Kamis, 26 Mei 2011

VLAN is a network model that is not limited to physical locations


VLAN is a network model that is not limited to physical locations

such as LAN, this resulted in a network can be configured

virtually without having to obey the physical location of equipment. The use of VLANs will

make arrangements to be highly flexible network which can be made

segments that depend on the organization or department, without relying on

location of the workstation as shown below
Image Network VLAN
[Switch] - [1] - [3] - [2]
|
[X] - [switch] - [3] - [1] - [1]
|
[Switch] - [2] - [3] - [1]

[X] = router [1] = pc including lan 1; [2] = lan 2; [3] = lan 3

HOW TO WORK VLAN

VLANs are classified based on the method (type) used for

classify, either use ports, MAC addresses etc.. All

information containing the marking / addressing a vlan (tagging)

stored in a database (table), if the marking on the basis

port is used then the database should indicate the ports

used by VLANs. To set the commonly used

switch / bridge is manageable or that can be set. Switch / Bridge

this is responsible for storing all the information and configuration

a VLAN and certainly all the switches / bridge has the same information.

Switch to determine where the data will be forwarded, and so forth.

or can be used in a software addressing (bridging software)

which serves to note or mark of a VLAN and workstations

didalamnya.untuk connecting inter-VLAN router required.
VLAN TYPE TYPE
Membership in a VLAN can be classified based on the port

that is in use, the MAC address, protocol type.
1. Based on the Port
Membership in a VLAN based on the port that is in use by

These VLANs. For example, the bridge / switch with 4 ports, ports 1, 2,

and 4 is the third port VLAN 1 is owned by the VLAN 2, see table:
Table port and VLAN
Port 1 2 3 4
VLAN 2 2 1 2

The downside is that users are not able to move move, if necessary

move the network administrator must configure again.
2. Based on MAC Address
Membership of a VLAN based on MAC address of each workstation

/ Computer owned by the user. Switch to detect / record of all MAC

addresses owned by each Virtual LAN. MAC address is a

part owned by the NIC (Network Interface Card) on each workstation.

The surplus, if a user moves to move then he will remain configured

as a member of VLAN tersebut.Sedangkan shortcomings that each machine

must be configured manually, and to a network that has

hundreds of workstations then this type of less efissien to be done.
MAC address and VLAN Table
MAC address 132516617738 272389579355 536666337777 24444125556
VLAN 1 2 2 1

3. Based on the type of protocol used

VLAN Membership can also be based on the protocol used, see table
Table Protocol and VLANs
Protocol IP IPX
VLAN 1 2

4. Based on IP Subnet Address

Subnet IP address on a network can also be used to classify

a VLAN
Table IP subnet and VLAN

IP subnet 22.3.24 46.20.45

VLAN 1 2

This configuration is not related to routing in the network and also not

router.IP funggsi disputed address is used to map membership

VLAN.Keuntungannya a user does not need to re-configure the address

on the network when on the move, it's just because of working in layers over

high it will be slightly slower to forward packets in the appeal

using MAC addresses.
5. Based on applications or other combinations

It is possible to specify a VLAN based on the application

executed, or a combination of all types above to be implemented on a

network. For example: application FTP (file transfer protocol) used bias only

by VLAN 1 and Telnet can only be used on VLAN 2.
BASIC DIFFERENCES BETWEEN LAN and VLAN
The difference is very clear from the network model with a Local Area Network

Virtual Local Area Network is that form networks with local models

Area network is very dependent on location / physical from the workstation, and

the use of hubs and repeaters as a network device that has some

weakness. While that was one of the advantages of the network model

with VLANs is that each workstation / user that joined in

one VLAN / parts (organizations, groups, etc.) can stay in touch

although physically separate. Or more clearly we will be able to

see differences in LAN and VLAN on the picture below.
Fig LAN configuration

[Hub] - [1] - [1] - [1] <- lan 1/di 1st floor
|
[X] - [hub] - [2] - [2] - [2] <- lan 2/di 2nd floor
|
[Hub] - [3] - [3] - [3] <- lan 3/di 3rd floor

Figure VLAN configuration

[Switch] - [1] - [3] - [2]
|
[X] - [switch] - [3] - [1] - [1]
|
[Switch] - [2] - [3] - [1]

[X] = router [1] = pc including lan 1; [2] = lan 2; [3] = lan 3

It seems clear VLAN has changed the physical limitations that have been unable to

addressed by the LAN. These advantages are expected to provide

easiness both technically and operationally.

COMPARISON AND LAN VLAN
A. Comparison of Security Levels
The use of LAN has enabled all computers connected in a network

can exchange data or other related words. This cooperation is increasingly

grown from just the exchange of data through the use of shared equipment

(Also called resource sharing or hardware-sharing) .10 LAN enables data

scattered broadcast throughout the network, this will lead to easy

User unknown (unauthorized users) to be able to access all

part of the broadcast. The greater the broadcast, the greater access

obtained, unless the hub is used given the security control functions.
VLAN that is the result of the switch configuration causes each switch port

applied belongs to a VLAN. Therefore be in one segment,

ports in the shelter under a VLAN can communicate with each other directly.

