One network rarely fits all, particularly in the business environment. There are many reasons why you don’t want people in your admin department having access to resources in your R&D department (security and privacy for starters). Perhaps your sales office is sick of support constantly using their printer. Or maybe your business has grown to the extent that the network is becoming congested as different departments flood it with traffic.
One solution would be to set up physically separate networks for each department, but that’s not always practical (never mind the expense). Thankfully there’s an elegant – and more cost-effective – way to achieve your goal.
How VLANs work
The answer to your prayers is to utilise a Virtual LAN (VLAN). As its name suggests, it splits a single physical network connection into two or more virtual – and completely separate – networks. This is done with the help of a suitably equipped router, such as ASUS’s BRT-AC828 Wi-Fi router.
Devices such as the BRT-AC828 enable you to divide your network – wired and wireless – into a maximum of eight VLANs (numbered VLAN1 through to VLAN8), which should be ample for most business needs. Each VLAN then contains the shared resources for specific parts of your business, from admin to sales and support.
There are different ways of creating VLANs, but the simplest is the port-based VLAN, whereby each Ethernet port on your router is assigned to a specific VLAN.
You simply create a VLAN via the router’s settings in your browser (look under Advanced Settings on your ASUS router), then allocate ports to it. You can also allocate Wi-Fi networks to different VLANs too – for example, giving your 5GHz connection to the office where the router is housed, and your 2.4GHz connection to another part of your business.
Beyond the basics
Each VLAN is assigned its own network subnet, which basically means network one would have IP addresses in the range 192.168.1.x, while network two would be 192.168.2.x and so on. A side-benefit of VLANs is improved network performance – by reducing the number of devices on each virtual network, traffic flows more freely between them, speeding up interdepartmental file transfers for example.
Your VLANs will still be sharing the same internet connection, but now you can apply a priority setting to each VLAN, giving you the option of improving internet speeds for one part of your business – say the R&D or support department – at the expense of another (the admin team).
Create VLANs based on function not floor
Look out too for Tagged VLAN – this enables you to extend your VLANs through VLAN-capable “smart” or “managed” network switches. Say you have a someone in support sharing an office with someone from admin. The managed switch would physically connect both to the same Ethernet port on the router, but by assigning that port on the router to both VLANs, you can then use “tagging” to differentiate the network traffic from each department through the switch, ensuring it stays within its own VLAN. It may sound complicated, but your IT guys will find that tagged VLANs are straightforward to implement, and offer a clever, cost-effective way to extend your VLAN setup to other physical locations in your business.
When implementing larger Tagged VLAN networks, it’s best to create networks based on function, not floor or physical location. For example, if your finance team use a particular server, then they should both be on the same VLAN. Likewise, if you run a VOIP telephone system, you should separate this component into its own VLAN. By segmenting your network based on function, rather than location, you boost performance and create secure network segments that can’t interfere with each other.
If your office network isn’t working as well as it once was or how you want it to, then VLAN could well be the answer without the expense of adding a whole new network.