Introduction
VLAN is defined as a Virtual Local Area Network or Virtual LAN. A VLAN is used to divide the broadcast domain of a switch. By default a switch has multiple collision domains and a single broadcast domain.
We can say that a VLAN is a group of networking devices in the same broadcast domain. By default every switch has a VLAN 1 and all ports of the switch are into VLAN 1. But we can create more VLANs as needed.
Advantages of creating VLAN on Switch
Divide Broadcast
By default a switch has a single broadcast domain which increases traffic in the network. The VLAN divides the broadcast domain of the switch because every VLAN has his separate broadcast domain.
Increase security
By default all users or computers into the same VLAN can communicate with each other. Computer into a VLAN cannot communicate with the computer into another VLAN. If we want to make inter VLAN or between two VLAN then we need a L3 device like a router or L3 switch. Using the access list of the router we control the access of the network.
There are two types of VLAN; they are:
Static VLAN
In a static VLAN we configure the VLAN manually. VLAN assignments are created by assigning ports to a VLAN.
Dynamic VLAN
In a dynamic VLAN we use some protocol and some software to create the VLAN, delete the VLAN and to configure the VLAN.
VTP (VLAN Trucking Protocol)
VTP is used to manage the inter VLAN communication. If we want to make a communication between two or more VLANs then it is possible using a VLAN trunking protocol. VTP is used to create a VLAN, delete a VLAN and modify a VLAN.
Example
In this network we have one switch (L2 switch). In this switch we are creating two VLANs, VLAN 2 and VLAN 3. VLAN 2 has two computers and has the 192.168.1.0 network. VLAN 3 has three computers and network address 192.168.2.0.
![VirtualLAN.jpg]()
Configuration of Switch
|
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname IT
IT(config)#enable secret admin
IT(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) 'enable' secret
level Set exec level password
IT(config)#vlan 2
IT(config-vlan)#name it
IT(config-vlan)#exit
IT(config)#vlan 3
IT(config-vlan)#name hr
IT(config-vlan)#exit
IT(config)#interface fastEthernet 0/2
IT(config-if)#switchport mode access
IT(config-if)#switchport access vlan 2
IT(config-if)#exit
IT(config)#interface fastEthernet 0/3
IT(config-if)#switchport mode access
IT(config-if)#switchport access vlan 2
IT(config-if)#exit
IT(config)#interface fastEthernet 0/11
IT(config-if)#switchport mode access
IT(config-if)#switchport access vlan 3
IT(config-if)#exit
IT(config)#interface fastEthernet 0/12
IT(config-if)#switchport mode access
IT(config-if)#switchport access vlan 3
IT(config-if)#exit
IT(config)#interface fastEthernet 0/13
IT(config-if)#switchport mode access
IT(config-if)#switchport access vlan 3
IT(config-if)#exit |
PC 0 communicated with PC 1
![AccessVLAN.jpg]()
PC 2 communicated with PC 3
![VirtualTrunkingProtocol.jpg]()
It shows all VLAN configured on switch
![ShowVLAN.jpg]()
It shows configuration of all interfaces of switch
![SwitchInterface.jpg]()