cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[WINNERS ANNOUNCED] Community Challenge: VLAN Explained

Community Manager

MerakiCommunity-CommunityChallenge


UPDATE Mon, June 24: Congratulations to the winners! Read the announcement.

 

UPDATE Mon, June 24: Voting is closed, stay tuned for the announcement of the winners!

 

UPDATE Weds, June 19: We have been blown away by the number of entries for this challenge, all of them showing such compassion for Carl and patience in helping him understand! Because we have so many entries to consider, we're extending the voting deadline until Monday June 24th at 10:59am. So be sure take a look at all of the entries and kudo your favorites before Monday! 

 

UPDATE Mon, June 17: Submissions have ended for this challenge! Now is your time to vote. Remember, we will have two winners — one chosen by the most kudos received and one selected by our panel of Meraki judges. So cast your vote by giving kudos to your favorite entries and we'll announce both winners on Friday, June 21st at 11am PDT.


Virtual local area networks, or VLANs if you ain’t got time for that, are critical components for simplifying network deployments through segmentation. Despite their abundant merits, it can be tricky to inspire appreciation in a lay-person, say, Carl from Finance.

 

For this month’s challenge, we’re asking you to explain, in the simplest possible terms, the concept of and benefits to utilizing VLANs. Your audience, let’s carry on with Carl, is intelligent, but non-technical and completely at sea when it comes to networking. You can use whatever media, analogies, or hyperbole necessary to help Carl understand.

 

The winners will receive stylish grey Cisco Meraki backpacks:

 

426ba5fc-2e96-41b6-9502-d55325d55224.png

 

How to enter

Submit your contest entry in a comment on this blog post before 11 a.m. PDT on Monday (June 17th, 2019). Entries won’t be made public until voting starts. After you submit your entry, you’ll see a message reading “Your post will appear as soon as it is approved.”

 

How to win

Voting begins when submissions close (at 11 a.m. PDT on Monday, June 17th, 2019), and continues to the end of the work week. Voting closes at 11 a.m. PDT on Friday, June 21st, 2019.

 

We will be selecting 2 winners:

 

  1. The Community Favorite — chosen by you, our Community members. Cast your vote by giving kudos to your favorite entries. The entry with the most kudos from community members who aren't Meraki employees will win!
  2. The Meraki Favorite — a panel of experts here at Meraki will select the Meraki Favorite prize.

 

The Fine Print

  • Limit one entry per community member.
  • Submission period: Tuesday, June 11th, 2019 at 11am PDT through Monday, June 17th, 2019 at 10:59am PDT
  • Voting period: Monday, June 17th, 2019 at 11am PDT through Friday, June 21st, 2019 at 11am PDT
  • Prize will be a selection of Meraki swag with value not exceeding USD 50.00
  • Official terms, conditions, and eligibility information
138 Comments
Just browsing
VLANs are like rooms in a home. If you are having a party and everyone is trying to have a conversation in the same room, things will get very loud and information may be lost (performance decreases) in some of those conversations. However if you separate everyone into rooms (VLANs) the volume will lower and conversations become easier (performance increases) to have because you're not hearing everyone else's conversation at once. This also helps keep the conversations a little more private (security) as not every person in the home (LAN) will hear every rooms (VLANs) conversations. This can also help if you wanted to keep the children separated from the adults, you could simply lock the door (separate the VLAN) to the neighboring room and they wouldn't be able to hear the adult's conversation (security).
Conversationalist

Benefits of using VLANs... VLAN itself is a benefit !

 

When segmenting our Network we can set up different mini-networks for each department in our company. We are setting up different VLANs with different accesses, rules, restrictions, etc... As well as maintenance is actually easier when you are working on individual VLANs or group of users rather than the whole network itself. You can set up different VLANs for each department of your company, like Sales, Engineering, Helpdesk, Marketing... even a Guest VLAN so if you have visitors, they can connect to your Network without compromising it. As well as for the company's departments... they don't need to see what is Marketing doing with their own private stuff as well as all the accesses that IT has within the company. That is what segmenting your Network into different VLANs is. 

 

 

 

Head in the Cloud

Hello, Carl,

 

I have heard that you now also need different VLANs for your part of the building.

