Virtual LAN (VLAN)

A Virtual Local Area Network (VLAN) is a logical segmentation of a Layer 2 (Data Link Layer) network that enables devices to be grouped together regardless of their physical location. Unlike traditional LANs that rely on physical topology, VLANs are implemented in switches using IEEE 802.1Q VLAN tagging.

By partitioning a single physical network into multiple broadcast domains, VLANs improve security, performance, flexibility, and manageability. Traditionally, routers (Layer 3 devices) were used to break up broadcast domains. However, VLANs enable switches to perform this segmentation at Layer 2.

• Same VLAN: Devices can communicate directly within the VLAN.
• Different VLANs: Communication requires Inter-VLAN Routing (using a router or Layer 3 switch).

Note: In a normal LAN, all devices connected to the same switch are part of the same broadcast domain. Any broadcast frame sent by one device is received by all other devices, leading to unnecessary traffic and potential security risks

VLAN Ranges (Cisco Standard)

• VLAN 0 & 4095: Reserved, not usable.
• VLAN 1: Default VLAN; all switch ports belong here initially. Cannot be deleted.
• VLAN 2–1001: Normal VLAN range (configurable, editable, deletable).
• VLAN 1002–1005: Reserved for legacy Token Ring and FDDI.
• VLAN 1006–4094: Extended VLAN range.

VLAN Configuration Example

# Create VLANs
Switch(config)# vlan 2
Switch(config-vlan)# name Accounts

Switch(config)# vlan 3
Switch(config-vlan)# name HR

# Assign switch ports to VLANs
Switch(config)# interface fa0/0
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 2

Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 3

Here, port fa0/0 belongs to VLAN 2 and port fa0/1 belongs to VLAN 3. Devices in different VLANs need Inter-VLAN Routing to communicate.

Types of VLAN Links

• Access Link: Connects a VLAN-unaware device to a VLAN-aware switch (frames untagged).
• Trunk Link: Connects VLAN-aware devices (switch-to-switch, switch-to-router) carrying multiple VLANs with 802.1Q tagging.
• Hybrid Link: Supports both tagged and untagged traffic.

VLAN Features

• VLAN Tagging (802.1Q): Inserts a 4-byte VLAN tag into Ethernet frames.
• VLAN Membership: Devices grouped by port, MAC address, or protocol.
• VLAN Trunking: Enables multiple VLANs over one physical link.
• Dynamic VLANs: Membership assigned automatically based on policies.

Real-Time Applications of VLANs

• VoIP (Voice over IP): Dedicated VLAN for voice traffic ensures QoS.
• Video Conferencing: Prioritized VLAN reduces latency and jitter.
• Cloud & Data Centers: VLANs isolate tenant workloads.
• IoT Networks: Devices segmented for security.
• Gaming Networks: VLANs prioritize gaming traffic.
• Remote Access: Secure VLANs for VPN and external users.

Pros of VLANs

• Improved Security: Sensitive traffic isolated within VLANs.
• Enhanced Performance: Reduces broadcast and multicast overhead.
• Simplified Management: Logical grouping of departments (e.g., HR, Finance).
• Flexibility: Devices can be reallocated without physical rewiring.
• Cost Savings: Eliminates need for excessive routers.
• Scalability: Networks can be segmented into manageable subnets.

Cons of VLANs

• Increased configuration complexity.
• Scalability limitations due to VLAN ID restrictions.
• Security risks if VLAN hopping attacks are exploited.
• Interoperability issues with non-standard devices.
• Troubleshooting challenges due to isolated traffic flows.

Suggested Quiz

Edit Quiz

5 Questions

By default, all switch ports belong to which VLAN?

• A

  VLAN 0

• B

  VLAN 1

• C

  VLAN 100

• D

  VLAN 4095

Explanation:

VLAN 1 is the default native VLAN on every Cisco and most vendor switches. It cannot be deleted.

What is the main benefit does a VLAN provide?

• A

  Increases broadcast traffic

• B

  Breaks a switch into multiple broadcast domains

• C

  Layer 2 to Layer 3

• D

  Encrypts all traffic

Explanation:

One physical switch → many logical broadcast domains = reduced unnecessary broadcasts.

Which IEEE standard defines VLAN tagging?

• A

  802.3ad

• B

  802.1Q

• C

  802.1D

• D

  802.11ac

Explanation:

802.1Q inserts a 4-byte tag (including 12-bit VLAN ID) into the Ethernet frame.

Ports configured as “switchport mode access” belong to how many VLANs?

• A

  Zero

• B

  Exactly one VLAN

• C

  Multiple VLANs

• D

  All VLANs

Explanation:

Access ports are untagged and belong to a single VLAN only.

Which VLAN range is called the “Normal Range” on Cisco switches?

• A

  1–1001

• B

  2–1001

• C

  1–4094

• D

  1006–4094

Explanation:

VLAN 1 is default, 2–1001 are user-creatable normal range VLANs stored in vlan.dat.

Quiz Completed Successfully

Your Score :   2/5

Accuracy :  0%

Login to View Explanation

1/5 1/5 < Previous Next >