(ML-001) How to properly manage multiple public or private IPs on the edge router
$8,99
Introduction to VLANs: What are they and why are they important?
- Mauro Escalante
- No comments
- Share this article
Facebook
Twitter
LinkedIn
WhatsApp
Telegram
VLANs, or Virtual Local Area Networks, are an essential tool for efficiently managing network traffic. In this article, we will introduce you to the concept of VLANs, explain their importance, and provide you with practical examples of how they are used in real environments.
What are VLANs
Broadly speaking, a VLAN is a logical subdivision of a physical network. Instead of being limited by physical infrastructure, devices connected to a VLAN can communicate with each other as if they were on the same local network, even if they are in different geographic locations. This provides great flexibility and allows better control of network traffic.
But why are VLANs important? Here are some key reasons:
1. Security
VLANs help improve security by isolating different network segments. For example, a company may have separate VLANs for its finance, human resources, and development departments. This prevents unauthorized users from accessing confidential information from other departments.
2. Network traffic optimization
VLANs allow devices with similar traffic needs to be grouped together, which improves network efficiency by reducing the amount of unnecessary traffic. For example, if a company has IP security cameras and VoIP endpoints on the same physical network, creating a specific VLAN for each type of device can improve the quality of phone calls and reduce latency in video transmission.
3. Scalability
VLANs facilitate network expansion by eliminating the need to add physical switches. If a department needs to add new devices, they can simply be assigned to the existing VLAN, avoiding additional hardware costs.
Practical example of VLANs application.
Suppose a company has two buildings on the same campus. He building A houses the finance department, while the building B houses sales and marketing employees. Without a VLAN, sales and marketing employees would not be able to easily access Building A resources, such as printers or servers, due to physical separation.
Problem solution
By implementing a VLAN, the company can connect the sales and marketing devices in building B to the same logical network as the devices in building A. This allows employees in both buildings to share resources and collaborate more efficiently, thereby despite the physical barrier that separates them.
It is important to mention some key concepts and implementation methods for a better understanding of the topic.
Types of VLANs
There are several types of VLANs based on how devices are assigned to them. Some of the most common types are:
1. Port-based VLAN
In this approach, devices are assigned to specific VLANs based on the switch port to which they are connected. Each switch port is configured to belong to a particular VLAN. This is the most common type of VLAN implementation.
2. VLAN based on MAC address
Here, devices are assigned to VLANs based on their MAC address. The network administrator sets up a table of MAC addresses and assigns each to a specific VLAN. This approach is more flexible but also more difficult to manage.
3. Protocol-based VLAN
Devices are assigned to VLANs based on the network protocol they use, such as IP, IPX, or AppleTalk. This setting is useful for separating network traffic based on protocol type.
VLAN Trunking and Tagging
When VLANs are used in a network, it is often necessary for switches to share VLAN information with each other. This is achieved through the use of trunking and VLAN tagging.
Trunking
A trunk is a network connection between two switches that allows traffic from multiple VLANs to pass. Trunking is necessary when you want devices in different VLANs to communicate with each other across multiple switches.
VLAN tagging
To maintain VLAN information as traffic traverses trunk links, a process called VLAN tagging is used. The most common standard for VLAN tagging is 802.1Q.
This standard adds VLAN information in the form of tags to data packets, allowing switches to identify which VLAN each packet belongs to and route it appropriately.
Example 1: Port-based VLAN configuration on a MikroTik switch
Let's imagine a network with a switch MikroTik CRS326-24G-2S+RM and three different departments: Sales, Marketing and Finance. To keep the traffic of these departments separate, port-based VLANs will be implemented. For this example, ports 1-8 will be assigned for Sales, 9-16 for Marketing, and 17-24 for Finance.
Steps to follow:
- Access the RouterOS of the MikroTik switch through Winbox or the web interface.
- Go to “Interfaces” and create three new VLANs: “VLAN-Sales” with ID 10, “VLAN-Marketing” with ID 20 and “VLAN-Finance” with ID 30.
- Go to “Switch” and then to the “VLAN” tab. Add three new entries with the VLANs created in the previous step and assign the corresponding “Switch”.
