of the switch selected for interaction are logical. For example, a network administrator can determine that certain ports, for example, 1, 2, and 5 form VLAN1, and numbers 3, 4 and 6 are used for VLAN2 and so on. One port of the switch can be used to connect several computers, for example, use a hub. All of them will be defined as participants of one virtual network, to which the serving port of the switch is registered. Such rigid binding of the virtual network membership is the main disadvantage of such an organization scheme.

MAC-based VLANs

This method is based on the use of unique hexadecimal link-level addresses available for each network adapter of the server or workstation of the network. If we talk about what VLANs are, it's worth noting that this method is considered to be more flexible in comparison with the previous one, since it is quite possible to connect computers belonging to different virtual networks to one port of the switch. In addition, it automatically tracks the movement of computers from one port to another, which allows you to keep the client's ownership of a particular network without administrator intervention.

The principle of operation here is very simple: the switch supports the table of correspondence of MAC addresses of workstations to virtual networks. As soon as the computer switches to some other port, the MAC address field is compared with the data in the table, after which the correct conclusion is made that the computer belongs to a particular network. As a disadvantage of this method is the complexity of VLAN configuration, which can initially become the cause of errors. While the switch constructs the address tables by itself, the network administrator must view it all in order to determine which addresses to which virtual groups correspond, after which it assigns it to the corresponding VLANs. And it's where the errors occur, which sometimes happens in the Cisco VLAN, the configuration of which is fairly simple, but the subsequent redistribution will be more difficult than with the use of ports.

VLAN based on Layer 3 protocols

This method is rarely used in switches at the workgroup or department level. It is typical for backbones, equipped with built-in means of routing the main protocols of local networks - IP, IPX and AppleTalk. This method assumes that a group of switch ports that belong to a specific VLAN will be associated with some IP subnet or IPX. In this case, the flexibility is ensured by the fact that moving the user to another port that belongs to the same virtual network is monitored by the switch and does not need reconfiguration. VLAN routing in this case is quite simple, because the switch in this case analyzes the network addresses of computers that are defined for each network. This method also supports the interaction between different VLANs without the use of additional tools. There is one drawback with this method - the high cost of switches in which it is implemented. VLAN Rostelecom supports work at this level.

conclusions

As you have already understood, virtual networks are a fairly powerful network organization tool that can solve problems related to the security of data transmission, administration, access control, and increased bandwidth efficiency.