Before we go into further planning, however, I would like to introduce you to the term VLAN and its benefits.

 

VLAN stands for Virtual Local Area Network.

 

So what's the point of a VLAN, you wonder?

Quite simple, for example the segmentation of a building, as in floors. Floor1 is VLAN1, floor2 is VLAN2 and so on.

And what's the point? It's also very simple, you can give access rights for individual floors based on this.

- Floor1, for example, can communicate with every other florr and access each Internet page.

- Floor2 may only communicate with Floor3 and not on any website, but only on Meraki.com / dashboard.meraki.com

- Floor3 is not allowed to communicate with any other floor or to the Internet. Only mails and access to certain servers are allowed.

- And so on, there's nearly no limit.

For WiFi, for example, we could enter the same VLAN on all floors, so if you change floors, it's the same everywhere. So nothing changes for your notebook and you don't have any stress because everything runs automatically.

 

As we all know, pictures tell more than a thousand words, here a simple one, to understand the above even better:

 

Floors.png

 

In principle, all providers can use the technology, but I have in mind the Meraki solution for you. I can give you easy access to the Meraki website (dashboard), where you can get an overview yourself and see everything transparently that has been set, if that's what you want.

 

Hope this helps, talk to you soon. If you have any questions just give me a call or sent me a e-mail.

Marc

Here to help

A Vlan is a lot like a food for your kids, Carl.  When your kids are eating you probably noticed they don't like to eat potatoes with their peas mixed in so they sometimes separate the foods with their spoon or hand or fork.  A Vlan also works as a divider stopping certain traffic from talking to other traffic.  It also stops a break in one Vlan( Virtual-Lan) from messing up the other Vlans usually, similarly if your kids let all their food touch they would have a meltdown, Carl.  A full network down is a lot worse than just part of the network being down, just like if the peas touch the potatoes, but the beef roast was still safe. If that were to happen your kid could still eat something, and if the one Vlan broke the other Vlans, typically, won't break as well and can still be salvaged! This is how the vlan domains work, at layer 2... This changes a bit once we introduce inter-Vlan routing, or kids matching specific food! I hope this helps Carl!food seperation.jpgvlan seg.png 

Getting noticed

If a normal LAN is a highway, then VLANs are almost like the lanes.  They are all on the same physical road and sometimes you can merge and see other traffic but they don't always exit the same place or lead to the same destination

Here to help

VLAN and their benefits.

 

Simply expressed, a VLAN (Virtual Local Area Network) is a configured network within a network.

A LAN (Local Area Network) links all clients and resources within a small private network. This network may require further differentiation e.g a business that has various departments such as Finance, HR, Sales and Management.. VLANs can be set up to exclusively interconnect departments within the LAN e.g HR and Management locating within VLAN10 and Finace and Sales locating within VLAN20.

This provides a more hierarchical organisation as opposed to a flat network. It also is less susceptible to Broadcast storms, which is a form of intrusion attack

They are relatively easy to set up particularly with quality devices.

Comes here often

Carl, do you remember that kid in high school that always seemed to be welcome in any social click? Each VLAN is it's own click and the port at your desk can join whichever appropriate one you need to connect to do get the job done.

Conversationalist

Virtual subnets.

Conversationalist

 

 

 

 

Here is my entry: 

 

"Hey Carl, 

   SO you want to understand the idea and concept of VLANs...let me simplify it for you.  Carl..you've traveled on an airplane before, right?  Of course you have, so what do you do?   You pick a destination, when you want to go, your seat assignment, and then purchase it.  Once purchased you get a ticket that has a Flight Number on it.   On the day of your trip, you go to the airport, go through security, look at your ticket, you check your flight number and see which Gate you need to be at.  Once at your Gate you see it's labeled with your destination and flight number, you wait for your plane, board and off you go. 

 

So now that you understand that, let's peel back the label and let's reveal the players here: 

The Airport would be the Switch in a network,

The Gate would be the switchports that cables plug into,

The airplane is the data that travels

the Flight Number would be the VLAN

 

You see with out flight numbers (VLANs) we wouldn't know which airplane to hop on to travel, so it would utter chaos and people hopping on random planes, going to random, places.   So VLANs allow us to say "hey you belong on this plane to get to your destination, the Gate might change, but the Flight number won't" .    

