LearnIT: Virtual LANs
What is a virtual LAN? This guide explains the basics in one easy to read format.
Institute of Electrical and Electronics Engineers
ms or millisecond
Learn IT in ten easy steps
Directions:</> Read steps 1-8 and their related links. Use the glossary to look up any terms you do not know. When you're done, go to step 10 and take a quiz to see how much you've learned!
1. What is a virtual LAN?
2. What are the key features of VLAN?
3. Can you explain these limitations?
In regard to management costs: A VLAN is a wide area network and typically requires additional security such as that provided by IPsec and PKI. The need to support geographically dispersed locations and extra security can increase overhead. Basically, it's much more complex than connecting computers together in the same building as would be the case with an ordinary LAN.
4. Are there standards for VLANs?
4. I'm confused -- Do VLANs operate at layer 2 or layer 3?
Virtual LANs operate at layer 2 of the OSI model. However, a VLAN is often configured to map directly to an IP network, or subnet, which gives the appearance it is involved in layer 3.
5. How are VLANs configured?
VLANs can be static, dynamic, or port-centric and there are two methods of establishing a VLAN: frame-tagging and frame-filtering.
Static VLANs are used most in today's networks and are also the most secure. With Static VLANs the VLAN membership is assigned to a port on the switch, rather than the MAC address of the device connected to the specific port.
Dynamic VLANs are more rare and less secure. The VLAN membership is assigned to the MAC address of the host or device. This means that when a host is connected to any port on a switch that's configured to support VLAN, the switch will lookup its internal table and find out which VLAN the particular MAC address is part of and automatically assign the host to the appropriate VLAN.
In most cases, all switches that support VLANs will use the IEEE 802.1q method of frame tagging. Frame tagging is a way of keeping track of users and frames as they travel through the switching fabric of a switch. It's like a 'tag' that's stuck on each frame in order to identify its VLAN membership.
If you cascade two switches together (as you are most probably doing,) they will use frame tagging only through their special backbone connectors (found in stackable switches.) This 'tag' is removed before it exits the switch port to find its way to the destination pc or device.
This also means that if you tried to cascade your switches hoping that the VLAN would work for both, then it would most probably fail.
In order to cascade two switches together for a VLAN, they must support 'Trunk Links' where the above mentioned 'tags' will be sent through a port of the first switch, into the port of the second switch.
6. Will a VLAN break apart a network to secure the PC's connected? For example, will someone be able to see another computer on a different VLAN?
You should also know that if a broadcast is sent on a VLAN, it will not be propagated onto the other VLANs, even if they exist on the same switch. I am noting this because most people know that a switch will send a broadcast out of all its ports, but this is not the case when you configure VLANS on the switch.
7. How easily can a VLAN be set up to support DHCP?
8. What about security?
VLANs provide security in two ways:
High-security users can be grouped into a VLAN, possibly on the same physical segment, and no users outside of that VLAN can communicate with them.
1. Because VLANs are logical groups that behave like physically separate entities, inter- VLAN communication is achieved through a router. Thus, all the security and filtering functionality that routers traditionally provide can be used.
9. VLAN Words-to-Go Glossary:
Browse VLAN vocabulary in this handy printable glossary.
After you've looked at the glossary, quiz yourself to see what you've learned about virtual LANs.