VLAN is a network model that is not limited to physical locationssuch as
LAN, this resulted in a network can be configured
virtually without having to obey the physical location of equipment. The use of
VLANs will
make arrangements to be highly flexible network which can be made
segments that depend on the organization or department, without relying on
location of the workstation as shown below
Image Network VLAN
[Switch] - [1] - [3] - [2]
|
[X] - [switch] - [3] - [1] - [1]
|
[Switch] - [2] - [3] - [1]
[X] = router [1] = pc including lan 1; [2] = lan 2; [3] = lan 3
HOW TO WORK VLAN
VLANs are classified based on the method (type) used for
classify, either use ports, MAC addresses etc.. All
information containing the marking / addressing a vlan (tagging)
stored in a database (table), if the marking on the basis
port is used then the database should indicate the ports
used by VLANs. To set the commonly used
switch / bridge is manageable or that can be set. Switch / Bridge
this is responsible for storing all the information and configuration
a VLAN and certainly all the switches / bridge has the same information.
Switch to determine where the data will be forwarded, and so forth.
or can be used in a software addressing (bridging software)
which serves to note or mark of a VLAN and workstations
didalamnya.untuk connecting inter-VLAN router required.
VLAN TYPE TYPE
Membership in a VLAN can be classified based on the port
that is in use, the MAC address, protocol type.
1. Based on the Port
Membership in a VLAN based on the port that is in use by
These VLANs. For example, the bridge / switch with 4 ports, ports 1, 2,
and 4 is the third port VLAN 1 is owned by the VLAN 2, see table:
Table port and VLAN
Port 1 2 3 4
VLAN 2 2 1 2
The downside is that users are not able to move move, if necessary
move the network administrator must configure again.
2. Based on MAC Address
Membership of a VLAN based on MAC address of each workstation
/ Computer owned by the user. Switch to detect / record of all MAC
addresses owned by each Virtual LAN. MAC address is a
part owned by the NIC (Network Interface Card) on each workstation.
The surplus, if a user moves to move then he will remain configured
as a member of VLAN tersebut.Sedangkan shortcomings that each machine
must be configured manually, and to a network that has
hundreds of workstations then this type of less efissien to be done.
MAC address and VLAN Table
MAC address 132516617738 272389579355 536666337777 24444125556
VLAN 1 2 2 1
3. Based on the type of protocol used
VLAN Membership can also be based on the protocol used, see table
Table Protocol and VLANs
Protocol IP IPX
VLAN 1 2
4. Based on IP Subnet Address
Subnet IP address on a network can also be used to classify
a VLAN
Table IP subnet and VLAN
IP subnet 22.3.24 46.20.45
VLAN 1 2
This configuration is not related to routing in the network and also not
router.IP funggsi disputed address is used to map membership
VLAN.Keuntungannya a user does not need to re-configure the address
on the network when on the move, it's just because of working in layers over
high it will be slightly slower to forward packets in the appeal
using MAC addresses.
5. Based on applications or other combinations
It is possible to specify a VLAN based on the application
executed, or a combination of all types above to be implemented on a
network. For example: application FTP (file transfer protocol) used bias only
by VLAN 1 and Telnet can only be used on VLAN 2.
BASIC DIFFERENCES BETWEEN LAN and VLAN
The difference is very clear from the network model with a Local Area Network
Virtual Local Area Network is that form networks with local models
Area network is very dependent on location / physical from the workstation, and
the use of hubs and repeaters as a network device that has some
weakness. While that was one of the advantages of the network model
with VLANs is that each workstation / user that joined in
one VLAN / parts (organizations, groups, etc.) can stay in touch
although physically separate. Or more clearly we will be able to
see differences in LAN and VLAN on the picture below.
Fig LAN configuration
[Hub] - [1] - [1] - [1] <- lan 1/di 1st floor
|
[X] - [hub] - [2] - [2] - [2] <- lan 2/di 2nd floor
|
[Hub] - [3] - [3] - [3] <- lan 3/di 3rd floor
Figure VLAN configuration
[Switch] - [1] - [3] - [2]
|
[X] - [switch] - [3] - [1] - [1]
|
[Switch] - [2] - [3] - [1]
[X] = router [1] = pc including lan 1; [2] = lan 2; [3] = lan 3
It seems clear VLAN has changed the physical limitations that have been unable to
addressed by the LAN. These advantages are expected to provide
easiness both technically and operationally.
COMPARISON AND LAN VLAN
A. Comparison of Security Levels
The use of LAN has enabled all computers connected in a network
can exchange data or other related words. This cooperation is increasingly
grown from just the exchange of data through the use of shared equipment
(Also called resource sharing or hardware-sharing) .10 LAN enables data
scattered broadcast throughout the network, this will lead to easy
User unknown (unauthorized users) to be able to access all
part of the broadcast. The greater the broadcast, the greater access
obtained, unless the hub is used given the security control functions.
VLAN that is the result of the switch configuration causes each switch port
applied belongs to a VLAN. Therefore be in one segment,
ports in the shelter under a VLAN can communicate with each other directly.
While the ports are outside VLAN or are in
auspices of another VLAN, can not communicate with each other directly because the VLAN is not
forward the broadcast.
VLAN that has the ability to provide additional benefits in
it does not provide a sharing of network security / use of media / data
within an overall network. Switch on the network created
boundaries that can only be used by the computer included in
These VLANs. This resulted in an administrator can easily
user segment, especially in the use of media / data
confidential information (sensitive information) to all network users
physically incorporated.
