Every worker in this industry has to have a thorough grasp of the VLAN (Virtual Local Area Network) technology since it is a basic idea in TCP/IP computer networks.

VLANs are implemented and set up on Ethernet switches and operate at OSI Layer 2.

They are a technique for conceptually separating Layer 2 Ethernet frames created by various network devices such that only frames with the same VLAN ID may interact at the Layer 2 level.

A Layer 3 device, such as a router, is required for communication between frames with various VLAN IDs.

So, we may manage the traffic across several VLANs using a router (or Layer 3 switch), for example, by utilizing access control lists.

By separating the traffic from various devices such that they may only connect at layer 2 with other devices that have been allocated the same VLAN number, this frame separation (and device separation) increases network security.

Describe VLANs.

A hub or repeater is used in a typical LAN to link workstations to one another. Any data that is received is sent throughout the network by these devices. A collision will happen, and the communicated data will get lost if two users try to send information. Hubs and repeaters will keep spreading the collision once it has taken place throughout the network.

VLANs on Cisco Switches

A database keeps track of every new VLAN generated on a switch. The vlan.dat file, as it contains this information, is held in the NVRAM or flash memory.

On a Cisco switch, the command shows VLAN gets used to display the contents of the VLAN database.

All specified VLANS will be lost if the switch's Vlan.dat file gets removed, and the database will be restored to its default settings.

The default VLAN

The default VLAN for Cisco switches and the massive other switch suppliers is VLAN 1, as it is where all the interfaces get put when a Cisco switch gets switched on for the first time after leaving the factory.

All devices connected to the default VLAN can communicate since Ethernet packets are not tagged when leaving the interface.

On a Cisco switch, VLAN 1 cannot get erased and is active. It can be perplexing when network managers refer to the VLAN that has been assigned for empty interfaces as the default VLAN since, in reality, this VLAN was chosen as a security best practice for the assignment of interfaces.

Native VLAN

Trunk interfaces are used to link several switches together. The Ethernet frames from many tagged VLANs can be sent over a trunk interface, as opposed to a regular Access interface, which can only transport traffic for the one VLAN that has been allocated to it. It gets referred to as 802.1q Trunking. In addition to untagged frames like control traffic or traffic from legacy devices that cannot tag their Ethernet packets, the trunk also transmits tagged frames through its link.

By default, VLAN 1, the original VLAN, receives all this untagged traffic. A native VLAN can and frequently is given a different number, distinguishing it from the default VLAN.

The native VLAN can have any number you choose between 1 and 4094, but it must match both interfaces that link to the trunk. It is an essential point to keep in mind. A native VLAN of 2 on one side and a native VLAN of 3 on the other are incompatible since this would result in a mismatch and prevent communication over the trunk.

Management VLAN

For the sole purpose of administering infrastructure devices through SSH, HTTPS, SMTP, SYSLOG, etc.,.

Any VLAN number the administrator chooses to use. A Layer 3 device, such as a router or multi-layer switch, must be used to construct a Switch Virtual Interface (SVI) and assign an IP Address for the devices in this VLAN to be available for control from a distant computer.

Using the management VLAN to divide management traffic from user data traffic complies with best practices.

A data VLAN

Devices belonging to end users get allocated to the data VLAN. Numerous Data VLANS that can be numbered or named to represent various departments or groups of devices may exist.

There may be a VLAN named Finance, followed by a VLAN named Sales, and a third VLAN named Research.

A VLAN might get constructed for several devices, such as one for phones or one for audio and video devices called AV.

Voice LAN

Each desk often has a computer and an IP phone. Two cables would need to be run from each device to the switch if the IP phone, and PC connected to the switch individually.

Because the switch's available interfaces would rapidly fill up in a big workplace, Cisco developed IP phones with a tiny switch integrated within the phone's base unit.

With the help of this tiny switch, a PC may be connected to a phone, and the phone can then relay traffic from the PC through a single Ethernet connection to a Cisco switch.

It is problematic that a switch interface with switchport mode access can only support one VLAN on the interface.

Cisco switches allow a conventional Data VLAN to be assigned to the switch port, supporting the computer, and then a Voice VLAN to support a Cisco IP phone, which may get added.

When IP packets leave the phone, they get labeled with voice VLAN for IP phones or data VLAN for packets coming from computers.

Untagged and Tag VLAN/Port

Dot1q tags are optional; packets can either have them or not.

Tagged port: A VLAN tag gets required on every packet. Multiple VLANs' traffic gets accepted on this port. It is used most to link switches.

Untagged Port: In Cisco, directed--to as the "Access" port. Only permits traffic for a single VLAN. It gets used to link end devices to switches.

Some end devices can add a dot1q tag to packets as they leave the device, but massive do not.

Determining what happens to the tagging when the packet reaches the switch will thus rely on the type of interface the device is attached to.

Private LANs

Private VLANS allow devices in the same VLAN to get separated by assigning them a secondary VLAN.

An interface will have a main VLAN number allocated to it if a switch gets set up for private VLANs.

One of the interfaces in the group will get set up as a promiscuous port. Any other interface can interact with this promiscuous interface, and any interface can respond.