What are VLANs in Networking?

What are VLANs in Networking? Learn how Virtual LANs segment networks, improve security, and optimize traffic flow in modern networking environments.

What Are VLANs?

Diagram

• A VLAN (Virtual Local Area Network) is like a virtual partition that divides a single physical network into multiple smaller, separate networks. 
• Imagine a large office with different departments, like Sales, HR, and IT. Without VLANs, all devices from these departments would be connected to the same physical network, and they would be able to send messages (called broadcasts) to each other. This can create traffic and security problems.
• VLANs solve this by grouping devices that need to communicate with each other into their own virtual networks. For example, all the devices in the HR department could be part of one VLANs in networking , and all the devices in the IT department could be part of another, even if they are connected to the same physical switch.

The Role of VLANs in Networking

1. Better Network Performance

• When a network is divided into VLANs, devices only send broadcast messages to others within the same VLAN. 
• This reduces unnecessary traffic, which can make the network run faster and more smoothly. In simple terms, fewer devices receive data they don’t need.
• For example, if you have 100 computers in one big network, they will all hear each other’s broadcast messages. 
• With VLANs, each department (like Sales or HR) can be isolated, and only the relevant people will receive those broadcasts, reducing congestion and improving performance.

2. More Security

• VLANs help improve network security by separating different groups. Let’s say you have a network with a department that deals with sensitive information, like HR. You wouldn’t want anyone from the Sales department to access that sensitive data, right? 
• By putting HR in its own VLAN, you can control who can see and access the HR data. 
• Only people in the HR VLAN will be able to communicate with each other, and others won’t have access to their data, even if they are connected to the same physical network.
• This separation also prevents certain types of attacks, like broadcast storms (where a lot of data is sent to everyone, slowing the network down) or hackers trying to intercept sensitive data.

3. Easier Network Management

• Managing a network with VLANs is simpler. Instead of physically moving cables around when someone changes departments, a network admin can just reassign that person’s computer to a different VLAN.
• This makes it easier to apply network settings, security policies, or even manage the traffic flow.
• Also, if a company grows and adds new departments, network admins can quickly create new VLANs without interrupting the entire network.

4. Saving Money

• Using VLANs can save money because you don’t need to buy more physical switches to divide the network into smaller sections. 
• You can use one physical switch but create several virtual networks (VLANs) on it. This reduces hardware costs.
• Additionally, VLANs can help extend a network over longer distances. 
• This is possible by using VLAN trunking, which allows VLANs to communicate across multiple switches, even if they are in different locations.

5. Scalability and Flexibility

• As a business grows, its network needs to grow too. VLANs offer flexibility, meaning a network can be easily expanded or restructured.
• For example, when a new department is created, the network admin just needs to create a new VLAN and add the necessary devices to it.
• The network can scale up without much effort.

VLANs in CCNA

• For anyone pursuing a CCNA certification, understanding VLANs is crucial. CCNA is a foundational certification offered by Cisco that validates a professional’s ability to install, configure, and troubleshoot networking devices. 
• VLANs are a core part of the CCNA curriculum, and having a deep understanding of how VLANs work will be essential for passing the exam and for real-world networking tasks.

VLAN Configuration

A key part of the CCNA exam involves learning how to configure VLANs. Here’s how it generally works:

1. Create a VLAN: First, you need to create a VLAN on the switch. This is done using a simple command in the network switch’s settings.
2. Assign VLANs to Ports: After creating a VLAN, you need to assign specific ports (the physical connections on the switch) to that VLAN. This ensures that devices connected to those ports will be part of that VLAN.
3. VLAN Trunking: If you have multiple switches, you’ll need to use trunk ports to carry traffic from multiple VLANs between them. This allows different VLANs to communicate with each other over a network.
4. Inter-VLAN Routing: Devices in one VLAN cannot communicate with devices in another VLAN directly. To allow them to communicate, you need to configure Inter-VLAN routing using a router or a Layer 3 switch. This is an essential part of the CCNA exam.

PRACTICAL

The configurations are as below :

Step 1: Drag and Drop Switch 1- 2960 on Cisco Packet Tracer.

