Virtual LANs or VLANs are an important network security control that allow us to logically group together related systems, regardless of where they normally exist on the network. Learn how Virtual LANs may be used to segment networks of differing security levels.
- [Narrator] Virtual LANs, or VLANs, are an important network security control. VLANs allow us to logically group together related systems on a network, regardless of where they normally exist on that network. When we create diagrams of our desired network layouts, they typically look something like this, with different functional groups having different network locations. Users in the accounting department all share a network that is separate from users in the sales department and those in the IT department.
If our building and floor layout matched this network diagram exactly we'd be all set. More often than not; however, we find ourselves in situations where users from different departments are mingled together, and those departments are spread across multiple buildings. That's where virtual LANs come into play. We can use them to connect people who are on different parts of the network to each other, and also to separate them from other users, who might actually be geographically close to them. Virtual LANs extend the broadcast domain.
This means that users on the same VLAN will be able to directly contact each other as if they were connected to the same switch. All of this happens at layer two of the network stack without involving routers or firewalls. So how does this actually work? Network administrators must do two things to configure VLANs. First they must enable VLAN trunking. This allows switches in different locations on the network to carry the same VLANs. Second they must configure each switchport to connect to the appropriate VLAN for the user of the device connected to that port.
Switching technology then takes care of the rest, creating these logical VLANs that connect related users to each other, and enforce network separation. If you'd like to learn more about VLAN technology, we have many networking courses available that cover VLANs in great detail.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security
Skill Level Advanced
CISSP Cert Prep: 2 Asset Securitywith Mike Chapple58m 11s Advanced
1. TCP/IP Networking
2. Network Security Devices
3. Designing Secure Networks
4. Specialized Networking
5. Secure Network Management
6. Virtualized Networks
Port isolation1m 47s
7. Network Attacks
8. Transport Encryption
9. Wireless Networking
10. Host Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.