A virtual LAN aka VLAN is a broadcast domain on a network that is separated (isolated) at layer 2 of the OSI model. It allows you to isolate networks based on equipment type, function, location, department or any number of variables.
Why is a VLAN different than using multiple subnets on the same LAN?
A VLAN allows network isolation at the data link layer 2. What this does is effectively create completely separate networks while maintaining a conglomerate selection of networking switches/hardware.
It isolates network traffic at a low level reducing broadcast traffic and allowing for routing between subnets without needing additional routing hardware. This also results in lower latency due to the increase in backplane switching bandwidth that is not normally seen with typical interface routing using purpose-built routing hardware.
In some cases, is also provides additional security by limiting users access to networks/systems, such as guest WiFi isolation.
But really, why should I use VLANs?
As you have probably heard before, we typically recommend that locations with 20 or more phones should be utilizing VLANs. Isolating broadcast traffic helps to ensure that your voice quality is optimal.
VLANS also introduce another layer of Quality of Service (QoS) allowing you to prioritize an entire VLAN over others if you desire.
In larger installations, VLANs allow you to be more flexible and adaptable when adding additional hardware and devices. It is preferred to use a /24 subnet for networks hosting phones so adding additional VLANs to your network would be preferable as opposed to using an external router, larger subnet or supernet.
OK, so I decided to use VLANs, what do I need to consider before doing so?
- Evaluate your currently installed networking equipment. Is it capable of hosting VLANs? Is one or more network switches (not routers) able to do layer 3 routing so that your subnets will be able to communicate with each other?
- Determine what your goals are for implementing VLANs.
- Develop a sound design that not only makes sense and meets your goals but allows for future expansion. If possible, choose subnets that align with each other and assign VLAN ids that match. For instance, network A - 192.168.10.x/24 - VLANID = 10, network B - 192.168.11.x/24 - VLANID = 11, network C - 192.168.20.x/24 - VLANID 20. This will allow you to quickly identify how a port and switch is configured as well as help when troubleshooting. It is not a requirement to align these values, nor do you have to limit yourself to one subnet per VLAN, but keeping things aligned can make your configuration easy to understand and enable quick issue resolutions.
Be aware of your growth and how that may affect utilization of your hardware. Under-estimating your future growth could lead to expenditures you were not planning for. Have a reasonable amount of free ports/resources available so that you can expand without adding hardware constantly.
Determine the best way to implement QoS for your environment. Consider all equipment and not just your phone system. Setting voice at the highest priority may cause unwanted side effects with other systems that you did not intend to create.
Understand the method of using IP helper on your VLANs to provide DHCP to your devices. Couple this with the required custom options that the Mitel system provides in order to assign phones to the proper VLANs.
- Use VLAN tagging to your benefit. VLAN packets on a network have a "tag" added to them stating what VLAN they belong to resulting in those packets always being identified as coming from the specified VLAN.
With tagging you can have multiple VLANs assigned to one port on a network switch. This allows you to "share" the port with a computer and a phone using the pass-through switch built into the phone. Computers or other terminals can stay on your low-key data VLAN, while the phone plugged into the same port can sit high on the hog utilizing the Voice VLAN you have assigned to it.
The Final Countdown
VLANs are a favorite network practice of mine. I love the isolation and control they give me but also the challenge in completing a design and implementation of them for the greater good of a network topology. I may or may not admit to running multiple VLANs on my own personal network at my home, that may even include protected guest WiFi.
My hope is that I have not only shared my love of them but to also help you consider their use and implement these on your own. Ponder on how they might improve your own topologies. Run toward the light, not away.
56 4c 41 4e 73 20 52 75 6c 65 21 20