cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[WINNERS ANNOUNCED] Community Challenge: VLAN Explained

Community Manager

MerakiCommunity-CommunityChallenge


UPDATE Mon, June 24: Congratulations to the winners! Read the announcement.

 

UPDATE Mon, June 24: Voting is closed, stay tuned for the announcement of the winners!

 

UPDATE Weds, June 19: We have been blown away by the number of entries for this challenge, all of them showing such compassion for Carl and patience in helping him understand! Because we have so many entries to consider, we're extending the voting deadline until Monday June 24th at 10:59am. So be sure take a look at all of the entries and kudo your favorites before Monday! 

 

UPDATE Mon, June 17: Submissions have ended for this challenge! Now is your time to vote. Remember, we will have two winners — one chosen by the most kudos received and one selected by our panel of Meraki judges. So cast your vote by giving kudos to your favorite entries and we'll announce both winners on Friday, June 21st at 11am PDT.


Virtual local area networks, or VLANs if you ain’t got time for that, are critical components for simplifying network deployments through segmentation. Despite their abundant merits, it can be tricky to inspire appreciation in a lay-person, say, Carl from Finance.

 

For this month’s challenge, we’re asking you to explain, in the simplest possible terms, the concept of and benefits to utilizing VLANs. Your audience, let’s carry on with Carl, is intelligent, but non-technical and completely at sea when it comes to networking. You can use whatever media, analogies, or hyperbole necessary to help Carl understand.

 

The winners will receive stylish grey Cisco Meraki backpacks:

 

426ba5fc-2e96-41b6-9502-d55325d55224.png

 

How to enter

Submit your contest entry in a comment on this blog post before 11 a.m. PDT on Monday (June 17th, 2019). Entries won’t be made public until voting starts. After you submit your entry, you’ll see a message reading “Your post will appear as soon as it is approved.”

 

How to win

Voting begins when submissions close (at 11 a.m. PDT on Monday, June 17th, 2019), and continues to the end of the work week. Voting closes at 11 a.m. PDT on Friday, June 21st, 2019.

 

We will be selecting 2 winners:

 

  1. The Community Favorite — chosen by you, our Community members. Cast your vote by giving kudos to your favorite entries. The entry with the most kudos from community members who aren't Meraki employees will win!
  2. The Meraki Favorite — a panel of experts here at Meraki will select the Meraki Favorite prize.

 

The Fine Print

  • Limit one entry per community member.
  • Submission period: Tuesday, June 11th, 2019 at 11am PDT through Monday, June 17th, 2019 at 10:59am PDT
  • Voting period: Monday, June 17th, 2019 at 11am PDT through Friday, June 21st, 2019 at 11am PDT
  • Prize will be a selection of Meraki swag with value not exceeding USD 50.00
  • Official terms, conditions, and eligibility information
138 Comments
Conversationalist
Hi Carl Thanks for giving me time to explain to you the concept of Virtual Local Area Networks – also known as VLANs. Let me explain it like this: think about all information travelling along a motorway (highway) and we need to classify the information or traffic lanes – so financial information gets allocated their own traffic lane on the highway, HR would get their own traffic lane, and staff would get their own traffic lane as well. Sometimes staff would need access to some information in the HR Lane – we allow this at a junction (Security Appliance) which allows traffic to shared between each dedicated lane. We can also prioritise each traffic lane which allows business departments to be prioritized – example: finance traffic lane priority high if this is an EFTPOS transaction for purchasing goods vs staff member watching a cat video on Youtube. In order for us to configure your highway correctly – it would be good for us to work together so we can identify how many dedicated lanes you need and which business units work together so we can sure the information sharing is setup correctly. Look forward to working with you to design the highway of information which suits your business. Thanks... Gerardus
New here

Carl, if you're like everyone else here, you're here because you believe data security is important. Ready for the "high speed-low drag" on one of the best ways to keep your network secure? VLANs and segmentation. VLANs are actually pretty simple. Networking is really simple. It's literally NOT rocket science. 

