APPLICATIONS OF VLAN
Master of Engineering Internetworking
Halifax, Nova scotia
Abstract— In LAN, network is available to every resource. This availability needs to be restricted based on organization and security purposes. Virtual Local Area Network (VLAN) is a popular technique that can be used to divide the network and restrict the accessing the knowledge of a LAN. This technical paper gives information on basics of VLAN and also few applications of VLAN1.
I.INTRODUCTION TO VLAN
In a switch based network, clients are distinguished by physical area. The network layer tells the switch which physical segment the packet needs to be sent. Therefore the clients in physical LAN should be either in one building or part of a building. VLAN is a modernization in networking using which a virtual working group can be formed which is isolated from other groups by dividing into various segments. The division is done logically but not physically. VLANs just need to gather physical ports together. The clients can be anywhere and need not be present in a single physical area.
Another important issue attended by VLANs is broadcast domains. In switch each port forms a collision domain but the broadcast domain remains as one. Therefore every information is passed to group of clients is sent to all connected to the switch. VLANs divide the broadcast domains. So switch is basically creates a VLAN and divides into broadcast domains.
VLAN can be tracked by relating the virtual connection of neighbourhood system to real physical picture. VLANs are used in almost every application of networking now a days. The following are some valuable uses of vlans:
1.To lessen the overhead by restricting the span of space taken by single packet.
2.Improving security by putting devices on separate VLANs.
3.Separating the specific traffic from main 1
This paper explains about application of VLANs in library and wireless networks.
II.Types of VLANS
There are mainly two types of VLANS:
A.Static VLANs: Port-based VLANs are called as static VLANs. These VLANs are created by manually by an administrator by assigning each port to a virtual network.
B.Dynamic VLANs: In this type of network administrator has to characterize VLANs of a network membership according to qualities instead of switch ports. Examples are Mac address-based VLANs.
Based on ways to create VLAN, below is the classification:
A.Port-based vlan: This is one of the simplest forms of VLAN.This kind of VLAN is obtained by using switch ports together to form a VLAN. One or many switches together can form a VLAN. For ex: ports 1,2,3,4 belong to VLAN A. Ports 5,6 of same switch belong to VLAN B. This is the most commonly used to create VLANs.
B.MAC-Based vlan: Here the VLANs are created using MAC source addresses. Each VLAN is a list of MAC. In this type when the physical address is moved the client still works under same VLAN. The disadvantage of this type is each client should be initially part of at least one vlan.
C.Layer-Three based vlan: This type of VLAN is created based on information on network layers. Though this method makes use of IP address information there is no connection to the routers. The advantage of this kind is that VLAN can be divided according to type of the agreement. The traffic here is less than usual as there is no need to reset labels to identify separate VLANs. The disadvantage is that it has lower efficiency and is a time taking process.
D.IP broadcasting-based vlans: This VLAN is created based on IP broadcasting group. This is more flexible and also extendable. But this type of VLAN creation is not applicable to LAN because of lower efficiency.
III.Creating A VLAN
A. A Virtual Local Area Network is a logical sub-networking of a switch. Business networks always prefer VLANs to improve network management and reduced traffic.
Figure 1: Dividing into various broadcast domains using VLANs.
In the above figure we have thee different VLANs namely Engineering VLAN, Marketing VLAN and Accounting VLAN. These VLANs are created between three switches which are in different floors of a building. The devices that are in a particular VLAN belong to one broadcast domain thus forming three broadcast domains.
Below is the step-by-step procedure to setup a VLAN:
1.Choose a VLAN number which is valid.
2.Choose the ip address to be assigned to the VLAN
3.Choose the model in which VLAN needs to be created. If its static VLAN number needs to assigned to each port manually. If the method is dynamic list of addresses are need to assigned to VLAN numbers
4.VLAN routing helps to communicate between various VLANs. Instead of VLAN Routing Layer3 switch can also be used.
A.Types of Ports
Each port of a VLAN can be either one of the below port.
A) Access Port
B) Trunk Port
1. Access Port:
Access port allows information of only one VLAN. As only one VLAN can send information through this port, there is no concept of VLAN tagging in this type of port. If the access port gets any tagged packet it drops the packet without even checking the MAC source address. If the port of switch is setup as a host port, it automatically acts as an access port.
The trunk port allows many or all VLAN information. The process of communicating from one VLAN with another VLAN through trunk port is called “Trunking”. As there are many VLANS passing through this port, identifying the packet belongs to which VLAN becomes difficult. So a concept called VLAN Tagging is introduced which specify the VLAN.
Tagging a process of inserting VLAN number in the
is done in two methods:
ISL is a Cisco proprietary protocol. This is useful when connecting many switches and maintain the vlan traffic passing through the trunk link. It operates in point tot point environment. The tagging is done by adding header of 4-bytes and trailer of 24-bytes to the original packet.
Figure 2: ISL Frame
Dot1q protocol is an IEEE standard VLAN tagging protocol. Thus it is an open standard and is preferred over ISL. This protocol inserts only 4-byte header to the original packet. It checks FCS before the message is sent on the port. Dot1q has a concept of native vlan. The untagged frames are forwarded to native vlan by 802.1q protocol. Native vlan concept reduces traffic and overhead.
Figure 3:802.1Q Frame
IV.Applications of VLAN in library:
The work of library includes management of books, readers, collecting books, circulating catalouges, periodicals and more. Systems performing above tasks can access bibliographic database and also readers database. Thus this network has requirement for security. So access should be given only to computers present in the library.To achieve this VLAN needs to be created and internet should be isolated.
There are also some systems which are used only for searching a particular book or an article. This system should be programmed in such a way that it is used only for search purpose and not any other purposes.
Apart from the regular computers used by students library will also have few servers like WWW server, DNS server, FTP server and more depending on the services offered. These servers contain all the information which is confidential and unauthorized person should not be able to access them. So these systems can be a part of another VLAN and should be placed behind the firewall so that they are well protected.
Library will also have a office of its own and also many departments like computer department, Borrow and return department etc. These should be connected to Intranet and can form a separate VLAN.
In-case if the library has an E-room the computers and search systems can be placed in a separate VLAN in order to reduce the threat.
V.Advantages of VLAN
The main advantages of VLAN are as below:
1.Broadcast control: Broadcast is the process of sending packet to every device on the network.Many applications and protocols depend on broadcasts. The systems connected to switch belong to same broadcast. So any message sent to the switch might get broadcast to all other clients which is not recommended. The VLAN divides the network virtually into different broadcast domains.
2.Security: As discussed above VLAN divides the network into different broadcasts domain. This ensures control over each port and client for the administrators. A hacker cannot simply plugin to the network and manipulate the data. The administrator can give permission to only authorized systems to connect to the network.
3.Cost: To create different broadcasts with routers is very costly when compared to creating broadcasts domain with VLAN.
4.Transparency: VLAN crates a transparency on the physical topology and also the medium used to connect to the network.
The VLAN can effectively control problems occurring by using a layer2 device. It controls broadcast storm. VLAN makes the network more flexible and extends it. It also improves the security which is more important now-a-days. It increases the efficiency and strengthens the network. VLANs are more than basically a shared center point, steering, exchanging, or network administration arrangement. It is one the mix of every one of these parts that provides powerful division and effective organization over the system.