Introduction to Local Area Networks (LANs)
- A Local Area Network (LAN) is a group of devices connected together in a single
broadcast domain.
- In a LAN, if one device sends a broadcast, all other devices in the same LAN will
receive it.
- Devices on separate switches are in separate broadcast domains, meaning broadcasts from one network
are not visible to devices on another network.
- This design enhances security and organization by logically
separating networks (e.g.,
Red Network and Blue Network).
Challenges with Physical LAN Segmentation
- Using separate physical switches for each LAN can lead to inefficient use of resources (e.g., a
24-port switch with only two devices connected).
- Consolidating devices onto a single switch improves cost efficiency and
space utilization but creates a single broadcast domain, which may not be
desirable.
Introduction to Virtual LANs (VLANs)
- A Virtual Local Area Network (VLAN) allows a single physical switch to be divided
into multiple logical broadcast domains.
- Interfaces on a switch can be assigned to different VLANs, creating separate broadcast domains
within the same physical device.
- Example: A switch can have some ports assigned to a
Red VLAN and others to a
Blue VLAN, ensuring broadcasts from one VLAN are not visible to the other.
- Benefits of VLANs:
- Reduces the need for multiple physical switches.
- Improves scalability and flexibility in network design.
- Supports multiple VLANs on a single switch (e.g.,
VLAN 1: Gate Room,
VLAN 2: Dialing Room, VLAN 3: Infirmary).
VLAN Communication and Routing
- By default, devices in one VLAN cannot communicate with devices in another VLAN
because they are in separate broadcast domains.
- To enable inter-VLAN communication, a router is required to route traffic between
VLANs.
- Some switches support Layer 3 routing, allowing them to perform inter-VLAN routing
internally.
- Alternatively, an external router can be used to facilitate communication between VLANs.
Virtual Private Networks (VPNs)
- A Virtual Private Network (VPN) encrypts data transmitted over a network, ensuring
confidentiality and security.
- VPNs prevent unauthorized users from interpreting captured data, even if intercepted.
- A VPN concentrator is a specialized device (often integrated into a firewall or
appliance) that handles encryption and decryption of VPN traffic.
- VPN concentrators can be hardware-based or software-based (e.g., running on a server).
Types of VPNs
- Client-to-Site VPN:
- Used by remote users (e.g., working from home) to connect to a corporate network.
- The remote device (client) connects to a VPN concentrator at the corporate network edge.
- All traffic between the client and concentrator is encrypted.
- Can be configured as always-on, automatically establishing a secure
connection upon device startup.
- Site-to-Site VPN:
- Connects entire networks (e.g., a remote office to a corporate headquarters) over the
internet.
- Typically implemented using firewalls at each site to establish an encrypted tunnel.
- Ensures all traffic between sites is encrypted while remaining unencrypted within each local
network.