Creating a Virtual LAN for Security

Page content

Virtual LANS

A Virtual Local Area Network (VLAN) is the separation of computers logically by switches. A VLAN can be compared to and acts like a Local Area Network (LAN). Network Administrators should create a VLAN if they have more than 200+ devices on their network, have busy computers that broadcast, if groups of users require additional security or to optimize regular broadcasts.

Because VLANS optimize and offer higher performance for medium to enterprise size networks; networks with less than 200 computers generally do not need VLANs. Because broadcast packets increase with each node (computer, printer, etc.) placed on a local area network, VLANs can help with busy networks.

Individual client computers and servers can be located anywhere in a network when creating a VLAN. These computers can be located logically in a Virtual Local Area Network (VLAN) so that broadcasts packets are sent to nodes within the virtual local area network that was created. VLANs can be created with most modern managed switches.

Configuring Wireless VLANS

Many VLANs are configured by using MAC (Media Access Control) addresses or by using individual ports on a switch. This allows switches to recognize when the workstation has been moved to another port on a switch. Many managed switches can be configured to manage VLANS that are created on your switch within your LAN.

To put an order to properly understanding this, an IT department can have 10 computers in the accounting department with a server. Each of these computers are connected to a managed switch where the managed switch is configured through a web browser. The computers and server is plugged into the switch and the individual ports are assigned to a ‘Virtual’ network of their own. By doing this, the broadcast traffic between the computers and their server is isolated.

Because VLANs are considered separate parts of your network, security is enhanced by isolating these networks and ‘holding’ broadcast within the VLAN. More and more companies are implementing wireless technology, with security being a key issue with all companies today, the IT departments should separate wireless access points with VLANs. This can and would help to prevent roaming on wireless networks by wireless devices if key departments need extra security.

Wireless Configurations and VLANs

There are two primary ways to configure a wireless network. The first method of configuration for a VLAN is to separate the packets of data at the switch. This methodology is the same as placing a computer on a virtual lan. The ethernet cable connecting the access point is plugged into a switch were the access point is placed on a VLAN. Because ports (on switches) separate VLANs, the access point can be on a VLAN.

The second method of configuration takes place on wireless networks when an access point is responsible for separating packets or data. This allows an individual user to roam and still be connect to a VLAN on the wireless network. Because this method uses more advanced access points (APs), the access point in this configuration generally supports multiple VLANS and a separation can take place at this level. The Access Point can emulate multiple wireless infrastructures and have different SSIDs. SMC corporation is one of a few manufacturers that offer these advanced access points.

If you have used VLANs to hold down broadcast packets, consider using these virtual areas of a network to separate key areas of your network where security is important.