• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1455
  • Last Modified:

Benefits of VLANs

I am trying to convert a currently fully switched, flat network over to a VLAN deployment with a Layer 3 HP ProCurve switch at the core. There are approximately 600 nodes on this network.

I would appreciate somebody informing me what the actual benefits of deploying VLANs, rather than simply plugging devices together in a switched fashion, would be for the network, bandwidth and any other factors you can think of.

Thanks :-)
5 Solutions
you can separate broadcast domains.
So you can have servers vlan, workstations vlan, etc.
so any L2 problems in workstation vlan (misconfigured ip, broadcast storms, etc) will not affect servers.
again, it is a good practice, to separate test and development from rest of production network, SAN network (if iSCSI), management vlan, etc
VLAN is a way of micro-segmenting a L2 / L3 topology into separate broadcast domains. Each VLAN is a separate broadcast domain, ie: all broadcasts are seen by devices within the same VLAN.
Inter-VLAN communication is restricted, requires a L3 routing device to communicate between broadcast domains.  
Couple of Benefits listed below
1. Saves excessive usage of physical connectivity
2. One link can pass all different broadcast seggregated packets to respective destinations
3. By using VTP further, we can also sync between devices making one as server and other clients. Updates will be sent automatically and devices will remain in sync upon any change recorded amongst them.
4. Different Vlans can be segmented across different deppt. for eg marketing and sales in the same building can be put under  tow seperate vlans. Both networks will remain seperate though using the same devices to flow.
5. Bandwidth is saved a lot as well. Further you can use etherchannels to segment the bandwidth for better flow of packets.
segregating traffic has security benefits.

user departments and server functions should be in different IP address ranges.  

marketing on vlan x and engineering on vlan y
production servers on vlan a and development servers on vlan b

when setting up firewalls or monitoring devices or access lists, you can limit access (provide security) to these networks separately.
I generally group computers in my organisaton into small groups (vlans) based on thier department. this enables much simpler l3 filtering as I can filter by interface or subnet. this also gives you the ability to filter (ACL) what can pass between the vlans (i.e. marketing doesn't need to talk to accounts, IT needs to talk to everything). You'll be glad you did when a virus manages to get past your protections and only manages to infect 6 marketing computers rather then everything.
this has obvious security advantages, as well as the ability to set different qos for each vlan.
at 600 nodes, you're not quiet large enough to worry about broadcast storms and the likes, but I would be starting to segregate your network into smaller subnets and vlans more for its security and management advantages.
I also use it to section off development and production servers from eachother.
hope I've helped.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now