What is VLAN (virtual LAN)?

What is a VLAN (virtual LAN)?

　Intelligent switches can use VLANs. Even if you say VLAN (virtual LAN), for those who are unfamiliar with this word, I think that it is difficult to understand the image of VLAN.

It may be easier to understand if you imagine it as a technology that virtually creates multiple switches within a single switch.

　In the figure below, PCs A to F are connected to one switch, but if VLAN is not used, all PCs A to F can communicate.

A single switch can be divided into multiple switches using VLANs.

Port 01 to Port 08 ・・・ VLAN1
Port 09 to Port 16 ・・・ VLAN2
Port 17 to Port 24 ・・・ VLAN3

Suppose you set

Then

　You can operate it as if you created a switch called VLAN1, a switch called VLAN2, and a switch called VLAN3 by dividing one switch.

It is an image that multiple switches are built into one switch.

　As you can see from the diagram, the VLAN1 switch, VLAN2 switch, and VLAN3 switch are not connected to each other. Each switch behaves as if it were a single switch.

　In other words, devices in VLAN1 can only communicate with devices in VLAN1, devices in VLAN2 with devices in VLAN2, and devices in VLAN3 with devices in VLAN3.

　In the above example, one VLAN is allocated with consecutive ports, but you can freely assign any port to the VLAN, so using VLANs allows flexible network construction without being bound by physical restrictions. can.

Using VLANs has the following advantages:

Logical grouping is possible regardless of physical restrictions

　The network can be logically segmented by organizational structure and application, regardless of network connectivity or physical location.

<Conventional LAN segmentation>

Network segments are determined by the physical arrangement of routers and switches.

<Segmentation using VLAN>

　Segments can be built into logical groupings such as organizations, projects, and applications, largely unaffected by the physical placement of routers and switches.

Benefits of VLANs

● Divide the broadcast domain

　Broadcasts that cause network congestion can be suppressed. Broadcasts that occur within a VLAN are not relayed to other VLANs. It is possible to reduce useless traffic and effectively utilize the bandwidth.

●Improve security

　Only devices belonging to the same VLAN can communicate with each other. Devices belonging to different VLANs cannot communicate directly with each other. Communication between VLANs must go through a router with layer 3 functionality. In other words, you can filter broadcasts and manage security by deploying routers.

　Catalyst2950 switches have all ports in VLAN1 by default. In other words, without VLAN settings, it is no different from a switch that can be purchased for around 3,000 yen. Since this is an intelligent switch, let’s configure VLAN, STP, etc. It’s a waste of treasure.