Basic VLAN

BASIC VLAN

INTRODUCTION

Utilization of computer network technology as the medium of communication data up currently increasing. The need for the use of shared resources that exist in both software and hardware network has resulted in the emergence of a variety of network technology development itself. Along with the high level of need and the increasing number of network users want a form of network that can provide the most good 

in terms of efficiency as well as increase network security itself. 

Based on these desires, the efforts to improve continue to be made by the various parties. By utilizing a variety of techniques particularly subnetting techniques and the use of better hardware (Such as switches) then comes the concept of Virtual Local Area Network (VLAN) which is expected to provide better results than Local Area Network (LAN). 

DEFINITIONS

VLAN is a network model that is not limited to the physical location such as LAN, this resulted in a network can be configured virtual without having to comply with the physical location of the equipment. The use of VLANs will create a highly flexible network settings which can be made segments that depend on the organization or department, without relying on workstation location as shown below 

HOW TO WORK VLAN
     

VLANs are classified based on the method (type) used to classify it, either use ports, MAC addresses etc.. All containing information tagging / addressing a VLAN (tagging) saved in a database (table), if the designation is based port is used then the database should indicate the ports used by the VLAN. To set the commonly used switch / bridge are manageable or can be set. Switch / bridge is responsible for storing all the information and configuration a VLAN and certainly all the switches / bridges have the same information. 

Switch will decide where the data will be passed on and so forth. or can be used a software addressing (bridging software) a working record / marking a VLAN with workstations didalamnya.untuk interconnect VLAN router required. 

TYPE TYPE VLAN

Membership in a VLAN can be classified based on port in use, MAC address, protocol type.

1. Based on Port

Membership in a VLAN can be based on the port that is used by VLAN. For example, the bridge / switch with 4 ports, ports 1, 2, and 4 is VLAN 1 is owned by a third port VLAN 2, see table:

Table ports and VLANs

Port 1 2 3 4
VLAN 2 2 1 2

The disadvantage is that users are not able to move to move, if necessary move the network administrator must configure again.

2. Based on MAC Address

Membership of a VLAN based on the MAC address of each workstation / Computer owned by the user. Switches detect / record all MAC address of every virtual LAN. MAC address is a part owned by the NIC (Network Interface Card) on each workstation. The surplus when the user moves to move then he will remain configured 

as a member of the VLAN tersebut.Sedangkan drawbacks that each machine must be configured manually, and for a network that has hundreds of workstations then this type less efissien to do. 

Table MAC address and VLAN

132516617738 272389579355 536666337777 MAC address 24444125556
VLAN 1 2 2 1

3. Based on the type of protocol used
VLAN Membership can also be based on the protocol used, see table

Table Protocol and VLAN

IP IPX protocol
VLAN 1 2

4. Based on IP Address Subnet
Subnet IP address on a network can also be used to classify
a VLAN

IP Subnet and VLAN tables

IP subnet 22.03.24 46.20.45
VLAN 1 2


This configuration is not related to the routing of the network and also not
funggsi disputed router.IP address is used to map the membership
VLAN.Keuntungannya a user does not need to re-configure the address
in the network when on the move, just as it works in layers over
high it will be a little slower to forward packets on appeal
using MAC addresses.

5. Based on an application or other combination
It is possible to specify a VLAN based applications
run, or a combination of all the above type to be applied to a
tissue. For example: application FTP (file transfer protocol) can only be used
by VLAN 1 and Telnet can only be used on VLAN 2.



BASIC DIFFERENCES BETWEEN AND LAN VLAN

The difference is very clear from the network model with the Local Area Network
Virtual Local Area Network is that the network form with the model of Local
Area Network relies heavily on the location / physical workstation, and
the use of hubs and repeaters as a network device that has some
weakness. While being one of the advantages of the network model
the VLAN is that each workstation / user is incorporated in
one VLAN / parts (organizations, groups, etc.) to keep in touch
although physically separated. Or more clearly we will be able to
LANs and VLANs see the difference in the image below.


Picture LAN configuration


               [Hub] - [1] - [1] - [1] <- lan 1/di 1st floor
                |
          [X] - [hub] - [2] - [2] - [2] <- lan 2/di 2nd floor
                |
               [Hub] - [3] - [3] - [3] <- lan 3/di 3rd floor

       

Picture VLAN configuration



               [Switch] - [1] - [3] - [2]
                |
          [X] - [switch] - [3] - [1] - [1]
                |
               [Switch] - [2] - [3] - [1]


[X] = router [1] = lan pc including 1; [2] = lan 2; [3] = lan 3


Clearly VLAN has changed the physical boundaries that have been unable to
overcome by LAN. Profit is expected to provide
easiness both technically and operationally.


COMPARISON AND LAN VLAN

A.Perbandingan Security Level

LAN usage has allowed all the computers connected in a network
can exchange data or otherwise related. Cooperation is increasingly
grown from just the exchange of data to use the equipment together
(Resource sharing, also known as hardware sharing) .10 LAN allows data
scattered broadcast throughout the network, this will lead to easy
unknown user (unauthorized user) to be able to access all
part of the broadcast. The greater the broadcast, the greater access
obtained, unless the hub is used given security control functions.

VLAN configuration is the result of the switch causes each switch port
applied belonging to a VLAN. Because being in a segment
ports shelter under a VLAN can communicate with each other directly.
While the ports outside the VLAN or in
auspices of another VLAN, it can not communicate with each other directly for the VLAN is not
forward broadcast.

VLAN that has the ability to provide additional benefits
it does not provide network security distribution / use of media / data
in an overall network. Switches on the network created
limits that can only be used by a computer is included in the
VLAN. This resulted in the administrator can easily
user segment, especially in the use of media / data
confidential (sensitive information) to all network users
physically incorporated.

Security provided by VLAN even better over LANs, not guarantee
overall network security and can not be considered sufficient
to address all safety issues. VLAN still requires
various additions to enhance the security of the network itself as
firewalls, user access restrictions perindividu, intrusion detection,
control the number and size of broadcast domain, network encryption, etc..

Support level of security is better than the LAN can
be an added value of using a VLAN network system.
One of the advantages provided by the use of VLANs is control
centralized administration, meaning that the application of the management VLAN can
configured, managed and monitored centrally, control broadcast
network migration plans, additions, changes and access arrangements
specifically into the network and get the media / data that have functions
important in the planning and administration of the group are all
can be done centrally. With the management control
centralized the network administrator can also group
VLAN groups based on specific users and port of the switch
used, set the security level, picking up and spreading the data
through existing lines, configure communications through the switch,
and monitor data traffic and bandwidth usage of the current VLAN
through the vulnerable places in the network.


B.Perbandingan Efficiency Level

To be able to know the ratio of the level of efficiency it is necessary to
know the advantages provided by the VLAN itself include:

• Improving Performance Network
LAN hubs and repeaters are used to connect the equipment
computer with another layer of physical work has
weakness, the equipment is simply forwards the signal without having
knowledge of the destination addresses. These tools also
only one collision domain so that if one port
the busy ports that others must wait. Although equipment
connected to different ports of the hub.

Ethernet or IEEE 802.3 protocol (commonly used in LAN) using
mechanism called Carrier Sense Multiple Accsess Collision Detection
(CSMA / CD) is a way in which devices check the network first
first whether there is transmission of data by other parties. If there is no
transmission of data by other parties that are detected, a new data transmission done.
If there are two data transmitted at the same time,
then there was a collision (collision) data on the network. Therefore
ethernet network is used only for half duplex transmission, ie
one time can only send or receive it.

Different from the hub used on ethernet networks (LAN), switches
work on the datalink layer has the advantage that every port
in the switch has its own collision domain. Because of
it is therefore often referred to as multiport switch bridge. Switch
have a center table that has a list of translators for translators
all ports. Switch creates a safe path from sender port and
receiver port so if the two hosts are communicating via the
, they do not interfere with other segments. So if a single port
busy, other ports can still function.

Switch allows full-duplex transmission for connection to the port where
transmission and reception can be performed in conjunction with the use of
lines above. Requirements to be able to make contact
full-duplex is only one computer or server that can be connected
to one port of the switch. The computer must have a network card
were able to hold a full-Duflex relationship and collision detection
and loopback must be disabled.

Switch also enabling the segmentation on the network or
in other words, who switches to form a segmentation VLAN.Dengan
which limits the broadcast path will lead to a VLAN can not be
receive and transmit path broadcast to other VLANs. This is
will markedly reduce the overall use of the broadcast path,
reduce the use of bandwidth for users, reducing the likelihood
the broadcast storms (storms broadcast) that can cause
total congestion in computer networks.

REFERENSI

1. [Tutang dan Kodarsyah, S.Kom], Belajar Jaringan  Sendiri, Medikom
    Pustaka Mandiri, Jakarta , 2001.
2. [Tanutama, Lukas dan Tanutama, Hosea] , Mengenal Local Area Network,
    PT Elex Media Komputindo,Jakarta, 1992.
3. [Wijaya, Ir. Hendra] , Belajar  Sendiri Cisco Router,  PT  Elex   
    Media komputindo, Jakarta, 2001.
4. [Purbo, Onno W, Basmalah, Adnan, Fahmi, Ismail,dan Thamrin, Achmad Husni]
   , Buku Pintar Internet  TCP/IP, PT Elex Media Komputindo,Jakarta 1998.
5. [IEEE], ``Draft Standard for Virtual Bridge Local Area Networks,''
   P802.1Q/D1, May 16, 1997
6. [Heywood, Drew], Konsep dan Penerapan Microsoft TCP/IP, Pearson Education
    Asia Pte. Ltd dan Penerbit Andi Yogyakarta, 2000.
7. [Pleeger, Charless P], Security In Computing, Prentice Hall,1989.
8. [Sudibyono, ir. Agt Hanung], Instalasi dan Aplikasi Netware Novell,
   Andi Offset,1992.
9. [Jogiyanto, HM]. Pengenalan Komputer , Andi Offset ,1992.
10.[Muammar. W. K, Ahmad], Laporan Karya Ilmiah “Virtual Local Area Network
    sebagai alternatif model jaringan guna peningkatan keamanan dan efisiensi
    dalam sebuah local area network ” , Bogor 2002
11.http://net21.ucdavis.edu
12.http://www.cisco.com
13.http://www.tele.sunyit.edu
14.Modul pelatihan Auditing Network Security, Laboratorium Elektronika
   dan komponen ITB, 2001.