Tutorials » What is a VLAN: Its Advantages and Configuration

What is a VLAN: Its Advantages and Configuration

Understanding VLANs, Tagging Process, and Configuration

In the last tutorial, we learned about the basics of Ethernet switches and the switching process. Now, let’s try to understand VLANs, which are used to reduce unwanted traffic in Ethernet switches. We will also explore the concept of VLAN tagging using the IEEE 802.1Q protocol and go over VLAN configuration commands for a Cisco switch.

Table of Contents

What is a VLAN ?

A VLAN ( Virtual LAN ) logically groups ports to avoid unwanted traffic. Devices connected to a switch receive a lot of unwanted traffic because the switch floods the frame when the destination is unknown, multicast, or broadcast. By creating VLANs, we create separate, isolated groups in a switch. By default, traffic from one VLAN does not go to another, avoiding disturbances to other devices in different groups. We can configure 2^12 VLANs on a switch, which amounts to 4096 VLANs

What is VLAN tagging?

When a switch forwards a frame to another switch, it includes the VLAN ID of the port from which it received the frame. Otherwise, the receiving switch will not know the VLAN from which the frame came. The switch includes this VLAN ID in an extra field called the VLAN tag. It places this tag between the source address and the type field in the Ethernet header. We call this process of adding a VLAN tag while sending the frame to another switch VLAN tagging

Two protocols, IEEE 802.1Q and ISL (Cisco proprietary), keep VLAN information when sending frames to other switches. IEEE 802.1Q, also known as dot1q, is the industry-standard protocol supported by all vendors. You can use ISL if you have Cisco devices on both ends of the cable.

What are the advantages of using VLANs?

By shrinking the size of broadcast domains, VLANs cut down on unnecessary traffic, leading to better overall network performance. For instance, we can keep the traffic from different teams in a company like engineers, managers, sales, HR, and finance separate by placing these teams into different VLANs.

VLANs improve security by allowing you to segregate sensitive data, reducing the risk of unauthorized access.

VLANs make network management easier. You can group devices logically regardless of their physical location, making it simpler to implement policies and troubleshoot issues.

Why can a switch support only 4096 VLANs?

The VLAN ID field in dot1q uses only 12 bits to represent the VLAN number. So, the VLAN numbers range from 0 to 4095.

Diagram of a dot1q VLAN tag structure, with 12 bits representing the VLAN number
VLAN ID in dot1q tag

How to Configure VLANs on a Cisco Switch?

You can configure VLANs on a Cisco switch in two steps:

Step 1: Add VLANs to the VLAN database: After connecting to the switch using Telnet, SSH, or the Console, enter VLAN database mode by using the command “vlan database” from privilege mode. Then, add VLANs using the command “vlan <vlan number> name <vlan name>”. After this, use the “apply” command, followed by “exit” to leave VLAN database mode.

For example, the following commands will configure VLAN 10 and VLAN 20 on a Cisco switch:

Switch# vlan database
Switch(vlan)# vlan 10 name testers
Switch(vlan)# vlan 20 name developers
Switch (vlan)# exit
Switch #

Screenshot of adding VLANs to the database on a Cisco switch:

Screenshot of adding VLANs to the database on a Cisco switch's CLI
Cisco VLAN Configuration: Adding VLANs to the database

Step 2: Configure Port-to-VLAN Mappings : You can configure the port-to-VLAN mappings in two ways:

  1. Use the “interface range” command to select a group of ports and then apply VLANs to them.
  2. Apply the VLAN membership to a single interface if you want to add only one port to a VLAN.

Example 1: To configure multiple ports to the same VLAN, you can use the “interface range” command. For example use the following commands to configure ports FastEthernet 1/1 to FastEthernet 1/5 as members of VLAN 10.

Switch(config)# interface range fastethernet 1/1 – 5 
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10 
Switch(config-if-range)# exit
Switch(config)#

Screenshot of VLAN configuration using “interface range” command on Cisco switch:

Screenshot of a Cisco switch's CLI showing interface range command to configure VLAN
VLAN Configuration: Using the interface range command to map VLANs to multiple ports

Example 2: To configure VLAN on a single port, you can apply the “switchport access vlan <vlan number>” command in interface mode . For example, use the following commands to configure port FastEthernet 1/1 as a member of VLAN 10:

Switch(config)# interface fastethernet 1/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Screenshot of configuring VLAN membership on an interface from a cisco switch:

Screenshot showing configuring VLAN on an interface using a Cisco Switch's CLI.
VLAN Configuration: Port-to-VLAN Mapping

Note: You don’t have to use the ‘switchport mode access‘ command, as your switch will likely have all ports set as access ports by default. However, using this command is suggested so that the port will change back to an access port if it was previously set to a trunk port.

Next >>> VLAN Configuration Examples

Previous >>> Understanding How Ethernet Switches Work

Further reading : Wikipedia

Courses:

Protocol Testing Course

We’d love to hear your feedback and suggestions about this article. Feel free to reach out to us using the WhatsApp number below.

Sajith Achipra has been a trainer and testing consultant at Zframez Technologies since 2009. With 15+ years of experience, he specializes in networking, Python, development, and testing. He conducts online courses to help students and professionals enhance their skills. You can reach him on WhatsApp at +91 8884 884 844 for your training and testing requirements.

+91 8884 884 844