In a company or in universities it is necessary that users do not have access to all computers connected to the LAN. This ensures that the security of data traffic is protected.
To implement this control, virtual networks are created within the physical network. These computer architectures are called VLAN for its initials Virtual Local Area Network.
Its operation is based on IP addressing. There are different kinds of VLANs and types of designs, which we will explain in this article. If you want to know in depth what is related to virtual networks, continue reading.
What is a VLAN and what is it for in a computer network?
A VLAN is a virtual local area network that is part of another computer network. In this way, it can exist different VLANs within a LAN, so it allows any node Manage to transmit your data, directly, to another node (which connect to each other) without the need for a team to link it.
This type of network allows for better network administration. General or LAN, since you can create different segments so that computers belonging to different VLANs do not share information.
How does IP addressing work on a campus network?
Before starting it is necessary to clarify that an IP address is made up of 4 octets that can be divided into two groups to identify the network and the host. This causes different kinds of IP according to the organization of each of those 4 groups to identify in a different way than the network and host.
This classification allows establishing a specific number of subnets that can be applied to each IP. In this way, the main network to which the host connects is established and then the nodes that share the same network identification are located and that allow them to communicate with each other. From this it appears that there are 3 kinds of subnet mask (255.0.0.0; 255.255.0.0 and 255.255.255.0).
Having clarified the above, we can establish that the IP operation on a campus is established by identifying the server or routing device that belongs to a certain network. For this, a binary mathematical operation to establish the composition of the network.
This would be, for example, if you have a "IP 192.168.1.1/24" means you have 24 bits that are intended for network identification, so the subnet would be class C, "255.255.255.0", belonging to the network whose IP is "192.168.1.0".
VLANs main design considerations What should we consider?
When designing a VLAN network it is necessary to take into account the security of the network as a whole. By this we mean that each device that belongs to a virtual local area network must have restrictions so that cannot access others in which you do not have permission. This will limit data packet traffic and improve network performance. On the other hand, it is necessary to establish in the design of a network the possibility that create other VLANs within the LAN.
So the implementation of a sufficiently large and efficient switch must be taken into account to be able to handle all operations safely. For a switch to be compatible with virtual LAN networks, you must configure all the ports that will be associated with them and deactivate those ports that will not be used. This will prevent intruder access. In addition, controls must be established so that you can only log in using Encrypted ssh.
By last, it would remain to study the physical space. The server and other equipment, such as the router and switch, need to be in safe places so that nobody can enter them and modify their settings. It is also useful to establish administrator profiles that are different from that of users so that unauthorized persons cannot enter computers that do not correspond to them.
Types of VLANs Which are the most important?
There are different types of VLANs.
Here are the most important ones you can find:
From end to end
This type of network is designed according to the traffic flow it handles, through the figure of client-server. This results in devices being grouped based on the resources they use and thus they manage to improve the efficiency in the performance of all the components that make up the network.
Among the most important characteristics we can mention that the users are grouped in each VLAN have the same security requirementTherefore, their geographical location is not interested but the function of the work they do.
Geographical
VLANs classified by their geographical area is the opposite of what was seen in the previous point. These are created when it is not possible to have an end-to-end virtual network, because its maintenance is difficult to achieve, since the teams use resources that are not in the same Virtual LAN.
The structure that these VLANs They vary in size. You can find some that only belong to a switch and others that are in a whole company building. So the data traffic can travel through OSI layer 3 devices to obtain the resources to a greater or lesser extent.
Most used VLAN designs Which are the most efficient and recommended?
According to the characteristics that we have analyzed, we can mention the most used designs of VLANs.
Which we present below:
Multi
Multiple VLAN designs consist of configuring different virtual networks within a LAN network, managing to physically segment the network so that it decrease broadcast traffic. This reduces the collision domain and, by limiting user traffic to a certain area, it generates more security.
From Switch HSRP
Design HSRP (Hot Standby Router Protocol) switch uses a protocol that is configured so that different devices, of the layer 3 of the OSI model, work based on the priority assigned to them. That is, if there is a failure in some of them that is considered main, another equipment automatically works in its replacement, which is on standby. In this way, the configuration can be 0-255 through a single door.
From Switch GLBP
This design is used to improve the capacity of the previous design, i.e. the HSRP. This makes it possible to use the most efficient equipment and in this way reduce the administrative costs of the network. With this extension, it is possible to assign different protocols to grant responsibilities to different virtual IPs and distribute virtual MACs. between the devices connected to the group GLBP.
Those who assign the MAC addresses to the nodes are the virtual gateways, while the virtual promoter is in charge of granting the traffic data to each virtual MAC. A GLBP network can have up to 4 gateways. This is because a provider can have up to 1024 GLBP, while the support of that device only supports a single network GLBP and every GLBP it can have up to 4 nodes.
From Switch VSS
Virtual Switching System or VLAN design of Switch VSS is a virtual network architecture that combines several switches in one virtual switch. This makes operations more efficient because the communication between the devices is non-stop due to the need for a single transport IP. It can reach a bandwidth of up to 1.4 TB / s.
VSS designs are characterized by improving operational efficiency. They also allow for increased communications using multi-layered network architecture saving administration costs.