vLan tagging is one method of configuring the network for your business is so that all your computer systems are able to communicate with each other securely and efficiently. When dealing with local area networks (LANs) and wide area networks (WANs) it is a good practice to set up virtual local area networks, or vLANs, based on specific factors. The way that vLANs are set up and configured will depend on the business.
Some companies, for example, will set up a different vLAN for each department. Others will have separate vLANs for different technologies such as Internet facing traffic, voice traffic, and more. NO matter how you choose to setup your network, you want to make sure that your vLAN systems are able to send and receive traffic efficiently and securely. One thing that you can do to improve the way your networks communicate is implementing vLAN tagging.
What is vLAN Tagging?
vLAN tagging is a technology that is designed to allow internal networks to send traffic only to specific vLANs based on a tag that is created on each packet. This technology is also commonly called frame tagging and it was developed by Cisco to help provide more intelligent processing of traffic as it goes through the network.
Without vLAN tagging, when a packet is sent out toward an end device, it travels through all the different vLANs unless there is a device or policy that stops it. Any vLAN that does not contain the end point will simply ignore the traffic. With vLAN tagging, the packet has a tag added to the frame as it is sent out through the trunk link for the network. This can allow the network switches to direct the traffic exclusively to the proper ports where the desired vLAN is located.
Once the switch determines which port the packet should be sent out, it will remove the vLAN tag and send it along towards its final destination.
Benefits of vLAN Tagging
There are two main benefits of using vLAN tagging. They can each be very important depending on the type of network you have set up, and what type of traffic you are sending.
- Minimizing Network Congestion – Using vLAN tagging is going to be more efficient since the traffic is only going to be sent toward the specific ports where it is needed. This is especially important for heavy traffic situations such as backup, storage, and even voice.
- Improving Security – Making sure that traffic is only sent onto the vLAN that it is meant for is a great way to improve security. This prevents packet capture devices and other things from gaining access to the data since it is not being broadcast out to every vLAN.
Configuring vLAN Tagging
While vLAN tagging is often discussed as an advanced network configuration practice, it is actually quite easy to setup. The two main areas where changes need to be made are where the traffic originates and at the main network switches.
When traffic is generated to be sent out to another vLAN, it needs to have the tag added to the packet. This is a tiny bit of information that is added onto the packet so that devices along the network can read it and determine where it needs to go. In addition, you need your main network switch (or switches) to have a vLAN tagging table added. Most modern switches can support this type of technology. The table will have a list of the different vLAN tags and which ports they are on.
Once this is set up and configured, the switches will automatically read the vLAN tag as it comes through and route the traffic as requested. Most small business network setups will only have one network switch and maybe a handful of different vLANs. If your company grows significantly and you have multiple trunk link switches, you will need to make sure that the vLAN tagging table on each switch (as well as on the originating devices) matches so that you can be sure that the traffic will be routed to the correct vLANs every time.
Is vLAN Tagging Worth the Effort?
While vLAN tagging is not terribly difficult to setup or maintain, it does take some extra time up front and needs to be documented in order to avoid problems. Very small companies that only have a few different devices likely do not need to use vLANs at all, much less vLAN tagging. If the company network is likely to grow, or you want to make sure that your security is as strong as possible, it is definitely worth the effort.
If you are setting up a brand-new network, it is generally recommended that you implement vLAN tagging right from the start. Since you need to go through and configure all your switches and other devices anyway, creating the vLAN tagging table won’t add a lot of extra work. If you already have your network in place, adding this type of service only needs to be done if it will meet a need that you have. Whether that is improved traffic flow, improved security, or something else. Whether you install it now, or make it a simple addition to another network update, however, it should be on your list of upgrades to add in when the time is right.
Keep in mind that once you start using vLAN tagging, you need to make sure that you keep the tables and other documentation updated. If you add in a new branch office or department with its own vLAN, you need to update the tables to reflect the new addition to ensure it gets its traffic as expected. This is not a difficult process at all, but if it is not done, it will prevent the new vLAN from receiving traffic until the issue is solved.
