VLAN Fundamentals and Configuration

Fri May 06 2022

VLANs, or Virtual LANs, are really the first sign of virtualization that came to networking. Before VLANs we ended up having a whole switch as just one broadcast domain. So that meant that we had routers everywhere to split up the broadcast domains, as well as switches everywhere to host all of the individual broadcast domains. If you had two computers connected to the same switch, those were in the same broadcast domain, so they were in the same subnet. A VLAN allows you to carve up a switch, such that different ports on that switch can exist in different broadcast domains.

The Local Area Network (LAN)

Not too long ago, the LAN was made up of just layer two switches with no VLAN capabilities. This caused offices to be designed in a manner where you clumped your staff together into departments. You couldn't have your project and program managers sitting with the team of engineering resources they worked with, they would be only located in PMO department. This was due to requiring all users in a particular subnet or security zone of the network to be connected to the same switch. Without the ability to logically segregate LANs, only the PMO could connect to a switch, and only Accounting could connect to another, and only Engineering could connect to another, all with no intermingling.

This put some pretty heavy hardware requirements on the IT organization; being that an entire switch was just and Accounting switch, or just and Engineering switch. We needed separate physical devices to connect our users in different logical areas of the network.

The Virtual Local Area Network (VLAN)

Step onto the stage, the Virtual LAN. The VLAN allows us to take one physical switch and split it up into multiple broadcast domains. In a way, it splits it up into multiple logical switches. So now you really have a VLAN for your department, rather than a switch. We have an Accounting VLAN and a Marketing VLAN. If you want to move a staff member to a different physical location in the office, just put that port into whatever VLAN that you needed that computer to be part of and that there you go.

It allows for a lot more freedom for you to be able to situate your office however you want. Additionally it can lead to more efficient utilization of the networking hardware, allowing for a single switch to host ports for users in multiple departments.

VLAN IDs

Let's talk about the ranges of VLAN IDs that you can configure on Cisco devices. There are 4096 vlans with our 12 bit VID field, zero through 4095. There are a few reserved IDs though:

VLAN Ranges

The standard range for VLANs is 2 through 1001. The reason why this is the standard range is because this is what's propagated with VTP. VTP is the VLAN Trunking Protocol. The CCNA exam topics doesn't mention VTP at all, though let's do a very brief overview.

VTP allows for the propagation, and pruning, of VLANs automatically. One of your switches will act as a VTP server, so when you make changes to the server, those changes are propagated out towards all the other switch participating the in VTP domain. This allows for us to configure a set of VLANs on a single switch within our infrastructure and have those changes be propagated to all other connected switches, potentially saving a significant amount of administrative overhead.

VLAN Configuration

How do we create a VLAN on a Cisco IOS device, and how do we assign a port as being a member of the VLAN?

We can create a VLAN one of two ways. First, we can simply assign a port to a VLAN, and if the VLAN doesn't exist, then the switch will create it for us:

If a VLAN doesn't exist when assigned to a port, IOS will create automatically

This is performed from interface configuration mode. After assigning the port using switchport access vlan command, we see the switch recognizes that the VLAN doesn't exist and proceeds to create it. The switch will create the VLAN with a name of "VLAN####" where the # is the number of the VLAN ID. We can see VLAN0050 here:

unnamed or automatically created VLANs show with a name using the VLAN#### convention

The second way we can configure a VLAN is is through the vlan ## command at global configuration mode, where # is the VLAN ID we wan to create. This will take us into vlan configuration mode where we can configure various properties of the VLAN, including setting a proper name for the VLAN:

Vlan configuration mode allows for the configuration of a name for our VLANs