Commit 148ec1
2025-03-07 22:37:20 R. Bishop: Initial Commit| /dev/null .. networking/vlans.md | |
| @@ 0,0 1,116 @@ | |
| + | # Understanding VLANs (Virtual Local Area Networks) |
| + | |
| + | ## What is a VLAN? |
| + | |
| + | A **VLAN (Virtual Local Area Network)** is a **logical network segmentation technique** that allows devices on different physical networks to communicate as if they were on the same LAN. VLANs improve **network efficiency, security, and scalability** by **isolating traffic** without requiring separate physical infrastructure. |
| + | |
| + | --- |
| + | |
| + | ## Why Use VLANs? |
| + | |
| + | ### **1. Improved Network Performance** |
| + | - Reduces **network congestion** by limiting broadcast domains. |
| + | - Enhances **data flow efficiency** in large networks. |
| + | |
| + | ### **2. Increased Security** |
| + | - Isolates sensitive data from unauthorized users. |
| + | - Prevents **broadcast storms and unauthorized access**. |
| + | |
| + | ### **3. Better Network Management & Scalability** |
| + | - Allows network administrators to **logically group devices**. |
| + | - Simplifies **adding or moving devices** without rewiring. |
| + | |
| + | ### **4. Enhanced Traffic Control** |
| + | - Enables **Quality of Service (QoS)** for prioritizing data traffic. |
| + | - Ensures **critical applications get priority bandwidth**. |
| + | |
| + | --- |
| + | |
| + | ## How VLANs Work |
| + | |
| + | VLANs function by tagging network traffic with an **identifier (VLAN ID)** to separate it from other traffic on the same physical switch. |
| + | |
| + | ### **1. VLAN Tagging (IEEE 802.1Q)** |
| + | - Adds a **4-byte VLAN header** to Ethernet frames. |
| + | - Helps switches identify **which VLAN traffic belongs to**. |
| + | |
| + | ### **2. VLAN Types** |
| + | | **VLAN Type** | **Function** | **Use Case** | |
| + | |--------------|------------|-------------| |
| + | | **Default VLAN** | All switch ports belong to this VLAN by default | General network traffic | |
| + | | **Data VLAN** | Segregates **user traffic** from management data | Corporate networks | |
| + | | **Voice VLAN** | Prioritizes **VoIP traffic** to reduce latency | IP Telephony | |
| + | | **Management VLAN** | Isolates **network control traffic** | Network administration | |
| + | | **Guest VLAN** | Provides internet-only access for **visitors** | Hotels, public Wi-Fi | |
| + | | **Native VLAN** | Unused VLAN assigned to untagged traffic | Interoperability between VLAN-capable devices | |
| + | |
| + | --- |
| + | |
| + | ## VLAN Configuration & Implementation |
| + | |
| + | ### **1. Port-Based VLANs** |
| + | - Assigns specific switch **ports to a VLAN**. |
| + | - Devices connected to the same VLAN **can communicate**. |
| + | - Common in **small business and enterprise networks**. |
| + | |
| + | ### **2. Tagged vs. Untagged VLANs** |
| + | | **VLAN Type** | **Tagging Method** | **Purpose** | |
| + | |--------------|----------------|-------------| |
| + | | **Tagged VLAN** | Uses **802.1Q tagging** to carry multiple VLANs on a trunk port | Used between switches | |
| + | | **Untagged VLAN** | Traffic is not tagged and belongs to a **single VLAN** | End-user devices | |
| + | |
| + | ### **3. Trunking & VLAN Propagation** |
| + | - **Trunk ports** allow multiple VLANs to pass between switches. |
| + | - Uses **VLAN tagging (802.1Q)** to differentiate traffic. |
| + | |
| + | ### **4. VLAN Routing (Inter-VLAN Communication)** |
| + | - **Layer 3 devices (routers or Layer 3 switches)** route traffic between VLANs. |
| + | - Requires **SVI (Switched Virtual Interface) configuration**. |
| + | |
| + | --- |
| + | |
| + | ## VLANs vs. Traditional LANs |
| + | |
| + | | **Feature** | **VLAN** | **Traditional LAN** | |
| + | |------------|------------|----------------| |
| + | | **Network Isolation** | Logical separation | Physical separation | |
| + | | **Scalability** | Highly scalable | Requires more cabling | |
| + | | **Security** | Stronger isolation | Less secure | |
| + | | **Traffic Control** | Supports QoS & bandwidth management | Limited control | |
| + | | **Flexibility** | Can be reconfigured via software | Requires hardware changes | |
| + | |
| + | --- |
| + | |
| + | ## VLAN Security Best Practices |
| + | |
| + | ### **1. Use VLANs for Network Segmentation** |
| + | - Separate **user, voice, and management traffic**. |
| + | - Prevents unauthorized access to **critical systems**. |
| + | |
| + | ### **2. Secure VLAN Trunks** |
| + | - Restrict **trunking to necessary ports only**. |
| + | - Use **Native VLAN pruning** to block unused VLAN traffic. |
| + | |
| + | ### **3. Enable VLAN Access Control** |
| + | - Use **MAC address filtering** and **802.1X authentication**. |
| + | - Implement **Access Control Lists (ACLs)** for additional security. |
| + | |
| + | ### **4. Prevent VLAN Hopping Attacks** |
| + | - Disable **Dynamic Trunking Protocol (DTP)**. |
| + | - Use **private VLANs (PVLANs) for sensitive devices**. |
| + | |
| + | --- |
| + | |
| + | ## VLANs in the Fire & Security Industry |
| + | |
| + | VLANs are widely used in **fire safety, security monitoring, and building automation**, enabling: |
| + | |
| + | - **Isolated CCTV traffic** for secure video surveillance. |
| + | - **Segregated access control systems** to prevent cyber threats. |
| + | - **Dedicated VLANs for fire alarms and emergency communication**. |
| + | - **QoS-enabled voice VLANs for critical communication systems**. |
| + | |
| + | --- |
| + | |
| + | ## Conclusion |
| + | VLANs provide a **cost-effective and scalable solution** for **network segmentation, security, and traffic optimization**. They are essential in **corporate networks, security infrastructure, and data centres**, ensuring **efficient, secure, and organized network management**. |