VPN vs. vLAN

Sunny WintersSunny Winters Member Posts: 9 ■□□□□□□□□□
can someoen help me out, haveing problems distinguishing between vpn and vlans.

as far as i understand, vpns are segmented by switches and vlans use remote access services??

are there distance restrictions on the two?

does a vpn have to be just confined to a single building or can it be in 2 different cities or is that only what a vLan is?

any help is appreciated :)

Comments

  • Vask3nVask3n Member Posts: 517
    Sounds like you got em switched, my friend.

    VPNs are the remote-access "devices," while VLANs are segmented by switches. As far as I can recall, there are no distance limitations on either.
    Working on MS-ISA at Western Governor's University
  • Non-Profit TechieNon-Profit Techie Member Posts: 418
    Think of it this way (i hope i dont make myself look like a donkey, lol)

    I think of vlans as a way of seperating networks that are sharing the same network medium. Say you have VOIP phones that are using the same switches as your Data network. You can run the phones on one vlan and the computers on another vlan, even tho they are running on some of the same equipment they are seperated so they dont conflict. Its like the switches electonically seperate the two.

    the vpn is more like a tunnel that users will use to connect one location to the other using the internet as the medium to communicate. You might VPN into work from home to get a paper you need to work on.

    Sound right guys?
  • Sunny WintersSunny Winters Member Posts: 9 ■□□□□□□□□□
    so vLANS are segmented by switches??

    and VPNs are accessed via phone lines, dsl, cable, etc???

    VPNS use all those authentication/security protocols i have so much trouble memorizing?

    yikes, thanks for clearing up the mixup
  • agustinchernitskyagustinchernitsky Member Posts: 299
    VPNs are used to create a secure "channel" to transfer information thru insecure channels. In other words, if you want to connect a branch office to your main office you can:

    1.- Buy a Leased line between the offices
    2.- Establish a VPN between the office that uses Internet (the "insecure channel").

    Ofcourse, option 2 is the "cheapest" one and the most common today. With VPNs you have mainly (with MS implementations) PPTP and L2TP/IPSEC. Also you can just use IPSEC alone.

    Typical VPN scenarios:

    1.- Host - to - Host
    2.- Host - to - Gateway
    3.- Gw - to Gw (main / branch office)

    VLANs, is a completely different thing. You use VLANs to create smaller networks (create segments) in your existing LAN. For this to happen, you need a switch that supports VLANs and a router to route between VLANs.

    Each VLAN you create acts like a separate network (divides what is called Broadcast domains) so in order for each VLAN to see other VLANs you need a router.

    VLANs offers better security (you can "zone" the network and apply packet filtering), improove the network traffic (ie a broadcast storm only affects the local VLAN and not the whole LAN), and better administration (you can automatically assign ports to VLANs).

    Hope this helps!
  • elathropelathrop Member Posts: 88 ■■□□□□□□□□
    Thanks to everyone in this thread for all the great information, but it does bring to mind something that is a little muddy in my mind.

    If a VLAN is seperated by a router, would subnetting be applied? icon_confused.gif: icon_confused.gif
    Webmaster for calendardaze.com ezcalculator.com and digitizedvideo.com
  • xwesleyxwillisxxwesleyxwillisx Member Posts: 158
    elathrop wrote:
    Thanks to everyone in this thread for all the great information, but it does bring to mind something that is a little muddy in my mind.

    If a VLAN is seperated by a router, would subnetting be applied? icon_confused.gif: icon_confused.gif

    Yes, each VLAN would be a different subnet. A trunk port is connected from the switch to the router and subinterfaces are configured on the port on the router. Each subinterface is for each vlan and has its own ip address. This is called "router on a stick".
  • agustinchernitskyagustinchernitsky Member Posts: 299
    Well, think of it this way:

    1.- Each VLAN is a separate network... so, for each network to see each other you need a router (which allows the whole internetworking to take place).

    2.- The purpose of a router is to route traffic between networks, so you must use different networks (or subnets) on a router. If you don't have different networks, then there is no point in using a router.

    3.- There are two ways to connect VLANs to Routers: 1) connecting each VLAN to a port in the Router. 2) Using VLAN trunking, which uses just one port to multiplex all VLANs traffic.

    If you use VLAN trunking, your router must support Inter-VLAN routing (in other words, demultiplex the trunk and route the packets).

    Hope it helps!
Sign In or Register to comment.