VLANs logically segment a local area network (LAN) into separate broadcast domains to limit broadcast traffic and provide additional security. A VLAN uses switches to create isolated network segments and define broadcast domains without changing the physical cabling. VLANs offer benefits like limiting broadcast domains, increased security by separating users, and flexibility to change user assignments by reconfiguring ports on switches instead of moving cables.

1. VIRTUAL LAN
_mynk

2. What is LAN ?
A LAN is a local area network and is
defined as all devices in the same
broadcast domain.
It works within campus or building of up
to 5 km.
Its speed is 10mbps to 100mbps.

4. What is VLAN?
• A VLAN is a grouping of
computers that is logically
segmented by functions, project
teams, or applications without
regard to the physical location
of users.

5.  As I said, a VLAN is a virtual LAN.
 In technical terms, a VLAN is a broadcast
domain created by switches.
 Normally, it is a router creating that
broadcast domain.
 With VLAN’s, a switch can create the
broadcast domain

6. Broadcast Domain?
 A broadcast domain is a network segment in
which any network device can transmit data
directly to another device without going
through a router
 A layer 3 device breaks up a broadcast
domain
6

7. Traditional LAN
 A traditional LAN
would require all
users of the same
requirements and
same IP subnet
(broadcast domain)
be connected to the
same equipment.
7

8. How can devices on different VLAN’s
communicate ?
 Devices on different VLAN’s can
communicate with a router or a Layer 3
switch.
 As each VLAN is its own subnet, a router or
Layer 3 switch must be used to route
between the subnets.

11. How VLANs Work?
 VLANs are identified by a number
 Valid ranges 1-4094
 On a VLAN-capable switch, you assign ports
with the appropriate VLAN number
 The switch then only allows data to be sent
between ports with the same VLAN
11

12. How VLANs Work?
 Since almost every network is larger than a
single switch, there needs to be a way to
have traffic sent between two different
switches
 One way to do it is to assign a port on each
switch with a VLAN and run a cable between
the switches
12

13. How VLANs work?
 For example, if there were 6 hosts on each
switch on 6 different vlans, you would need 6
ports on each switch to connect the switches
together. This would mean that if you had 24
different vlans you could only have 24 hosts
on a 48 port switch
13

14. How VLANs work?
 There was a standard develop to make it so
that a single connection between two
switches could be used to send traffic for all
vlans
 802.1q – Provides a VLAN tag in front of the
Layer 2 frame
14

15. Benefits of VLANs
15

16. Benefits of VLANs
 Geographically separated users on the same IP
subnet (broadcast domain)
 Limit the size of broadcast domains and limit
broadcast activity
 Security benefits by keep hosts separated by
VLAN and limiting what devices can talk to those
hosts
16

17. Benefits of VLANs
 Cost savings as you don’t need additional
hardware and cabling
 Operational benefits because changing a user’s
IP subnet (Broadcast Domain) is in software
17

18. Need for VLAN
 By the 1980's, most networks consisted
of a simple, hierarchical arrangement in
which multiple, shared-media networks
were connected by a router.
 Unfortunately, traditional routers were
slow, complicated and expensive.

19. As the need for faster networks emerged, a new
solution was Needed
You need to consider using VLAN’s in any of the
following situations:
 You have more than 200 devices on your LAN
 Groups of users need to be on the same broadcast
domain because they are running the same
applications.
 Or, just to make a single switch into multiple virtual
switches.

20. VLANs: Different Models
 Port-based VLANs
In this implementation the administrator
assigns each port of a switch to a vLAN
.
The switch determines the VLAN membership of
each packet by noting the port on which it arrives

21.  When a user is moved to a different port of the switch, the
administrator can simply reassign the new port to the user's old
VLAN.
The network change is then completely transparent to the
user, and the administrator saves a trip to the wiring closet.
However, this method has one significant drawback.
If a repeater is attached to a port on the switch, all of the users
connected to that repeater must be members of the same
VLAN.

22. MAC address-based VLANs-
 The VLAN membership of a packet in this case
Is determined by its source or destination MAC
address.
Each switch maintains a table of MAC addresses and
their corresponding VLAN memberships.
A key advantage of this method is that the switch
doesn't need to be reconfigured when a user moves
to a different port

23.  Layer 3 (or protocol)-based
VLANs
With this method, the VLAN membership of a
packet is based on protocols (IP, IPX,
NetBIOS, etc.) and Layer 3 addresses.
Thisis the most flexible method and provides
the most logical grouping of users.
Additionally, protocol-based membership allows
the
administrator to assign non-routable
protocols, such as
NetBIOS or DECnet, to larger VLANs than
routable
protocols like IPX or IP.

24. What do VLAN’s offer?
VLAN’s offer higher performance for medium
and large LAN’s because they limit broadcasts.
 As the amount of traffic and the number of
devices grow, so does the number of broadcast
packets.
By using VLAN’s you are containing broadcasts

25. Advantages of VLANs
 Number of devices for a specific network
topology reduced.
 Managing of physical devices becomes less
complex.
 Increased security options by separation and
specific frame delivery

26. Disadvantages / Security Issues
 VLANs rely on switches to do the right thing.
 Packet leaks from one VLAN to the next.
 Injected packet meant for an attack.
 Solved by IPsec