VLAN

Submitted on Mon, 04/22/2024 - 22:48

VLAN stands for virtual LAN. It is used to logically segment a network. VLAN has multiple advantages as follows:

  • Network performance improvement
  • Broadcast traffic reduction.
  • Security enhancement
  • Isolation of sensitive network segments

Creating VLAN in switch

In this example, we will connect 4 pcs to a switch and create two VLANs.

Step 1. Create a computer network as follows:

Connect 4 pcs to switch and assign following IP addresses:

  • 10.10.10.1/29
  • 10.10.10.2/29
  • 10.10.10.3/29
  • 10.10.10.4/29

Subnet Mask for /29 is 255.255.255.248.

Step 2. Click on the switch, go to config and VLAN database.

Step 3. Add two VLANs with following details:

VLAN Number

VLAN Name

10

it

20

admin

Step 4. Assign switch interfaces connected to pc0 and pc1 to VLAN 10. In this example, the interfaces are FastEthernet0/1 and  FastEthernet0/4.

Step 5. Assign switch interfaces connected to pc2 and pc3 to VLAN 20. In this example, the interfaces are FastEthernet0/2 and  FastEthernet0/3.

Finally, we can hover on the switch to see that the interfaces are assigned to the two VLANs 10 and 20.

Step 6. To make the changes permanent, go to settings and click on Save button for NVRAM.

We can visualize the 4 PCs in two VLANs as follows:

The yellow area represents VLAN 10 while the green area represents VLAN 20.

To create the coloured areas, select the Draw Ellipse button, select a fill color and drag an area to color. Press Ctrl+Z to undo.

Now when we try sending PDUs across devices, we can see that the devices in the same VLAN can ping each other while devices across different VLANs can't.

The type of VLAN used in the above example is called access VLAN. Access VLAN is used to connect end devices such as PCs. In Access VLAN, a particular interface of a switch belongs to a specific VLAN,identified by a number.

There is another type of VLAN called trunk VLAN which is used to work with multiple VLANs in an interface. 

Let us expand the previous example where a second switch is connected to the previous switch. The second switch also has access VLANs configured in its interfaces similar to the first one.

We added two more PCs and the same switch 2960 in the network. The two PCs were assigned following IP addresses:

10.10.10.5/29

10.10.10.6/29

In switch, again the same access VLANs were created and assigned to interfaces connecting the two PCs.

Now, in order for PCs in the same VLAN to communicate with each other across different switches, we will have to use trunk VLAN. In this example, the following interfaces are used to connect the two switches:

Fa0/5 in the first switch

Fa0/3 in the second switch

Hence, they should be set as trunk ports. For that do the following:

  1. Click on the first switch.
  2. Go to config and select FastEthernet0/5 interface.
  3. Select trunk from dropdown.

  1. Click on the second switch.
  2. Go to config and select FastEthernet0/3 interface.
  3. Set it as the trunk port.

Now PCs belonging in same VLAN can ping each other across the two switches as shown below: