To understand VLAN, we first need to know what is a Network Switch. A network switch is a device that connects all the computers in a network and looks something like this:
Switch
To know more about Switches, refer this post.
In any environment the TCP/IP protocols are used to configure Local Area Network (LAN).
TCP/IP helps all computers communicate with each other computer in the same network. That means
- If your whole company is one big network probably using a Class A IP like 10.x.x.x, a computer having 10.10.10.10 address can easily communicate to other computer having 10.10.11.11.
- Which also means that any computer in the network can reach any other computer in the same network. So a student’s computer can talk to any teacher’s computer provided they’re in same network.
- To stop this and increase the security you can buy a level 2 switch but it will cost you.
- Along with this as number of computers increase, there is an issue of broadcasting because each message is sent to all computers at once.
So first, there is a security issue in normal LAN and then as network grows, routing will take more time because of the new computers in the network. To solve these two we have VLAN! VLAN helps secure your network and reduces the traffic.
What is VLAN?
VLAN stands for Virtual LAN. VLAN divides your one physical network into many logical network. In simple words,
You need 3 switches to create 3 networks and connect them in LAN so that they can communicate.
Using VLAN, you can use only 1 switch, divide it logically into 2 different switches and create 2 different networks. For communication you can use a router. So the situation above where teachers and students were a part of same network can be modified using VLAN.
VLAN in switch
VLAN increases security as these networks belongs to the same switch, but are present in different networks with IP addresses belonging to different subnet.
VLAN Communication
So how will they communicate? If one VLAN wants to communicate to other, it needs a router because logically they belong to different networks. So using a switch you can logically create different networks, put students in one network and teachers in others. This way students cannot hack into any teacher’s computer.
VLAN communication through router
This is communicating within a switch. What if you have multiple switches with VLANs? How will one VLAN from one switch communicate with other VLAN in different switch?
Taking the same example, suppose one of the teacher has to communicate with other, who is in other switch but in same VLAN.” Each VLAN is identified by a number which is called a trunk in CISCO terms. If the VLAN id of teachers is 10 and students is 20, while sending a packet to router, the teacher’s computer will add the destination IP and a trunk at the end of packet telling router which VLAN it belongs too!
While broadcasting a packet, the router will only send the packet to other machines having same VLAN id.
Broadcasting in VLAN
In this way VLAN secures your network and even if number of employees increase, you just need to add them in their respective VLANs.