A virtual local area network, or vlan, is a logically defined subset of a computer network that are used to control, from an administrator/system level, which computers are ‘connected’ to others. There can be an unbroken, physical connection between two devices, but they won’t be able to communicate because network hardware is stepping in and segregating the network.
This is good because it can increase security- rather than having your sensitive information on your company network with a password, which can be cracked or stolen, being the only thing controlling access to it, with a vlan you can limit access to even attempt to use a password to only the parts of your network that actually require it.
It also controls traffic and congestion on the network, because some data is ‘broadcast’, effectively addressed “to whom it may concern,”. A vlan places a wall around parts of the network that keeps these broadcasts inside, i.e. splits broadcast domains. Ordinarily, this would require different hardware and physical design, which can increase cost and complexity.
But on the other hand, the physical network structure encouraged by this design is very flat, with all devices physically connected to each other. It is only inside configuration on the network hardware that things are broken up and divided, which means if whoever set it up didn’t document it, you are required to not only figure out where all the cables go, but also how the network systems are controlling the data.
It’s also another “thing” that can break. If there were physical segmentation, you could follow a cable and see where its gone wrong, and if something were plugged into the wrong port, it would be plugged into the wrong device entirely, and you would just move the connection to the correct device. With a vlan, you’ll have a switch with dozens of ports, each having its own independent configuration defined on a table, which means it can be plugged into the correct device, but the wrong individual port out of dozens. The configuration could also become corrupt, or be broken by an accidental change or hardware failure, and you would now need to rebuild the table, going through each individual port and configuring which vlan was supposed to be on it.
A virtual local area network, or vlan, is a logically defined subset of a computer network that are used to control, from an administrator/system level, which computers are ‘connected’ to others. There can be an unbroken, physical connection between two devices, but they won’t be able to communicate because network hardware is stepping in and segregating the network.
This is good because it can increase security- rather than having your sensitive information on your company network with a password, which can be cracked or stolen, being the only thing controlling access to it, with a vlan you can limit access to even attempt to use a password to only the parts of your network that actually require it. It also controls traffic and congestion on the network, because some data is ‘broadcast’, effectively addressed “to whom it may concern,”. A vlan places a wall around parts of the network that keeps these broadcasts inside, i.e. splits broadcast domains. Ordinarily, this would require different hardware and physical design, which can increase cost and complexity.
But on the other hand, the physical network structure encouraged by this design is very flat, with all devices physically connected to each other. It is only inside configuration on the network hardware that things are broken up and divided, which means if whoever set it up didn’t document it, you are required to not only figure out where all the cables go, but also how the network systems are controlling the data. It’s also another “thing” that can break. If there were physical segmentation, you could follow a cable and see where its gone wrong, and if something were plugged into the wrong port, it would be plugged into the wrong device entirely, and you would just move the connection to the correct device. With a vlan, you’ll have a switch with dozens of ports, each having its own independent configuration defined on a table, which means it can be plugged into the correct device, but the wrong individual port out of dozens. The configuration could also become corrupt, or be broken by an accidental change or hardware failure, and you would now need to rebuild the table, going through each individual port and configuring which vlan was supposed to be on it.
aka i don’t either and i need help at my new job 🥲