Knowledge Base

What is VLAN and What Does It Do?

VLAN (Virtual Local Area Network) is a network technology that allows devices on physically different network segments to be logically located on the same network. VLANs improve security, improve performance, and simplify network management by segmenting network traffic.

• Security: VLANs prevent unauthorized access by isolating the traffic of different departments or user groups. For example, the traffic of the finance department can be kept in a separate VLAN, restricting access from other departments.
• Performance: It limits broadcast traffic and reduces network congestion by segmenting network traffic. Since each VLAN has its own broadcast domain, broadcast traffic is only transmitted to devices within that VLAN.
• Ease of Management: VLANs allow you to reorganize network segments without changing the physical infrastructure. A device can be easily moved to a different network segment by changing its VLAN.

Example: In a company office, there are accounting, sales, and engineering departments. By creating a separate VLAN for each department (VLAN 10, VLAN 20, and VLAN 30), inter-departmental traffic can be isolated. In this way, only authorized personnel can access sensitive data in the accounting department.

Basic Working Principle of VLANs:

1. VLAN ID: Each VLAN is assigned a unique identification number (VLAN ID). This ID can be a value between 1 and 4094.
2. Tagging: A tag (VLAN Tag) containing the VLAN ID is added to Ethernet frames. This tag specifies which VLAN the frame belongs to.
3. Switch Ports: Switch ports are assigned to VLANs. A port can belong to a single VLAN (access port) or multiple VLANs (trunk port).

Access Port: These are ports that belong to only one VLAN. Traffic coming from and going to these ports is transmitted without a VLAN tag.

Trunk Port: These are ports that belong to more than one VLAN. Traffic passing through these ports is transmitted with a VLAN tag. Trunk ports enable the transmission of VLAN information between switches.

VLAN Configuration Example (Cisco Switch):

! Creating VLAN 10
configure terminal
vlan 10
name Accounting
exit

! Creating VLAN 20
vlan 20
name Sales
exit

! Assigning FastEthernet0/1 port to VLAN 10
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
exit

! Configuring GigabitEthernet0/1 port as trunk port
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
exit

What is a Subnet and What Does It Do?

Subnet is the process of dividing an IP network into smaller, logical divisions. Subnets allow for more efficient use of IP addresses, improved network performance, and enhanced security.

• IP Address Efficiency: By dividing a large IP address block into smaller subnets, it reduces the number of unused IP addresses.
• Network Performance: By segmenting network traffic, it limits broadcast traffic and reduces network congestion. Since each subnet has its own broadcast domain, broadcast traffic is only transmitted to devices within that subnet.
• Security: By controlling traffic between different subnets through routers or firewalls, it prevents unauthorized access.

Example: The 192.168.1.0/24 address block can be divided into two subnets, 192.168.1.0/25 and 192.168.1.128/25. This allows for 126 usable IP addresses in each subnet, and a total of 254 IP addresses can be used efficiently.

Subnet Mask: The subnet mask is used to determine the network address and host address of an IP address. The subnet mask indicates which bits of the IP address represent the network address and which bits represent the host address.

Subnet Calculation: Subnets are calculated using the IP address block and the subnet mask. The subnet mask is subjected to an AND operation with the IP address to determine the network address.

Subnet Configuration Example (Linux):

! Assigning an IP address and subnet mask to the eth0 interface
ifconfig eth0 192.168.1.10 netmask 255.255.255.0

! Setting the default gateway
route add default gw 192.168.1.1

CIDR (Classless Inter-Domain Routing): CIDR notation is used to specify the IP address and subnet mask in a single expression. For example, 192.168.1.0/24 represents the 192.168.1.0 IP address and the 255.255.255.0 subnet mask.

What are the Key Differences Between VLAN and Subnet?

VLAN and subnet are two different technologies used to segment networks. Both help improve network performance, enhance security, and simplify network management. However, their operating principles and usage areas are different.

VLAN: VLANs are configured on switches, and devices in the same VLAN are in the same broadcast domain. VLANs allow you to reorganize network segments without changing the physical network infrastructure.

Subnet: Subnets are configured on routers, and each subnet has its own IP address block. Subnets allow you to use IP addresses more efficiently, improve network performance, and improve security. Devices in different subnets communicate through a router.

Important Point: VLANs create different logical networks on the same physical network, while subnets allow you to use IP addresses more efficiently and segment network traffic.

When to Use VLAN?

