Advantages and Disadvantages of VLANs

VLAN is a switch-only feature. It allows you to logically arrange and manage devices based on your requirements without changing their physical locations. You can use this feature on any Cisco switch. This tutorial explains the advantages and disadvantages of this feature. This tutorial explains the advantages and disadvantages of this feature.

Advantages of VLANs

The main advantages of VLANs are the following.

• Solve the broadcast problem
• Reduce the size of broadcast domains
• Add an additional layer of security
• Make device management easier
• Implementing the logical grouping of devices by function instead of location

Solve the broadcast problem

A switch creates a separate collision domain for each port and a single broadcast domain for all ports. When it receives a broadcast frame, it forwards the broadcast frame to all other ports. The broadcast frame reaches all devices connected to the switch. If the broadcast frame is intended only for some devices, the remaining devices receive and process it unnecessarily. This default behavior decreases the network performance.

To solve this problem and improve network performance, you can use routers. A router creates a broadcast domain on each port. However, routers are costly and have limited ports. Because of this, administrators usually do not use routers to limit broadcast messages. Instead of routers, they use a switch feature known as VLAN. Each VLAN has a separate broadcast domain. Switches assign a unique ID to each VLAN, known as the VLAN ID. They use VLAN ID to make forwarding decisions for broadcast messages. They forward broadcast messages only from the ports that belong to the same VLAN ID. The following image shows how a switch forwards a broadcast message with the default configuration.

The following image shows how a switch forwards broadcast messages when it has two VLANs.

Reduce the size of broadcast domains

VLAN increases the number of broadcast domains while reducing their size. Let us take an example. A network has 100 devices. With the default configuration, it has a single broadcast domain that contains 100 devices. If you create 2 VLANs and assign 50 devices to each VLAN, you will have two broadcast domains with 50 devices in each. If you create 5 VLANs and assign 20 devices to each VLAN, you will have five broadcast domains with 20 devices in each. The more VLANs you create, the more broadcast domains you have.

Add an additional layer of security

VLANs enhance network security. A Layer 2 network provides a free flow of access. Any user can access any resource available on the network. Anyone can see a network broadcast and respond to it. Users can join a workgroup by attaching their systems to an existing switch. It creates security issues. Properly configured VLANs give you total control over each port and user. With VLANs, you can control users from gaining unwanted access to the resources. You can create and use multiple VLANs based on your requirements. After that, only devices in the same VLAN can access each other.

Make device management easier

VLANs make device management easy. Since VLANs are a logical approach, a device can be located anywhere in the switched network and still belong to the same broadcast domain. You can move users from one switch to another switch in the same network while keeping their original VLAN. For example, a company has a five-story building and a single-layer-2 network. In this scenario, VLAN allows you to move users from one floor to another while keeping their original VLAN ID.

Implementing the logical grouping of devices by function instead of location

VLANs allow you to group users by their function instead of their physical locations. Switches maintain the integrity of your VLANs. Users will see only what they are supposed to see, regardless of their physical location.

Disadvantages of VLANs

The main disadvantages of VLANs are the following.

• Increase network cost
• Add complexity to the network

Increase network cost

Devices in different VLANs cannot communicate directly. To connect different VLANs, you need a router. If your network does not have a router, you must purchase and configure at least one router to connect different VLANs.

Add complexity to the network

VLAN configuration is complex. A small mistake in VLAN configuration can make all connected devices inaccessible to other devices. If your network has multiple switches, you must configure VLANs on all switches.

Conclusion

Virtual Local Area Networks (VLANs) offer significant benefits, including enhanced network performance, improved security, streamlined device management, and the ability to logically group devices by function rather than location. By segmenting broadcast domains, VLANs effectively address the challenges of excessive broadcasts and network congestion, making the overall environment more efficient. However, it's essential to consider the drawbacks, such as increased network costs due to the need for routers to facilitate inter-VLAN communication and the added complexity in configuration, which can lead to potential errors. Overall, while VLANs are a powerful tool in modern networking, careful planning and management are crucial to maximize their advantages and mitigate their disadvantages for optimal network performance.