How to Configure a Cisco IOS Virtual LAN (VLAN): The Basics

A VLAN is a group of devices that are grouped together to create a logical LAN. What this means is that a group of individual devices on the same physical LAN can be segmented as if they were on an independent second physical LAN network. This allows for a number of different flexible configurations including securing different computers into their own VLAN or separating data and voice traffic onto different VLANs for priority.

A VLAN example is illustrated in Figure 1 below. Figure 1 shows a building network example that includes devices for the staff and students of a university. For security purposes, the traffic from individuals working on administrative devices (staff) could be separated from the traffic generated by the academic devices (students).

A method of separating these different devices could be to have them on separate physical networks; however this type of solution can be expensive and inflexible. A better solution would be to create separate VLANs for administrative and academic traffic.

VLAN Example

Figure 1 shows four different common areas that exist in a university setting, two of each belong to either the administrative or academic side of the network. The areas that are in the administrative part of the network are separated into VLAN 10; the areas that are in the academic part of the network are separated into VLAN 20. In order for the devices in VLAN 10 to communicate with the devices in VLAN 20, a Layer 3 device (like a router) is required. The Layer 3 device can then be configured to filter the traffic allowed to pass between the two VLAN’s (if any).

Another part of the understanding of VLANs is how they are used between different devices. Without further configuration, the VLAN configuration of a switch is specific to each individual switch. In many smaller deployments, this works out fine as one single switch is deployed for connectivity. However, on larger deployments where there are multiple switches used over a building or campus then the VLAN configuration needs to span multiple switches, this is done with trunks.

Under normal conditions, a switchport is limited to be in a single VLAN; a trunk allows the switchport to support the transport of traffic on multiple VLAN’s. This is accomplished through the use of IEEE 802.1q trunking. When using 802.1q trunking, a tag is inserted into the frame header to identify the VLAN membership; once the frame reaches the destination switch the tag is removed and sent out on all matching VLAN switchports.

Basic VLAN Configuration

The normal range of VLAN numbers used goes from 1 through 1001; the numbers from 1002 through 1005 are reserved for Token Rink and FDDI VLAN’s.  On most switches, including Cisco, the default is VLAN 1 on all switchports. The VLAN range from 1006 through 4094 is also available if extended range VLAN’s are configured.

In order to configure a VLAN on a Cisco switch use the following steps:

Enter global configuration mode

Step 1.              switch#configure terminal

Create or modify an existing VLAN

Step 2.              switch(config)#vlan vlan-id

Configure a VLAN name (optional)

Step 3.              switch(config-vlan)#name name

Another method of creating a VLAN is to configure a switchport into a nonexistent VLAN.  When this is done, the VLAN is automatically created.

In order to configure a switchport into a specific VLAN on a Cisco switch use the following steps:

Enter global configuration mode

Step 1.              switch#configure terminal

Enter interface configuration mode

Step 2.              switch(config)#interface type number

Configure a switchport VLAN

Step 3.              switch(config-if)#switchport access vlan vlan-id

Summary

The configuration of VLAN’s on modern network is common at the access layers of the network; it provides a method of security which is easy to implement and configure. Hopefully this article gives a basic understanding of the concept and how it can be used.

Learn More About VLANs

If you’re interested in learning more about VLANs, check out our article on How to Configure, Verify and Troubleshoot a VLAN and our free video from our Cisco CCNA training covering Virtual LANs and VTP: VLAN Trunking Protocol.

Ready to test your skills in CISCO? See how they stack up with this assessment from Smarterer, the newest addition to the Pluralsight family. Start this CISCO test now

0
 in Cisco

Comments