Jan 29 2013
Networking

5 Tips for Running Trouble-Free VLANs

Beneath the virtualization lies real hardware. Here’s advice to keep it functioning smoothly.
by

Rick Cook learned programming on a computer with magnetic drum memory. Since then he's written thousands of articles on all aspects of computers and high technology — as well as several fantasy novels full of bad computer jokes.

The good news when it comes to virtual LANs is that they ease security considerably and make networks more convenient, for users and administrators alike. The bad news? VLANs add another layer of software that must be managed.

For all its virtualization magic, a VLAN is essentially a subnetwork established on a LAN. If the underlying LAN or hardware has problems, the VLAN won't function properly.

Here are five tips for achieving optimal performance:

Tip 1: Start with the physical layer.

If the hardware beneath the virtualization isn't working, there's trouble.

Check the physical connections, especially the cables. A loose or defective cable is one of the most common causes of a malfunctioning VLAN. Also, check the router and other hardware log files. Pay special attention to any connectivity issues reported in the error messages. Always run a quick continuity check, keeping an eye out for substandard connections, as well as no connection.

Tip 2: Examine software configurations.

VLANs require a lot of configuration, and many of those settings are made by default. Recheck configuration files and settings, paying special attention to default settings and other assumptions about how the VLAN should be set up. Make sure to have a readable copy of all configuration files handy.

When running through them, start at the highest level consistent with the symptoms and work down from there.

Tip 3: Ensure that routing is set properly.

Sometimes the problem isn't in the VLAN itself, but in the routing. VLANs are more sensitive to routing errors than most software. One fertile place for errors is in the routers' security permissions settings. Because a VLAN, in effect, tunnels through a firewall, vendors take special care when it comes to security in VLAN connections. In particular, make sure the VLAN is allowed and not pruned by the routers. If the router configuration doesn't allow the VLAN, it isn't going to work.

Tip 4: Set the VTP, GVRP or MVRP protocol to server mode.

One of three protocols — the VLAN Trunking Protocol, the GARP VLAN Registration Protocol or the Multiple VLAN Registration Protocol — will be used to establish the connections between the databases on the VLAN switches to tell the hardware what is part of the VLAN. Typically, the switches will be set in server mode at setup. Keep in mind that VLANs can't be created in client mode.

Tip 5: Keep IP addresses in line.

Technically, a VLAN doesn't have an IP address, but the components making up the subnetwork that forms the VLAN do. Every component must know the correct IP address of the other equipment on the VLAN. It's a small detail that can frustrate an administrator when it's unclear what's going on.

Troubleshooting a VLAN isn't particularly difficult, but it can be tedious. VLANs don't respond well to administrators who poke around or make random changes. The best strategy is to work methodically, paying close attention to the details of the configuration of the VLAN and its supporting equipment.

When there's a problem with a VLAN, the mind naturally goes first to virtualization software and configuration issues. Although there's a good chance that's where the trouble lies, it's best to eliminate the possibility of faulty hardware first to avoid wasting time. In general, the best strategy is to start by making sure the underlying hardware and software work properly before proceeding to the VLAN.

<p>Ocean Photography/Veer</p>

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now