ISSC 231 Virtual Local Areas Network Discussion

Christopher Hornauer posted

Thanks for reviewing my input on this weeks discussion topics regarding virtual local area networks (VLAN) and why a network admin would want to implement them on their network.

VLANs allow network administrators the opportunity to segment or group users on the system logically, rather than physically, by explicitly tagging the data, which includes information about where the information was created. (Varadarajan, n.d.).

Adding VLANs to a physical network does add some minor complexity to the network configuration, however there are a couple of key benefits that make implantation worth the extra design effort.

Confinement of broadcast domains

We have learned from our studies of routing last week that routers will intercept and drop broadcasts. In larger networks with multiple subnets, it may not be practical to have a router with lots ports or multiple routers. In this case, implementation of vlans on a switch that is vlan capable (L3 switch) is beneficial to control broadcast traffic on the network. As a result, the overall performance of the network is more efficient.

Enforcement of Security Policies

Implementing VLAN’s on the network will prevent end points from communicating with other end points that are not on the same VLAN unless the router specifically is set to allow passing of traffic between them.

Real Use Case

In the product training lab environment where I work, with the introduction of virtual machines a few years back, we quickly grew our endpoint environment from under 1000 physical devices to well over 20,000 devices with combined physical and virtual. In our original flat network design, it was nice being able to have everything access everything else without much management needed, but we did see a gradual decrease of network performance as the overall size of the network grew. I understand now that this was very likely due to increased broadcast traffic that was occurring as more devices were being added to the network. We implement VLAN ID’s in our lab based on the grouping of hardware product in the rack that we are training on. The ports in each top of rack switch get a VLAN ID based on the IP address for the gear in that rack. For example if product A has a network address of 10.86.x.x, we use VLAN 86 to help isolate the traffic within that rack. We’ll also add VLAN ID 187 so that we can directly access the equipment in that rack through our admin network of 10.187.x.x that is issued to VPN access and jump hosts. If you made it this far, thanks for reading!! ;p

Suba Varadarajan. (n.d.). Virtual Local Area Networks. https://www.cse.wustl.edu/~jain/cis788-97/ftp/virtual_lans/index.html

“Advantages of Vlans.” UOW, https://documents.uow.edu.au/~blane/netapp/ontap/nag/networking/concept/c_oc_netw_vlan-advantages.html