 

You think you got it Carl?  " 

 

- Tony Cuevas

 

New here

So, Carl. Imagine that you work in a one-floor office and everybody shares the same open room. If you make a call to a colleague, everybody would hear his/her phone ring and you could wave to him from a distance. That would be your Local Area Network (LAN): everybody can hear and see you and if all employees try to talk to each other, that would be a noisy and messy environment.

 

Now assume that you split the same office into glass-cells, by department. Now the same phone call would only be heard by his/her department, but you still share the same floor. You could say that now you are segmented as Virtual LANs or VLANs, you're controlling the workplace in a way that you won't overload it with unwanted noise.

 

As a bonus, now picture that you and your colleague work on different floors. To get a hold of him you must call him or take the elevator to see him. That's a more direct and narrow approach and we could say that you ROUTED your information to him.

Just browsing

VLAN in a simple word is two separate networks within one network. Meaning let's say you have different departments in your company such as Finance, Management, Marketing and Sales and you don't want the Salespeople to access the Computers on the Finance network, so you create two VLANs for those departments. Or let's say you have a wifi network that your entire company connects to but you want to have a guest wifi network for your visitors that is separated from your corporate wifi network, so you set your guest wifi network on another VLAN.

Here to help

Hey Carl,

VLANs are great.

With them you can virtually build seperate switches without the need to buy seperate switches. Everything works virtually in there. You won't have to buy one switch for your two controlling guys and another one for the sales team to keep them apart. You can even plug your lab into the same physical switch without worrying the sales guys will mess it up somehow because logically everything can be seperated. You will save lots of money AND gain addiotional features like firewalling between these virtiual switches.

 

 

Comes here often

VLANs are like having dedicated floors in a building for various functions or departments, you can control access to the floors for security, establish priority for for what floor is served by the elevators first yet move people (data) from one floor to the next if access is needed to both!

 

In a simple move we have established added security, priority for faster/more reliable service yet created a situation where both can be accessed if needed. 

Comes here often
For different network devices to communicate they need two means (physical and logical), the physical part is an Ethernet cable and the logical part are the VLANs. Imagine that the logical part is a highway, so if this highway does not have marked lines between the lanes this will cause a circulation problem between the cars because they do not have a defined traffic guide. When we put lines between the different lanes, these would be the VLANs, if we realize this will allow free transit, greater order and greater traffic control. In conclusion, in data networks VLANs allow us to separate data traffic between different groups of network devices allowing us to communicate more effectively between them.
Here to help

Hello Carl,

 

Hope this finds you well, as per our conversation to purchase an meraki full stack solution support (VLAN) Virtual Local Area Network i would like here to briefly point to the concept and benefit of having such technology using the following methodology  :

 

Could you imagine company building rooms without any tags , any body can access any room , guest as  well once they enter to the building they can go everywhere, when someone is looking for an department room will go through all rooms to find you that all traffic in the building could be solved by tagging the rooms as will guest or any not wanted access could be isolated on the other hand let say finance has office on each floor in around the building would you prefer as a finance member authenticated to access to handle a key for each room or one master key for all, that's more or less what vlan can manage in the computers networking Security ,efficiency and Segmentation of the network traffic,

 

Sincerely,

Hosam            

 

   

Comes here often

A great way to think of a LAN vs a VLAN, is a house compared to an apartment. Let's imagine the structure as hardware and the tenants inside as virtual local area networks (VLANs). A house is a single structure with a single tenant living inside. If VLANs did not exist, there would only be one virtual network "tenant" inside of each switch "structure". Now, picture an apartment. This is a single structure with multiple tenants living inside subdivided homes. There are multiple virtual networks "tenants" inside a single switch "structure". The homes inside the apartment building are connected by hallways, elevators, and doors. These are how the tenants (virtual networks) are interconnected inside one single LAN (structure) and allow them to communicate within one another.

