What are vlans and why to use them?

A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). VLANs work by applying tags to network packets and creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

In the example below we will configure a single switch with three vlans, 10, 20, and 50. Each port configured on the switch will be configured as access ports unconditionally allowing only a single device to be connected. All devices within a vlan should be able to access other devices in the same vlan. Devices connected to ports in other vlans should only be able to access other devices within the same vlan. The vlan 50 should be used for voice and voice only.

Steps to configure vlans

Step 1: Create vlan 10 and vlan 20.

Switch(config)#vlan 10,20

Step 2: Configure interface FastEthernet1/0/1 as an access port and assign access to vlan 10.

Switch(config)#interface FastEthernet1/0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10

Step 3: Configure interfaces FastEthernet1/0/2 and FastEthernet1/0/3 and as an access ports and assign access to vlan 20.

Switch(config)#interface range FastEthernet1/0/2-3
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20

Step 4: Create a vlan for voice and assign the voice vlan to switch ports.

Switch(config)#vlan 50
Switch(config)#interface FastEthernet1/0/5
Switch(config-if)#switchport voice vlan 50

NOTE: Only one vlan is allowed on switchport configured for mode access with the exception of a voice vlan. However, the vlan must be configured and used specifically for VoIP devices.

Verify the configuration

Now that the configuration is finished lets verify the vlan assignments. Using the show vlan command you can verify each vlan in the local vlan database. By viewing the local vlan database you can also verify which ports have been assigned to each vlan. Use the ping command to verify connectivity within a vlan and to verify computers in other vlans are unreachable.

Related Posts

Cisco Networking

BGP Load Sharing

Load balancing with BGP is not possible in a multihomed environment with two ISPs. BGP selects only the single best path to a destination among the BGP paths that are learned from different ASs, which Read more…

Cisco Firewall

Configuring Dynamic Multipoint VPN and Zone Based Firewall

DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key Management Protocol) peers. Read more…

Cisco Networking

Configuring Layer 2 MPLS VPN

Layer 2 VPNs are a type of Virtual Private Network (VPN) that uses MPLS labels to transport data. The communication occurs between routers that are known as Provider Edge routers (PEs), as they sit on Read more…