What is a VLAN and how does it work?
You seldom see a network of any size these days that does not have multiple, multiple connections coming into it from external networks (or the internet), and servers and wireless networks and any number of devices all of them interconnected together on that network and/or through it or to it.
Scarily enough, it’s not unheard of to HAVE all of these connections and devices on a SINGLE broadcast domain on your network, but this type of setup is very highly not recommended!
If you DO put all devices on the same broadcast domain, you’re asking for trouble – You could have traffic issues, collisions that never stop and most importantly you’d be putting your network at severe risk of security issues for multiple reasons (that we get more into detail with on the “New to Networking” Course).
To The Question: What Is a VLAN and How Does It Work?
So the question then becomes what if you had a way of segmenting or dividing that network up using the switch(es) you already have?
This is where VLANs come into play.
I really quickly want to show you another scenario to help clarify VLANs a bit more…
Let’s say you have an organization or company with multiple buildings and the employees in each of these buildings all need to use the same company network…
Now I’m gonna show 2 of those buildings here, but pretend these are 2 of MANY buildings in this company.
In this building (on the right) you have research and development and they have their lab and records, and in this building (on the left) you have HR and Management. A more realistic scenario like this is you have your servers and storage for everyone in the company all in one big data center or cool room where the technicians and administrators can easily access all of it and maintain it.
But for the purposes of this example, we’re going to only look at these 2 buildings…
Now, if your groups are all separate, you can have a switch for each group in each building and then connect all the switches together with a router to put them on the same network.
But what if you need to have a 1 person from the management group working in the same building as the research and development group?
Since it’s just 1 person, you’d have to string another network cable from the router in Building 1 over to the building on the right and put another switch there JUST for that 1 person.
What if you had to have someone from HR working in the building on the right? Would you need to install a switch with another connection back to the router for each person?
That can get expensive, tedious and it can start requiring more and more space and equipment every time you put someone from another LAN segment in the same building.
And we don’t want someone from research and development having access to the same network resources as say the HR person or the management person, so we can’t connect them on the same switch the research and development group uses, right?
See how this can get out of hand?
VLANs Are the Answer!
So VLANs come into play for just this scenario and many others, as well, which we’ll talk about shortly down the road in other videos.
You can configure multiple VLANs on your network (one for each group – HR, management, research and development) that can’t communicate directly with each other on the network or access each other’s devices and resources.
And you can configure VLANs within the switch programming on each switch/networking device, so you can divide a single physical switch into multiple VLANs (or pie pieces like the analogy I used at the beginning of this video).
This allows you to only use a single switch in the same building without having to get another switch with another connection each time you have another person(s) from a different group in the same building/location.
“You Gotta Keep ‘Em Separated” ~ The OffSpring
The physical port or interface on the switch that is connected to the HR person’s computer is configured in the “HR” VLAN (whatever VLAN number you decide to use for HR), the physical port or interface on the SAME switch that is connected to the “Management” person’s computer is configured in the “Management” VLAN (again whatever VLAN number you decide to use for the Management VLAN) and all other ports are configured in the “Research & Development” VLAN.
Now they’re all kept separate but they can all still use the same physical switch without having to have a separate switch for each group in the same building.
Broadcasts in each VLAN are not seen or dealt with by computers and devices in the other VLANs.
By doing so, you have prevented all devices and resources in the same company from ALL being on the same segment with more traffic and collisions and everyone having access to everything. And now you are controlling the traffic, collisions and access within each group …simply by using separate VLANs FOR each group.
Now, I get into more detail in my “New to Networking” Course on this, but each VLAN will be assigned a number.
And if you’re a visual learner, just to give you a better visual, think of each VLAN as a different color (even though they’re not).
If the HR VLAN is say the “Blue” VLAN, you can see here how the HR person in the building on the right can utilize the same network segment (same Virtual LAN or VLAN) to connect to everyone else and all the network resources in the HR group.
Same for the other groups. Again each one has their own separate VLAN.
Now, for the purpose of keeping each of these videos as simple as possible, helping you pass the Network+ Certification Exam and hopefully the CCNA, there are many other facets of VLANs that I can show you (and I WANT TO show you!), but for now I just want to add on “Trunks” because in this example, we will need a trunk connection setup on each of these switches to pass the traffic from those multiple VLANs across to each other.
What Is a “Trunk”?
I want to talk just for a second about that connection between switches (or network devices) that carries traffic for multiple VLANs at the same time. This is important when you’re learning about VLANs.
The term used to describe a multiple VLAN configured connection like this is “Trunk” and it is similar to putting multiple vines together to make a bigger “Trunk” in nature.
You can also think of it as putting multiple fiber-optic wires or steel cables together (which is also known as a “Trunk”)
Multiple VLANs traversing the same network connection (typically between 2 switches or Layer 2 devices) is called a “Trunk”
Now this can be over a single network cable or using multiple network cables in a Link Aggregation or Ether-Channel.
But what you’re doing in a “Trunk” connection is you’re configuring the interface on 1 switch to add an indicative tag to the out-going traffic for the traffic and data that belongs in each respective VLAN to allow the receiving switch (which also has ITS corresponding interface configured as a “Trunk”) to understand which data and traffic belongs in which specific VLAN.
Again, using our example of these 2 buildings, if you have 3 VLANs (HR’s VLAN, Management’s VLAN and Research & Development’s VLAN) that need to traverse over to and connect to the other switch in the other building, each of these facing interfaces on these 2 switches will have to be configured as “Trunk” connections and the respective VLANs have to be configured into those trunks.
If let’s say you’re using VLAN 2 for HR and VLAN number 3 for management and VLAN number 4 for Research & Development…
You will have to configure the interface on this switch in the building on the right as a “Trunk” and add VLAN 2, VLAN 3 and VLAN 4 to that trunk configuration.
As well, you will have to configure the corresponding interface on the other switch in the building on the left as a “Trunk” with VLAN 2, 3 and 4.
This allows the 2 switches to send traffic back and forth for all 3 VLANs while still keeping them separate (which is the primary purpose of having VLANs in the first place).
Now, the person in the management group working in the building on the right can connect to VLAN 3 and other network computers, users, servers, printer on VLAN 3 that may be located in the building on the left (and vice versa).
Same for the HR VLAN (VLAN 2) and the Research & Development VLAN (VLAN 4).
This is done by configuring the 2 facing interfaces as “Trunk” connections to carry the traffic and data for all the needed VLANs.
Again, don’t get a “Trunk” confused with an Ether-Channel/Link Aggregation, as they are not the same.
What is a VLAN and how does it work? Well, now you know the basics!
Be sure to look for upcoming posts and videos where I go more in-depth into VLANs and show you “Dynamic” VLANs and VTP (Virtual Trunking Protocol).