(ML-001) How to properly manage multiple public or private IPs on the edge router
$8,99
Types of VLANs: Based on ports, MAC addresses and protocols
- Mauro Escalante
- A comment
- Share this article
Facebook
Twitter
LinkedIn
WhatsApp
Telegram
There are different types of VLANs that are classified according to their assignment method: based on ports, MAC addresses and protocols. In this article, we will explore each of these types, highlighting their characteristics and providing practical examples.
Port-based VLANs
Port-based VLANs are one of the most common ways to implement virtual local area networks (VLANs) in a network. This approach uses the physical ports of a switch to assign and segment devices into different VLANs.
In a port-based VLAN, network administrators assign a specific port on a switch to a particular VLAN. Each switch port can belong to a single VLAN, and all devices connected to that port automatically become members of the assigned VLAN.
For devices on different VLANs to communicate with each other, a Layer 3 router or switch that has inter-VLAN routing capability is required.
E.g., in a company with multiple departments, such as sales, marketing, and human resources, a network administrator can assign ports 1-10 to the sales VLAN, ports 11-20 to the marketing VLAN, and ports 21-30 to the HR VLAN. This way, each department has its own separate, secure virtual network.
Advantages of port-based VLANs
Ease of implementation
Port-based VLANs are easy to configure and manage, as they only require assigning ports to specific VLANs on the switches. This simplifies network administration and reduces the possibility of configuration errors.
Enhanced Security
Segmenting the network into different port-based VLANs limits traffic between groups of devices, which can improve security by preventing the spread of threats throughout the network.
Broadcast traffic reduction
Port-based VLANs limit broadcast traffic to the specific VLAN, thereby reducing congestion and improving network performance.
Improved network management
By organizing devices into logical groups, port-based VLANs make it easier to monitor, diagnose, and troubleshoot your network.
Disadvantages of port-based VLANs
Lack of flexibility
Port-based VLANs require devices to be connected to specific switch ports to belong to a given VLAN. This can be restrictive in environments where devices are moved frequently or where a constant change in VLAN assignments is necessary.
Limited scalability
As the network grows, managing port-based VLANs can become more difficult, especially if frequent changes to port mapping and VLAN configuration are required.
Dependence on physical location
Devices must be connected to specific ports on switches to belong to a given VLAN, which can create physical location issues and limit the mobility of devices on the network.
Greater administrative burden
Although the initial configuration of port-based VLANs is relatively simple, maintaining and updating port mapping can require greater administrative burden, especially in larger networks with multiple switches and VLANs.
Possible performance issues
In cases where port-based VLANs are not properly configured or managed, network performance may suffer, especially if there is excessive broadcast traffic or collisions within a VLAN.
VLANs based on MAC addresses
In a MAC address-based VLAN, devices are assigned to VLANs based on their unique MAC address, which is an ID assigned by the manufacturer to each network card. Switches that support this type of VLANs maintain a table of MAC addresses and their corresponding VLAN assignments.
When a device connects to any switch port, the switch checks the device's MAC address in the table and assigns it to the corresponding VLAN. If a device moves within the network and connects to another switch port, the VLAN assignment is maintained based on the MAC address, without the need to reconfigure the ports.
For example, if a marketing employee brings his or her laptop to a meeting room on the sales floor, MAC address-based VLAN would allow the device to remain part of the marketing VLAN regardless of which port it is connected to.
Advantages of VLANs based on MAC addresses
Flexibility and mobility
VLANs based on MAC addresses allow devices to move freely within the network without requiring changes to the switch port configuration, facilitating network management in dynamic environments.
Enhanced Security
Like port-based VLANs, MAC address-based VLANs provide effective network segmentation, which improves security and limits the spread of threats.
Dynamic configuration
Switches that support VLANs based on MAC addresses can be configured to automatically assign devices to VLANs based on predefined criteria, simplifying network management.
Disadvantages of VLANs based on MAC addresses
Administration complexity
Managing MAC address-based VLANs can be more complex than port-based VLANs, as it is necessary to maintain and update a table of MAC addresses and their corresponding VLAN assignments.
Performance
The process of assigning VLANs based on MAC addresses can increase the processing load on switches, which could affect network performance under heavy traffic.
