VLAN (Virtual Local Area Network) A VLAN is a group of devices on one or more LANs that are configured to communicate as if they are on the same physical network, regardless of their actual location. A VLAN is Layer 2 Security. Divides a Single Broadcast domain into Multiple Broadcast domains. By default, all switches’ ports are in VLAN1. This VLAN1 is known as Administrative VLAN or Management VLAN VLAN can be created from 2 1001 It can be configured only on a manageable switch. Types of VLAN Configuration— 1. Static VLAN 2. Dynamic VLAN 1. Static VLAN:— Static VLANs are based on port numbers. Need to manually assign a port on a switch to a VLAN. Also called Port-Based VLANs. It can be a member of a single VLAN and not multiple VLANs. Key Features of Static VLAN: 1. Manual Configuration: + Each port on the switch must be manually assigned to a VLAN. © Example: Port rastethernet 0/1 is assigned to VLAN 10. 2. Port-Based Membership: + The VLAN membership is determined by the physical switch port. + Adevice connected to a port inherits the VLAN of that port. 3. Simple to Implement:+ Easy to configure in small or medium networks where the network topology doesn't change frequently. 4. Less Flexible: + Ifa device moves to another port, it loses its VLAN membership unless the new port is configured with the same VLAN. How to Configure Static VLAN on a Cisco Switch Here is an example of configuring a static VLAN: 1. Create a VLAN: Switch> enable Switch# configure terminal Switch(config)# vlan 10 Switch(config-vlan)# name Sales Switch(config)# vlan 20 Switch(config-vlan)# name Market 2. Assign a VLAN to a Port: Switch(config)# interface fastethernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 switch(config)# interface fastEthernet 0/2 switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 20 Switch(config)# interface fastEthernet 0/3 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 10 Switch(config)# interface fastEthernet 0/4 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 203. Verify Configuration: Switch# show vlan brief Output: When to Use Static VLAN? + Small or Static Networks: Where devices do not move frequently. + High-Security Environments: When strict control over VLAN membership is required. + Easier Troubleshooting: When simplicity is preferred over flexibility. 2. Dynamic VLAN— A Dynamic VLAN is a type of VLAN configuration where devices are automatically assigned to a VLAN based on attributes such as their MAC address, IP address, user identity, or other criteria. Dynamic VLANs are based on the MAC address of a PC. Switch automatically assigns the port to a VLAN. Each port can be a member of multiple VLANs. For Dynamic VLAN configuration, a software called VMPS( VLAN MembershipPolicy Server) is needed. Key Features of Dynamic VLAN 1. Automated Assignment: Devices are automatically assigned to VLANs based on pre-configured policies. 2. Fle y: + VLAN membership follows the device, not the port. + Ifa device moves to another port, it retains its VLAN assignment. 3. Centralized Management: + Dynamic VLANs are managed using a VMPS (VLAN Management Policy Server), a centralized database that maps devices to VLANs based on criteria. 4. Scalabi + Ideal for larger, dynamic networks where devices or users frequently change locations. Types of links/ports:— 1. Access links:- 2. Trunk links:- 1. Access links: This type of link is only part of one VLAN, and it's referred to as the native VLAN of the port Any device attached to an access link is unaware of a VLAN membership the device just assumes it's part of a broadcast domain, but it has no understanding of the physical network. Configuration: Assigns the port to a specific VLAN. + Example: Switch(config)# interface fastEthernet 0/1switch(config-if)# switchport mode access switch(config-if)# switchport access vlan 10 Trunk links: Trunks can carry multiple VLANs. A trunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router, or