While the ports are outside VLAN or are in

auspices of another VLAN, can not communicate with each other directly because the VLAN is not

forward the broadcast.
VLAN that has the ability to provide additional benefits in

it does not provide a sharing of network security / use of media / data

within an overall network. Switch on the network created

boundaries that can only be used by the computer included in

These VLANs. This resulted in an administrator can easily

user segment, especially in the use of media / data

confidential information (sensitive information) to all network users

physically incorporated.
Security provided by VLANs although better than the LAN, not to guarantee

overall network security and are also not considered sufficient

to overcome all security problems. VLANs are still in great need

various additional to improve the security of the network itself as

firewalls, user access restrictions perindividu, intrusion detection,

controlling the number and size of broadcast domains, network encryption, etc..
Support better security level of this LAN can

used as an added value from the use of VLANs as a network system.

One of the advantages provided by the use of VLANs is the control

administration is centralized, meaning that the application of the management VLAN

configured, managed and monitored centrally, a broadcast control

network, migration plans, additions, changes and access arrangements

specifically into the network and get the media / data that has a function

important in planning and administration within the group all

can be done centrally. With the management control

centrally then the network administrator also can group

VLAN groups based on specific users and ports of the switch

used, set the security level, pick up and spread data

through existing channels, to set up communication through the switch,

and monitor data traffic and bandwidth usage of the current VLAN

through-prone places in the network.

B. Comparison of Efficiency Level
To be able to compare the levels of efficiency it is necessary in

know the advantages provided by the VLAN itself include:
• Improve Network Performance

LANs that use hubs and repeaters to connect the equipment

another computer with a working one physical layer has

weakness, this equipment just to continue the signal without having

knowledge about the destination addresses. This equipment also

has only one collision domain so that if one port

busy then the other ports have to wait. Although the equipment

connected to different ports of the hub.
Ethernet or IEEE 802.3 protocol (commonly used on the LAN) using

mechanism called Carrier Sense Multiple Accsess Collision Detection

(CSMA / CD) is a way in which devices check the network first

first whether there is transmission of data by other parties. If no

transmission of data by other parties that are detected, new data transmission performed.

When there are two data that is sent at the same time,

then there was a collision (collision) data on the network. Therefore

ethernet network is used only for half duplex transmission, ie at

one time can only send or receive only.
Different from the hub which is used in ethernet network (LAN), switches

working on datalink layer has the advantage that each port

within the switch has its own collision domain. Because of

it is therefore often referred to as multiport switch bridge. Switch

have a central translation table that has a list of interpreters to

all ports. Switch to create a safe path from the sender port and

receiver port so that if two hosts are communicating via the

such, they do not interfere with other segments. So if one port

busy, other ports can still function.
Switch allows full-duplex transmission to link to a port where

sending and receiving can be done simultaneously with the use of

point above. Requirements to be able to conduct relations

full-duplex is only one computer or server that can be connected

into one port of the switch. Computers must have a network card

capable of holding full-duflex relations, and collision detection

and loopback must be disabled.
Switch also enables segmentation on the network or

in other words that form the switch was VLAN.Dengan the segmentation

which limits the broadcast channels will result in a VLAN can not

receive and transmit channels broadcast to other VLANs. This is

will significantly reduce the use of broadcast channels as a whole,

reduce bandwidth usage for users, reducing the likelihood

Storms of broadcast (broadcast storms) which can cause

total traffic on computer networks.

The network administrator can easily control the size of the path

broadcast by reducing the size of a broadcast in its entirety,

limit the number of switch ports that are used in a VLAN and number

users who are members of a VLAN.
• Regardless of the Physical Topology
If the number of servers and workstations numerous and are on the floor

and different buildings, as well as with the personnel who are also scattered

in many places, it will be more difficult for network administrators

that use LAN systems to manage, due to the many

all necessary equipment to connect it. Not to mention if

changes in organizational structure which means it will happen a lot

change the location of personnel due to this.
Problems also arise with network users spread

various places meaning lies not in one specific location

physical. LAN which can be defined as a network or network number

computer system that limited the physical location, for example, in one

building, a complex, and some even specify the LAN based on the distance

very difficult to overcome this problem.
While VLAN that gives freedom to the limits for locations

physically by allowing separate workgroup or a different location

building, or scattered to be able to logically connect to the network

although only one user. If the physical infrastructure has

installed, then this is not a problem to add more ports

for the new VLAN if an organization or department expanded and each

parts moved. This provides convenience in terms of transfer of personnel,

and not too difficult to move the existing pralatan

and configuration from one place to device.For users

located different location then the network administrator only needs to

menkofigurasikannya only in one port is incorporated in a single VLAN

allocated to share so that users can work

in the field without thinking about whether he should be in the same room

with colleagues.
This also reduces the cost to build a

new network in the event of a corporate restructuring,

because the LAN more and more the more displacement occurs

need for re-wiring, almost the entire displacement and

changes require reconfiguring hubs and routers.
VLANs provide an effective mechanism to control these changes

and reduce the many costs for the need to reconfigure

hubs and routers. VLAN users can still share a single network

the same address when he remained connected in one port swith

similar although not in one location. Problems in terms of changes

location can be solved by making the computer user's subscribed

into the port on the VLAN and configure the switch on VLAN

them.
• Develop Network Management
VLAN provides convenience, flexibility, and the least cost

issued to build it. VLANs make large networks more

easy to manage because its management VLAN is able to perform

centralized configuration of existing equipment on site

separate. With the ability to configure VLAN

centrally, it is very beneficial for the development of management

network.
With the advantages provided by the VLAN so it's good for

all LAN users to switch to a VLAN. VLAN that is

development of LAN technology is not too much to do

changes, but have been able to provide various additional services

on network technology.

Tidak ada komentar:

Posting Komentar

.::BY JUMBHO MY AT HOME IN THE JEPARA CITY OF BEAUTIFUL::.