VLAN Concepts

Posted: 12th June 2022 by ccna7guru in SRWE

Defining VLANs
A VLAN allows a network administrator to create groups of logically networked devices based on
functions, departments, or project teams.
For computers to communicate on the same VLAN, each must have an IP address and a subnet mask
that belong to the same subnet and are consistent for that VLAN. The switch has to be configured
with the VLAN, and each port in the VLAN must be assigned to the VLAN. A switch port with a singular VLAN configured on it is called an access port. Remember that just because two computers are
physically connected to the same switch does not mean that they can communicate. Devices on two
separate subnets must communicate via a router, whether or not VLANs are used.

Benefits of VLANs
Implementing VLAN technology enables a network to more flexibly support business goals. The primary benefits of using VLANs are
■ Security
■ Cost reduction
■ Higher performance
■ Broadcast storm mitigation
■ Improved IT staff efficiency
■ Simpler project or application management

VLAN ID Ranges
VLANs are divided numerically into a normal range and an extended range. Normal range VLANs are
identified by a VLAN ID between 1 and 1005. Configurations are stored within a VLAN database file,
called vlan.dat, which is the Flash memory of the switch.
Extended range VLANs are identified by a VLAN ID between 1006 and 4094 and are saved in the
running configuration file. VTP does not learn extended range VLANs.
One Cisco Catalyst 2960 switch can support up to 255 VLANs. Why is the number of VLANs that
can be configured on a switch limited?
The number of VLANs configured affects the performance of the switch hardware.

Types of VLANs
Today there is essentially one way of implementing VLANs: port-based VLANs. Among the portbased VLANs, there are a number of different types of VLANs.
A data VLAN is a VLAN that is configured to carry only user-generated traffic. These VLANs are
sometimes referred to as user VLANs.
All switch ports are members of the default VLAN after the initial, out-of-the-box bootup of the
switch. In this VLAN, which is numbered VLAN 1, all switch ports are part of the same broadcast
Briefly define and explain the purpose of a black hole VLAN:
It is a security best practice to define a black hole VLAN to be a dummy VLAN distinct from all other
VLANs defined in the switched LAN. All unused switch ports are assigned to the black hole so that
any device connecting to an unused switch port will be assigned to the black hole VLAN. Any traffic
associated with the black hole VLAN is not allowed on trunk links, thus preventing any device associated with the black hole VLAN from communicating beyond the switch to which it is connected.
A native VLAN is assigned to an IEEE 802.1Q trunk port, which supports traffic coming from many
VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic).
You assign the management VLAN an IP address and subnet mask so that the switch can be managed
via HTTP, Telnet, SSH, or SNMP. VLAN 1 would serve as the management VLAN if you did not
proactively define a unique VLAN to serve this purpose. It is a security best practice to define this
VLAN to be a VLAN distinct from all other VLANs defined in the switched LAN.
Note: For simplicity and for our purposes in this book, we most often use VLAN 99 for both the management
VLAN and the native VLAN. However, some activities and labs may require you to use a different number so that you do not get in the habit of always using 99 as the VLAN number.
Voice VLANs
It is easy to appreciate why a separate VLAN is needed to support Voice over IP (VoIP). List four
requirements for VoIP traffic:
■ Assured bandwidth to ensure voice quality
■ Transmission priority over other types of network traffic
■ Ability to be routed around congested areas on the network
■ Delay of less than 150 milliseconds (ms) across the network
Network Application Traffic Types
In CCNA Exploration: Network Fundamentals, you learned about the different kinds of traffic a LAN
handles. Because a VLAN has all the characteristics of a LAN, a VLAN must accommodate the same
network traffic as a LAN.

List three different types of network management and control traffic that can be present on the LAN:
■ Cisco Discovery Protocol (CDP) traffic
■ Simple Network Management Protocol (SNMP) traffic
■ Remote Network Monitoring (RMON) traffic
IP telephony traffic consists of signaling traffic and voice traffic. Signaling traffic is responsible for
call setup, progress, and teardown, and traverses the network end to end.

IP multicast traffic is sent from a particular source address to a multicast group that is identified by a
single IP address.
Normal data traffic is related to file creation and storage, print services, e-mail database access, and
other shared network applications that are common to business uses.
The Scavenger class is intended to provide less-than-best-effort services to certain applications.
Applications assigned to this class have little or no contribution to the organizational objectives of the
enterprise and are typically entertainment oriented in nature.
Switch Port Membership Options
A port can be configured to support these VLAN options:

■ Static VLAN: Ports on a switch are manually assigned to a VLAN. Enter the commands to
configure FastEthernet 0/5 as an access port using VLAN 15:
S1(config)#interface fastethernet 0/5
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 15

■ Dynamic VLAN: Configured using a special server called a VLAN Membership Policy Server
(VMPS) that can assign switch ports to VLANs automatically based on the source MAC
address of the device connected to the port.

■ Voice VLAN: A port is configured with the voice VLAN feature enabled so that it can support
an IP phone attached to it. To configure voice support on the port, you need to configure a
VLAN for voice and a VLAN for data. Enter the commands to configure FastEthernet 0/5 as an
access port using data VLAN 15 and voice VLAN 115:
S1(config)#interface fastethernet 0/5
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 15
S1(config-if)#mls qos trust cos
S1(config-if)#switchport voice vlan 115
What command generated the following output?
S1#show interfaces fa0/5 switchport
Name: Fa0/5
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 15 (VLAN0015)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 115 (VLAN0115)
<output omitted>
The switch port configuration supporting voice and data has the following characteristics:
■ The configuration command mls qos trust cos ensures that voice traffic is identified as priority

■ The switchport voice vlan 115 command identifies VLAN 115 as the voice VLAN.

■ The switchport access vlan 15 command configures VLAN 15 as the access mode (data)

  1. Muhammad Shehryar says:

    Best vlan concept

  2. Guru dave says:

    Best vieling