This topic explain the purpose of VLANs in a switched networ. Start learning CCNA 200-301 for free right now!!
Note: Welcome: This topic is part of Module 3 of the Cisco CCNA 2 course, for a better follow up of the course you can go to the CCNA 2 section to guide you through an order.
Table of Contents
Of course organizing your network into smaller networks is not as simple as separating screws and putting them into jars. But it will make your network easier to manage. Virtual LANs (VLANs) provide segmentation and organizational flexibility in a switched network. A group of devices within a VLAN communicate as if each device was attached to the same cable. VLANs are based on logical connections, instead of physical connections.
As shown in the figure, VLANs in a switched network enable users in various departments (i.e., IT, HR, and Sales) to connect to the same network regardless of the physical switch being used or location in a campus LAN.
VLANs allow an administrator to segment networks based on factors such as function, team, or application, without regard for the physical location of the users or devices. Each VLAN is considered a separate logical network. Devices within a VLAN act as if they are in their own independent network, even if they share a common infrastructure with other VLANs. Any switch port can belong to a VLAN.
Unicast, broadcast, and multicast packets are forwarded and flooded only to end devices within the VLAN where the packets are sourced. Packets destined for devices that do not belong to the VLAN must be forwarded through a device that supports routing.
Multiple IP subnets can exist on a switched network, without the use of multiple VLANs. However, the devices will be in the same Layer 2 broadcast domain. This means that any Layer 2 broadcasts, such as an ARP request, will be received by all devices on the switched network, even by those not intended to receive the broadcast.
A VLAN creates a logical broadcast domain that can span multiple physical LAN segments. VLANs improve network performance by separating large broadcast domains into smaller ones. If a device in one VLAN sends a broadcast Ethernet frame, all devices in the VLAN receive the frame, but devices in other VLANs do not.
Using VLANs, network administrators can implement access and security policies according to specific groupings of users. Each switch port can be assigned to only one VLAN (except for a port connected to an IP phone or to another switch).
Benefits of a VLAN Design
Each VLAN in a switched network corresponds to an IP network. Therefore, VLAN design must take into consideration the implementation of a hierarchical network-addressing scheme. Hierarchical network addressing means that IP network numbers are applied to network segments or VLANs in a way that takes the network as a whole into consideration. Blocks of contiguous network addresses are reserved for and configured on devices in a specific area of the network, as shown in the figure.
The table lists the benefits of designing a network with VLANs.
Smaller broadcast domains
Dividing a network into VLANs reduces the number of devices in the broadcast domain.
In the figure, there are six computers in the network but only three broadcast domains (i.e., Faculty, Student, and Guest).
Only users in the same VLAN can communicate together.
In the figure, faculty network traffic on VLAN 10 is completely separated and secured from users on other VLANs.
Improved IT efficiency
VLANs simplify network management because users with similar network requirements can be configured on the same VLAN.
VLANs can be named to make them easier to identify.
In the figure, VLAN 10 was named “Faculty”, VLAN 20 “Student”, and VLAN 30 “Guest.”
VLANs reduce the need for expensive network upgrades and use the existing bandwidth and uplinks more efficiently, resulting in cost savings.
Smaller broadcast domains reduce unnecessary traffic on the network and improve performance.
Simpler project and application management
VLANs aggregate users and network devices to support business or geographic requirements.
Having separate functions makes managing a project or working with a specialized application easier; an example of such an application is an e-learning development platform for faculty.
Types of VLANs
VLANs are used for different reasons in modern networks. Some VLAN types are defined by traffic classes. Other types of VLANs are defined by the specific function that they serve.
The default VLAN on a Cisco switch is VLAN 1. Therefore, all switch ports are on VLAN 1 unless it is explicitly configured to be on another VLAN. By default, all Layer 2 control traffic is associated with VLAN 1.
Important facts to remember about VLAN 1 include the following:
All ports are assigned to VLAN 1 by default.
The native VLAN is VLAN 1 by default.
The management VLAN is VLAN 1 by default.
VLAN 1 cannot be renamed or deleted.
For instance, in the show vlan brief output, all ports are currently assigned to the default VLAN 1. No native VLAN is explicitly assigned and no other VLANs are active; therefore, the network is designed with the native VLAN the same as the management VLAN. This is considered a security risk.
Data VLANs are VLANs configured to separate user-generated traffic. They are referred to as user VLANs because they separate the network into groups of users or devices. A modern network would have many data VLANs depending on organizational requirements. Note that voice and network management traffic should not be permitted on data VLANs.
User traffic from a VLAN must be tagged with its VLAN ID when it is sent to another switch. Trunk ports are used between switches to support the transmission of tagged traffic. Specifically, an 802.1Q trunk port inserts a 4-byte tag in the Ethernet frame header to identify the VLAN to which the frame belongs.
A switch may also have to send untagged traffic across a trunk link. Untagged traffic is generated by a switch and may also come from legacy devices. The 802.1Q trunk port places untagged traffic on the native VLAN. The native VLAN on a Cisco switch is VLAN 1 (i.e., default VLAN).
It is a best practice to configure the native VLAN as an unused VLAN, distinct from VLAN 1 and other VLANs. In fact, it is not unusual to dedicate a fixed VLAN to serve the role of the native VLAN for all trunk ports in the switched domain.
A management VLAN is a data VLAN configured specifically for network management traffic including SSH, Telnet, HTTPS, HHTP, and SNMP. By default, VLAN 1 is configured as the management VLAN on a Layer 2 switch.
A separate VLAN is needed to support Voice over IP (VoIP). VoIP traffic requires the following:
Assured bandwidth to ensure voice quality
Transmission priority over other types of network traffic
Ability to be routed around congested areas on the network
Delay of less than 150 ms across the network
To meet these requirements, the entire network has to be designed to support VoIP.
In the figure, VLAN 150 is designed to carry voice traffic. The student computer PC5 is attached to the Cisco IP phone, and the phone is attached to switch S3. PC5 is in VLAN 20, which is used for student data.
Packet Tracer – Who Hears the Broadcast?
In this Packet Tracer activity, you will complete the following objectives:
Part 1: Observe Broadcast Traffic in a VLAN Implementation
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.