A VLAN is used to create logical networks on a common switch and wiring structure. These logical networks isolate network traffic, restricting broadcast traffic to only the devices configured on the virtual LAN. The other network segments work independently from each other, restricting broadcast traffic and controlling the exchange of information between segments. This "sandbox effect" provides several benefits: increased security, simplified management, and improved performance.
This restriction of network traffic is a tool that an administrator can use to improve security. Using our example above, let us assume that the network is servicing three distinct departments: customer service, finance, and shipping. In the finance department, all devices that generate network requests broadcast the request to every other device on the network. The same is true about the devices in customer service and shipping. Now let us say that a hacker manages to get access to a machine in the shipping department. Using that machine, they might record the credit card information captured by the customer service department or confidential corporate information generated from the finance department. Segmenting these departments using a VLAN reduces security exposure. True, the hacked computer still has access to all of the broadcast traffic generated within the shipping department, but the packets generated by other departments are isolated and protected. In order to provide this type of isolation with a standard LAN configuration each department would have to have its own wiring and switches. Routers, in turn, would need to connect each of these LANs in order to allow them to communicate with each other. In a VLAN, the switch configures and controls all of these functions. This brings us to our next point, network complexity.
As functionality increases, so does complexity. As complexity increases, the ability to maintain a network becomes more and more difficult. Utilizing a traditional LAN configuration requires that the devices to be networked to share a unique switch and wiring structure. If multiple LANs need to communicate with one another, a router must be added and configured to exchange the information properly. If any networked devices are moved, physical changes need to be made to the wiring. In our example, if a customer service representative were moved to the shipping department, the switches and cables would need to be physically reconfigured. If a VLAN were used, all of the devices would share a common wiring and switching structure. If a device needed to be relocated, the network administrator would make a software change to the switch, adding the new device in shipping to the customer service segment.
The overall reduction in broadcast traffic improves performance on the VLAN. This reduction occurs because devices are only broadcasting packets to and listening for packets from other devices on its virtual segment. For instance, if two virtual LANs segment a physical network, each device on the VLAN would only be receiving half of the broadcast traffic; only those packets generated within their configured segment. This decrease in traffic increases available bandwidth and thereby improves performance. Consider this; in our example, cutting amount of traffic on a 100Mbps port in half effectively doubles the bandwidth.
In addition to the technical benefits of using a VLAN are the potential financial benefits. A reduction in maintenance requirements translates into a decrease in maintenance cost. An increase in network performance can produce an increase in productivity.
There is much more to virtual LANs than can be covered in this article. Cisco offers certifications, such as the Cisco Certified Network Associate (CCNA), which include the configuration and use of VLANs in an overall network design. CCNA training towards this certification is a good source to acquire a deeper understanding of VLANs and how they can play a role in any network design.
By: Hugh T. Nguyen
Article Directory: http://www.articledashboard.com
0 komentar:
Post a Comment