Understanding Virtual Local Area Networks (VLAN)

Local Area Networks (LANs) are at the heart of networking in office and campus settings, but LANs can often get unwieldy as more devices are physically added to the network.

Fortunately, network administrators can create smaller custom subset networks from one or more LANs, called virtual local networks (VLANs).

VLANs allow devices to be combined into one logical network. Devices on a VLAN do not have to be physically near each other but are administered like a physical LAN.

This partitioning of networks into smaller VLANs allows for improved functionality and security in the network without the need for installing new fiber in the current network infrastructure.

ISP’s like PS Lightwave can utilize VLANs to keep customer's data, that is used in the same trunk port, secure.

“At PS Lightwave we use a lot of VLANs to provide our services,” said Swen Wulf, Director of Network Operations. “As we are a true Layer 2 network, we separate client’s services by the use of VLANs.”

How VLANs Work

Most LAN users do not realize that when a host broadcasts from a device on the LAN, every device connected to the LAN will process the broadcast received frames, even though many of the devices are not the actual targets of the broadcast.

Because of these actions, CPU overhead on each network device can increase and overall network security is reduced as all devices technically have access to all data.

When multiple VLANs are created inside a traditional LAN, broadcasts from within a specific VLAN are only available to devices in that subset with other devices in separate VLANs unaware of the data being sent.

Wulf explains fuller: “VLANs are local area networks, but the ethernet frame that is part of the transport of the packages has an extra field there that allows [us] to label that frame to belong to a certain VLAN and it’s separated from other customers data.”

The result is that customers sending data through fiber at the same time are functioning with separate and secure LANs via the VLAN set-up.

“We can use a trunk port to transport multiple customer services between two locations at the same time but have them separated through VLANs with no chance of crosstalk and that allows our customers to have a secure link between their locations without affecting other customer data or transports,” says Wulf.

VLANs are identified by a number with a valid range from 1 to 4094. VLAN switches on assigned ports will carry specific VLAN numbers to allow data to be shared between various ports in the proper VLAN.

VLAN Characteristics

What makes a VLAN as VLAN as opposed to a traditional LAN, characteristics such as:

  • VLANs offer structure for making groups of devices, even if their networks are different.
  • VLANs increase the broadcast domains possible in a LAN.
  • Implementing VLANs reduces security risks as the number of broadcast domain connected hosts decreases. This is achieved by configuring a separate VLAN for only hosts privy to sensitive data.
  • VLANs allow a flexible networking model that groups users logically (e.g. according to department) instead of network location.
  • Changing hosts/users on a VLAN is simplified by adding new port-level configuration.
  • VLANs reduce overall congestion as each VLAN functions as a separate LAN.
  • VLANs allow workstations to use full bandwidth at each port.
  • Terminal reallocations become easy with VLANs.
  • A VLAN can span multiple switches.
  • The traffic of multiple LANs can be carried on a trunk link.

Advantages of a VLAN

There are many advantages of a VLAN over a traditional LAN including:

Better Performance

Since VLANs reduce the number of routers needed, relying on switches instead, it improves network performance because increasing traffic through routers requires more processing and increases latency. VLANs can also be configured to reduce traffic that is sent to unnecessary destinations. For example, in a broadcast domain consisting of 30 users, if the broadcast traffic is intended for only 15 of the users, then those 15 users can be placed in a separate VLAN to reduce traffic.

Added Security

VLAN set-up allows for security by controlling broadcast domains, establishing firewalls, restricting access as needed and ability to inform the network manager of intrusions. Best of all, sensitive data that may be broadcast on a network can only be accessed by those users on the VLAN, reducing the odds of outsiders or bad actors accessing the data.

Reduced Costs

Broadcast domains can be created without expensive routers making VLANs a cost-effective option. Network costs are also saved as moving a user in a VLAN does not require the recabling and reconfiguration of hubs and routers.

Virtual Workgroups Formation

With VLANs virtual workgroups can be formed with team members on different floors or even in different buildings or locations. With traditional LANs, such workgroups would have to be in the same physical location to be in the same broadcast domain.

Simplified Administration

When users are moved inside a VLAN, reconfiguration of routers is not necessary, saving administration time. The proper VLAN management tools can make it easy to administer a VLAN with drop-and-drag software tools.

Contact PS Lightwave today to learn more about how our 100 percent fiber network with the flexibility for everything from cloud computing to VLAN connections can meet your office or organizations networking needs.

PS LIGHTWAVE provides high-speed, fiber Internet for public and private commercial entities in the Greater Houston and surrounding areas.

Through our high-quality infrastructure, innovative technology and expert, locally based support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. We invite you to learn more about our services, our history and our dedicated team.