What is a VLAN?

CCNA 200-301

CCNP Enterprise

CCNP Security

CCIE Enterprise Lab

CCIE Security Lab

CCNP Service Provider

CCNP Data Center

CCNP Collaboration

CCIE DC Lab

2019-10-31

VLAN (Virtual LAN) is a logical grouping of devices in the same broadcast domain. Usually, by configuring some VLAN, methods on the switch, some interfaces are placed in one broadcast domain and some interfaces in another broadcast domain. VLAN can be distributed across multiple switches, each VLAN as its own subnet or a broadcast domain. This means that frames broadcast to the network will only switch between ports within the same VLAN.

VLAN acts like a physical LAN, but it can group hosts in the same broadcast domain even if the host is not connected to the same switch.

This is the main reason why VLAN should be used in the network:

1. VLANs increase the number of broadcast domains while decreasing their size.

2. VLAN reduces security risks by reducing the number of hosts that receive frame copies flooded by switches.

3. you can keep hosts that hold sensitive data on a separate VLAN to improve security.

4. you can create more flexible network designs that group users by department instead of by physical location.

5. network changes are achieved with ease by just configuring a port into the appropriate VLAN.

The following topology shows a network with all hosts inside the same VLAN:

If there is no VLAN, the broadcast sent from host A will reach all devices on the network. By placing the interfaces Fa0/0 and Fa0/1 on both switches in a separate VLAN, the broadcast from host A will only reach host B because each VLAN is a separate broadcast domain and only host B is in the same VLAN as host A. The hosts in VLAN 3 and VLAN 5 do not even know how to communicate.

As shown in the following figure:

NOTE

To reach hosts in another VLAN, a router is needed.

Access & trunk ports

Each port on the switch can be configured to access a port or trunk port. The access port is a port that can be assigned to a single VLAN. This type of interface is configured on a switch port connected to a device having a common network card, such as a host on a network. The trunk interface is the interface that is connected to another switch. This type of interface can carry traffic for multiple VLANs.

In the example network shown above, the link between SW1 and SW2 will be configured as a relay interface. All other switch ports are connected to end-user devices, so they need to be configured as access ports.

Note: if you have any questions, and you can contact us directly.SPOTO is committed to various Cisco certification exams.