Commit 148ec1

2025-03-07 22:37:20 R. Bishop: Initial Commit
/dev/null .. networking/vlans.md
@@ 0,0 1,116 @@
+ # Understanding VLANs (Virtual Local Area Networks)
+
+ ## What is a VLAN?
+
+ A **VLAN (Virtual Local Area Network)** is a **logical network segmentation technique** that allows devices on different physical networks to communicate as if they were on the same LAN. VLANs improve **network efficiency, security, and scalability** by **isolating traffic** without requiring separate physical infrastructure.
+
+ ---
+
+ ## Why Use VLANs?
+
+ ### **1. Improved Network Performance**
+ - Reduces **network congestion** by limiting broadcast domains.
+ - Enhances **data flow efficiency** in large networks.
+
+ ### **2. Increased Security**
+ - Isolates sensitive data from unauthorized users.
+ - Prevents **broadcast storms and unauthorized access**.
+
+ ### **3. Better Network Management & Scalability**
+ - Allows network administrators to **logically group devices**.
+ - Simplifies **adding or moving devices** without rewiring.
+
+ ### **4. Enhanced Traffic Control**
+ - Enables **Quality of Service (QoS)** for prioritizing data traffic.
+ - Ensures **critical applications get priority bandwidth**.
+
+ ---
+
+ ## How VLANs Work
+
+ VLANs function by tagging network traffic with an **identifier (VLAN ID)** to separate it from other traffic on the same physical switch.
+
+ ### **1. VLAN Tagging (IEEE 802.1Q)**
+ - Adds a **4-byte VLAN header** to Ethernet frames.
+ - Helps switches identify **which VLAN traffic belongs to**.
+
+ ### **2. VLAN Types**
+ | **VLAN Type** | **Function** | **Use Case** |
+ |--------------|------------|-------------|
+ | **Default VLAN** | All switch ports belong to this VLAN by default | General network traffic |
+ | **Data VLAN** | Segregates **user traffic** from management data | Corporate networks |
+ | **Voice VLAN** | Prioritizes **VoIP traffic** to reduce latency | IP Telephony |
+ | **Management VLAN** | Isolates **network control traffic** | Network administration |
+ | **Guest VLAN** | Provides internet-only access for **visitors** | Hotels, public Wi-Fi |
+ | **Native VLAN** | Unused VLAN assigned to untagged traffic | Interoperability between VLAN-capable devices |
+
+ ---
+
+ ## VLAN Configuration & Implementation
+
+ ### **1. Port-Based VLANs**
+ - Assigns specific switch **ports to a VLAN**.
+ - Devices connected to the same VLAN **can communicate**.
+ - Common in **small business and enterprise networks**.
+
+ ### **2. Tagged vs. Untagged VLANs**
+ | **VLAN Type** | **Tagging Method** | **Purpose** |
+ |--------------|----------------|-------------|
+ | **Tagged VLAN** | Uses **802.1Q tagging** to carry multiple VLANs on a trunk port | Used between switches |
+ | **Untagged VLAN** | Traffic is not tagged and belongs to a **single VLAN** | End-user devices |
+
+ ### **3. Trunking & VLAN Propagation**
+ - **Trunk ports** allow multiple VLANs to pass between switches.
+ - Uses **VLAN tagging (802.1Q)** to differentiate traffic.
+
+ ### **4. VLAN Routing (Inter-VLAN Communication)**
+ - **Layer 3 devices (routers or Layer 3 switches)** route traffic between VLANs.
+ - Requires **SVI (Switched Virtual Interface) configuration**.
+
+ ---
+
+ ## VLANs vs. Traditional LANs
+
+ | **Feature** | **VLAN** | **Traditional LAN** |
+ |------------|------------|----------------|
+ | **Network Isolation** | Logical separation | Physical separation |
+ | **Scalability** | Highly scalable | Requires more cabling |
+ | **Security** | Stronger isolation | Less secure |
+ | **Traffic Control** | Supports QoS & bandwidth management | Limited control |
+ | **Flexibility** | Can be reconfigured via software | Requires hardware changes |
+
+ ---
+
+ ## VLAN Security Best Practices
+
+ ### **1. Use VLANs for Network Segmentation**
+ - Separate **user, voice, and management traffic**.
+ - Prevents unauthorized access to **critical systems**.
+
+ ### **2. Secure VLAN Trunks**
+ - Restrict **trunking to necessary ports only**.
+ - Use **Native VLAN pruning** to block unused VLAN traffic.
+
+ ### **3. Enable VLAN Access Control**
+ - Use **MAC address filtering** and **802.1X authentication**.
+ - Implement **Access Control Lists (ACLs)** for additional security.
+
+ ### **4. Prevent VLAN Hopping Attacks**
+ - Disable **Dynamic Trunking Protocol (DTP)**.
+ - Use **private VLANs (PVLANs) for sensitive devices**.
+
+ ---
+
+ ## VLANs in the Fire & Security Industry
+
+ VLANs are widely used in **fire safety, security monitoring, and building automation**, enabling:
+
+ - **Isolated CCTV traffic** for secure video surveillance.
+ - **Segregated access control systems** to prevent cyber threats.
+ - **Dedicated VLANs for fire alarms and emergency communication**.
+ - **QoS-enabled voice VLANs for critical communication systems**.
+
+ ---
+
+ ## Conclusion
+ VLANs provide a **cost-effective and scalable solution** for **network segmentation, security, and traffic optimization**. They are essential in **corporate networks, security infrastructure, and data centres**, ensuring **efficient, secure, and organized network management**.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9