At the moment, many modern organizations and enterprises practically do not use such a very useful, and often necessary, opportunity as the organization of a virtual local area network (VLAN) within the framework of an integral infrastructure, which is provided by most modern switches. This is due to many factors, so it is worth considering this technology from the standpoint of the possibility of its use for such purposes.
General Description
First of all, it is worth deciding what VLANs are. This refers to a group of computers connected to a network that are logically grouped into a broadcast message distribution domain according to a certain attribute. For example, groups can be distinguished depending on the structure of the enterprise or according to the types of work on a project or task together. VLANs provide several benefits. To begin with, we are talking about a much more efficient use of bandwidth (compared to traditional local networks), an increased degree of protection of information that is transmitted, as well as a simplified administration scheme.
Because whenUsing VLAN, the entire network is divided into broadcast domains, information within such a structure is transmitted only between its members, and not to all computers on the physical network. It turns out that the broadcast traffic that is generated by the servers is limited to a predefined domain, that is, it is not broadcast to all stations in this network. In this way, it is possible to achieve optimal distribution of network bandwidth between dedicated groups of computers: servers and workstations from different VLANs simply do not see each other.
How do all the processes go?
In such a network, information is quite well protected from unauthorized access, because data is exchanged within one specific group of computers, that is, they cannot receive traffic generated in some other similar structure.
If we talk about what VLANs are, then it is appropriate to note such an advantage of this organization method as simplified network administration. This affects tasks such as adding new elements to the network, moving them, and removing them. For example, if a VLAN user moves to another location, the network administrator does not need to rewire the cables. He should simply configure the network equipment from his workplace. In some implementations of such networks, the movement of group members can be controlled automatically, even without the need for administrator intervention. He only needs to know how to configure the VLAN in order toperform all necessary operations. He can create new logical groups of users without even getting up. All this greatly saves working time, which can be useful for solving tasks of no less importance.
VLAN organization methods
There are three different options: based on ports, third layer protocols or MAC addresses. Each method corresponds to one of the three lower layers of the OSI model: physical, network, and channel, respectively. If we talk about what VLANs are, then it is worth noting the presence of the fourth method of organization - based on rules. It is rarely used now, although it provides a lot of flexibility. You can consider in more detail each of the listed methods in order to understand what features they have.
Port based VLAN
This assumes a logical association of certain physical switch ports selected for interaction. For example, a network administrator may specify that certain ports, such as 1, 2, and 5, form VLAN1, while numbers 3, 4, and 6 are used for VLAN2, and so on. One switch port may well be used to connect several computers, for which, for example, a hub is used. All of them will be defined as members of the same virtual network to which the serving port of the switch is assigned. This hard binding of virtual network membership is the main disadvantage of this organization scheme.
VLAN onMAC address base
This method is based on the use of unique hexadecimal link-level addresses available for each network adapter of a server or network workstation. If we talk about what VLANs are, then it is worth noting that this method is considered to be more flexible than the previous one, since computers belonging to different virtual networks can be connected to one switch port. In addition, it automatically monitors the movement of computers from one port to another, which allows you to keep the client belonging to a specific network without administrator intervention.
The principle of operation here is very simple: the switch maintains a table of correspondence between the MAC addresses of workstations and virtual networks. As soon as the computer switches to some other port, the MAC address field is compared with the table data, after which the correct conclusion is made that the computer belongs to a particular network. The disadvantages of this method are the complexity of configuring the VLAN, which can initially cause errors. While the switch builds its own address tables, the network administrator must look through it all to determine which addresses correspond to which virtual groups, after which he assigns it to the appropriate VLANs. And this is where there is room for error, which sometimes happens in Cisco VLANs, the configuration of which is quite simple, but the subsequent redistribution will be more difficult than in the case of using ports.
VLAN based on Layer 3 protocols
This method is rarely used in workgroup or department level switches. It is typical for backbones equipped with built-in routing tools for the main LAN protocols - IP, IPX and AppleTalk. This method assumes that a group of switch ports that belong to a specific VLAN will be associated with some IP or IPX subnet. In this case, flexibility is provided by the fact that moving a user to a different port that belongs to the same virtual network is tracked by the switch and does not need to be reconfigured. VLAN routing in this case is quite simple, because the switch in this case analyzes the network addresses of computers that are defined for each of the networks. This method also supports the interaction between different VLANs without the use of additional tools. There is one drawback of this method - the high cost of the switches in which it is implemented. Rostelecom VLANs support operation at this level.
Conclusions
As you already understood, virtual networks are a fairly powerful networking tool that can solve problems related to data transmission security, administration, access control and increasing bandwidth efficiency.