The PoE switch allows both power and data to travel over a single Ethernet cable. It reduces the extra power cord to the edge devices which saves the cost and time for installation. Where the cable goes, both power and data will arrive. In the practical deployment, different IP devices such as IP camera, access point, VoIP even the non-POE device may share the same PoE switch. While all these IP devices coming together to the same switch, It may become a little bit messy to manage each of them. The VLAN (Virtual Local Area Network) is a great solution to provide separately network for these devices.
What is VLAN?
In a traditional LAN, workstations are connected to each other by using a hub or a switch. These devices broadcast any incoming data throughout the network. Switch forwards a broadcast frame from all possible ports. In a large network having hundreds of computers, it could create performance issues. Of cause, we also can deploy some independent switch to separate the broadcasting. One for Finance departs, one for security, one for marketing depart. Imagine we need to get multiples switch, it is really not flexible after we connect all these switch together.
The VLAN allows you to create a virtual LAN within a single switch. each of the virtual network works similar to a physical independent switch. That is amazing right? Now you put Finance departs, Marketing departs, HR departs connecting to the same switch but separate them from each other virtually. As each of the VLAN is being separated, we are getting a great flexibility and other advantages.
Reduce broadcast domain
Without VLAN, If any of our computers send a broadcast, the switch will flood it! This means that a single broadcast frame will be flooded on this entire network. Switch forwards a broadcast frame from all possible ports. The VLAN will keep the broadcast frame within the same domain which is Finance departs, for example in our case.
Improve the security
You can easily imply security policy to each of the VLANs such as access control list (ACL), mac address list. You can even forbid different VLANs to communicate with each other even all of them are being connected to the same PoE switch.
Traffic Control
As we know, the resources always have limitations, not only the bandwidth but also the CPU in each PoE switch. With VLAN, we can set priority for some groups, such as VoIP VLAN and IP security camera VLAN to make sure the frame is being processed with guaranteed resources while the traffic is overload.
Device management
After the device is being assigned to the same VLAN, The device in the same VLAN will have a similar IP subnet. It is easier to locate the devices for daily maintenance.
What is a requirement to achieve the VLAN?
First, of first, it has to be a management PoE switch. The unmanaged POE can’t achieve the VLAN. You just can’t change the setting in unmanaged PoE switch, it is plug and play, Certainly you will be unable to assign the VLAN to each port.
Most of the layer-2 switch supports VLAN. You can set the different subnets for each port. For example, it is 192.168.10.xxx for Finance, and 192.168.30.*** for marketing. One of the very important things, you still need a static routing function which belongs to the layer-3 switch feature to complete the VLAN setup. The VLAN feature on layer-2 only will determine the IP address coming from your edge devices, However, it can’t route the frame to another VLAN. You should either have a layer-3 core switch sitting on the top or your PoE switch has a static routing function to complete VLAN deployment. It sounds a little bit complicated. Just remember you should have routing function to complete the VLAN.
The VLAN could be useful in an IP camera surveillance system, imagine you can assign independent subnet to your IP cameras and separate all them from your existed network. We will talk about the VLAN for the IP Camera system in the next article.
