The Low Cost Solution
The use of Local Area Networks has become common practice in most businesses and organizations regardless of their size. While this may be sufficient for many smaller organizations, larger networks will find that the use of Virtual LANs is not only practical it is essential. While it may not be as necessary for smaller businesses to incorporate the use of VLANs it is still tremendously practical. Not only do Virtual LANs segment the network they provide extra security without increasing the cost. This is only one of the many advantages. Other advantages are the ease of maintenance and improved performance. VLANs allow network administrators to segment their networks without physically rearranging the devices or network connections.
A Local Area Network built with Layer 2 switches is considered a “flat network”. A flat network operates with a single broadcast domain and each device is interconnected within the network. Which means every device sees every broadcast packet that is transmitted.
With the use of the same Layer 2 switches and the configuration of Virtual LANs within those switches the network now becomes a Layer 3 with the capability of routing within the network. A VLAN is made up of defined members communicating as a logical network segment. The switches are configured with access control list, mapping, and routing information to provide logical connectivity between the different VLAN members. The switches have two types of links; access links and trunk links. All network hosts connect to the switches’ access links to gain access to the LAN. The access link is the ports on every switch which is configured to access a particular VLAN. Trunk links are links that connect two VLAN switches together and is configured to carry data from all available VLANs.
Virtual LANs work through the use of the Ethernet header. Moving VLAN data over multiple subnets requires a process called VLAN tagging in which the switch adds extra information into the packet header of the Ethernet frames so that the switch knows how to pass the data.The switch receives the Ethernet frame. If there is a VLAN tag in the header it will forward on through the ports tagged with that VLAN, if there is not a VLAN in the header the switch will assign it a VLAN according to the configurations on the ACLs. When building and configuring the ACLs for use with VLANs it is recommended to use different IP subnets for each VLAN. Most switches also require there to be a virtual routing interface configured on each switch. Moving VLAN data over multiple subnets requires a process called VLAN tagging in which the switch adds extra information into the packet header of the Ethernet frames so that the switch knows how to pass the data.
A Local Area Network that is running with a high consumption of bandwidth caused by all hosts receiving broadcasts can benefit from the use of VLANs. In the case with a traditional LAN where two file servers may be sharing the bandwidth, if each file server is put into separate VLANs then the available bandwidth has been doubled. This easily improves the performance without increasing the cost.
An organization that has many different departments can increase the security by separating each department into different VLANs and segmenting the network. Instead of the broadcast going to each host they now go to only the host within that VLAN. This increases security and lowers the possibility of several types of attacks. This also increases the security within the network as authorized users only see the servers within their designated network. While the other servers can be configured to communicate with users form other VLANs they do not establish a session with each other. If an attacker’s device sends an ARP broadcast searching for an IP address and receives a reply then the attacker cann see all the servers in that network and potentially providing access for a