VLANs

Computer Network CCNA & CCNP

Author By:
Muhammad Amir Latif
IT Engineer || Network Engineer || Network Design specialist || Network
Consultant || CCNA || CCNP Enterprise ||
LinkedIn profile Name Muhammad Amir Latif
Profile Link http://www.linkedin.com/in/muhammad-amir-latif123
WhatsApp Contact Number: 0311 241388
Tittle:
Understand VLANs Guide for network Engineer

Table of Contents:

1. Introduction to VLANs.
2. Benefits of VLANs.
3. VLANs types and Configurations.
 Dynamic VLAN
 Statics VLAN
4. VLAN Tagging and Trunking
5. VLAN Implementation in Different Network Device
6. VLAN Security Best Practices
7. Common VLAN Issues and Troubleshooting
8. VLAN Lab: Step-by-Step Configuration Guide

a. VLAN Lab Setup

b. VLAN Configuration Steps
c. VLAN Testing and Verification
9. Conclusion.

VLAN LAB
Introduction to VLANs:

VLAN (Virtual Local Area Network) is a logical segmentation of a network that enhances security,
efficiency, and management. Unlike traditional LANs, VLANs allow devices to be grouped based on
function rather than physical location, improving network performance and security.

Benefits of VLANs:

 Improved Security: Isolates sensitive data from unauthorized access.

 Better Network Management: Simplifies administration and enhances flexibility.
 Enhanced Performance: Reduces network congestion by limiting broadcast domains.
 Cost-Efficiency: Reduces the need for additional networking hardware.

VLAN Types and Configurations:

Static VLANs:
VLANs (Virtual Local Area Networks) are used to segment networks logically, improving security,
performance, and management. There are two main types of VLANs: Static VLANs and Dynamic
VLANs.

1. Static VLAN (Port-Based VLAN)

A Static VLAN is manually assigned to a switch port by a network administrator. Any device
connected to that port automatically belongs to the assigned VLAN.

Characteristics of Static VLANs:

 VLAN membership does not change unless modified by an administrator.

 Configuration is done by manually assigning VLAN IDs to switch ports.
 Offers better security and control.
 Suitable for smaller networks where devices don’t frequently move.
 Easier to troubleshoot since assignments are fixed.
 Example Configuration (Cisco Switch):

Switch > enabale

Switch # configure Terminal

Switch(config)# vlan 10
Switch(config-vlan)# name SALES

Switch(config)# interface FastEthernet 0/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 10

Dynamic VLAN (MAC-Based or Authentication-Based VLAN)

A Dynamic VLAN automatically assigns devices to VLANs based on their MAC address, username,
or other authentication methods. This is managed using a VLAN Management Policy Server
(VMPS) or RADIUS authentication.

Characteristics of Dynamic VLANs:

 VLAN assignment is automatic based on device identity.

 Requires a VMPS server or authentication-based control (like 802.1X).
 Useful for large enterprises where users frequently change locations.
 Reduces administrative effort since VLAN assignment is dynamic.
 More complex to configure compared to static VLANs.

Example Configuration (Using MAC-Based VLANs):

Switch > enabale

Switch # configure Terminal

Switch(config)# vlan 20

Switch(config-vlan)# name HR

Switch(config)# vmps server 192.168.1.100

Switch(config)# interface FastEthernet 0/2

Switch(config-if)# switchport access vlan dynamic

VLAN Tagging and Trunking:
VLAN tagging ensures proper communication between VLANs using the IEEE 802.1Q standard.
Trunking enables multiple VLANs to traverse a single link, enhancing network efficiency.

VLAN Tagging is the process of adding a unique identifier, or VLAN tag, to Ethernet frames as they
travel through a network. This VLAN tag tells the receiving switch or router which VLAN the frame
belongs to, allowing the network to properly route or switch the traffic based on its VLAN
membership.

How VLAN Tagging Works:

 802.1Q Protocol:
 The most commonly used protocol for VLAN tagging is IEEE 802.1Q. It inserts a 4-byte tag
into the Ethernet frame, which includes the VLAN ID and other relevant data.
 Tag Format:
 The tag is inserted between the source MAC address and EtherType fields of the Ethernet
frame.
 VLAN ID:
 This is a 12-bit field within the tag, allowing for up to 4096 VLANs to be created in a
network.

VLAN Tagging Example: In a tagged Ethernet frame:

| Destination MAC | Source MAC | Ethertype | VLAN Tag | Data | CRC |

VLAN Trunking
VLAN Trunking allows multiple VLANs to be transmitted over a single physical network link. This
is achieved through VLAN tagging, where the switch uses the VLAN tag to differentiate between the
traffic from different VLANs.

How VLAN Trunking Works:

 Trunk Link: A trunk link is a network link (such as an Ethernet cable) between switches, or
between a switch and a router, that carries traffic from multiple VLANs. The trunk link
typically uses VLAN tagging to ensure each frame is assigned to the correct VLAN.
 Native VLAN: The native VLAN on a trunk port is the default VLAN that carries untagged
traffic. If a frame arrives without a VLAN tag, it is assumed to belong to the native VLAN.
 Trunking Protocol: IEEE 802.1Q is the most widely used protocol for trunking, but ISL
(Inter-Switch Link) is used on some older equipment.

Trunking Configuration Example (Cisco Switch):

Switch > enable

Switch # configure Terminal

Switch(config)# interface GigabitEthernet 0/1

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport trunk allowed vlan 10,20,30

VLAN Implementation in Different Network Devices

 Switches: Primary devices for VLAN segmentation.

 Routers: Facilitate inter-VLAN communication.
 Access Points: Enable VLAN-based wireless segmentation.

. VLAN Security Best Practices

 Use Access Control Lists (ACLs) to restrict traffic.
 Implement port security to prevent unauthorized device connections.
 Disable unused ports to minimize security risks.

Use VLAN hopping prevention techniques to mitigate attacks.

Common VLAN Issues and Troubleshooting

Issue Cause Solution

VLAN Mismatch Incorrect VLAN assignment Verify VLAN configurations
Trunking Issues Mismatched trunk settings Ensure correct trunk configurations
Inter-VLAN Routing Missing router-on-a-stick Configure router subinterfaces
Failure setup correctly

VLAN Lab: Step-by-Step Configuration Guide

VLAN Lab Setup

 Devices Required: Cisco switch, router, and PCs.

 VLANs to Configure: VLAN 10 (Sales), VLAN 20 (HR)

VLAN Configuration Steps

Step 1: Create VLANs on the Switch

Switch# configure terminal

Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# vlan 20
Switch(config-vlan)# name HR
Switch(config-vlan)# exit

Step 2: Assign VLANs to Ports

Switch(config)# interface fa0/1

Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# exit
Switch(config)# interface fa0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)# exit

Step 3: Configure Trunking on Uplink Ports

Switch(config)# interface fa0/24

Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# exit

Step 4: Configure Inter-VLAN Routing on Router

Router# configure terminal

Router(config)# interface g0/0.10
Router(config-subif)# encapsulation dot1Q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config-subif)# exit
Router(config)# interface g0/0.20
Router(config-subif)# encapsulation dot1Q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
Router(config-subif)# exit

VLAN Testing and Verification

 Ping from VLAN 10 to VLAN 20 using PC terminals.

 Check VLAN assignments using show vlan brief.
 Verify trunking with show interfaces trunk.
 Ensure inter-VLAN communication using ping command.