 

Think of a network like your old house phone. Anyone in your house who picked up that phone could talk or listen in. If you're trying to keep someone else with another phone in the house from listening in.. Good luck.  A VLAN is like a business phone system. Sales can only call other people in sales by extension only... Unless you call through the receptionist. They have to patch you into the Finance department... Or even a customer.

 

That way, the sales department can only talk to the sales department and they're not allowed to bother the Finance department unless Sheila at the front desk patches them through.

 

Boom. VLANs. Segmentation.

Here to help

I explained it like this to a CEO once, and he loved it and understood.

Got my project Approved as well because of it!

 

Its like having two Rats in a Box, in that one box are two unique mazes that are made of clear walls

The rats can see each other, they know about each other, they move in their own maze going past the other rat on the other side of a clear wall.

But they never physically touch each other.

Unless that is, you open a gate to allow them to share a resource, for example if you only want to have one food spot, you open a gate so they share the food, but the gates are not big enough for them get all the way through into each others maze, just big enough to stick their head in and share the food.

 

Here to help

Before starting with the concept of a VLAN, let's go a little further back, what is a LAN?

 

Well a LAN, is a network where we can share resources (files, printers, removable devices, etc) in a small space defined how its name says it: Local Area Network, an example of a LAN are all the desktops, laptops, printers, etc that are in the accounting department of a company, all will have access to resources that they share among them without having to leave their own network.

 

Now a VLAN, as its acronym says it is a Virtual Local Area Network, this means that it is a LAN that physically does not exist as such because it is a logical division of a physical device.

 

To understand this concept I leave this example:

 

We have a big room (physical switch) about 24 meters long and 24 meters wide (1 square meter = 1 port) will be occupied by one or more people (person = vlan), which means that each person will have their own space in the room of a size that will be defined by the boss (network administrator), each employee will have their personal space and will have divisions to isolate it from the rest, in spite of being part of the initial room, nobody will be able to use their workspace. The same happens when a vlan is created in a switch, even though everything is in a physical device, each vlan will have its own configuration, number of ports assigned and it will be isolated from the rest, so even if there are 5 people from different departments working In the same room, those 5 people will not be able to see or know anything about the other people in the room.

 

What benefits does it bring? Well I leave 2 of the benefits that personally seem more important:

 

As I mentioned before, it will give us more security because the devices that do not belong and do not have permits will not be able to see what is in other VLANs and also following the example of the room, in case some criminal (unauthorized person) enters the room, lounge can only see what is in the space that managed to enter and not what is in the other spaces, this also helps to have more confidentiality.

 

Another benefit is that the resource and network load is reduced (latency is reduced, CPU, memory, etc) because only what is to be output from the VLAN and not all traffic that is generated is processed.

 

I hope everything has been understood!! 

Comes here often

 

SIMPLE VLAN :)SIMPLE VLAN 🙂

 

Conversationalist

First of all, thank you for the fantastic event that Meraki posting on this community.

 

well, to put it simply and in layman's term VLAN is similar to segrating a trash which puts them in order.

Comes here often

Think of cars as traffic in the network, and the road (and all of it's lanes) as the switch. A vlan allows the cars on that road to be separated from the rest of the traffic, so a vlan is like a toll road pass.  The cars on Vlan1 toll road will be in a different separate lane that people on the vlan2 toll road. Even though they are all in the same road, each vlan has it own different lane for specific type of traffic.

The benefits, much like a toll road, it helps move traffic more efficiently from one point to another. Also toll roads, have barriers to keep other traffic from joining it, if you don't have the right tag, forget about joining that toll road. 

Just browsing

Lets consider there is a big gathering and they are all talking. It will be impossible for them to communicate with each other.

 

Now if we move them into reasonable sized rooms. Say the rooms are named as Red-Room, Orange-Room, Green-Room. Now as the number of people in the rooms are reduced such that what ever they say can be heard by everyone in the room. In addition we have similar labelled rooms on every floor of the building and they are interconnected with same colored rooms i.e. Red-Room at all the floors are interconnected such that any one talking in Red-room at ground floor can be heard by all other Red-rooms on other floors and vice-versa. So we have created smaller rooms where people can communicate without yelling at each other. It offers security, such that you can keep like minded / security conscious discussions in a particular colored room.

