VLANs

Hi, today I am going to talk about VLANs (Virtual Local Area Network). In order to understand what VLANs are we need to know what a broadcast domain, and a LAN (Local Area Network) is. A broadcast domain is a set of devices that will receive a broadcast frame when any device in that set sends one. One example of a broadcast domain is 8 devices that are connected to an ethernet hub. When one device on that hub transmits data to another host on that ethernet hub, every other host receives it even if the data was directed at someone else. Because of the function of an ethernet hub, whether there are 2 devices plugged in or 10 devices plugged in they are still a part of the same broadcast domain.

Broadcast domains exist in layer 2 as well with layer 2 switches. Any device connected to the same or interconnected switches with default settings (meaning no VLANs have been created) belong to the same broadcast domain. So if there is one switch with 24 devices plugged into it, one PC sends out an ARP request (broadcast frame), every other device connected to that switch will receive that ARP request. Layer 2 switches do not break broadcast domains, so if you interconnect two switches and you have PCs connected to one switch and PCs connected to another switch (with no change in VLANs) an ARP request with a PC from the 1st switch will still be received by a PC connected to the 2nd switch. The only thing adding a layer 2 switch does to a topology is extend the broadcast domain. Broadcast domains are broken by Layer 3 devices such as routers and also VLANs, which create multiple layer 2 broadcast domains. By default, routers will not forward layer 2 broadcast frames.

Now what is a LAN? In short but accurate definition, a LAN is basically a broadcast domain. A local area network is usually a set of devices sharing a network together within a limited geographic area such as a building, campus, or home. So in someone’s household say they have 2 PCs, 3 phones, some laptops, xbox, appliance IoT devices, and are all connected to the same local subnet. Every device in a LAN can talk to each other without needing a default gateway, and has the capability of being completely offline. Since a LAN is basically a broadcast domain, meaning it can only communicate to devices within other LANs via default gateway.

A VLAN provides the same functionality of a LAN but it is virtual. By same functionality, a VLAN is also a broadcast domain and devices in the same VLAN will receive any broadcasts that are sent out. That means if a device is in a different VLAN they will not get that broadcast domain even if they are on the  same switch. Since this is a virtual LAN, there is no need for a router to “break” that broadcast domain or any other physical device or cables to separate traffic. VLANs allows you to take a switch with a default setting of every port being on VLAN 1 into as many VLANs or broadcast domains as you would like. A VLAN is a virtual segmentation of traffic connected to switches. This allows one switch to act as a LAN for 4 types of traffic; someone on one VLAN will never get a broadcast from another device on a different VLAN as if they were basically in a different building. This is powerful for companies and enterprises, who have different types of employees who have different needs such as HR, Management, Sales, or Finance. They can all communicate within their own department, all while having their traffic separated from the other departments. One other benefit is that this limits broadcast domains, especially for larger corporations. Excessive broadcast traffic can unnecessarily increase processing overhead and reduce network performance. VLANs are also great because users who are connected to two different interconnected switches can still communicate with each other if they are in the same VLAN. Say a corporation has two offices on two different floors for HR and are connected to two different interconnected switches. A user in HR can communicate with another user in HR on another floor as long as they are in the same VLAN and in the same subnet, no routing is required. Their traffic is treated as if they are on the same LAN even if it’s virtual.