What are vlans and why to use them?
A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). VLANs work by applying tags to network packets and creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.
In the example below we will configure a single switch with three vlans, 10, 20, and 50. Each port configured on the switch will be configured as access ports unconditionally allowing only a single device to be connected. All devices within a vlan should be able to access other devices in the same vlan. Devices connected to ports in other vlans should only be able to access other devices within the same vlan. The vlan 50 should be used for voice and voice only.
Steps to configure vlans
Step 1: Create vlan 10 and vlan 20.
Step 2: Configure interface FastEthernet1/0/1 as an access port and assign access to vlan 10.
Switch(config)#interface FastEthernet1/0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10
Step 3: Configure interfaces FastEthernet1/0/2 and FastEthernet1/0/3 and as an access ports and assign access to vlan 20.
Switch(config)#interface range FastEthernet1/0/2-3 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 20
Step 4: Create a vlan for voice and assign the voice vlan to switch ports.
Switch(config)#vlan 50 ! Switch(config)#interface FastEthernet1/0/5 Switch(config-if)#switchport voice vlan 50
NOTE: Only one vlan is allowed on switchport configured for mode access with the exception of a voice vlan. However, the vlan must be configured and used specifically for VoIP devices.
Verify the configuration
Now that the configuration is finished lets verify the vlan assignments. Using the show vlan command you can verify each vlan in the local vlan database. By viewing the local vlan database you can also verify which ports have been assigned to each vlan. Use the ping command to verify connectivity within a vlan and to verify computers in other vlans are unreachable.