- Next, go to the “Port VLAN Configuration” tab and configure ports 1-8 with VLAN 10, ports 9-16 with VLAN 20, and ports 17-24 with VLAN 30.
- Apply the changes and save the settings.
With this configuration, traffic from the three departments will be kept separate and each group will only be able to communicate with devices within its own VLAN.
Configuration in RouterOS
# Crear VLANs
/interface vlan add name=VLAN-Ventas vlan-id=10 interface=ether1
/interface vlan add name=VLAN-Marketing vlan-id=20 interface=ether1
/interface vlan add name=VLAN-Finanzas vlan-id=30 interface=ether1
# Configurar VLANs en el switch
/interface ethernet switch vlan add switch=switch1 vlan-id=10 ports=ether1,ether2-ether8
/interface ethernet switch vlan add switch=switch1 vlan-id=20 ports=ether1,ether9-ether16
/interface ethernet switch vlan add switch=switch1 vlan-id=30 ports=ether1,ether17-ether24
Example 2: Implementing 802.1Q trunking and tagging between two MikroTik routers
Suppose you have two MikroTik routers, Router1 and Router2, connected through a trunk link and you want the VLANs created in Example 1 to be able to communicate with each other through these routers.
Steps to follow:
- Access the RouterOS of Router1 and create the three VLANs (VLAN-Sales, VLAN-Marketing and VLAN-Finance) with the same IDs as in Example 1.
- Go to “Interfaces” and select the physical interface that will be used as a trunk (for example, ether1). Click the “VLAN” button and create three new VLANs using the selected trunk interface, assigning the corresponding VLAN IDs.
- Repeat steps 1 and 2 on Router2, using the physical interface that will be used as a trunk on this router.
- Configure routes and firewall rules on both routers to allow traffic between VLANs over the trunk link.
- Apply the changes and save the configuration on both routers.
With this configuration, the VLANs will be able to communicate through the MikroTik routers using 802.1Q trunking and tagging.
Configuration in RouterOS
Configuration on Router 1
# Crear VLANs
/interface vlan add name=VLAN-Ventas vlan-id=10 interface=ether1
/interface vlan add name=VLAN-Marketing vlan-id=20 interface=ether1
/interface vlan add name=VLAN-Finanzas vlan-id=30 interface=ether1
# Configurar enlace troncal
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=VLAN-Ventas
/interface bridge port add bridge=bridge1 interface=VLAN-Marketing
/interface bridge port add bridge=bridge1 interface=VLAN-Finanzas
Configuration on Router 2
# Crear VLANs
/interface vlan add name=VLAN-Ventas vlan-id=10 interface=ether1
/interface vlan add name=VLAN-Marketing vlan-id=20 interface=ether1
/interface vlan add name=VLAN-Finanzas vlan-id=30 interface=ether1
# Configurar enlace troncal
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=VLAN-Ventas
/interface bridge port add bridge=bridge1 interface=VLAN-Marketing
/interface bridge port add bridge=bridge1 interface=VLAN-Finanzas
These configuration codes can be pasted directly into the RouterOS CLI on the corresponding MikroTik devices. Don't forget to adjust the interface names and VLAN IDs based on your specific network configuration.
In conclusion
VLANs are a powerful and versatile tool in network administration. Through different types of VLAN assignments and the implementation of trunking and tagging, companies can optimize their network traffic, improve security and facilitate the scalability of their systems.
With this information, you will be better prepared to explore and understand how VLANs work in complex network environments and how they can benefit your organization.
Related Posts
Related Posts
Microlabs
Other topics that may interest you
Ways to Assign IPv6 Addressing (Part 2)
March 25th, 2024
WireGuard on MikroTik RouterOS: A Secure and Efficient VPN Solution
March 13th, 2024
Ways to Assign IPv6 Addressing (Part 1)
March 11th, 2024
Do you want to suggest a topic?
Every week we post new content. Do you want us to talk about something specific?
Upcoming online courses
MTCINE OnLine
$187,00
MTCNA Online
$187,00
MTCRE Online
$187,00
Pack 4 MikroTik RouterOS books
$68,47
