Skip to main content

One post tagged with "Network+"

CompTIA Network+ certification

View All Tags

Understanding VLANs - VLAN Theory

· 4 min read
Bryan Goertz
Bryan Goertz
IT Specialist || Web Developer || Entrepreneur || Thinker of Thoughts Political and Philosophical || Father || Friend

What is a VLAN?

When you hear the term "Network Segmentation," you might first think of a physical separation of networks using hardware devices like routers and switches. While this can be a great way to segment your network, it can also be expensive and difficult to manage.

This is where a VLAN comes in. A VLAN, or Virtual Local Area Network, is a logical way to segment your network without the cost of new infrastructure. By creating VLANs, you can group devices together based on their function, location, or security requirements.

Review

  • WAN - Wide Area Network. A network that covers a broad area, such as a city, country, or even the entire world.
  • LAN - Local Area Network. A network that is confined to a small geographic area, such as a single building or campus.
  • VLAN - Virtual Local Area Network. A logical way to segment a network without the cost of new infrastructure.
  • Subnet - A range of IP addresses that are part of a larger network. Subnets can work with VLANs to segment a network.
  • Physical Network - A network that is physically separated from other networks, such as a separate building or campus.
  • Logical Network - A network that is logically separated from other networks, such as a VLAN.

VLANs work by assigning a unique VLAN ID (or Tag) to each group of devices. This ID is used to tag the traffic as it moves through the network, allowing the devices to communicate with each other as if they were on the same physical network. More on this later.

Why Use VLANs? (VLAN Use Cases)

There are several reasons why you might want to use VLANs in your network:

Security:

  1. Guest networks - One of the most common uses of VLANs is to create a separate network for guest devices. This allows you to provide internet access to visitors without giving them access to your main network. There is a good chance that if you've ever used the default setup of a home router provided by your ISP, you've also had a guest network setup - even if you didn't know it. These are often added with the simple click of a button in the router's web interface and everything is taken care of behind the scenes. Even higher-end equipment like the Unifi Dream Machine Pro has a simple setup for this.
  • It may be worth noting the value of guest networks and logical separation from a business perspective. If you have a business that has a public-facing area, such as a coffee shop, you might want to provide internet access to your customers. By putting your guest network on a separate VLAN, you can keep your business network secure while still providing internet access to your customers.

  1. IoT devices - Another common use case for VLANs is to create a separate network for IoT devices. This can help to keep your smart devices separate from your main network and provide an additional layer of security. If you have a smart home, you might have a separate network for your smart devices. This can help to keep your smart devices separate from your main network and provide an additional layer of security.

  2. Security Cameras - If you have security cameras on your network, you might want to put them on a separate VLAN to keep them isolated from your main network. This can help to prevent unauthorized access to your cameras and protect your privacy.

Each of these areas, or any other area you might want to segment, can be isolated from the rest of the network and have firewall rules applied to control traffic between the VLANs. For example, if you have IoT devices, many of these helpful little buddies do what we call "phoning home" - put another way, they simply connect to an external cloud service to provide a specific function or to collect data.

This can be a security risk if not properly managed. Putting these devices on a separate VLAN we can set up firewall rules that say "ok, coffee maker, you need to listen to everything I tell you when I'm talking to you from XYX device on VLAN 10, but you can't talk to anything else on the network." This is a simple example, but you can see how this can be useful in a variety of situations.

  1. Performance:

  2. Scalability:

  3. Flexibility:

How Do VLANs Work?

VLAN Tagging

There are two main methods of VLAN tagging:

  1. Port-based VLANs:

  2. 802.1Q VLANs:

Conclusion