As you get deeper into networking, you’ll learn about additional tools and techniques that grant you more freedom and flexibility. As networks grow in capacity and complexity, freedom and flexibility become invaluable.
On that journey, one of your most valuable tools is the VLAN. It’s a way to group devices in a network pretty much however you want, giving you more control over the flow of information across your whole network.
It’s worth taking a minute to learn the essentials of VLANs and how they can help you.
Let’s start at the beginning. VLAN stands for “virtual local area network.” In case you aren’t familiar, a local area network (LAN) is a network of devices that are connected by cables. You can have small LANs, large LANs, and even wireless LANs, but the gist is the same...
Getting back to VLANs, the “virtual” aspect of the LAN is much what you would expect. It’s a method that allows you to group devices together even if they aren’t all connected to the same switch. Ultimately, a VLAN can only group devices that have some type of networking connection, but virtualization allows you to make subgroups in flexible ways that can generate a range of benefits for how you manage your network.
What’s the Point?
That’s what this is all about. It’s creating groups of devices in ways that are advantageous. In the next few sections, we’ll get into some of the most common and powerful advantages of VLAN design, but there’s a general advantage that connects all of these other ideas: domains.
When you boil everything down to the essentials, VLANs work by creating more domains. These virtual domains allow you to have a wider range of total domains in the same physical network. They also allow you to put fewer devices under each domain. This is the essence of flexibility and how the subgrouping of VLANs really works.
So, what do you get from this? Why are the extra domains useful?
There are countless potential benefits, but the three you need to know most relate to security, efficiency, and data management.
Let’s start with security. VLANs allow you to create more domains without adding any hardware. This means you can create virtual segmentation in your network. In other words, you can create software-based barriers that prevent devices that are connected to the same switch from talking to each other.
While this might sound inefficient (more on that in the next section), it’s an incredibly powerful security tool.
Imagine that a device on your network gets hacked. If that device can directly communicate with other devices on the network, you have a significant issue. The one compromised device can ultimately compromise even more devices, using your own network against you.
But, what if you have a VLAN? You can create segments so that any single endpoint device has limited access to the rest of the network, and you’re creating that segment with virtualization. So, you don’t have to put a physical firewall between each node in your network. Instead, you can use VLANs to group devices in ways that limit security risks if a breach occurs.
Of course, if you deeply segment everything on your network, you eventually create too many barriers, and you lose efficiency. Fortunately, VLANs can actually improve network efficiency.
This comes back to grouping. With your VLANs, you can segment devices according to their function. As an example, you can put all VOIP devices on a single VLAN, even if they’re spread across an entire office building.
This is good for security since VOIP devices are segmented away from other devices — limiting how much any one breach can impact the greater network. It’s also good for resource efficiency. Your routing can prioritize bandwidth to each VLAN according to its function. If VOIP is business-critical, you can give it more bandwidth. If it’s not that important, you can throttle the bandwidth and free up power for things that matter more.
Keep in mind that this is a single example of segmenting for efficiency. You can create VLANs according to business departments, what kind of data the devices handle, whether or not the devices need internet access, and any other grouping that makes sense for your networks. That’s the power and freedom of VLANs.
The third advantage relates to data. While you’re segmenting your network to improve security and efficiency...
Data management is where security and efficiency meet.
That covers the essentials of VLANs. As you gain experience designing and deploying them, you’ll see that their utility is nearly limitless.
Additional Learning Center Resources