 

Imagine this, if you were a housing developer and were tasked with building homes for a large group of people in the most efficient way possible, would you build 100 separate house structures (LANs) or you would you build 1 structure (LAN) with 100 apartments (VLANs) inside? 

vmx
Comes here often

 

VLAN stands for "virtual local area network" is a smaller logical segment within a larger, physical, wired network. Basically VLAN's are used to control the broadcast domain. As consider a company like ABC in which there are 15000 of PC`s and they are connected on a network and all are in same subnet. The windows operating system is working on each computer, So as the windows operating system is always broadcasting its every service. So if we consider that our all PC`s are in a same subnet so the every PC will sends its service broadcast and when it is coming towards a switch it will broadcast it we can`t use router as all PC`s are in a same subnet. Switch will divide only the collision domain and not the broadcast domain so switch will make a multiple copies of that and send to its every port and so if 1 switch has 24 or 48 ports then there are more switches in that network. In this case Switches performance will get degraded and end users will get affected due to poor network performance. 

 

In order to create a virtual LAN, the network equipment, such as routers and switches must support VLAN configuration. The hardware is typically configured using a software admin tool that allows the network administrator to customize the virtual network. The admin software can be used to assign individual ports or groups of ports on a switch to a specific VLAN.

 

Advantages of VLAN such as ease of Administration, Confinement of broadcast domains, Reduced Broadcast traffic and Enforcement of Security policies.

 

  • VLANs enable logical grouping of end-stations that are physically dispersed on a network.

            When users on a VLAN move to a new physical location but continue to perform the same job function, the end-stations of those users do not need to be reconfigured. Similarly, if users change their job functions, they need not physically move: changing the VLAN membership of the end-stations to that of the new team makes the users' end-stations local to the resources of the new team.

 

  • VLANs reduce the need to have routers deployed on a network to contain broadcast traffic.

            Flooding of a packet is limited to the switch ports that belong to a VLAN.

 

  • Confinement of broadcast domains on a network significantly reduces traffic.

             By confining the broadcast domains, end-stations on a VLAN are prevented from listening to or receiving broadcasts not intended for them. Moreover, if a router is not connected between the VLANs, the end-stations of a VLAN cannot communicate with the end-stations of the other VLANs.

Conversationalist
You want simple? https://drive.google.com/open?id=11Iqi7hK59HUxwk-6GwaHsVYwZNZZDgmj I make no apologies for the artwork.
Comes here often

our mothers its a router, my name is jorge and iam a vlan, my sister Andrea its another vlan, we come from my mom who is the router but each are unic and we can or cant share info or talk each other if mom whant haha my song and daughter are host belong to vlan jorge and my sister andre has its own host (their children)

 

 

Just browsing
A Vlan is a subnet and broadcast domain. Vlans improve security by segregating users by function, location or application.
Comes here often

Carl, VLANs are like a slew of restaurants you are offering to your friends and family. Some restaurants come with bland menus because you know for the safety of the patrons, they need some parameters to work within. Some restaurants are more "middle tiered" and come with robust menus that you let your seasoned foodies get an experience that is more tailored to their experiences. Some of the foodies are keen on seafood, some are keen on meat, and then there are the ones that don't need to be around those substances because they are Vegan. Then there is the fully robust restaurant that give full access to all the food options and the bar because they don't need any guidelines. In the full service restaurant, they have access to it all and can even go to the kitchen to custom build the menu they want. These restaurants are separate, but are all owned by the same parent company that indicates which patrons are given access to each restaurant based on their experience and needs. 

 

The benefits to this separation is so that each option does not over lap with the other and each patron has exactly what they need and nothing more. The patrons are happy and the corporate owners do not have to worry about issues or complaints. 

Conversationalist

VLANs make it easy for network administrators to partition a single switched network, enabling systems to be divided into logical groups, and establish rules about how devices in the separate groups are allowed to communicate with each other, for example, imagine that you live in a small town that has around 300 houses with the same characteristics, and some day you need to get an envelope that comes from another state, the delivery man must know how to submit that envelope to its destiny, first of all the envelope need to have a tag, this tag can contain the state, street, house number and receiver's name, with this information does not matter if your house has the same features, the envelope will be arriving at its destination, the same scenario happen with VLANs, the envelopes are equal to frames and are attached to hosts, but the differentiation consists on each frame that has a tag number, and can be delivered to some devices or not, at this point the VLAN's traffic is separated from other VLANs, and forwarding it only where the VLAN is configured.

