top of page
  • Writer's pictureRomit Kakadiya

Understanding VLANs (Virtual LANs)

Updated: Feb 12

In modern networking, the concept of Virtual LANs (VLANs) has become indispensable for efficient network management and security. VLANs essentially segment a single physical network into multiple logical networks, each operating as its own broadcast domain. This segmentation allows for better organization, security, and resource allocation within a network infrastructure.

Why need a VLAN?

Imagine an organization where various departments, such as IT, Civil, and Electrical & Computer Engineering, share the same physical network infrastructure. Without VLANs, all devices within these departments would be part of the same broadcast domain, leading to potential security risks and inefficient resource utilization. For instance, broadcast traffic from one department could flood the entire network, causing congestion and unnecessary strain on network resources.

When a switch receives the broadcast frame it can be flooding to other ports on the switch. take scenario given below image. In this picture PC, 1 can flooding frame on the switch so it can share on other ports and this frame to receive switch 2 that also flooding frame into all ports so it can cause traffic and more CPU utilization.

Normal lab without VLAN


VLANs can create individual broadcast domains, ensuring that only ports assigned to the respective VLAN can communicate with each other within that VLAN.

this image is normal scenario.
Lab with VLAN

In this scenario PC 1-4 in IT, PC 2-5 in Civil and PC 3-6 in EC Department. so, if PC 1 creates a broadcast frame it can go only PC 4 via Switch 2 in trunk link. Using VLAN reduces CPU utilization and easy troubleshooting.

Native VLAN

When devices communicate with a switch, the switch tags the frames with VLAN IDs to indicate their respective VLAN memberships. Frames that are not tagged are considered untagged frames and are forwarded to the switch's native VLAN. By default, most switches have VLAN 1 configured as the native VLAN, but this can be customized based on specific requirements.

VLAN Configuration

Configuring VLANs involves assigning ports to specific VLANs based on organizational needs. For instance, in our example organization, we could assign sw1 e0/1 & sw2 e0/1 to VLAN 10 (IT), sw1 e0/2 & sw2 e0/2 to VLAN 20 (Civil), and sw1 e0/3 & sw2 e0/3 to VLAN 30 (Electrical & Computer Engineering). This segmentation ensures that devices within each department can communicate effectively while maintaining isolation from other departments.

VLAN Topology

By default all port in VLAN 1 that show in blow image.

Configure Switch 1:

1. Create VLANs

Switch-1#configure terminal
Switch-1(config)#vlan 10 
Switch-1(config-vlan)#name IT
Switch-1(config)#vlan 20 
Switch-1(config-vlan)#name Civil
Switch-1(config)#vlan 30 
Switch-1(config-vlan)#name CSE

2. Assign trunk port

Switch-1(config)#interface e0/0
Switch-1(config-if)#switchport trunk encapsulation dot1q
Switch-1(config-if)#switchport mode trunk

3. Assign access port

Switch-1(config)#interface e0/1
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 10
Switch-1(config)#interface e0/2
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 20
Switch-1(config)#interface e0/3
Switch-1(config-if)#switchport mode access
Switch-1(config-if)#switchport access vlan 30

Configure Switch 2:

- All Configuration is same as switch 1.

- You can check configuration is apply or not using following command:

  • check assigning access port

Switch-1#show vlan brief

  • check assigning trunk port:

Switch-1#show interfaces trunk

19 views0 comments


bottom of page