VLANs (Virtual Local Area Networks)

Master VLAN configuration, trunking, and network segmentation for enhanced security and performance

What are VLANs?

VLANs (Virtual Local Area Networks) logically segment a physical network into multiple broadcast domains, allowing devices to communicate as if they were on the same physical network segment regardless of their physical location.

Key Concepts:

VLAN ID: Unique identifier (1-4094) for each VLAN
Access Ports: Untagged ports assigned to a single VLAN
Trunk Ports: Tagged ports carrying multiple VLANs
Native VLAN: Default VLAN for untagged traffic on trunk ports
802.1Q: IEEE standard for VLAN tagging

VLAN Benefits:

Security Isolation

Separate sensitive data from public access

Performance

Reduce broadcast domains and network congestion

Management

Logical grouping independent of physical location

Scalability

Easy to add/remove devices from VLANs

VLAN Types & Examples

VLAN 1

Default VLAN

Untagged traffic (VLAN 1)

VLAN 10

Sales VLAN

Sales department devices

VLAN 20

Engineering VLAN

Engineering workstations

VLAN 30

Guest VLAN

Visitor network access

VLAN 99

Management VLAN

Network device management

💡 Quick Tip

VLAN 1 is special:

Default VLAN for all ports
Cannot be deleted
Often used as native VLAN
Security risk if not properly managed

Port Assignment Visualization

Fa0/1ACCESS

VLAN: 10 | Device: Sales PC

Fa0/2ACCESS

VLAN: 10 | Device: Sales Printer

Fa0/3ACCESS

VLAN: 20 | Device: Eng Workstation

Fa0/4ACCESS

VLAN: 30 | Device: Guest Device

Gi0/1TRUNK

VLAN: All | Device: Core Switch