The envelope´s owner will be able to read the information, nobody else can do it, because these differenciation tag provides exact information shipping.

Comes here often

 

716030FA-519A-4ED0-9C1A-9C70D5144B41.jpegA VLAN is like having several types of VIP plane boarding lines instead of one big line where no one has priority.

 

Here to help

Let said you have a big Warehouse for storage, the square footage of this big Warehouse is a multiply of 2 (don't ask me why, but that's what it is.)

you want to section it out to make multiple smaller storages, so that you can rent to others for good.

you only allowed to section each area to half, no matter how big the original area is. Also, by section out the bigger area, you lost 2 square feet for each smaller areas, one square foot for the door, and the other square foot for the wall, luckily, no matter how big the resulting section area is, you only lost 2 square feet each.

 

after you got the right size of the storage area that the customer wants, they can move things in their rental area/storage freely. but if they want to move things outside or to other storage area in your big warehouse, they needs to go thru you first, and you will keep a record of where the things come from, and where should it go.

 

does it make sense?

Comes here often

VLANs (Virtual Local Area Network) are virtualization in our LANs segments, for example:

 

We have one switch with 24 ports, if we created 2 vlans, 10 and 20, and ADD ports 1 to 12 in vlan 10 and ports 13 to 24 in vlan 20 ...

 

After this moment, we have 2 logical switches, it one with 12 ports, one of then in ports 1 to 12 and other in ports 13 to 24, because in this scenario one PC in port 7 don't communicate with other pc in port 20, in our case.

 

 

In this ilustration below, one scenario without VLANs...WITHOUT VLANs.jpg

 

 

 

In this ilustration below, one scenario with VLANs implementeded...WITH VLANs.jpg

 

 

 

Regards

Douglas Rodrigues

 

 

 

 

 

Comes here often

A VLAN is a small network inside your network that helps to keep things separate that you would like to have separate. Similar to lock boxes in a bank vault, it helps increase security and stability.

Here to help

Vlans are like having separate railroad tracks for keeping your trains for traffic separate from each other but flowing down the same pathway.  

Kind of a big deal

image.png

New here

VLAN is separation of group by sub netting. Different VLAN cannot communicate without the help of layer 3 conjunction. Same VLAN members can communicate each other even though the geographical location is apart. 

Here to help

What is a VLAN?

The Virtual Local Area Network (VLAN), is a logical subnetwork within a switch or an entire physical network

and separates physical networks into sub-networks by ensuring that VLAN-enabled switches do not forward frames (data packets) to another VLAN (although the sub-networks may be connected to common switches).

It can expand across multiple switches.

Conversationalist

Here it is outlined, briefly, the amazing value of VLAN-Virtual Local Area Network technology in the network evolution.

 

The networks are complex and their architecture/structure changes for adapting to new and future needs.

 

So VLAN is an important and essential network technology for LAN segmentation and configuration: it makes easier and improves the interactions among end systems attached to layer 2 switch device;  just like the fire and the wheel were important for humankind in the far past.

 

In depth this technology allows the setups of several logical groups/collection of hosts (up to 4094 VLANs, but some are reserved) that communicate among them as if they were attached to the same wire, regardless of their physical location; there is also an extension of VLAN, called VXLAN, for large environment like new IOT-Internet of thing contexts with the possibility to overcome the constraints of classic VLAN.

 

Each group is a separate broadcast domain (where every host sends packets to all others in the group).

 

Some fundamental benefits of VLAN are described here:

 

  • these network segmentations are very useful because could be based on organizational needs of the company (financial area, engineering area and marketing area) or functional/application needs;
  • VLAN can limit the number of hosts and so it reduces the interference and interaction between the broadcast domains, enhancing security;
  • VLAN encompasses and reduces packet traffic: broadcast, unicast and multicast traffic in layer 2 devices; and improve the use of bandwidth;
  • possible VLAN reconfiguration can be done through software/CLI-Command Line Configuration rather than by physically unplugging and moving devices or wires and this brings greater flexibility in the network administration;
  • VLANs can be locally significant or be trunked over multiple layer 2 devices; VLAN can span anywhere in network, which happens due to trunk link connection;
  • VLAN tagging, developed by Cisco, is the technique for identifying the frames that travel in trunk link with special tags.

