A virtual local area network is a logical subnetwork that groups a collection of devices from different physical LANs. Large business computer networks often set up VLANs to re-partition a network for improved traffic management. Several kinds of physical networks support virtual LANs, including Ethernet and Wi-Fi.

What Are VLANs Helpful With?

When set up correctly, virtual LANs improve the performance of busy networks. VLANs can group client devices that communicate frequently with each other.

The traffic among devices split across two or more physical networks is usually handled by a network's core routers. With a VLAN, that traffic is handled more efficiently by network switches.

VLANs also bring security benefits to larger networks by allowing greater control over which devices have local access to each other. Wi-Fi guest networks are often implemented using wireless access points that support VLANs.

Static and Dynamic VLANs

Network administrators often refer to static VLANs asport-based VLANs. In a static VLAN, an administrator assigns individual ports on the network switch to a virtual network. No matter what device plugs into that port, it becomes a member of that specific virtual network.

In dynamic VLAN configuration, an administrator defines network membership according to characteristics of the devices rather than the switch port location. For example, a dynamic VLAN can be defined with a list of physical addresses (MAC addresses) or network account names.

VLAN Tagging and Standard VLANs

VLAN tags for Ethernet networks follow the IEEE 802.1Q industry standard. An 802.1Q tag consists of 32 bits (4 bytes) of data inserted into the Ethernet frame header.

The first 16 bits of this field contain the hardcoded number 0x8100 that triggers Ethernet devices to recognize the frame as belonging to an 802.1Q VLAN. The last 12 bits of this field contain the VLAN number, a number between 1 and 4094.

Best practices of VLAN administration define several standard types of virtual networks:

• Native LAN: Ethernet VLAN devices treat all untagged frames as belonging to the native LAN by default. The native LAN is VLAN 1, although administrators can change this default number.
• Management VLAN: Supports remote connections from network administrators. Some networks use VLAN 1 as the management VLAN, while others set up a special number for this purpose (to avoid conflicting with other network traffic).

Setting Up a VLAN

At a high level, network administrators set up new VLANs as follows:

1. Choose a valid VLAN number.

2. Choose a private IP address range for devices on that VLAN to use.

3. Configure the switch device with either static or dynamic settings. In static configurations, the administrator assigns a VLAN number to each switch port. In dynamic configurations, the administrator assigns a list of MAC addresses or usernames to a VLAN number.

4. Configure routing between VLANs as needed. Configuring two or more VLANs to communicate with each other requires the use of either a VLAN-aware router or a Layer 3 switch.

The administrative tools and interfaces used vary depending on the equipment involved.

FAQ

• What is a characteristic of legacy inter-VLAN routing?

  The legacy router-on-a-stick model allows for multiple VLANs, but each VLAN needs its own Ethernet link.

• Why is VLAN trucking used?

  A VLAN trunk is an OSI (Open Systems Interconnection) Layer 2 link between two switches. VLAN trunks are commonly used to carry traffic between switches and other network devices.

• What is a VLAN ID?

  Every VLAN is identified by a number between 0 -4095. The default VLAN on any network is VLAN 1. The assigned ID allows the VLAN to send and receive traffic.

• What is the maximum frame size for Ethernet II frames on a VLAN?

  An Ethernet frame must have a size of at least 64 bytes for collision detection to work. It can have a maximum size of 1,518 bytes.