At the moment, many modern organizations and enterprises practically do not use such a very useful, and often necessary, opportunity as the organization of a virtual local area network (VLAN) within the framework of the integral infrastructure that is provided by most modern switches. This is due to many factors, so it is worth considering this technology from the perspective of the possibility of its use for such purposes.
general description
First you need to decide what VLANs are. By this is meant a group of computers connected to a network that are logically integrated into a broadcasting domain for a specific attribute. For example, groups can be distinguished depending on the structure of the enterprise or by type of work on a project or task together. VLANs offer several advantages. To begin with, we are talking about a much more efficient use of bandwidth (in comparison with traditional local networks), an increased degree of protection of the information that is transmitted, as well as a simplified administration scheme.
Since when using VLAN, the entire network is divided into broadcast domains, information inside such a structure is transmitted only between its members, and not to all computers in the physical network. It turns out that the broadcast traffic that is generated by the servers is limited to a predefined domain, that is, it is not broadcast to all stations in this network. Thus, it is possible to achieve the optimal distribution of network bandwidth between dedicated groups of computers: servers and workstations from different VLANs simply do not see each other.
How do all the processes go?
In such a network, information is fairly well protected from unauthorized access, because data is exchanged within one specific group of computers, that is, they cannot receive traffic generated in some other similar structure.
If we talk about what VLANs are, then it is appropriate to note such a merit of this organization method as simplified network administration. This affects tasks such as adding new elements to the network, moving them, and deleting them. For example, if a VLAN user moves to another room, the network administrator will not need to reconnect the cables. He just needs to configure network equipment from his workplace. In some implementations of such networks, the movement of group members can be controlled automatically, without even requiring administrator intervention. He only needs to know how to configure the VLAN to perform all necessary operations. He can create new logical user groups without even getting up. This all saves a lot of working time, which can be useful for solving tasks of no less importance.
VLAN Organization Methods
There are three different options: based on ports, Layer 3 protocols, or MAC addresses. Each method corresponds to one of the three lower levels of the OSI model: physical, network, and channel, respectively. If we talk about what VLANs are, then it is worth noting that there is a fourth method of organization - based on the rules. Now it is used extremely rarely, although it provides great flexibility. You can consider in more detail each of these methods in order to understand what features they possess.
Port Based VLAN
This assumes a logical combination of certain physical switch ports selected for interworking. For example, a network administrator can determine that certain ports, for example, 1, 2, and 5, form VLAN1, and numbers 3, 4, and 6 are used for VLAN2, and so on. One switch port can be used to connect several computers, for which they use, for example, a hub. All of them will be defined as participants in one virtual network to which the serving port of the switch is registered. This tight binding of virtual network membership is the main disadvantage of such an organization scheme.
VLANs based on MAC addresses
The basis of this method is the use of unique hexadecimal link-level addresses that are available on each server network adapter or network workstation. If we talk about what VLANs are, then it is worth noting that this method is considered to be more flexible in comparison with the previous one, since computers belonging to different virtual networks are allowed to connect to one port of the switch. In addition, it automatically monitors the movement of computers from one port to another, which allows you to keep the client belonging to a specific network without administrator intervention.
The principle of operation here is very simple: the switch supports a table of correspondence of MAC addresses of workstations to virtual networks. As soon as the computer switches to some other port, the MAC address field is compared with the table data, after which the correct conclusion is made about the computer belonging to a specific network. The disadvantages of this method are the complexity of configuring the VLAN, which may initially cause errors. Despite the fact that the switch independently builds the address tables, the network administrator must look at it all to determine which addresses correspond to which virtual groups, after which he registers it to the corresponding VLANs. And this is where there is room for errors, which sometimes happens in Cisco VLANs, the configuration of which is quite simple, but subsequent redistribution will be more complicated than in the case of using ports.
Layer 3 VLANs
This method is rarely used in switches at the workgroup or department level. It is typical for backbones equipped with built-in routing tools for the main LAN protocols - IP, IPX and AppleTalk. This method assumes that a group of switch ports that belong to a specific VLAN will be associated with some IP or IPX subnet. In this case, the flexibility is provided by the fact that the userβs movement to another port that belongs to the same virtual network is monitored by the switch and does not need to be reconfigured. VLAN routing in this case is quite simple, because the switch in this case analyzes the network addresses of computers that are defined for each network. This method also supports the interaction between different VLANs without the use of additional tools. There is one drawback of this method - the high cost of the switches in which it is implemented. Rostelecom VLANs support work at this level.
conclusions
As you already understood, virtual networks are a fairly powerful tool for network organization, capable of solving problems related to data transfer security, administration, access control and increasing bandwidth efficiency.