 

 

Thank you.

Best regards.

Francesca

Comes here often

Hello Carl,

 

My name is Glen; I'm with the Network Engineering Team.

 

We have been addressing concerns in regards to inter-branch network performance as well as scalability to support our future growth. As we were working on how and where to make changes, there has been a few key areas to which we will be improving the network for each location's Finance Department. This will be done by implementing VLANs (virtual local area networks) to better segment and secure network traffic throughout all departments. Making these required changes will temporarily impact all departments, especially Finance, after normal business hours. Before we begin this project, we want to ensure you and your Team is educated on what these changes are and how the network will better serve your needs after our work is done.

 

I'm not knowledgeable on all aspects of day to day finance, but I would like to explain VLANs using the Finance Department as an example. I'm sure there's an income, through various avenues, that has to tunnel through the finance department. Whether the money is from the services we provide, our 3rd party ventures/partnerships, fund-raising etc; it comes through the finance department. I assume it's safe for me to assume each one of those avenues are important for later reporting, so they are assigned a code and/or name. That is the same principle used for assigning VLANs throughout your location's network. So the security camera traffic is separated from finance traffic, the guest wifi from both, and so on.

 

Now, again referencing my analogy, the main account all money from each avenue (VLAN) is funneled into can be considered the "tunnel" to where I'm sure it's preferred money go into this account rather than a random customer's account. Well a VLAN tunnel in a network performs the same task for data traffic. Service-income can be considered VLAN-10, 3rd party ventures/partnerships VLAN-20, and fund-raising VLAN-30. All traffic pertaining to VLANS 10, 20, and 30 will be assigned to pass through the main account, the "trunk".

 

Standing back from my poor understanding of the Finance Department, that I'm positive is more faceted than I used it for, this is how networks utilize VLAN routing. From this basic explanation, imagine the possibilities on a larger scale. The vast amount of traffic that can traverse the same network, but not bottle-neck or be sent somewhere it doesn't belong makes a big difference on day to day productivity... security and speed will be improved ten-fold. I'll follow-up with the change-order and maintenance schedules requiring your approval in the next few days 

 

I'll be happy to discuss everything in further detail, so please don't hesitate reaching out with any questions, concerns, and/or comments.

 

 

Best regards,

 

Glen 

Conversationalist
Conversationalist

Vlans are amazing features when it comes to networking, they use the same physical medium to create subnets and traffic different data. To better understand how this works, let's imagine that our network switch is a building with several floors and apartments, access through the floors is done only via stairs. In our example each floor represents a Vlan and each apartment on each floor represents equipment such as printers and computers, or departments, or even different sites. Residents of the apartments are the data that travels through the network. Residents (data packets) of a particular floor (Vlan) are only able to communicate with the residents of the same floor. If there is a need to communicate with residents of another floor he needs to resort to the stairs (Gateway) that know how to route these dwellings to the other floors and the resident will be allowed to follow or not.
Following this concept, we have the assurance that no "inhabitant" will enter floors that he is not authorized and thus we keep the network segmented and safe.

VLG
Conversationalist

A Virtual Local Area Network or VLAN, is a broadcast (logical) domain, in which all the members can interconnect each other using physical (MAC) addressing. This membership is defined with a VLAN ID (typically from 1 - 4096), where the ID = 1 is reserved for a special kind of VLAN: Native. This Native VLAN is the default for the whole switch ports (working in layer 2), until the Administrator manually change it to another VLAN ID. Warmest regards, Team.

Community Manager

UPDATE: Submissions have ended for this challenge! Cast your vote by giving kudos to your favorite entries — you have until Friday, June 21st at 11am PDT to vote.

Meraki Alumni (Retired)

UPDATE: We have been blown away by the number of entries for this challenge, all of them showing such compassion for Carl and patience in helping him understand!

 

Because we have so many entries to consider, we're extending the voting deadline until Monday June 24th at 10:59am. So be sure take a look at all of the entries and kudo your favorites before Monday! 

 

Feel free to vote for more than one, and, also, there's no shame in promoting this on social media 😉

Meraki Alumni (Retired)

Congratulations to the winners! We have announced the Community Favorite and Meraki Favorite winners here.