Virtual (or software-configured) local area networks can make network management simpler for you and improve the experience for your end users. If you’re new to setting up VLANs, you’ll want to start by getting an understanding of the different types you’ll need to create and some of the benefits it can have to your business. This post describes five of the most common types of VLANs, as well as the top reasons to implement them.
Most VLANs will be one of five main types, depending on their purpose:
Management VLAN: A best practice is to set up a separate VLAN for management traffic like monitoring, system logging, SNMP, and other potentially sensitive management tasks. In addition to the security benefits, this ensures that bandwidth for management will be available even when user traffic is high.
Data VLAN: Also known as a user VLAN, the data VLAN is designated only for user-generated data. How you group your data VLANs (such as by department or workgroup, for example) will depend on your organization’s structure and business processes. Before you jump into configuring your data VLANs, look at your entire possible VLAN landscape and spend some time assessing the logic for how to best group your users.
Voice VLAN: If your organization uses voice over IP (VoIP), you’ll want to have a separate voice VLAN. This will preserve bandwidth for other applications and ensure VoIP quality.
Default VLAN: This can refer to one of two types. Typically, the default VLAN refers to the one that all of the ports on a device belong to when it is switched on. On most switches, this default is VLAN 1 and should be changed for security reasons. Some network managers may use the term “default VLAN” to refer to a VLAN to which all ports are assigned when they’re not being used.
Native VLAN: The native VLAN is the one into which untagged traffic will be put when it’s received on a trunk port. This makes it possible for your VLAN to support legacy devices or devices that don’t tag their traffic like some wireless access points and simply network attached devices.
Benefits of VLANs
When implemented properly, VLANs will benefit your business through simplicity, stronger security, and an improved experience for your users:
Simplified administration for the network manager: One of the best things about virtualization is that it simplifies management. By logically grouping users into the same virtual networks, you make it easy to set up and control your policies at a group level. When users physically move workstations, you can keep them on the same network with different equipment. Or if someone changes teams but not workstations, they can easily be given access to whatever new VLANs they need.
Improved security: Using VLANs improves security by reducing both internal and external threats. Internally, separating users improves security and privacy by ensuring that users can only access the networks that apply to their responsibilities. External threats are also minimized. If an outside attacker is able to gain access to one VLAN, they’ll be contained to that network by the boundaries and controls you have in place to segment it from your others.
Easier fault management: Troubleshooting problems on the network can be simpler and faster when your different user groups are segmented and isolated from one another. If you know that complaints are only coming from a certain subset of users, you’ll be able to quickly narrow down where to look to find the issue.
Improved quality of service: VLANs manage traffic more efficiently so that your end users experience better performance. You’ll have fewer latency problems on your network and more reliability for critical applications. VLANs also make prioritizing traffic much easier, allowing you to make sure critical application data keeps flowing even when lower priority traffic like web browsing spikes.
Understanding the types and benefits of VLANs is a first step in implementing this useful technology. When you’re ready to move ahead with creating your VLANs, Summit reps are available to discuss the best VLAN-capable switches and routers to use in your network.