 

Likewise VLAN provides a boundary around the network such that a computer which is part of VLAN can communicate with other computers on the same vlan irrespective of the floor it is at, it is its broadcast boundary. It offers security, so that you can keep all the servers in a vlan with similar security requirement and all the end users in another vlan with other security requirements.

New here

A VLAN creates multiple networks without creating multiple networks.

By configuring your switch and routing equipment, you can designate and separate your wired and wireless connections to act as separate and distinct networks, all using the same infrastructure. In this way you can keep some equipment secure from others, some groups private from others, and easily manage resources, without additional equipment or wire. 

 

Happy Networking.

 

Tom Tech.

Comes here often

You can tell Carl from Finance that VLANs are like pipes within pipes, but for computer networks. They make sure that the water from the toilet doesn't get mixed in with the water coming out of the tap.

Getting noticed

There are 2 Squirrels running down a pipe, they get in each others way, slowing each other down one tries to steal the other ones food its just Chaos. Now if we tag each Squirrel with a Vlan, they are both still in the same pipe, but they can't see each other they don't get in each others way and they cannot hop in to each others path. The end up where they are supposed to go with out ever interacting with each other.  The only way for them too cross paths is if I allow it in the Tree branch Router .

Does that Help you under stand vlans LOL.

Comes here often

A VLAN is a broadcast domain.

Conversationalist

Performance. As mentioned above, routers that forward data in software become a bottleneck as LAN data rates increase. Doing away with the routers removes this bottleneck.

-it is relatively easy to put all the people working together on a particular project all into a single VLAN. They can then more easily share files and resources with each other. 

-f users move their desks, or just move around the place with their laptops, then, if the VLANs are set up the right way, they can plug their PC in at the new location, and still be within the same VLAN. This is much harder when a network is physically divided up by routers.

-If there are servers or other equipment to which the network administrator wishes to limit access, then they can be put off into their own VLAN. Then users in other VLANs can be given access selectively

 

Comes here often

VLANs allow you to host separate & isolated networks on the same networking equipment by tagging packets with a VLAN ID corresponding to the network that device has been assigned to.

Comes here often

This is the first post to the Meraki Community.Smiley Happy

 

I do network management conscious of vlan on a daily basis.

 

There is a lot of important information such as source code in the company.

 

Some sites have limited access to only some of their employees.
For such sites, we are operating to separate the privileges for each account, but are also controlled by VLANs.
As an example, engineers can view, but not others....

 

In addition, we prepared isolated VLAN network for customer who came to the company and protect company information.

 

Managing VLAN separately is very secure and I think it is important to protect important information.

 

Best Regards.

Getting noticed

Hi Carl, 

As you are probably aware, computers can only communicate with other if they are on the same network, a network being a group of computers connected together. The problem is, when you have hundreds of people connected to the same network, you need a way to control who can talk to who, and where different information is sent. VLAN's, virtual local area networks, are the solution to this issue. VLAN's behave like seperate computer networks for the computers that use them, giving administrators more precise controls for network traffic. 

 

In short, VLAN's are used in a network to create subnetworks to help control how information flows through the network as a whole. 

 

~Andrew~

Comes here often

VLAN is a single broadcast L2 domain wherein broadcast is seen by every node in the same domain.

Conversationalist

VLAN segregates existing physical network into multiple logical networks. 

Each VLAN creates its own broadcast domain.

All data or voice traffic between two VLANs can only traverse through a router or a layer 3 device.

 

 

Just browsing

VLAN is Virtual Local Network which allow multiple IP networks or subnets to exists on the same switched network (devices - switches).

The simplest way - you can imagine we create one "virtual" switch for IP network on one or also across multiple switches.

 

Conversationalist

Hi Meraki Team,

 

Is India overqualified, to enter the Eligible Countries List?

 

Anyways...

 

VLAN's are the First level of Virtualization in a Network, which starts from a Switch.

It's a Network, inside another network.

It helps you segregate the traffic of different departments or entities in an organization.

 

The most commonly used Analogy:

 

We use VLAN's, to keep the Internal Employee traffic and Guest traffic on different VLAN's, to avoid giving Guest an access to our Internal Network.