VLANs – Breakdown


Virtual Local Area Networks (VLANs) are used to take one large network and divide it into smaller networks. Each of these smaller networks are referred to as a VLAN. As a network grows it can get to a point where you simply have too many devices all communicating on a single network which can cause network issues. This can be especially true if you have devices that communicate frequently using broadcast or multicast messages. Having too many devices on single network can negatively impact network performance and cause resources to respond slowly. Those resources can include internet access, accessing audio/video systems on the network, and accessing home automation equipment. Each VLAN is basically treated as its own network, separate from the other VLANs which helps improve performance.

When you have a network that contains different types of network equipment it may be necessary to place them on their own VLANs. For example, imagine you have a network with a VOIP phone system, an IP camera system, and regular end devices such as computers, printers and wireless devices such as laptops and mobile devices. Depending on the size of the VOIP system and on how many cameras there are going to be on the network you may need to place each system on its own VLAN. If each of those systems are large enough and you do not use VLANs to separate them you will have issues on the network. VOIP in particular is sensitive to delay in the transmission of its data. If a large phone system is placed on the same VLAN as regular end devices it’s possible that the data the phone system is sending will be sent after the data that the regular end devices are sending causing issues with phone calls that people are making. Placing each of those systems on its own VLAN would provide separation among them so that they do not slow each other down when they send data on the network.

Even though you separate devices on the network with VLANs it is still possible to communicate between those VLANs. When you have a network with VLANs you can configure firewall policies on the router to allow data to be sent from one VLAN to another. By default our K6/K60D/R10 routers allow VLANs to communicate to each other with the exception of VLAN 6 which is the guest VLAN. The Guest VLAN is only allowed internet access. As an example, If you have a computer on VLAN2 and a camera system on VLAN 3, you will be able to access that camera system from the computer even though you are not on the same VLAN. There is some limitation with inter-VLAN communication though. Broadcast messages cannot be forwarded between VLANs by the router. This means that any application that uses broadcast messages to communicate must be on the same VLAN for that communication to work. Our routers will allow multicast and unicast messages across VLANs.

ElanG is common with AV systems and it uses broadcast messages to communicate with devices. This means that if you are on a different VLAN than the ElanG you will not be able to communicate with that control system. Multicast messages are normally contained to the same VLAN by the router and are not permitted to pass through to other VLANs. Our router however by default allows multicast communication across VLANs. Many types of home automation systems as well as audio video systems rely on multicast messages to communicate. For example, Apple airplay uses multicast messages. Since we allow multicast message across VLANs you can have apple equipment that uses airplay on different VLANs and they will still be able to communicate with each other.

It should be noted that each VLAN on the network has its own IP scheme. For example, our routers use the following IP schemes for its VLANs

VLAN 1(internal) is 192.168.1.X

VLAN 2 is 192.168.2.X

VLAN 3 is 192.168.3.X

VLAN 4 is 192.168.4.X

VLAN 5 is 192.168.5.X

VLAN 6 is 192.168.6.X

If your computer/device is connected to VLAN 2 it needs to use an IP address on the 192.168.2.X network. If your computer is on VLAN 3 it needs to use an IP address on the 192.168.3.X network. The same concept applies to the other VLANs.

Picture a single network that consists of a router, one 8 port unmanaged switch, and a single access point. In this network there are only 3 wirelessly connected device. The 8 port unmanaged switch has a printer and a wired computer. This is a very small and simple network. There is no problem with having these devices all on a single network because the network is not large enough to justify using VLANs.

Now imagine that you have a network that has a lot of IP phones, audio video equipment, home automation and regular end devices. This network will need VLANs to separate each of those systems. This will provide separation between the systems so that each system can send its own data on the network without affecting other VLANs. The following is an example of a network with VLANs.