VLAN: A basic understanding

-

VLAN stands for Virtual Local Area Network. This is a local area network where the computers, servers and other network devices are LOGICALLY connected regardless of their physical location. Vlan is capable of logically grouping these devices into separate segments. Its main purpose is to provide the following:

  1. Network security
  2. Network traffic management
  3. Simplification of Network
Lets look at a simple implementation of a VLAN.
Supposing you have a 3 story building and each floor houses separate sensitive departments (Accounts, Shipping and Support) . As a network administrator, if you were asked to isolate network traffic from all departments  you have 2 options.

1. either you create a separate network hardware for these system which might cost alot of money or
2. Create a VLAN using a VLAN capable switch. This will create the separated logical network for you while you can easily create rules to preventing the logical network from communicating with each other.


You might want to create a separate VLAN segment for each floor like this.
  1. Floor 1 (Accounts Dept): 192.168.101.1   - 254
  2. Floor 2 (Shipping Dept): 192.168.102.1   - 254
  3. Floor 3 (Support Dept): 192.168.103.1   - 254
Notice that the third segment in the IP address is what differentiates each floor
Each floor has an allocation of IP from 1 all the way to 254.


Advantage of VLAN

  1. Cost effectiveness: A vlan can be created as we saw in our example where several systems shared the same network cabling and same switch.
  2. Single dashboard for unified monitoring and management: All network regardless of if they are isolated or not can be monitored or managed from a single source.


How is vlan implemented
A vlan is achieved only on a vlan capable switches. Examples are:

  1. HP ProCurve 1810G 24
  2. Mikrotik CRS125-24G-1S-RM
  3. TP-Link TL-SG2424
  4. NetGear GSM7224R
  5. ZyXEL GS1910-24
  6. All Cisco managed switches (eg 2960,3850,3560,3750,4500E‎)
So in our previous example, the vlan was created by designating specific ports on the switch and assigning those ports to a specific vlan.

Thus if we have a 12 port switch we could divide those ports and prepare them for VLANs. In my own scenario, I will give each department 4 ports and configure thier VLans on those ports.


Trafic management and simplification of network
As a local area network grows more network devices are added, the frequency of broadcast will also increase, thus heavily congesting the network. Vlans can alleviate network traffic by dividing the network into smaller broadcasting domains as can be seen bellow:


On a final note, it is also important to state that VLAN can also be used to create separate segments in a network such as 

  1. Storage area network (SAN)
  2. Test area network
  3. Guest Internet access
  4. Demilitarised zone (DMZ)

Comments

Post a Comment

Popular posts from this blog

Auditing Virtualization

-
Image
Virtualization is the process of creating virtual, representation of an entity, such as virtual applications, servers, storage and networks. It is the single most effective way to reduce IT expenses by reducing hardware footprint while boosting efficiency and agility for all size businesses. However good as it is, virtualization can create a single point of failure if poor implementation introduced a security flaw to the system. In this post I will be sharing with you how to audit virtualization.
Read more

How to Identify if the capacity of your FLASH storage device is genuine or counterfeit

-
Image
Have you at some time purchased a flash drive  or memory card that always stored corrupt data? You paid for a 64gig memory card and all you stored in it is simply just got corrupted. I have been a victim several times even with reputable retailers. These counterfeit flash storages are low capacity in nature, devices that have been maliciously altered so that they appear to have much more capacity than its original. An example is the 64 gig memory card I purchased which ended up having actual capacity of 2gig. So I actually paid for 2gig. Now I didn't get to know this on time because I actually copied a video file inside it as a test which checked out fine. The video file size was 1.5gb. I was able to play the video with no issue of corruption. Thus I "Assumed" the flash was genuine. Boy was I wrong. Later in the week I decided to do a major backup of my mobile phone since I was purchasing another one. After the backup, I formatted ...
Read more

Address Resolution Protocol (ARP): Understanding the basics

-
Image
Address resolution Protocol or ARP for short is basically used to resolve an IP address to a MAC address. A MAC address is a unique identifier for any device. And since we are talking networking today, The mac address we will be concentration on is that of a network device. Its important to note that, no two device can have the same mac address. Whenever a network device needs to communicate with another network device in a Local Area Network, it needs the MAC address of that device. This is where ARP comes to play. Lets take a look at the scenario bellow to clearly understand this concept: 1. There are 2 computers say A and B on the network. 2. They have both been assigned an IP address as seen below:        A: 192.168.0.1        B: 192.168.0.2 3. Computer A needs to communicate with computer B. 4. It looks at a list for the IP address to see if it has a corresponding MAC address. This list is called an ARP Cache. 5. If the en...
Read more