VLANs for the Non-expert
Looking to connect a device across town to your network? Turn to a VLAN.
By Joel Shore

You may never need to set up a virtual LAN, but understanding why they’re critical to hospital network security can help span the chasm between A/V and IT.

You already know that being an expert in the implementation, operation, and management of A/V installations requires specific expertise that’s sorely lacking in many an IT department. Similarly, many A/V departments don’t have a deep understanding of the complexities of today’s corporate or institutional networks. We’re here to help, and that means it’s time for a little network education. Today’s topic: Virtual Local Area Networks, better known as VLANs.

  • Book: The Complete Guide to LAN Switching Technology by James Edwards and Rich Seifert 816 pages, 2011, published by Wiley; ISBN-10: 0470287152
  • Book: Network Warrior by Gary A. Donahue 788 pages, 2011, published by O’Reilly; ISBN-10: 1449387861

The challenge of writing about VLANs is that it’s really easy to get bogged down in a primordial soup of minutiae and technical details really quickly. We’ll do our best to keep this as painless and non-technical as possible.

Tom Henderson, owner of Extreme Labs in Bloomington, Ind., has been doing networking for nearly 30 years. We asked him to briefly explain VLANs, and to do it in simple language that anyone can understand.

“VLANs allow machines that aren’t connected to the same local network equipment to be logically treated as though they were,” Henderson says. It’s really that simple — and vastly more complicated.

Put another way, computers that are located across town or halfway around the world can look like they’re physically plugged into your corporation’s or institution’s network even though they’re actually communicating over the Internet. It’s like having an Ethernet extension cord that’s 5,000 miles long. Or, the computers in one department can be separated from the remainder of the network to enhance security.

Cisco’s LAN Switching website describes a VLAN as “a group of devices on one or more LANs that are configured, using management software, so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments.” Since these VLANs are based on logical instead of physical connections, they are extremely flexible. Think of a VLAN as a means of geographical segmentation.

When a VLAN is created in software, it provides network administrators with a means to manage individual connected machines as an aggregate entity regardless of their actual location. With a physical switched network, reconfiguration when employees or departments move would require chasing down specific Ethernet cables. A VLAN, since it exists only in software, can be easily and quickly reconfigured. As a Dell’s technical documentation for its PowerConnect switches puts it, “VLANs allow you to make network changes without having to update IP addresses or IP subnets.”

A corporate headquarters could set up VLANs for branch offices or put the payroll department on a VLAN to keep it separate. Similarly, a hospital could segregate its administrative and billing departments from clinical networking or pharmacy operations, even though they are all in the same building. A house of worship could communicate with its outreach locations worldwide via a VLAN and have them appear to be all physically linked. A hotel chain could manage the

Posted by ToddB  on  06/25  at  04:11 PM
I'm a networking engineer who uses VLANs all the time, and that's a pretty confusing description of VLAN's. While yes, they do a great job with isolation and separation of logical networks, they don't really bring together remote locations... for that, you need something like MPLS, VPN, EoIP, or some other technology to connect remote locations. VLAN's let you combine multiple logical networks over a single physical network - it keeps the networks separate from communicating with each other. It can be used to let multiple separate networks connect over a single link (RF Wireless, Fiber Optics, Cabled Ethernet, etc); then be separated back out to separate networks as needed. Using the same methods, larger networks can be broken into smaller segments for security, management, etc.
Posted by Daniel  on  06/25  at  05:12 PM
I agree with ToddB. First thing when I read this article was to review what means a VLAN. And VLAN means just separated virtual LAN's over same network gear.
Commenting is not available in this channel entry.

Mezzanine is a video conferencing solution for meeting rooms and collaboration spaces that links locations, teams, and content in a shared visual workspace.