WebMail 
Virtual Lan – VLANS
Well, on a typical network infrastructure we have switches, routers, firewalls etc. Today we are going to explore the switch, and more specifically, Vlans.
As we know, a switch can generally be used to connect multiple devices on the same network. One switch with 48 ports can serve only one network providing 48 available ports for devices that can belong to the same network (lets say 192.168.1.0/24).
Correct? YES and NO
Using Vlans we can create up to 4096 different networks (in our case 48 different networks). So we have a 48 switch and want to separate let’s say 2 departments within a company (for example the Accounting and Legal department); we can configure a switch by creating 2 different Vlans. Let’s pick up 2 IDs:
- Accounting Department Vlan100.
- Legal Department Vlan200.
Now let’s say that from our switch ports we are connecting:
- 1-16 for Accounting Department.
- 17-32 for Legal Department.
Using colours it will be easier to differentiate between devices. RED will be used for ports for the Accounting department devices and those in Blue will be the ports for Legal department devices only. (Ports 33-48 will be available for future usage).
When a device from the Vlan 100 (Accounting department in our case) needs to send information to devices that belongs in the Vlan200 (Legal department) through the switch; if it doesn’t know which device and switch port it belongs to it will send the information only to the Vlan ports that the Accounting department belongs to (Vlan 100 in our case). If it has a mac address in the mac table, it will forward the frame via the specific port that belongs specifically to the Accounting department Vlan. The same scenario applies for the Legal department; if a device wants to send information to a device belonging to the Legal department, it will only send it to Vlans belonging to the relevant department.
Once the frame enters the port, if the port is a member of the Vlan, it will be tagged with the appropriate VlanID; there are 2 encapsulated methods of tagging:
- ISL (Cisco proprietary protocol) and
- 1Q networking standard tagging protocol.
The Tagged frame is then forwarded to the port of the corresponding Vlan, and un-tags it before exiting to the appropriate destination, as the computer network interface is unable to read tagged frames.
What happens if we want the Legal department to communicate with the Accounting department or vice versa? Now we come across something called InterVLAN Routing; InterVlan routing is possible in some routers and layer 3 switches.
Now you may be thinking; ok we have ports belonging to two separate Vlans, so it is effectively members of two local area networks. The tagging information is removed once it leaves the port to travel to its destination, so then how does an external router complete the Vlan routing or send the signal to another Vlan on another switch? Well here it is probably best mentioning the trunk mode link. A trunk port is assigned to a port of the switch that does not belong to any Vlans (because it is not configured in access mode, rather in trunk mode) in order to pass to the next switch or the InterVlan routes the frames with Vlan information.
Vlans allow us to separate different networks on the same switch. The Accounting department can use for example: network 192.168.2.0/24 and the Legal department: 192.168.3.0/24. As well using Vlans, we can effectively isolate broadcast traffic. With Vlans, we can also configure the QoS for different devices that can be connected on the networks, such as Voip or devices that need to have a priority over other devices.
