These days, large physical networks are normally made up of several Switches. Such Switches can connect dozens or even hundreds of devices to each other, ensuring uninterrupted communication. However, in certain cases, you may need to divide large networks for fine-grained traffic control. This is where Virtual Local Area Networks, or VLANs in short, become effective, as they can be used to partition large installations.
VLANs allow you to virtually control how traffic flows across all your network devices without changing your physical installation. Sounds pretty convenient, right? And it sure is. For instance, thanks to VLANs, you can easily control which clients can gain access to sensitive resources in your local network, such as file servers, surveillance cameras, or printers. Simply assign a VLAN to ports connecting clients that share those access rights and it will serve as a “firewall”. Users outside this VLAN won’t be able to access your critical assets.
As we always strive to deliver simplicity, VLANs are easy to create and configure on the Plasma Cloud console. On top of that, our team has developed an extremely useful tool, the layer 2 topology, which reveals the whole VLAN traffic flow in a simple visual way. It provides a practical bird view of your connections offering great insights into your physical and virtual networks. Links and devices shown are automatically detected and displayed. Our cloud scans your whole network to learn how ports are wired together and finally generates a topology based on the retrieved data. Thanks to this automated visualization, monitoring and troubleshooting VLANs has never been more straightforward. Eager to learn more? Then read on!
Visualizing VLANs
By nature, a complex VLAN setup can quickly become overwhelming to analyze and troubleshoot. You may have various VLANs configured and scattered all across your network, only involving selected devices and ports. Furthermore, the more complex a network, the harder it is to understand a VLAN architecture built over it. This is where Plasma Cloud’s layer 2 topology comes into play. Thanks to this intuitive tool, you can now grasp the intricacies of your VLAN configurations at a glance, even when they span across multiple scattered devices.
How does the layer 2 topology work?
Upon opening the layer 2 topology page, the architecture of the selected network will be shown. The map presents itself as a tree chart made of various circled icons linked together by gray lines, as shown in the example screenshot below.
The lines represent wired connections, while icons indicate a connected device. More specifically, blue icons represent devices belonging to the selected network, whereas red ones identify third-party devices or Plasma Cloud devices not part of the selected network. The mapping is read from left to right, with the first device on the left being the one acting as uplink, providing internet access to all other connected devices in the tree chart.
Visualizing VLAN configurations across a network is just as easy. Simply click on the dropdown menu on top of the chart and select the VLAN of interest. Devices not part of the selected VLAN will be grayed out, focusing the attention on the devices of interest. Please note that red icons will always be grayed out when selecting any VLAN, since VLAN-related information can not be retrieved for these devices. Furthermore, links between devices that are not part of the selected VLAN will be grayed out as well.
Troubleshooting VLANs
To better illustrate the power of this tool, let’s delve into some examples of VLAN configurations. Common use cases and possible issues which can easily be identified using Plasma Cloud’s layer 2 topology will be demonstrated.
Basic management VLAN troubleshooting
The management VLAN is necessary to ensure devices can successfully communicate with the cloud, allowing you to comfortably manage everything in the Plasma Cloud console. Because of this, this VLAN is assigned by default to every port on Switches running the Plasma Cloud firmware.
If a device is not communicating with the cloud, the layer 2 topology can help to figure out whether it is due to a management VLAN misconfiguration. Simply select the management VLAN in the dropdown menu as explained above, and look for grayed out icons and links in the chart. If a link or a blue device icon is not highlighted, it means the management VLAN has been misconfigured. For instance, the screenshot below shows the layer 2 topology with the management VLAN selected. No blue icon or link is grayed out, meaning that there is no misconfiguration and every device is successfully communicating with the cloud.
Troubleshooting dedicated VLANs on switches
A dedicated VLAN can be used to grant selected network clients privileged access to restricted network resources. In the example below, this particular VLAN has been assigned to four Switches, as indicated by their blue icons. Perhaps there is a device connected to the final switch, “PS48 Rack”, that shall receive sensitive traffic via this VLAN. Let’s now have a deeper look at the layer 2 topology for this VLAN to ensure everything is configured as expected.
All icons and links in the chain are highlighted, except for the last link between “PS24 Rack” and “PS48 Rack”. This reveals that those two devices have the VLAN assigned on mismatching ports and therefore are not able to communicate successfully. To find out more, click on the “PS48 Rack” icon and an informative popup window will appear. Then, simply click on the Switch name on top to be redirected to the specific device settings page.
Here, you can click on the VLAN settings tab and select the VLAN in question from the dropdown menu on the top of the graphic to check its configurations.
In the current example, as shown in the screenshot above, this VLAN was assigned to port 29, even though the uplink port leading to the “PS24 Rack” Switch is on port 31. It is possible that the VLAN was either configured on the wrong port or a cable was moved, leading to the Switch completely disconnecting from this virtual network.
The layer 2 topology allows us to quickly uncover a VLAN configuration issue, without having to thoroughly check involved device settings one by one, but it does not stop at that. It can also help us identify purposeless VLANs. Let’s have a look at the screenshot below.
This screenshot shows another VLAN configuration that is only assigned to a single device without any functioning links – not even to the uplink. It is possible that this configuration was previously part of a larger VLAN and the Switch was then moved to a new location. Alternatively, this VLAN assignment could have been configured by mistake. Whichever the case, we can definitely say that this VLAN serves no practical purpose at the moment.
To avoid any issue, we strongly advise to always have a look at our layer 2 topology after configuring a VLAN or moving cables. This process can quickly help you figure out and resolve those annoying little mistakes before they can cause real problems in your wired network.
Troubleshooting an SSID bridged to a VLAN
VLANs can also be used on WiFi devices, such as Access Points, by bridging them with SSIDs. When bridging an SSID to a VLAN, all clients connected to that specific SSID will be assigned to the selected VLAN. This means that all their traffic will flow exclusively through the VLAN. Let’s now take a look at possible issues that may arise when configuring bridged VLANs, and how they can be resolved.
The screenshot above shows a layer 2 topology visualization with an example VLAN including two Access Points, “Entrance” and “Office”. However, we can also notice that the uplink device on the left, “PS8-L Office Room”, is grayed out. This indicates that the selected VLAN was not assigned to the uplink Switch, so all clients connected to those two Access Points over this bridged SSID will have no access to the internet. To resolve this issue, the VLAN needs to be assigned to the correct port of the uplink device as well.
In the screenshot above, we can see the VLAN is now correctly configured across all three devices. In fact, all links between devices are highlighted as well, meaning VLAN traffic can successfully flow. WiFi clients connected to this bridged SSID can now enjoy internet access.
All aforementioned scenarios clearly underline how powerful the integration of the layer 2 topology with VLANs is. You can now analyze and troubleshoot your virtual networks with ease in just a few clicks. Gathering all information necessary to understand and resolve your configurations is finally available under a single pane of glass, ensuring effortless troubleshooting. And if you wish to further explore this feature, we warmly invite you to try out our demo console. Enjoy simplicity, choose Plasma Cloud cloud-managed networking!