Data VLAN

Separation of the large broadcast domain into smaller ones improves network performance. By design, routers block broadcast traffic. But, routers usually have a limited number of LAN interfaces. A router’s main role is to move data between different networks. The router does not give network access to end devices. The access layer switches are responsible for connectivity to end devices. The VLANs on Layer 2 switches also cut the size of broadcast domains. Network design combined into VLANs making it easier for a network to support the goals of an organization. The switched LAN mostly used VLANs.

The VLAN creates a logical broadcast domain that consists of different physical LAN segments. it also improves network performance by separating large broadcast domains into smaller broadcast domains. If a device in one VLAN sends a broadcast data, all devices in that VLAN receive the data, but devices in other VLANs do not.

What is VLANs

Virtual Local Area Network also provides segmentation within a switched network. It is a technique that group devices within a LAN. A group of devices within a VLAN communicate like they are connected to the same wire. VLANs are based on logical connections, in place of physical connections. it permits a network administrator to divide larger networks based on factors like function, project team, or application, without hold for the physical place of the user or device.

Devices inside a VLAN work like they are in their own independent network however, they share a common infrastructure with other VLANs. Any switch port can belong to any VLAN, and unicast; broadcast and multicast packets are forwarded and flooded only to end station within the VLANs. Every VLAN is work as a separate logical network; and data destined for stations, not in the VLAN must be forwarded through a router or device that supports routing. VLANs also make possible the implementation of access and security policies to particular groupings of users. Such as each switch port can assign to only one VLAN except in some cases. The figure below illustrates, VLANs.

Benefits of VLANs

VLANs make it simple to plan a network to maintain the goals of an organization. The most important benefits of  VLANs are as follows:

Security

Security is one of the primary benefits of VLANs. it makes possible that the hosts that have sensitive data are separated from the rest of the network. The separation decreases the possibility of confidential information breaches. The figure below illustrates that management, sells and IT section are totally separate from each other, so they can’t access each other’s files.

Cost

VLANs reduce the cost of the network and make possible of more efficient use of existing hardware and bandwidth because segmenting a network into smaller VLAN is cheaper than creating a routed network with routers.

Better Network Performance 

Dividing flat Layer 2 networks into multiple broadcast domains reduces unnecessary traffic on the network and help increase network performance. VLANs manage traffic very efficiently so that your end-users experience better performance. The administrator will have a smaller amount of latency problems on the network and more reliability for important applications.

Shrink Broadcast Domains

Division of large network into smaller VLANs reduce devices in the broadcast domain. As shown in the figure above, total of nine hosts working in this network but only three hosts are in broadcast domains.

Improved IT staff efficiency

VLANs make network management very easy for IT staff because users with related network requirements share the same VLAN.

Simpler Project and Application Management

VLANs combined users and network devices to support both business and geographic requirements.

Simplified Administration for the Network Manager

VLAN simplifies network management. Grouping of users into the virtual networks, make it easy to set up and control network policies at a group level.

Easy Troubleshooting

Network troubleshooting can be simpler and faster because of different user groups are segmented and isolated from one another. If the network administrator knows that complaints are only coming from a different subset of users, the network administrator will be able to quickly narrow down where to look to find the issue.

Types of VLANs

There are different types of VLANs used in networking.  The VLAN is defined by classes of traffic and some others are defined by the specific function that they serve. Each switch has a default VLAN.

Default VLAN

VLAN-1 is the default VLAN on Cisco switches. After first boot-up process, the switch loads the default configuration and all switch ports became a part of the default VLAN (VLAN-1). The switch port that is the part of the default VLAN work in the same broadcast domain.  The figure below illustrates the default VLAN of a Cisco switch, the show VLAN brief command was executed on a switch running the default configuration. You can see that all ports are assigned to VLAN 1 by default. There is no difference between the features and function of VLAN1 and other VLAN; excluding that it cannot be renamed or deleted. By default, all Layer 2 control traffic is associated with VLAN 1.

Data VLAN

A data VLAN is also called a user VLAN. It is used to separate the network into different groups of users or devices. Data VLAN is used to send user-generated traffic. It is also a separate voice and management traffic from data traffic.

Native VLAN

A native VLAN is assigned to an 802.1Q trunk port that was created for backward compatibility with old devices that don’t support VLANs just like a hub. Frames belonging to the native VLAN are not tagged when sent out on the trunk links so older devices can simply understand these frames. Frames received untagged on the trunk links are set to the native VLAN.

The trunk is the links between switches that keep up the transmission of traffic connected with more than one VLAN. An 802.1Q trunk port supports also traffic coming from many VLANs (tagged traffic); with traffic that does not come from a VLAN. Tagged traffic is traffic that has a 4-byte tag inserted in the original Ethernet frame header; specifying the VLAN to which the frame belongs. The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1.

Management VLAN

The separate VLAN for management like monitoring, system logging, SNMP, and other sensitive management jobs is best practice in networking. It also ensures that bandwidth for management will also be available even when user traffic is high. VLAN 1 is also the management VLAN by default. Moreover, to create the management VLAN, the switch virtual interface of that VLAN is assigned an IP address and subnet mask, which management remotely via HTTP, Telnet, SSH, or SNMP. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, VLAN 1 would be a bad choice for the management VLAN.

If your organization uses voice over IP (VoIP), a separate VLAN is needed. This will also save bandwidth for other applications and make sure VoIP quality. The Voice Over  Internet Protocol (VoIP) traffic is also required, assured bandwidth to make sure quality, transmission priority, ability to be routed around congested areas on the network and delay of less than 150ms across the network. To meet these requirements, the entire network has to be designed to support VoIP.

Voice VLANs

If an organization uses voice over IP (VoIP), a separate VLAN is needed. This will save bandwidth for other applications and make sure VoIP quality. The Voice Over  Internet Protocol (VoIP) traffic requires, assured bandwidth to make sure voice quality, transmission priority over the different types of traffic on the network, ability to be routed around congested areas on the network and delay of less than 150ms across the network. To meet these requirements, the entire network must be designed to support VoIP.