VLAN stands for Virtual Local Area Network, and they are used to segment local networks by methods other than their physical location. These custom networks do not need to be on the same Local Area Network, and can be isolated into one logical network and then treated as a single configuration rather than individual parts.
Why do companies use VLANs?
The main use case for VLANs is security. With VLAN technology, you are able to separate users into their own network, isolating a certain number of ports from a switch and putting them into their own group. This is all done virtually, skipping the need to manually and physically implement new hardware or relocate any connections and devices.
With a VLAN, you can create individual networks for certain types of users, roles, or access requirements, and effectively isolate traffic from one to the other, exactly as if the VLANs were on different LANs. The converse benefit is that teams can use the same VLAN even if they are distributed, and share bandwidth and collaborate easily across locations.
This has a knock-on impact on cost, too. When you buy hardware for your clients or your own business, each switch will have a monetary value attached to it, which has an impact on your bottom line. As a result, most businesses want to buy the switches that have the highest number of ports attached so that the most users can benefit from the hardware. Instead of buying a 12-port switch, they’ll buy a 24 or 48 port switch. However, any users who need the heightened security or isolation, for example those that work in Finance or with sensitive customer information will need their own switch – and the remaining ports will just go to waste.
What are the main benefits of using VLANs?
Many people think that you need to be an enterprise-size company before you consider the use of VLANs, but that’s really not the case. Even a small business could benefit from having at least one VLAN for guest users to ensure that confidential information is not being accessed by external users. Take a look at some of the main added benefits below, and see whether any of them meet a challenge that you or your MSP clients might be facing.
Segmentation: If an expensive project like micro-segmentation doesn’t work for your needs, VLANs are a simpler way to segment your network, either for security or efficiency purposes. You can choose users by any reasoning, such as the same department, the same role, or the same security access.
Flexibility: VLANs are a relatively easy technology to manage. You’ll need to make sure that your switches support using VLANs, but after that you can make changes from your switch management console on the web, including adding or changing the networking requirements for the VLAN in real-time.
Performance: As each isolated logical network’s traffic is isolated and can only travel within the network, this frees up bandwidth in your environment, separating large broadcast domains down into more manageable ones for the network.
Security: VLANs are a smart way of ensuring security and compliance, with virtual “walls” between communication which will need to go through a router to receive. Any router-friendly security measures will work with VLAN technology, and they can help you to prove compliance in case of an audit, too.
VLAN vs LAN
Compared to Local Area Networks, VLANs can be created at a lower cost, with more limited budget, and add security, efficiency and control to the way in which you work. The network packet will be sent only to a very specific broadcast domain, whereas on an LAN it’s available to anyone. While LAN work using FDDI protocol, VLAN will use ISP and VTP. VLAN will definitely make handling physical devices easier, without the need for any extra hardware and cabling.
Disadvantages of using VLANs
However, it is important to recognize that there are some disadvantages to using VLAN, too. Use this checklist to make sure that you have covered your bases against:
Interoperability: If two VLANs need to be able to communicate with each other, this can be a problem. They will need to speak via a Layer 3 device, like a router, and in some cases different vendors will not allow the hardware to speak to each other. Cisco has some great advice on communication between VLANs.
Cybersecurity: VLANs are not immune from cyberattack. Packets of data can be leaked from one VLAN to another, and packets can be injected just like other malware. As the VLAN is connected across locations, a single compromise could threaten the whole VLAN.
Traffic: Remember that a VLAN isn’t actually reducing the traffic that you have, it’s only isolating it to help with bandwidth or performance. It’s like adding additional switches, without the need to add hardware.
Scale: The maximum number of VLANs on an Ethernet network is 4096. There are some innovative ideas for increasing the number you can use, but these take a bit more technical knowhow and manual effort. 4096 may well be enough, but it’s important to consider this at the design stage.
Disruption: VLANs are a great solution, but they aren’t totally simple to set up, and will require some admin that can take a number of months. For example, you’ll need to submit firewall change requests and get these signed off, and there might be some application downtime when the VLANs are put into place.
Isolating network traffic by using VLANs is a great idea to limit unused ports and get more out of your hardware expense, at the same time as boosting security, performance and flexibility in your client’s environment, or in your own. Want more information? This video from Practical Networking is a great overview, and you can reach out to us at Atera any time to speak to one of our technical gurus!