A Virtual Local Area Network (VLAN) is a system that allows a physical device to be used to divide a local area network into logical units. As a result, data transmitted between devices within the same unit can be identified differently.
Data from one unit does not flow into another unit. The use of VLAN reduces the size of the broadcast domain. Typically, a Layer 2 switch cannot reduce the broadcast domain. Any incoming broadcast message from a switch is sent to all devices. However, when VLAN is used, the broadcast will only reach the devices within the specific VLAN, not the entire network. This is how a Layer 2 switch can reduce the broadcast domain in a VLAN
What is a Virtual Local Area Network (VLAN)?
A Virtual Local Area Network (VLAN) is a logical grouping of network resources and host devices based on the switch port they are connected to or the MAC address of the hosts. In simpler terms, VLAN is the logical grouping of host devices based on switch ports or MAC addresses. A VLAN can span across multiple physical switches. Even if you use several switches in your network, you can create a VLAN with host devices from different locations within the network. To indicate which VLAN a device belongs to, a VLAN identifier tag is added to the data-link frame.
Why use VLAN?
The main advantage of using VLAN is that it allows logical grouping of network devices. For example, devices used by people working on the same project can be grouped into a VLAN dedicated to that project. Similarly, a VLAN can be created for a specific department. The benefit is that devices don’t need to be physically close or connected to the same switch; they can be logically grouped no matter where they are in the network.
This logical grouping brings another significant benefit: it reduces the size of the broadcast domain. Each VLAN works as its own broadcast domain. Instead of a broadcast message going out to the entire network, it will only go to devices within that VLAN. This means that by creating multiple VLANs in a large network, broadcast traffic can be limited, thereby improving network performance.
Benefits of Using VLAN
The benefits of using VLAN can be summarized as follows:
Reduces the size of the broadcast domain: VLAN increases the number of broadcast domains and reduces their size. As a result, broadcast messages stay within the VLAN and don’t spread throughout the entire network.
Enhances Security: VLAN provides network administrators with the ability to group switch ports according to specific functions or departments. For instance, devices used by the engineering team can be allocated to a dedicated Engineering VLAN, ensuring separation and security. Additionally, administrators can control which VLAN devices can join, either by the ports they connect through or based on their MAC addresses. This segmentation ensures that any data sent from a device remains confined within its assigned VLAN, significantly enhancing overall network security.
Improves Network Management and Flexibility: VLAN streamlines network management by enabling centralized control. Administrators can easily manage the membership of devices within specific VLANs from a single point, simplifying configuration and maintenance. This flexibility allows for efficient network expansion, better resource allocation, and improved organizational structure. Through VLAN Trunking Protocol (VTP) and Inter-VLAN Routing, network administrators can control access to network resources in large networks.
Increased Network Usage and Efficiency: By determining which resources can be accessed from a particular VLAN, network administrators can ensure that only the members of that VLAN have access to the designated resources. Additionally, requests for a resource will be confined within the VLAN, so, for instance, the Marketing Department’s requests won’t disturb the Engineering Department. As a result, the network works more efficiently with reduced collisions and broadcasts.
By configuring Inter-VLAN Routing, communication between different VLANs becomes possible. However, this communication is controlled and not open access, ensuring that security is maintained across VLANs.
How to Create VLAN
To create a VLAN on a Cisco switch, the vlan command in Cisco IOS is used, followed by the VLAN ID. The VLAN ID can be any number between 2 and 4094. After that, you can assign a name to the VLAN.
To create a VLAN on SW1, you can use the following commands:
SW1>en
SW1>configure terminal
SW1(config)>vlan 2
SW1(config-vlan)>name Sales
SW1(config-vlan)>exit
SW1(config)>
In this example, the vlan 2 command creates a VLAN with ID 2. The name Sales command assigns the name “Sales” to this VLAN.
As mentioned earlier, VLAN IDs can range from 2 to 4094. So why not use ID 1? VLAN 1 is a special VLAN known as the Management VLAN, which is reserved solely for administrative tasks. By default, VLAN 1 is created on Cisco switches, and it cannot be deleted. All ports on the switch are initially members of VLAN 1. When a new VLAN is created, a port is essentially removed from VLAN 1 and assigned to the new VLAN.