Let’s talk about VLANs—in this article I would like to talk about virtual networks and their benefits. I’m also going to describe how configure VLANs in Univention Corporate Server (UCS), how to increase security for your UCS environment with our RADIUS app and dynamically assign devices to specific VLANs via a RADIUS server.
Table of Contents
What are VLANs anyway?
Virtual Local Area Networks (VLANs) divide existing physical networks into several logical networks. They are used to separate data traffic at network level. Each VLAN has its own unique VLAN ID and creates its own broadcast domain, i.e. its own logical group of network devices in the LAN (local area network). Devices in different VLANs can therefore only communicate with each other via a router that is also connected to both virtual networks.
VLANs are often used in large environments, such as in companies or on campus at schools, colleges, and universities. For example, admins in corporate networks provide separate networks for employees and guests—without having to change the cabling or set up additional WLAN routers. Some companies divide their networks into VLANs for the different departments, such as marketing, sales, etc.
Splitting up networks can be helpful for a number of reasons. Isolated subnets not only increase security, but also affect the performance. For better bandwidth management, VLANs can separate externally accessible services such as web servers from other services on the same network. Services for communication such as VoIP (Voice over IP) can also be accessible via dedicated VLANs, which then have a higher priority in the same physical network.
How to configure a VLAN on Univention Corporate Server (UCS)
You configure virtual networks for your UCS domain via the Univention Management Console (UMC), in the
System / Network settings module. After clicking on
Virtual LAN as the
Interface type and specify the
Enter a VLAN ID, a unique identifier for the virtual network. Valid values range from
4095. Click the
Next button. Now assign an IP address to the VLAN interface. Make sure that it matches the assigned VLAN address range.