Introduction to VLANs
A VLAN (Virtual Local Area Network or Virtual LAN) is a local area network which groups together a collection of machines in a logical and non physical way.
In fact, communication between different machines on a local area network is governed by the physical architecture. Using virtual networks (VLANs) it is possible to be free of the limitations of the physical architecture (geographic constraints, addressing constraints, ...) by defining logical segmentation based on a grouping together of machines using criteria (MAC addresses, port numbers, protocol, etc).
Types of VLAN
Several types of VLAN are defined, depending on switching criteria and the level at which the VLAN is conducted:
- A level 1 VLAN (also called a Port Based VLAN) defines a virtual network according to the connection ports on the switch;
- A level 2 VLAN (also called a MAC Address-Based VLAN) comprises of defining a virtual network according to the MAC addresses of the stations; This type of VLAN is much more flexible than the port based VLAN because the network is independent from the location of the station;
- A level 3 VLAN: there are several types of level 3 VLANs:
- The Network Address Based VLAN links subnets according to the source IP address of the datagrams. This type of solution provides great flexibility insofar as the configuration of the switches changes automatically when a station is moved. On the other hand there may be slight degradation in performance since the information contained in the packets must be analyzed more closely.
- The Protocol Based VLAN makes it possible to create a virtual network by protocol type (for example TCP/IP, IPX, AppleTalk, etc.), therefore grouping together all the machines using the same protocol on the same network.
Advantages of the VLAN
The VLAN makes it possible to define a new network above the physical network and therefore offers the following advantages:
- More flexibility in administration and changes to the network because all the architecture can be changed by simple parametering of the switches.
- Increase in security because information is encapsulated in an additional level and possibly analyzed.
- Reduction in the broadcasting of traffic on the network
VLANs are defined by the standards IEEE 802.1D, 802.1p, 802.1Q and 802.10. For more information, you are therefore advised to consult the following documents:
- IEEE 802.1D
- IEEE 802.1Q
- IEEE 802.10
Article written by Jean-François PILLOU