between a switch and server. These carry the traffic of multiple VLANs from 1 to 1005 at a time. Trunking allows you to make a single port part of multiple VLANs at the same time VLAN Tagging: Uses 802.10 tagging to identify VLANs. Adds a VLAN tag to. the Ethernet frame for each VLAN. Configuration: + Example: Switch(config)# interface gigabitethernet 0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk allowed vlan 10,20,3 e Switch(config-if)# switchport trunk native vlan 1 Comparison: Feature Traffic Type VLAN Tagging Connection Type Use Case Command Example Access Port Single VLAN Untagged frames End devices (PCs, printers) Simple device connection switchport mode access Trunk Port Multiple VLANs Tagged frames (except native VLAN) Network devices (switches, routers) VLAN communication across switches switchport mode trunk1. ISL (Inter-Switch Link) + Proprietary Protocol: Developed by Cisco. + Encapsulation: Encapsulates the entire Ethernet frame with an additional ISL header and trailer. Tagging: Adds a 26-byte header and a 4-byte CRC (Cyclic Redundancy Check) trailer to the frame. Native VLAN Handling: Does not have a concept of a native VLAN. All VLAN frames are tagged. Compatibility: Only supported on Cisco devices. Frame Size: Increases frame size significantly due to encapsulation (30 bytes overhead). Usage: Legacy protocol; rarely used today. VLAN Range: Supports up to 1000 VLANs (1-1005). 2.802.1Q ‘Standard Protocol: Defined by the IEEE (Institute of Electrical and Electronics Engineers). Tagging: Inserts a 4-byte VLAN tag directly into the Ethernet frame between the Source MAC and Ethertype fields. Native VLAN Handling: Supports a native VLAN where frames belonging to the native VLAN are sent untagged. Compatibility: Supported by Cisco and non-Cisco devices, making it an industry standard. Frame Size: Increases frame size by 4 bytes (minimal overhead). Usage: Widely used and preferred for modern VLAN implementations. VLAN Range: Supports a larger VLAN range (up to 4094 VLANs).aAAIOAVARSAAAA Ie HBHSWLHHH enable conf t hostname Swi. vlan 10 name laptop vlan 20 name pe vlan 30 name server int fao/2 switchport access vlan 10 int fa0/3 switchport access vlan 20 int fao/4 switchport access vlan 30 int fao/1 switchport mode trunk HHHHSWOHHH enable conf t VLAN (Virtual Local Area Network)hostname Sw2 vlan 10 name laptop vlan 20 name pc vlan 30 name server int fa0/2 switchport access vlan 10 int fa0/3 switchport access vlan 20 int fa0/1 switchport mode trunk HHHSWOHHH enable conf t hostname sw3 vlan 10 name laptop vlan 20 name pe vlan 30 name server int fa0/2 switchport access vlan 10 int fa0/3 switchport access vlan 20 int fao/4 switchport access vlan 30 int fao/1 switchport mode trunk#tHHCON SWHHTH enable conf t hostname corsw ip routing vlan 10 name laptop vlan 20 name pc vlan 30 name server | ##HH# SVI = Switch Virtual Interfaces ####H## interface vlan 10 ip address 192.168.10.1 255.255.255.0 no shutdown interface vlan 20 ip address 192.168.20.1 255.255.255.0 no shutdown interface vlan 30 ip address 192.168.30.1 255.255.255.0 no shutdown ip dhcp pool LAPTOP default-router 192.168.10.1 network 192.168.10.0 255.255.255.0 ip dhcp pool PC default-router 192.168.20.1 network 192.168.20.0 255.255.255.0 ocal Area Networkip dhcp pool SERVER default-router 192.168.30.1 network 192.168.30.0 255.255.255.0 Corsw ports automatiically become a trunk port Still if we want to make it trunk. Here are the configuration int range fao/2 - 4 switchport trunk encapsulation dotiq switchport mode trunk. #tHHCON- SWLHTH int fao/4 no switchport ip add 192.168.5.1 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 192.168.5.2 #HHRouter ttt enable conf t hostname Gw int gigo/o/1 ip add 192.168.5.2 255.255.255.0 no shutdown ip route 192.168.10.0 255.255.255.0 192.168.5.1 ip route 192.168.20.0 255.255.255.0 192.168.5.1 ip route 192.168.30.0 255.255.255.0 192.168.5.1