VLANs are recommended in the following cases:

• Security Needs: To isolate the traffic of different departments or user groups. For example, by keeping the traffic of the finance department in a separate VLAN, access of other departments can be restricted.
• Performance Needs: To limit broadcast traffic and reduce network congestion by segmenting network traffic. For example, you can improve network performance by keeping a group of servers that generate heavy traffic in a separate VLAN.
• Ease of Management: To reorganize network segments without changing the physical infrastructure. For example, a device can be easily moved to a different network segment by changing its VLAN.
• VoIP (Voice over IP) Networks: To separate voice traffic from data traffic and apply QoS (Quality of Service) policies. VoIP traffic can be prioritized by keeping it in a separate VLAN.
• Guest Network: By creating a separate VLAN to provide internet access to guests, you can protect the security of the company network.

Real-Life Example: On a university's campus network, three different VLANs can be created: a student network, a staff network, and a guest network. The student network is granted internet access and access to some resources, while the staff network is granted access to all resources. The guest network only provides internet access and prevents access to the university's internal network.

When to Use Subnets?

Subnets are recommended in the following situations:

• IP Address Management: To reduce the number of unused IP addresses by dividing a large IP address block into smaller subnets.
• Network Performance: To limit broadcast traffic and reduce network congestion by segmenting network traffic.
• Security: To prevent unauthorized access by controlling traffic between different subnets through routers or firewalls.
• Geographic Location: To separate networks in different geographic locations. For example, a company's offices in different cities can be configured on different subnets.
• Network Size: To manage large networks with a large number of devices. Subnets divide large networks into smaller, manageable pieces.

Real-Life Example: A company has a headquarters and branches. By creating a subnet for the headquarters and each branch, the IP addresses of devices in each location can be managed in an orderly manner. In addition, security can be increased by providing inter-branch communication over VPN tunnels.

How to Use VLAN and Subnet Together?

VLAN and subnet are technologies that are often used together. VLANs logically group physical network segments, while subnets allow for more efficient use of IP addresses and segment network traffic.

Scenario: In a company's office, there are accounting, sales, and engineering departments. Each department has its own VLAN (VLAN 10, VLAN 20, and VLAN 30). Each VLAN is assigned a different subnet (192.168.10.0/24, 192.168.20.0/24, and 192.168.30.0/24). In this way, inter-departmental traffic is isolated, and each department has its own IP address block.

VLAN and Subnet Configuration Steps:

1. Creating VLANs: Create VLANs on the switches and assign a VLAN ID to each VLAN.
2. Assigning Ports to VLANs: Assign switch ports to the relevant VLANs.
3. Determining Subnets: Determine a subnet for each VLAN and plan the IP addresses.
4. Routing: Configure a router to provide communication between VLANs. The router acts as a gateway for each VLAN.
5. Assigning IP Addresses: Assign IP addresses to devices from the subnet belonging to the relevant VLAN and specify the router's IP address as the default gateway.

VLAN and Subnet Configuration Example (Cisco Switch and Router):

Switch Configuration:

! Creating VLAN 10
configure terminal
vlan 10
name Accounting
exit

! Creating VLAN 20
vlan 20
name Sales
exit

! Assigning FastEthernet0/1 port to VLAN 10
interface FastEthernet0/1
switchport mode access
switchport access vlan 10
exit

! Assigning FastEthernet0/2 port to VLAN 20
interface FastEthernet0/2
switchport mode access
switchport access vlan 20
exit

! Configuring GigabitEthernet0/1 port as a trunk port
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
exit

Router Configuration:

! Creating GigabitEthernet0/0.10 subinterface and assigning it to VLAN 10
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
exit

! Creating GigabitEthernet0/0.20 subinterface and assigning it to VLAN 20
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
exit

In this configuration, VLAN 10 and VLAN 20 are created on the switch, and the relevant ports are assigned to these VLANs. On the router, subinterfaces (GigabitEthernet0/0.10 and GigabitEthernet0/0.20) belonging to the GigabitEthernet0/0 interface are created, and each subinterface is assigned to the relevant VLAN. By assigning an IP address and subnet mask to each subinterface, routing between VLANs is provided.

What Should Be Considered When Choosing VLANs and Subnets?

The choice of VLANs and subnets depends on factors such as the size and complexity of the network, security requirements, and performance goals. It is important to pay attention to the following points to make the right choice:

• Network Size: A single subnet may be sufficient for small networks, while using multiple subnets for large networks makes IP address management easier.
• Security Requirements: In networks with high security requirements, VLANs and subnets can be used to isolate the traffic of different departments or user groups.
• Performance Goals: In networks that generate heavy traffic, VLANs and subnets can be used to limit broadcast traffic and reduce network congestion.
• Ease of Management: VLANs can be used to reorganize network segments without changing the physical infrastructure.
• Cost: VLANs are configured on switches, while subnets are configured on routers. It is important to consider the cost of both technologies.

Important Point: The choice of VLAN and subnet should be made according to the needs and requirements of the network. Both technologies have advantages and disadvantages. To make the right choice, it is important to carefully analyze the network's requirements and choose the appropriate technology.