In today's blog post, let's look at what a VLAN (Virtual Local Area Network) is. I've seen hundreds of articles online about VLANs, and trust me, they can make it sound like rocket science. But here's the truth - it's not! When you strip away all the jargon and buzzwords, the concept of a VLAN is really quite simple and straightforward.
Pre-VLAN, What Problem Does it Solve?
Before VLANs came into the picture, let's imagine you needed three separate networks. In such a case, you'd require three separate physical switches for complete isolation. Each switch would serve as its own independent network, keeping its connected devices isolated from the devices on the other two switches. This might sound simple, but it has its drawbacks.
Having to buy and manage multiple physical switches can be expensive and time-consuming. It increases the complexity of your network, as each switch needs to be separately installed, configured, and maintained. Additionally, each switch consumes its own power and needs its own rack space, leading to increased operational costs and potential space constraints.
This is exactly the problem VLANs are designed to solve. By introducing VLANs into the mix, we can create separate, isolated networks without the need for multiple physical switches. This not only saves on the costs and maintenance associated with additional hardware but also simplifies the management of the network.
What is a VLAN - The Short Answer
A VLAN, or Virtual Local Area Network, is essentially a way of dividing a larger network switch into smaller, separate switches. Imagine you have a big switch, VLANs allow you to slice this switch into multiple mini-switches.
Each mini switch, or VLAN, gets assigned specific ports. The unique thing is that devices within one VLAN can't directly communicate with devices in another VLAN through the switch. For any inter-VLAN communication to happen, it has to be routed through a router. This acts as a mediator, enabling devices on different VLANs to talk to each other.
Devices within the same VLAN can communicate with each other of course.
So, a VLAN creates separate mini-networks within a larger switch, while still allowing for controlled communication between them.
Here is the official definition from Cisco
A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.
What is a VLAN - The Long Answer
Let's delve deeper now. When you buy a brand-new switch, it comes preconfigured in a way that all of its ports are assigned to a single VLAN, usually identified as VLAN 1. If you purchase a switch with 24 ports and you have 24 devices that all belong to the same network or VLAN, your setup process is as simple as plug-and-play. Just connect all the devices to the switch, and you're good to go, they can talk to each other without any issues.
However, the real world is rarely this straightforward. More often than not, you'll have devices that belong to different networks. In our 24-port switch example, you may need three separate networks for different sets of devices. So, what do you do? You'll assign different ports on your switch to the specific VLANs that these devices belong to. This way, you essentially divide your single switch into three mini-switches, each serving a distinct network.
Broadcast Traffic - There's an important side note about something called 'broadcast traffic' that comes into play when we're discussing VLANs. Now, don't worry, we're not going to dive deep into this concept, but let's just understand it in a nutshell.
Imagine a message that needs to be heard by all devices in a network. This is called 'broadcast' traffic. When a switch port receives this broadcast traffic, it sends that message out through all the ports that belong to the same VLAN as the port that initially received the message. It's a bit like a public announcement system in a building, relaying the same message to all rooms.
Now, how does this relate to VLANs? Well, VLANs help control this broadcast traffic. Instead of the message being sent out through every single port on the switch, it is only forwarded to the ports that belong to the same VLAN. This is great because it reduces unnecessary noise for devices that don't need to hear the message. Think of it as having separate announcement systems for different sections of the building, so an announcement meant for the ground floor doesn't disturb people on the top floor. In essence, VLANs make your network more efficient by minimizing broadcast traffic to only the relevant parts of your network.
VLANs with Multiple Switches
VLANs aren't just confined to a single switch - they can also be spread across multiple switches. This is made possible by a special type of port known as a 'trunk port'. A trunk link (shown as a dotted line) is unique because it belongs to multiple VLANs and can carry traffic for multiple VLANs.
This means if you have the same VLAN, let's say 'Blue-VLAN', on two separate switches, they can communicate with each other through the trunk port. Essentially, the trunk port serves as a pathway for a VLAN to communicate across multiple switches.
Access Ports vs Trunk Ports
Access or untagged ports connect end devices, like PCs, servers or printers, to a single VLAN. Each access port is a member of one specific VLAN, which can carry only the traffic for that VLAN. The traffic transmitted over an access port is not tagged with a VLAN ID.
Trunk ports or tagged ports, on the other hand, are used to interconnect switches and carry traffic for multiple VLANs across a single link. The traffic transmitted over a trunk port is tagged with a VLAN ID, allowing switches to identify which VLAN the traffic belongs to and properly route it.
Conclusion
In a nutshell, VLANs divide a large switch into smaller pieces, each acting like its own separate network. This not only keeps things organized but also improves efficiency by ensuring that broadcast messages are sent only where needed.