Security provided by VLANs although better than the LAN, not to guarantee
overall network security and are also not considered sufficient
to overcome all security problems. VLANs are still in great need
various additional to improve the security of the network itself as
firewalls, user access restrictions perindividu, intrusion detection,
controlling the number and size of broadcast domains, network encryption, etc..
Support better security level of this LAN can
used as an added value from the use of VLANs as a network system.
One of the advantages provided by the use of VLANs is the control
administration is centralized, meaning that the application of the management VLAN
configured, managed and monitored centrally, a broadcast control
network, migration plans, additions, changes and access arrangements
specifically into the network and get the media / data that has a function
important in planning and administration within the group all
can be done centrally. With the management control
centrally then the network administrator also can group
VLAN groups based on specific users and ports of the switch
used, set the security level, pick up and spread data
through existing channels, to set up communication through the switch,
and monitor data traffic and bandwidth usage of the current VLAN
through-prone places in the network.
B. Comparison of Efficiency Level
To be able to compare the levels of efficiency it is necessary in
know the advantages provided by the VLAN itself include:
• Improve Network Performance
LANs that use hubs and repeaters to connect the equipment
another computer with a working one physical layer has
weakness, this equipment just to continue the signal without having
knowledge about the destination addresses. This equipment also
has only one collision domain so that if one port
busy then the other ports have to wait. Although the equipment
connected to different ports of the hub.
Ethernet or IEEE 802.3 protocol (commonly used on the LAN) using
mechanism called Carrier Sense Multiple Accsess Collision Detection
(CSMA / CD) is a way in which devices check the network first
first whether there is transmission of data by other parties. If no
transmission of data by other parties that are detected, new data transmission performed.
When there are two data that is sent at the same time,
then there was a collision (collision) data on the network. Therefore
ethernet network is used only for half duplex transmission, ie at
one time can only send or receive only.
Different from the hub which is used in ethernet network (LAN), switches
working on datalink layer has the advantage that each port
within the switch has its own collision domain. Because of
it is therefore often referred to as multiport switch bridge. Switch
have a central translation table that has a list of interpreters to
all ports. Switch to create a safe path from the sender port and
receiver port so that if two hosts are communicating via the
such, they do not interfere with other segments. So if one port
busy, other ports can still function.
Switch allows full-duplex transmission to link to a port where
sending and receiving can be done simultaneously with the use of
point above. Requirements to be able to conduct relations
full-duplex is only one computer or server that can be connected
into one port of the switch. Computers must have a network card
capable of holding full-duflex relations, and collision detection
and loopback must be disabled.
Switch also enables segmentation on the network or
in other words that form the switch was VLAN.Dengan the segmentation
which limits the broadcast channels will result in a VLAN can not
receive and transmit channels broadcast to other VLANs. This is
will significantly reduce the use of broadcast channels as a whole,
reduce bandwidth usage for users, reducing the likelihood
Storms of broadcast (broadcast storms) which can cause
total traffic on computer networks.
The network administrator can easily control the size of the path
broadcast by reducing the size of a broadcast in its entirety,
limit the number of switch ports that are used in a VLAN and number
users who are members of a VLAN.
• Regardless of the Physical Topology
If the number of servers and workstations numerous and are on the floor
and different buildings, as well as with the personnel who are also scattered
in many places, it will be more difficult for network administrators
that use LAN systems to manage, due to the many
all necessary equipment to connect it. Not to mention if
changes in organizational structure which means it will happen a lot
change the location of personnel due to this.
Problems also arise with network users spread
various places meaning lies not in one specific location
physical. LAN which can be defined as a network or network number
computer system that limited the physical location, for example, in one
building, a complex, and some even specify the LAN based on the distance
very difficult to overcome this problem.
While VLAN that gives freedom to the limits for locations
physically by allowing separate workgroup or a different location
building, or scattered to be able to logically connect to the network
although only one user. If the physical infrastructure has
installed, then this is not a problem to add more ports
for the new VLAN if an organization or department expanded and each
parts moved. This provides convenience in terms of transfer of personnel,
and not too difficult to move the existing pralatan
and configuration from one place to device.For users
located different location then the network administrator only needs to
menkofigurasikannya only in one port is incorporated in a single VLAN
allocated to share so that users can work
in the field without thinking about whether he should be in the same room
with colleagues.
This also reduces the cost to build a
new network in the event of a corporate restructuring,
because the LAN more and more the more displacement occurs
need for re-wiring, almost the entire displacement and
changes require reconfiguring hubs and routers.
VLANs provide an effective mechanism to control these changes
and reduce the many costs for the need to reconfigure
hubs and routers. VLAN users can still share a single network
the same address when he remained connected in one port swith
similar although not in one location. Problems in terms of changes
location can be solved by making the computer user's subscribed
into the port on the VLAN and configure the switch on VLAN
them.
• Develop Network Management
VLAN provides convenience, flexibility, and the least cost
issued to build it. VLANs make large networks more
easy to manage because its management VLAN is able to perform
centralized configuration of existing equipment on site
separate. With the ability to configure VLAN
centrally, it is very beneficial for the development of management
network.
With the advantages provided by the VLAN so it's good for
all LAN users to switch to a VLAN. VLAN that is
development of LAN technology is not too much to do
changes, but have been able to provide various additional services
on network technology.