Virtual LAN Network Administrators Once

Virtual LAN

Network administrators once had to physically plug and unplug cables to switch local area network (LAN) assignments. A LAN was defined and delimited by its physical network architecture. Only terminals and workstations physically linked together, hard wired onto the same routers, could be LAN members. A geographically fragmented organization could not create one unified network with the same broadcast domain until the advent of virtual LAN.

Virtual LANs still rely on hard wiring at key points in the network architecture. Yet although router switches are still in use, the virtual LAN (VLAN) replaces the router switch to create network segments. A Virtual LAN can help manage network traffic, and link together work stations under the same domain without the need for hard wiring. Network administrators can manage geographically disparate workstations without having to assign different network addresses to each of them.

Instead of relying on hard wiring and router switches, a VLAN uses software to create logical, virtual networks and network segments. Many of the same companies that manufacture network hardware also develop network software like VLANs: such as Cicso. The software allows network administrators to design networks virtually, linking together geographically remote terminals and assigning them the same network address. Those workstations look and act as if they are hard wired together using traditional network hardware like router switches. No matter where the workstations are, they can share the same broadcast domain.

A virtual LAN also allows network administrators to move, add, remove, and reassign workstations without making any hard wire changes. Instead, the changes are made via a software interface. Virtual LANs are transforming the nature of network administration, making it possible for administrators to monitor and manage networks from a remote or centralized location no matter how geographically disjointed the system actually is ("What is a VLAN?"). Network administrators use virtual LAN software to assign identification profiles to end user terminals. Those profiles determine VLAN membership, and can be switched easily.

The advantages of using VLANS instead of or in addition to router switches in large networks are enormous and varied, including more efficient bandwidth allocation and more flexible network configuration and segmentation. At the enterprise level, VLANS have become crucial elements in the overall systems architecture because remote terminals must be connected and remain connected to the same broadcast domain. Without a VLAN, it would be impossible for remote computers to share the same address space and broadcast domain.

VLAN "maps workstations on some other basis than geographic location (for example, by department, type of user, or primary application)," (TechTarget). The virtual LAN essentially creates an image or a blueprint of the logical network. Network administrators use the software interface to create virtual links between workstations without the need for hard wiring or router switching. Thus, any group of end users sharing a common need can take advantage of the benefits of Virtual LAN technology. For example, a company's marketing departments in Tokyo, Berlin, and New York can share the same broadcast domain by being connected to a VLAN. Otherwise, they would be classified as separate network segments even though administrators theoretically treat them as being linked together. Virtual LANS encourage dynamic, diverse systems and permit greater flexibility in organizational structure in general. Any shift in organizational structure or personnel can be immediately reflected in the network architecture.

Only members of the VLAN process incoming packets, so that total bandwidth is far more efficient than with a traditionally switched LAN. In a hard-wired LAN, all terminals must be physically connected via router switches. Bandwidth is determined by the hard-wired network connections. Moreover, data packets "pass through multiple levels of network connectivity because the network is segmented," ("What Is a VLAN?" 2008). In other words, valuable bandwidth is consumed unnecessarily during the transmission process. Bandwidth management is one of the most significant reasons why large organizations are switching to Virtual LANS. Network traffic is less easily bottlenecked using a VLAN than a traditional LAN, and collisions in network traffic are prevented.

Using a VLAN vs. A router switch LAN may increase security as well as bandwidth. Like traditional LANS, VLANS are also switched networks but ones that logically rather than physically segmented. An early Cisco report indicates that VLANS "improve security by isolating groups" because "high-security users can be grouped into a VLAN, possible on the same physical segment, and no users outside that VLAN can communicate with them." The presumed isolation increases overall network security by limiting the possibility of intrusion. Rabinovitch (nd) notes that "VLANs can significantly improve security management by automatically placing unrecognized network users into a default VLAN, with minimal accessibility, secure from the rest of the network." The Media Access Control (MAC) address is commonly used as a first line of defense in the VLAN security system. Because switches do not automatically perform authentication checks, network administrators can configure VLAN software to perform identity checks.

However, Farrow (nd) identifies several security weaknesses with Virtual LANS. Virtual LANS do not exactly create protected network segments impenetrable to the outside world as Cisco had claimed. "Hopping" is possible, as virtual bridges may be established between VLANS. In fact, Farrow (nd) claims that security was never considered to be a feature of virtual LANS and that the presumed ability of VLANs to isolate workgroups is incomplete at best. Furthermore, firewall technology has evolved so that VLANs are detectable and therefore penetrable. Another drawback with VLANS is that "VLANs tend to break down as networks expand and more routers are encountered," ("Definition of Virtual LAN). Virtual LANS limit the number of supported tagged terminals. Interestingly, Rabinovitch (nd) claims that one of the reasons VLANS are used is "to ease network adds, moves, and changes."

Virtual LANs operate and function similarly to their traditional LAN counterparts, with physical ports, layers, authentications, protocols, MAC addresses, and IP subnets all playing a role in network design, segmentation, and management. VLAN does ease some of the constraints on network managers. For instance, "VLAN management software can then automatically reconfigure that station into its appropriate VLAN without the need to change the station's MAC or IP address." (NetworkWorld 2006). The IEEE's 802.1Q standards accommodated developments in VLAN technology, establishing ground rules for tagging and assigning membership regardless of the VLAN software vendors.

In Open Systems Interconnection (OSI) terminology, VLANs function on the data link layer: Layer 2. Using Layer 2, "packets are switched between ports designated to be within the same VLAN" (Cisco 1997). Virtual LANS can be configured to mimic functionality on the network layer, Layer 3. Traditional router switches can operate and move between multiple layers, whereas VLANs cannot. However, VLAN technology involves a robust tagging system that allows switches and ports to be configured as trunks (Farrow nd). Trunks in the network are the foundation for multiple VLANs in the same large network.