Step 2: Drag and Drop Switch 2 -2960 on Cisco Packet Tracer.

Step 3: Drag and Drop 8 PC's on both the sides

Step 4: Connect all 8 Pcs with respective switches. For this refer to CISCO Packet Tracer Topology

Step 5: Assign hostname to switch 1 and 2 and create 

four vlans (vlan 10, vlan 20, vlan30 and vlan 40) in the switch.

Configuration on Switch1

Switch>enable

Switch# configure terminal

Switch(config)# hostname SW-1

VLAN 10

SW-1(config)# vlan 10

SW-1(config-vlan)# name Sales

SW-1(config-vlan)#exit

SW-1(config)#

Note: Above command will create VLAN 10 and assigns name Sales to VLAN. 

VLAN 20

SW-1(config)# vlan 20

SW-1(config-vlan)# name Accounts

SW-1(config-vlan)#exit

SW-1(config)#

Note: Above command will create VLAN 20 and assigns name Accounts to VLAN.

VLAN 30

SW-1(config)# vlan 30

SW-1(config-vlan)# name HR

SW-1(config-vlan)#exit

SW-1(config)#

Note: Above command will create VLAN 30 and assign name HR to VLAN.

VLAN 40

SW-1(config)# vlan 40

SW-1(config-vlan)# name Marketing

SW-1(config-vlan)#exit

SW-1(config)#

Note: Above command will create VLAN 40 and assigns name Marketing to VLAN.

Configure on Switch 2

Switch>enable

Switch# configure terminal

Switch(config)# hostname SW-2

VLAN 10

SW-2(config)# vlan 10

SW-2(config-vlan)# name Sales

SW-2(config-vlan)#exit

SW-2(config)#

VLAN 20

SW-2(config)# vlan 20

SW-2(config-vlan)# name Accounts

SW-2(config-vlan)#exit

SW-2(config)#

VLAN 30

SW-2(config)# vlan 30

SW-2(config-vlan)# name HR

SW-2(config-vlan)#exit

SW-2(config)#

VLAN 40

SW-2(config)# vlan 40

SW-2(config-vlan)# name Marketing

SW-2(config-vlan)#exit

SW-2(config)#

Note: Above command will create VLAN 40 and assigns name Marketing to VLAN.

Step 6: On both switches change the DTP mode of switch interface to static-access and Assign switch interfaces to created VLans.

Configuration on Switch1

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/1 To fastEthernet 0/6

VLAN 10:

SW-1(config-if-range)# switchport mode access

SW-1(config-if-range)# switchport access vlan 10 

SW-1(config-if-range)#exit

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/7 To fastEthernet 0/12

VLAN 20:

SW-1(config)# interface range fastEthernet 0/7-12

SW-1(config-if-range)# switchport mode access

SW-1(config-if-range)# switchport access vlan 20 

SW-1(config-if-range)#exit

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/13 To fastEthernet 0/18

VLAN 30:

SW-1(config)# interface range fastEthernet 0/13-18

SW-1(config-if-range)# switchport mode access

SW-1(config-if-range)# switchport access vlan 30 

SW-1(config-if-range)#exit

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/19 To fastEthernet 0/24

VLAN 40:

SW-1(config)# interface range fastEthernet 0/19-24

SW-1(config-if-range)# switchport mode access

SW-1(config-if-range)# switchport access vlan 40 

SW-1(config-if-range)#exit

Configuration on Switch2

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/1 To fastEthernet 0/6

VLAN 10:

SW-2(config)# interface range fastEthernet 0/1-6

SW-2(config-if-range)# switchport mode access

SW-2(config-if-range)# switchport access vlan 10 

SW-2(config-if-range)#exit

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/7 To fastEthernet 0/12

VLAN 20:

SW-2(config)# interface range fastEthernet 0/7-12

SW-2(config-if-range)# switchport mode access

SW-2(config-if-range)# switchport access vlan 20 

SW-2(config-if-range)#exit

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/13 To fastEthernet 0/18

VLAN 30:

SW-2(config)# interface range fastEthernet 0/13-18

SW-2(config-if-range)# switchport mode access

SW-2(config-if-range)# switchport access vlan 30 

SW-2(config-if-range)#exit

Below command will change DTP mode to Static Access Interfaces from fastEthernet 0/19 To fastEthernet 0/24

VLAN 40:

SW-2(config)# interface range fastEthernet 0/19-24

SW-2(config-if-range)# switchport mode access

SW-2(config-if-range)# switchport access vlan 40 

SW-2(config-if-range)#exit

Step 7: Change DTP mode of interfaces fastEthernet 0/24 to trunk on both the switches.

Configure on Switch 1

SW-1(config)# interface GigabitEthernet 0/1

SW-1(config-if)# switchport mode trunk

SW-1(config-if)#exit

Configure on Switch 2

SW-1(config)# interface GigabitEthernet 0/1

SW-1(config-if)# switchport mode trunk

SW-1(config-if)#exit

Step 8: Assign management IP address to interface vlan on both the switches.

Configure on Switch 1

SW-1(config)# interface vlan 1

SW-1(config-if)# ip address 10.10.10.1 255.255.255.0

SW-1(config-if)# no shutdown 

SW-1(config-if)#exit

SW-1(config)# exit

SW-1# wr

Configure on Switch 2

SW-2(config)# interface vlan 1

SW-2(config-if)# ip address 10.10.10.2 255.255.255.0

SW-1(config-if)# no shutdown 

SW-2(config-if)#exit

SW-2(config)# exit

SW-2# wr

Step 9: Configure Router on a Stick:

VLAN 10

Router(config)# interface GigabitEthernet0/0.10  

Router(config-subif)# encapsulation dot1Q 10

Router(config-subif)# ip address 10.10.10.254 255.255.255.0 

Router(config-subif)# no shutdown

Router(config-subif)# exit

VLAN 20

Router(config)# interface GigabitEthernet0/0.20

Router(config-subif)# encapsulation dot1Q 20

Router(config-subif)# ip address 10.10.20.254 255.255.255.0

Router(config-subif)# no shutdown

Router(config-subif)# exit

VLAN 30

Router(config)# interface GigabitEthernet0/0.30

Router(config-subif)# encapsulation dot1Q 30

Router(config-subif)# ip address 10.10.30.254 255.255.255.0

Router(config-subif)# no shutdown

Router(config-subif)# exit

VLAN 40

Router(config)# interface GigabitEthernet0/0.40

Router(config-subif)# encapsulation dot1Q 40

Router(config-subif)# ip address 10.10.40.254 255.255.255.0

Router(config-subif)# no shutdown

Router(config-subif)# exit

Step 10:Verification

To verify trunk ports on switch

SW-1# show interfaces trunk

SW-2# show interfaces trunk

Step 11: To verify vlan

SW-1# show vlan

SW-2# show vlan

Real-Life Examples of VLANs

VLANs are used in many real-world networks. Here are a few examples:

  Office Networks: In a large company, each department (like HR, Sales, or IT) can be placed in its own VLAN. This keeps their traffic separate, which can improve security and network performance.

  Data Centers: Data centers often use VLANs to separate different types of traffic, like storage traffic, server traffic, and user traffic, making management easier and more secure.

  Schools or Universities: VLANs can be used in educational environments to separate faculty, student, and guest networks, providing a smoother and safer experience for everyone.

Conclusion

VLANs in networking are an essential part of modern networking. They improve performance, security, and network management, making them an important tool for network administrators. Understanding how VLANs work and how to configure and troubleshoot them is a crucial skill for anyone aiming to pass the CCNA exam. Prepare for your networking career with top CCNA Interview Questions. Master key concepts, protocols, and real-world scenarios to ace your next technical interview.

Whether you’re designing a network for a small office or managing a large corporate network, VLANs will help you create a more efficient, secure, and scalable network. So, mastering VLANs will not only help you pass your CCNA exam but will also make you a better network professional.

Do visit our channel to know more: SevenMentor

Author:-

Gandhar Bodas