Scalability
As the network grows and more devices are added, managing MAC addresses and VLAN assignments can become more difficult and consume more switch resources.
Protocol-based VLANs
Protocol-based VLANs are a form of network segmentation that assigns devices to specific VLANs based on the Layer 3 protocol they use, such as IP, IPX, or AppleTalk.
In a protocol-based VLAN, Layer 3 switches (or routers with switching/switching capabilities) examine incoming traffic and assign it to a specific VLAN based on the Layer 3 protocol used.
These switches can automatically identify and separate traffic from different protocols, allowing logical segmentation of the network based on the applications and services used.
E.g., an organization might have a network that uses the IP protocol for its internal systems and the IPX protocol for a legacy application. When implementing protocol-based VLANs, devices using the IP protocol would be automatically assigned to one VLAN, while devices using the IPX protocol would be assigned to a different VLAN.
Advantages of protocol-based VLANs
Automatic segmentation
Protocol-based VLANs enable automatic network segmentation based on the protocol used, simplifying network management and ensuring logical separation of traffic.
Support for multiple protocols
This type of VLANs is ideal for environments where multiple layer 3 protocols are used, as it allows efficient segmentation and orderly coexistence of different protocols on the same network.
Facilitates migration and transition between protocols
Protocol-based VLANs facilitate migration and transition between protocols by allowing different protocols to coexist on the same network infrastructure without interference.
Disadvantages of protocol-based VLANs
Requires specialized hardware
Implementing protocol-based VLANs requires layer 3 switches or routers with switching capabilities that are capable of inspecting and assigning traffic based on the protocol used. This can increase the costs and complexity of the network infrastructure.
Performance
Protocol-based traffic inspection and assignment can place additional load on network devices, which could impact network performance under heavy traffic.
Less common and more complex
Protocol-based VLANs are less common and can be more difficult to manage and maintain compared to port- or MAC address-based VLANs.
Final conclusions
The three main types of VLANs – based on ports, MAC addresses and protocols – offer different advantages and disadvantages.
- Port-based VLANs are easy to implement and manage, but they lack flexibility.
- VLANs based on MAC addresses provide mobility and adaptability, but can be more difficult to manage.
- Protocol-based VLANs enable efficient segmentation of traffic on multi-protocol networks, but require more advanced Layer 3 switches.
Please note that, in some cases, it may be necessary to combine different types of VLANs to meet specific requirements. For example, you could use port-based VLANs to segment departments and MAC address-based VLANs to manage device mobility within the company. This would allow for greater flexibility without compromising network security and performance.
Additionally, it is essential to monitor and maintain VLANs over time as organizational needs and network technology evolve. Periodically review VLAN assignments and make adjustments as necessary to ensure an efficient and secure network.
Comparative table of VLAN types
| VLAN Type | Key features | Advantages | Disadvantages |
|---|---|---|---|
| Port-based VLANs | Segmentation based on the physical ports of the switch | Easy to deploy and manage Improve security and reduce broadcast traffic | less flexible Depending on physical location Possible performance issues |
| VLANs based on MAC addresses | Segmentation based on device MAC addresses | Flexibility and mobility Enhanced Security Dynamic configuration | Administration complexity Performance Scalability |
| Protocol-based VLANs | Segmentation based on layer 3 protocols (IP, IPX, AppleTalk, etc.) | Automatic segmentation Support for multiple protocols Facilitates migration and transition between protocols | Requires specialized hardware Performance Less common and more complex |
Brief knowledge quiz
What do you think of this article?
Do you dare to evaluate your learned knowledge?
Related Posts
Related Posts
Microlabs
Other topics that may interest you
Ways to Assign IPv6 Addressing (Part 2)
March 25th, 2024
WireGuard on MikroTik RouterOS: A Secure and Efficient VPN Solution
March 13th, 2024
Ways to Assign IPv6 Addressing (Part 1)
March 11th, 2024
Do you want to suggest a topic?
Every week we post new content. Do you want us to talk about something specific?
Upcoming online courses
MTCINE OnLine
$187,00
MTCNA Online
$187,00
MTCRE Online
$187,00
Pack 4 MikroTik RouterOS books
$68,47
1 comment on “Types of VLANs: Based on ports, MAC addresses and protocols”
Excellent documentation and very easy to understand