Big broadcast domains can lead to network performance degradation because all broadcast packets are sent through the whole network. When you segment your network using VLANs, broadcast messages, instead of being sent to a large number of hosts, are sent only to the other members of the VLAN. Also, in big companies, this is a method of isolating some departments from others, for example, the technical department has a different VLAN than the accounting department, even if they share the same switch.
VLANs are operating at OSI Layer 2. VLANs can be characterized as “logically separated networks”. The benefits of using VLANs are greater security, better performance, and last but not least, cost reduction.
When you use VLANs the security of your network is greater because you actually separate your physical network into many smaller logical networks. If you are unlucky and someone breaks into your network, the chances that he will gain access to the whole network are smaller. Most likely, he will gain access only to a logical segment of your network, one VLAN.
In big networks, the chances that a Broadcast Storm will occur are big. When you have for example 4096 hosts in your network, a broadcast storm can cause big performance degradation. If you are using VLANs you can divide the network into smaller parts of 512 hosts. This means, only one VLAN will be affected and the performance degradation will be smaller because it floods only 512 hosts instead of 4096.
Last but not least, VLANs can help you reduce your costs. Imagine, for example, you have an office building or a campus. The costs of making 3 different networks will be definitely bigger than the costs of making a single network and use a switch to segment the network into VLANs. This also gives you the opportunity to easily make changes to your network, for example, if the technical support team is moving from the 2nd floor to the 3rd floor, you will only have to change the configuration of the router, and not to move the physical cabling 1 floor up.
VLAN IDs are divided into two ranges: normal and extended.
Normal-range VLANs are using the IDs from 1 to 1005 with a default management VLAN ID 1 which cannot be erased. VLAN IDs 1002 to 2005 are reserved for Token Ring and FDDI. The VLAN trunking protocol (VTP) helps network administrators manage VLAN configurations between switches, but it’s working only with normal-range VLANs.
The normal range of VLANs may not be enough for some service providers. There are Extended-range VLANs, number 1006 to 4094. However, they support fewer features that the normal-range VLANs and cannot be used with VTP.
VLANs can be categorized in Data, Default, Native, Management, and Voice VLANs. You will need to know these terms for your CCNA exam.
Data VLANs are used to separate the Data from the Voice traffic. A VLAN can carry both types, but it’s a good practice to separate these two types of traffic.
After the switch’s initial boot up, all switch ports are participating in a Default VLAN. This means, the switch is acting just like a regular one, without VLAN support, and all connected devices are sharing the same broadcast domain.
A Native VLAN is a VLAN associated with an 802.1Q trunk port. 802.1Q trunk ports are supporting traffic coming from multiple VLANs (tagged traffic), as well as traffic coming from non-VLAN ports (untagged traffic).
The Management VLAN is the VLAN you use to connect to your switch (through Telnet, SSH, HTTP or SNMP) and configure it. It’s a bad practice to use VLAN 1 for this operation. That is the default VLAN on a Cisco switch and you should avoid using it.
Voice VLANs, just like the name suggests, are used to carry voice traffic. When using Voice over IP (VoIP), you must check that the traffic gets a higher priority than the rest and there is a guaranteed bandwidth.
Every port of a switch can be associated with one or many VLANs and can be configured to support 3 different VLAN types: static, dynamic, and voice.
Static VLANs are the most used configuration for a switch port. With this method, you manually assign a VLAN to an interface.
Switch(config)#interface FastEthernet0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Dynamic VLANs are not too common in today’s deployments. Dynamic VLANs are configured using a VLAN Membership Policy Server (VMPS) which assigns the switch ports to VLANs dynamically based on the MAC address of the device connected to the switch port. If you physically move that device to another switch port, the VMPS will automatically reconfigure your switch ports, so that the device will be part of the same VLAN.
Most of the networks today are carrying voice traffic along with data traffic. The voice traffic must meet certain parameters in order for VoIP to work correctly. Voice VLANs are designed to assist you in providing quality of service for voice networks. Because an interface can carry both voice and data traffic you must use the mls qos trust cos interface configuration command which identifies the voice traffic passing that port.
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan 150
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
To check how an interface is configured, you can use the show interfaces interface switchport command.
Switch#show interfaces fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 20 (VLAN0020)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 150 (VLAN0150)
VLAN configuration is easy. The basic operation is to create a VLAN and assign it to an interface. When you are working in small environments, you may remember what VLAN IDs you are using for what purpose. But in bigger environments, seeing numbers may not be as descriptive as you may want. You can assign names to your VLAN with the name vlan-name vlan configuration command.
Switch(config)#vlan 20
Switch(config-vlan)#name Building-1
Switch(config-vlan)#exit
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
We’ve just created a VLAN with ID 20, which is in the normal range, we assigned a descriptive name, Building-1, and we assigned that VLAN to interface FastEthernet 0/1. Now let’s check if that VLAN has been correctly assigned to that interface.
Switch#show vlan brief
VLAN Name Status Ports
—- ——————————– ———– —————————–
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
……………………….((output omitted))………………………
20 Building-1 active Fa0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
To remove a VLAN from a switch port simply use the no switchport access vlan vlan-id interface configuration command. To remove the VLAN completely you can use no vlan vlan-id global configuration command.
Switch(config-if)#no switchport access vlan 20
Switch(config-if)#exit
Switch(config)#no vlan 20
Along with show vlan brief and show interfaces interface switchport, you can also use the show interfaces vlan vlan-id which gives you plenty of information.
We hope you found this Cisco CCNA certification article covering VLAN concepts helpful. We pride ourselves with o industry-leading CCNA training courses and we hope you will make great use of the information found here while taking your CCNA exam.