VLANs

The networks we have contemplated so far have been relatively simple networks with two interfaces (WAN and LAN). As our networks get larger, we have two primary concerns. The first is the increase in broadcast traffic (packets received by every node on the network). The second is the need to segregate network traffic based on management and/or security concerns.

One way of solving these issues is to divide our networks into different segments. For example, in a corporate network we may have different subnets for the engineering department, the sales department, and so on. The problem with this approach is that it does not scale well in the traditional networking paradigm. Each subnet requires a separate physical interface, and there is a limit to how many physical interfaces we can place in a single router. 

A better solution is to decouple the physical organization of our network from the logical organization of it. Virtual LANs accomplish this objective. By attaching a special header to an Ethernet frame (known as an 802.1Q tag, named after the IEEE standard that defines VLANs), we can accomplish two feats we could not otherwise do: single interfaces can now support multiple networks; also, networks can now span multiple interfaces (less common, but possible). 

In addition, VLANs provide some advantages over traditional networks. With VLANs, if a user moves from one location to another, the user's computer's network settings do not have to be reconfigured—the user just needs to connect to a switch port that supports the VLAN of which the user is a member. Conversely, if the user changes their job function, they do not need to move; they only need to join a different VLAN which contains the resources they need to access. Moreover, since broadcast traffic is confined to a single VLAN, it is significantly reduced, cutting down on unnecessary network traffic and improving security, since it is less likely a user can eavesdrop on network traffic not intended for that user.

In this chapter, we will consider some concrete examples of how VLANs can be used to improve network design. We will then cover VLAN configuration within pfSense, and also discuss VLAN switch configuration as well as troubleshooting.

Completing this chapter will enable you to master the following topics:

  • Basic VLAN concepts
  • VLAN configuration at the console
  • VLAN configuration in the web GUI
  • VLAN configuration at the switch
  • Troubleshooting VLANs
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset