Understand the purpose of Virtual Local Area Networks, how they can help smart small businesses stay that way, and when and why you might not need them.
What is a VLAN? A Virtual Local Area Network (VLAN) is a group of ports designated by the switch as belonging to the same broadcast domain. That is, all ports carrying traffic for a particular subnet address would belong to the same VLAN.
Using a VLAN, you can group users by logical function instead of physical location, for instance marketing, finance, sales, and customer support might have their own VLANs. This helps to control data access (think security here) as well as bandwidth usage by allowing you to group high-bandwidth users on low-traffic segments and to organize users from different LAN segments according to their need for common resources.
While an older non-VLAN style networking model might assign users to networks based on their physical location, superseding that with a modern network structure using VLANs allows one to ignore such geographic barriers and assign users based on more logical, virtual requirements.
Example VLANs could include:
- Marketing
- Finance
- Support
- Phone system (VoIP)
- Guest network
- Employee smart phones (are we still using that term?)
- IT Management
- Storage Area Network (SAN)
- Separating home office equipment from the home
- Separating cloud-based VMs
Why you must have VLANs
Three(-ish) words: security, manageability, and a foundation for growth.
While VLANs are not a security panacea-nothing is since security is a multi-layered beast-VLANs can augment security.
For example, if someone's laptop gets malware, a VLAN may help prevent that from spreading to other clients and servers. Implementing a guest VLAN surely sounds like a good practice to me, and different organizations and functions may not need to see one another's data.
Keeping management ports separate is also a good idea. Want to have a cleaner and easier to read network map and handle employee and device relocations more simply? VLANs can help with simplified administration and flexible responses to changing network needs.
VLANs also allow you to scale your network more easily and establishing even a simple mapping of VLANs early on can help keep your network under control as it grows.
Why you really don't need VLANs
One could argue that you really don't need VLANs in your network, especially if you are a small business with few users and no IT staff to help.
After all, manageability and security for Aruba Instant On switches and access points is already very good. Maybe you don't expect to grow very much. Why would you add that extra bit of complexity to your network in that case?
Well, for early users, it may add some complexity to the network, but as you grow, this ugly duckling of minor complexity yields benefits as it is revealed in all its glory to be like a beautiful swan, a transforming framework for controlled growth.
My advice?
Use VLANs. A simple mapping for a growing small business might look like this:
- Servers
- Laptops
- Voice
- Smart phones
- Guests
I propose a maxim that "you don't need VLANs until you need VLANs," so plan now to set them up and be ready. Aruba Instant On makes it simple. They're easy to set up early, best practices are available for planning, and the minimal early effort provides you a solid foundation for growth and security.
------------------------------
Mark Simpkins
------------------------------