Virtual Local Area Networks (VLANs)

Differnet types

One of the very first things to note about VLANs are that there may be different types. Many pieces of professional networking equipment have implemented the IEEE standard known as 802.1Q tagging. However, there may be other/different, and incompatible, types of VLANs. For example, Qemu may support VLANs in a way that is entirely unrelated to using the technique of tagging Ethernet frames using the 802.11Q style.

Before committing to using a solution that involves VLANs, make sure that all VLAN-supporting pieces to the puzzle are using the same style of VLANs. Using multiple pieces of equipment from the same manufacturer will generally be sufficient. Simply, do not just assume 802.1Q compatibility unless that is confirmed. Doing so may work, frequently, but not always.

This guide is mainly about using VLANs for networking, and so will be discussing 802.1Q VLANs (primarily, or perhaps even exclusively).

VLAN Overview

Intro: What are VLANs? Why use VLANs?

VLANs are groups, so creating VLANs ends up creating groups of devices. At least when all the network infrastructure devices are supporting VLANs, what happens is that communication from one group to another group cannot happen, unless, of course, the VLAN-capable devices are configured to allow such communication.

Creating VLANs is similar, in broad concept, to creating subnets. Devices on different subnets may be unable to speak to each other without going through a device (a router) that knows how to get traffic go another device. VLANs can accomplish the same sort of task.

VLANs prevent devices from seeing devices in other VLANs by using Layer 2. In order to communicate with other devices, the traffic needs to be routed from one VLAN to another VLAN. The device that performs such routing services, enabling such communication to occur, will typically be a device that is working at Layer 3.

So, people can do interesting things with VLANs. Then again, people can do similar interesting things without using VLANs. All they would need to do is to place a device in a different subnet, and then handle the traffic by using traditional methods. So, why bother with this second method of groups?

This does cut down on broadcast traffic. (Devices on different VLANs won't see the broadcast traffic of devices on other VLANs.) That may not be a major advantage, but it is one advantage.

Another benefit to using VLANs: if a router wanted to change what group a host was in, then a host would need to know about an IP address change. Using VLANs, changes can be made to network infrastructure (switches) and end user devices may not need to update their network addresses. This means that an administrator with remote control over a switch can make changes, and such a change will not require any reconfiguration of the end user device. Administrators may often have similar control over devices that rely on the network infrastructure to provide an IP address, but the changes might not take effect until the device automatically seeks an IP address (including renewing a DHCP lease). With VLANs, the device will not need to renew its network address.

The use of VLANs may also allow VLAN-capable switches to isolate traffic. VLAN-capable switches may be able to process VLANs faster than what a router can route traffic. (This may be likely to be implementation-dependent; perhaps there is not much theoretical requirement why that would need to be very true. However, even if there is no theoretical reason why that would need to be true, it might still be true in practice.) Although traveling from one VLAN to another VLAN may require a router to enable such communications, switches may be able to effectively block unwanted types of communication. Switches may also be able to enable desirable communication that occurs within the same subnet. So, there may be times when switches can perform the necessary task faster than most traditional-style routers.

That might be the most compelling reason. Speed may be a very key reason that has attracted many people to using VLANs.

Cisco Network Academy Discovery 3 slide says “VLANs isolate certain types of traffic for security. To move traffic between VLANs requires a Layer 3 device, which increases the cost of implementation and introduces an increased level of latency into the network.” This quote does seem to indicate that solutions that don't require routing can be faster.

802.1Q VLAN tagging

The way that 802.1Q VLANs work is that Ethernet frames are modified. The process is called “tagging”. The frames that are modified using 802.1Q-style tagging might not be valid Ethernet frames. (The main concern here is simply that, because 802.1Q tagging adds information to the frames, the 802.1Q tagged frames might be larger than the maximum size of a traditional Ethernet frame.) However, a lot of networking equipment can support not only traditional Ethernet frames, but also frames that are using the 802.1Q style of tagging. To see whether some equipment supports the 802.1Q extensions/modifications to the basic Ethernet frame format, check for support for IEEE 802.1Q. Sometimes products might refer to such a capability simply as support for VLANs, but VLAN support is not necessarily a sureful guarantee that the implemented VLAN support is 802.1Q compatible.

... (A further description of VLAN tagging may be added here at a later time.)

How to use VLANs

Currently, there are no instructions here, except for a reference for supporting VLANs from within Cisco devices. See: Cisco IOS VLAN support.

Additional topics

Cisco has been known to have people be trained in technologies related to using VLANs. Examples are VTP and DTP. (For example, these may be topics that people are expected to follow when going through the training material which Cisco released as part of the Cisco Network Academy program.)

Further details about such topics may be referenced as part of the section that discusses the Cisco Certified Networking Associate (“CCNA”) Routing and Switching section.