What is a VLAN?
A VLAN is a Virtual LAN or virtual local area network. A VLAN is very similar in functionality to a subnet in so much as the primary function of a VLAN is to create a broadcast domain. This however, differs from a subnet in so much as it is a broadcast domain created by switches as opposed to a broadcast domain created by a router.
This means that multiple devices can be connected into the same switch but benefit from being on different VLANs (or in different broadcast domains). If each device in the switch was on a different VLAN then no device will see broadcast traffic from each of the other devices on the switch (provided they are on different VLANs). Some switches such as Cisco come with a VLAN already enabled. In the case of the Cisco switch the default VLAN is VLAN1 and all ports are automatically configured for this VLAN. So without any configuration all devices on a switch will be able to communicate with all other devices plugged into the same switch (providing the have the correct IP address).
Do I have to have VLANs?
In short – no. If you are running a relatively small network infrastructure with a small amount of devices which are not creating a large amount of broadcast traffic then there probably is not the requirement for a fully blown VLAN architecture. Having said that if you believe your business or manufacturing facility is likely to grow to the extent that you are increasing the amount of Ethernet devices significantly, then it is wise to create a VLAN strategy before the amount of network traffic on your LAN increases to an unmanageable level. This will provide a scalable network that is easier to manage and secure.
Do I need a VLAN?
There are a number of factors that will determine whether your network would benefit from implementing a VLAN architecture, some of which are:
- You have a large amount of broadcast traffic on your LAN
- You want to make a single switch into multiple virtual switches
- You want to implement a network security strategy
Within an industrial environment more and more devices are becoming Ethernet enabled and the need for multiple broadcast domains is essential. PLC network traffic can produce fairly large amounts of broadcast traffic depending on how they are programmed and often this traffic needs to be prioritised especially when dealing with real-time control of plant machinery.
An industrial environment is a prime candidate for the implementation of VLANs. This is because for a factory environment you may want a number of different ‘networks’ to handle different priorities of traffic. For instance you may have one VLAN for PLC and SCADA traffic, One VLAN for non-critical factory office type devices such as printers and office workstations; you may also require CCTV using IP based network cameras to monitor critical processes which would require their own VLAN.
What is the difference between subnetting my network and implementing VLANs?
The big advantage of VLANs over purely a subnetted network is that if you wanted to have two devices on two different subnets in the same area then you would have to have two separate switches going back to the same router. With VLANs you only need one switch in that area, as all devices could plug into the same switch (even though they are on separate VLANs which are effectively separate subnets).
So with just subnetting, each subnet needs its own switch connected to the same router, where VLANs require only one connection to the router or layer 3 switch (VLANs still need to be routed but each VLAN can travel down one cable (so long as it is set to a ’trunk port’).