Nearly every network requires the administration of virtual LANs, or VLANs. In this video, you’ll learn about VLANs and how they can be used to logically segment and secure your network.
<< Previous Video: Subnetting the NetworkNext: Network Address Translation >>
We talked in an earlier video about how useful VLANs can be for providing that segmentation, and this is a very good example of using capabilities within our existing switches to provide additional security. We can go to our switches, which may have hundreds of ports on them, and assign certain ports to certain VLANs. That assignment is something that could be done manually, or it could be integrated as part of our Network Access Control implementation.
The way that most people will do this is they might have single switches, and that entire workgroup switch, for instance, may contain an entire VLAN. So, you might have the red VLAN. You might have the green VLAN and the blue VLAN all on a single switch.
But our switches these days provide us with more flexibility. In fact, you might have HR people in one building, and another building, and a third. There might be a shipping and receiving department in all three of those buildings. We can’t always have people physically located all in the same place.
So, we do have a capability in our switches, called trunking, that will take multiple VLANs and trunk them up to a central switch and be able to route between different VLANs so that you can have a green and a red VLAN plugged into one switch.
Those two devices don’t see each other on the same VLAN. In fact, the only way they could communicate to each other is for the red device to go all the way up to the trunk, to the switch– or, in this case, to the router– and come back down to green to be able to communicate to that device. And this could be a firewall, and we can set policies on it. We have ACLs that maybe allow or disallow access from the red network to the green network.
And you can then put people wherever they happen to be. They can be in different buildings. We can have people on the red VLAN in this building and this building, people in the green VLAN on our third building and our first building.
This gives us a lot of flexibility, and if we’re very, very concerned about what access people have to what resources, being able to segment the network and implement a VLAN technology within our switches provides us with a lot of control.
Category: CompTIA Security+ SY0-401