In a company or in universities it is necessary that users do not have access to all computers connected to the LAN. This ensures that the security of data traffic is protected.
To implement this control, virtual networks are created within the physical network. These computing architectures are called VLAN by its acronym of “Virtual Local Area Network”.
Its operation is based on the IP addressing. There are different classes of VLANs and types of layouts, which we will explain to you in this article. If you want to know in depth what is related to virtual networks, continue reading.
What is a VLAN and what is it for in a computer network?
A VLAN is a virtual local area network that is part of another computer network. In this way, it can exist different VLANs within a LAN, thus allowing any node be able to transmit your data, directly, to another node (which are connected to each other) without the need for a team to link them.
This type of network allows to have a better administration of the network general or LAN, since you can create different segments so that computers belonging to different VLANs do not share information.
How does IP addressing work on a campus network?
Before starting it is necessary to clarify that an IP address is made up of 4 octets that can be divided into two groups intended to identify the network and the host. This causes different kinds of IP according to the organization of each of these 4 groups to identify in a different way the network and host.
This classification allows establishing a certain number of subnets that can be applied to each IP. In this way, the main network to which the host connects is established and then the nodes that share the same network identification are located and that allow to communicate with each other. From this it appears that there are 3 classes of subnet mask (255.0.0.0; 255.255.0.0 Y 255.255.255.0).
Once the above is clarified, we can establish that the IP operation on a campus is established by identifying the server or routing device that belongs to a certain network. For this, a binary math operation to establish the composition of the network.
From this it would remain, for example, if you have a “IP 192.168.1.1/24” means you have 24 bits that are meant for network identification, so the subnet would be class C, “255.255.255.0”, belonging to the network whose IP is “192.168.1.0”.
Main VLAN design considerations What should we take into account?
When designing VLANs, it is necessary to take into account the security of the network as a whole.. By this we mean that each device that belongs to a virtual local area network must have restrictions so that cannot access others in which you do not have permission. This will limit packet data traffic and improve network performance. On the other hand, it is necessary to establish in the design of a network the possibility that create other VLANs within the LAN.
Therefore, the implementation of a sufficiently large and efficient switch must be taken into account to be able to handle all operations safely. For a switch to support virtual LAN networks, you must configure all the ports that will be associated with them and disable those ports that will not be used. This will prevent access by intruders. Additionally, controls should be set so that you can only log in via Encrypted SSH.
By last, it would be necessary to study the physical space. The server and other equipment, such as the router and switch, need to be in safe locations so that nobody can enter them and modify their configuration. It is also useful to establish administrator profiles that are different from that of users so that unauthorized people cannot access computers that do not belong to them.
Types of VLANs What are the most important?
There are different types of VLANs.
Here are the most important ones you can find:
End to end
This kind of network is designed according to the traffic flow it handles, through the client-server figure. This makes devices can be grouped based on the resources they use and thus they achieve to improve the efficiency in the performance of all the components that make up the network.
Among the most important characteristics we can mention that the Users grouped in each VLAN have the same security requirementTherefore, their geographical location is not important but the function of the work they do.
The VLANs classified by their geographical area is the opposite of what was seen in the previous point. These are created when it is not possible to have an end-to-end virtual network, because its maintenance is difficult to achieve, since the teams use resources that are not in the same Virtual LAN.
The structure presented by these VLANs vary in size. You can find some that only belong to a switch and others that are in an entire building of a company. So the data traffic can travel over OSI Layer 3 devices to obtain resources to a greater or lesser extent.
Most used VLAN designs What are the most efficient and recommended?
According to the characteristics that we have analyzed, we can mention the most used designs of VLANs.
Which we present below:
Multiple VLAN designs consist of configuring different virtual networks within a LAN network, managing to physically segment the network so that it decrease broadcast traffic. This reduces the collision domain and, by limiting user traffic to a specific scope, generates greater security.
From Switch HSRP
Design HSRP (Hot Standby Router Protocol) switch uses a protocol that is configured so that different devices, of the OSI model layer 3, work based on the priority assigned to them. That is, if there is a failure in some of them that is considered main, another team automatically works to replace it, which is on hold. In this way, it is achieved that the configuration can be of 0-255 via a single door.
By Switch GLBP
This design is used to improve the capacity of the previous design, i.e. HSRP. This makes the equipment more efficient to use and thus reduces the administrative costs of the network. With this extension it is possible to assign different protocols to grant responsibilities to different virtual IPs and to distribute the virtual MACs between devices connected to the group GLBP.
Those who MAC addresses assigned to nodes are virtual gateways, while the virtual promoter is in charge of granting the traffic data to each virtual MAC. A GLBP network it can have up to 4 gateways. This is because a provider can have up to 1024 GLBPwhile that device’s support only supports a single network GLBP and every GLBP it can have up to 4 nodes.
From Switch VSS
Virtual Switching System or VLAN design of Switch VSS is a virtual network architecture that combines several switches in a virtual switch. This makes operations more efficient thanks to the fact that the communication that exists between the devices has no scales due to the need for a single transport IP. It can reach a bandwidth of up to 1.4 TB / s.
VSS designs are characterized by improving operational efficiency. They also allow increased communications using network architecture that have multiple layers saving administration costs.
If you have any questions, leave them in the comments, we will answer you as soon as possible, and it will surely be of great help to more members of the community. Thank you! 😉