5 Tips to Simplify VLAN Setup
VLANs — software-configured local area networks — are an important feature of modern network technology that subdivides a network into more than one virtual LAN for better performance and more security. For efficiency and reliability, VLAN setup must be planned carefully. That’s a simple task with only a few VLANs and one or two switches and routers, but for a larger installation, it becomes much more challenging. Follow these tips to avoid some common problems.
Draft out the entire VLAN network topology. Avoid loops and set up optimum routes between ports. Even though VLANs can use virtual (software-defined) routers, switches and ports, it is still a good idea to minimize the number of hops in a VLAN setup to improve performance and lower the network’s complexity. Be sure to use separate VLANs for functions such as voice, data, management, native VLANs and default VLANs — don’t simply use VLAN 1 as a catchall or default.
Remember, there is real hardware underneath all of the virtualization. Although there is effectively no limit to the number of VLANs an admin can assign to a physical port, all of the VLANs on that port will share the same pool of resources. Too many VLANs on a single physical port will result in poor performance. Keep the VLANs on a port to a reasonable number, depending on traffic.
Avoid loops. Loops occur when network switches or hubs are plugged into themselves more than once. At best, loops slow down performance. At worst, they can kill all or part of a network. Loops can become complicated when one or more of the switches connect to themselves through intermediate switches or hubs, making a complex tangle of connections that hide the problem. Prevent this by enabling Spanning Tree on managed switches or loop protection on unmanaged switches. Both will detect a loop and prevent it from occurring. Spanning Tree is more sophisticated because it breaks the loop by using the management features of the switches. Loop protection simply shuts down part of the network.
Create a management VLAN. For reliability, it is important to separate network management from other traffic, so dedicate a VLAN for this purpose. This helps prevent loops and provides a reliable connection in case of network problems.
Disable VLAN 1. VLAN 1 is the default VLAN for ports and switches. Unfortunately, because its characteristics are widely known (or easy to guess), it represents a potential security vulnerability.
Earn extra credit. When a host on one VLAN must communicate with a host on another — even on the same port — traffic must be routed between them using a Layer 3 smart switch. n