Advanced Vlan Network Strategies – Updated

Since manageable switches were not widely used in old network architectures, companies and organizations used the local network with pool logic.

Namely;“Hello” packets, Broadcast messages, in short, messages saying I am here and my physical network address(mac address) is this, which the ethernet interface of the accounting office’s computer sends to all personal computers and network devices in the network through the switch to which it is connected, were being sent to the ethernet interfaces of the users in all units, without stopping, continuously.

Errors Caused by Network Traffic

If there were not many clients in the network, it was not very important. However, as the number increased, a lot of problems started to arise both in terms of network traffic and security.

Sometimes it could go as far as stopping the traffic for a while. With the widespread use of manageable smart switches, network traffic and network security can be regulated with a few simple measures.

Managed Network Design

First of all, virtual networks are created for each user group, whether there are more or fewer. In fact, while the network in your local network consisting of hardware main switch and edge switches is one, independent virtual subnets are created with Vlan configurations in it.

Thus, as if the Vlan used by the accounting offices and the Vlan used by the customer service office are independent from each other and on different networks, no data packets or broadcast packets will interfere with each other and a situation opposite to the pool principle will arise. I am sure the following question will immediately come to mind.

Inter-VLan Communication: IP Routing

If Accounting and Customer Service want to use an in-house server, how will they use it?

While the Vlan service is running on the Layer2 layer, the IP Routing service running on the Layer3 layer will help you answer this question. You can perform IP Routing with a Layer3 supported main switch or you can perform this operation using a Router.

Thus, you will be able to communicate two independent Vlans with each other. For this communication method, it will be safer to perform the Ip Route configuration on a Router.

Ip Routing Through Firewall

Since almost all firewall devices today can also work as a Router, the most secure Routing will be the Routing done on the Firewall. Routing will be very flexible as you will completely set the boundaries while routing.

When you perform the routing process, the accounting and customer service office will be able to use a server on the same network through independent VLANs. With a small Ip Routing line in the configuration, these two different units will even talk to each other in a limited way.

Wide Area Networks

If we give an example from the ISP service provided by the IT department of a business that serves near me; It serves in an area of approximately 35 square kilometers. Within this area, it provides access to edge switches with at least 30 pairs of fiber optic lines at almost every point.

A total of 62 organizations in the field, from bank branches to Türk Telekom Wifi services, provide services to their own clients completely independent of each other with VLANs created on this network.

ISP: What are the Benefits of a VLan Supported Network?

Organizations that are sensitive about network security transfer the data going back and forth encrypted thanks to the Firewall devices they put in front of their servers and the“EndPoint” security software released by the Firewall device installed on the client computer.

As a result, the operating company charges a fee per Vlan and according to the number of ends for this service. Now imagine that if there was no VLan structure, each of the 62 organizations would have established this structure with their own edge switches over their own fiber optic line.

I can’t even imagine the cost, whereas doing the same work by creating a virtual network would be both more manageable and more economical. In this way, it even causes the formation of the sector called ISP.

Multiple Subnets with VLan Solution

Finally, another point I would like to mention about the Vlan network architecture is that it is also the answer to the IP need that the number of clients will bring. As it is known, each IP block can host a maximum of 254 IPs.

If the number of users in your company’s local area is 300, 500 or more, you cannot overcome this problem without using Vlan in a single network. By using Dynamic or Static IP Routing policies, you can easily connect x number of Vlans that you will create.

How Many Ip Addresses Should Each Ip Block Have?

Although you can use a maximum of 254 IPs in a C-Class IP block or Vlan block, it does not mean that you will use it until the last IP. It will cause unnecessary congestion on every element in the network, especially the Ethernet interfaces of the users, due to the high number of broadcast and multicast messages circulating in the network.

For this reason, it is recommended to use a maximum of 70-80 Ip in a C-Class Vlan with 254 Ip addresses. It is recommended not to exceed 100 Ip.

About the Vlan service running at the Layer2 layer and the Ip Routing service running at the Layer3 layer, you have more or less formed something in your mind, right? If you have manageable switches and you are using them in“Stupid” mode, I can support you to overcome this problem and turn the network into a faster and more stable network.