What Is a Virtual LAN (VLAN)?

What are VLANs helpful with?

What are VLANs helpful with?

PM Images / Getty Images

A virtual LAN (local area network) is a logical subnetwork that groups a collection of devices from different physical LANs. Large business computer networks often set up VLANs to re-partition a network for improved traffic management. Several kinds of physical networks support virtual LANs, including Ethernet and Wi-Fi.

What Are VLANs Helpful With?

When set up correctly, virtual LANs improve the performance of busy networks. VLANs group together client devices that communicate with each other frequently. The traffic between devices split across two or more physical networks is usually handled by a network's core routers. With a VLAN, that traffic is handled more efficiently by network switches.

VLANs also bring security benefits to larger networks by allowing greater control over which devices have local access to each other. Wi-Fi guest networks are often implemented using wireless access points that support VLANs.

Static and Dynamic VLANs

Network administrators often refer to static VLANs as port-based VLANs. In a static VLAN, an administrator assigns individual ports on the network switch to a virtual network. No matter what device plugs into that port, it becomes a member of that pre-assigned virtual network.

In dynamic VLAN configuration, an administrator defines network membership according to characteristics of the devices rather than the switch port location. For example, a dynamic VLAN can be defined with a list of physical addresses (MAC addresses) or network account names.

VLAN Tagging and Standard VLANs

VLAN tags for Ethernet networks follow the IEEE 802.1Q industry standard. An 802.1Q tag consists of 32 bits (4 bytes) of data inserted into the Ethernet frame header. The first 16 bits of this field contain the hardcoded number 0x8100 that triggers Ethernet devices to recognize the frame as belonging to an 802.1Q VLAN. The last 12 bits of this field contain the VLAN number, a number between 1 and 4094.

Best practices of VLAN administration define several standard types of virtual networks:

  • Native LAN: Ethernet VLAN devices treat all untagged frames as belonging to the native LAN by default. The native LAN is VLAN 1, although administrators can change this default number.
  • Management VLAN: Supports remote connections from network administrators. Some networks use VLAN 1 as the management VLAN, while others set up a special number for this purpose (to avoid conflicting with other network traffic).

Setting up a VLAN

At a high level, network administrators set up new VLANs as follows:

  1. Choose a valid VLAN number.

  2. Choose a private IP address range for devices on that VLAN to use.

  3. Configure the switch device with either static or dynamic settings. In static configurations, the administrator assigns a VLAN number to each switch port. In dynamic configurations, the administrator assigns a list of MAC addresses or usernames to a VLAN number.

  4. Configure routing between VLANs as needed. Configuring two or more VLANs to communicate with each other requires the use of either a VLAN-aware router or a Layer 3 switch.

The administrative tools and interfaces used vary depending on the equipment involved.