Local Area Networks (“LANs”) are a common feature of business nowadays. They carry different types of traffic, data, voice, and multimedia being among the most common. Large networks might also carry access control and fire security data as well.
Having these different types of data running on the network can bring performance and security concerns, and virtual LANs (“VLANs”) try to deal with them. A further reason is that management of large and complex networks is made easier by splitting the LAN into different Virtual LANs managed separately.
To put it non-technically, a virtual LAN is a collection of devices grouped together, making up a logical network, even though the devices might be attached to different physical networks.
The use of virtual LANs improves the performance and security of busy networks.
Creation and maintenance of a VLAN needs the configuration of network routers and switches. VLAN configuration is done manually at each port on each switch, or increasingly by defining rules when configuring a Software Defined Network.
A good example is VoIP systems. They usually have two or three dedicated VLANs to support VoIP device management, carry the control instructions managing the routing of voice traffic across the network, and deliver the voice traffic itself.
In distributed networks, for example, campus networks or users working remotely and from home, VLANs allow network managers to define users, servers, printers, and other network devices in logical groups irrespective of geography.
Network traffic generally includes large volumes of broadcast and multicast traffic sent to all the attached devices. VLANs reduce the rebroadcasting of network traffic to unnecessary devices, improving network performance.
VLANs also improve network security. They can segregate different types of traffic, such that only approved devices can see them. They can also manage which devices have access to systems resources and each other. As an example, WiFi systems usually support authorized and guest access. The two access types are segregated by having the WiFI access point split authorized and guest traffic onto the appropriate VLAN.
In some cases, VLANs can remove the need to run additional cables or reconfigure physical connections as network infrastructure needs change.
In slightly more technical detail, VLANs can exist as protocol, static and dynamic VLANs.
Protocol VLANS segregate traffic according to the traffic protocol, improving service quality over the network, for example, giving voice traffic priority.
Static VLANs are configured on switches at port level. A network administrator assigns a switch port to one or more virtual networks. Whatever plugs into that port becomes a member of that virtual network.
This technique manages different service levels. For example, access control controllers and devices need a very fast response time. Assigning them to a VLAN with a very high priority on the network can meet that requirement.
In contrast, a dynamic VLAN configuration works around device types. A network manager assigns a particular characteristic to a VLAN. The characteristic could be the MAC addresses of known authorized devices, for example, equipment in a student computer lab. Another common characteristic is a username.
VLANs are a key part of network configuration and management into the future.