Blog    Log-in    Contact Us

Cisco CCNA 200-301 Exam Study Notes

dot image Cisco® Certification

dot image CompTIA® Certification

dot image JNCIA-Junos® Certification

dot image PMP Certification

dot image Oracle® Certification

dot image Checkpoint® Certification

dot image Microsoft® Certification

dot image Prosoft® Certification

Tutorials

dot image CCNA Tutorial

dot image A+ Tutorial

dot image Network+ Tutorial

8. VLANs (Virtual Local Area Networks)

Introduction

Virtual Local Area Networks (VLANs) are logical subdivisions of a physical network that group devices together based on function, department, or application, regardless of their physical location. VLANs improve network management, security, and performance by isolating traffic and reducing broadcast domains.

Instead of having all devices on a single broadcast domain, VLANs allow segmentation so that broadcast traffic remains within its VLAN, enhancing control and efficiency in large-scale networks.

Why Use VLANs?

  1. Segmentation – Group users/devices by function or department

  2. Improved Security – Devices in different VLANs cannot communicate without a Layer 3 device

  3. Reduced Broadcast Traffic – Broadcasts are limited to their own VLAN

  4. Improved Network Management – Easier to move devices logically without rewiring

  5. Flexibility – Users can be in the same VLAN regardless of their physical location

Components of VLANs

Component Description
VLAN ID Unique number (1–4094) that identifies a VLAN
Access Port Belongs to one VLAN; connects end devices
Trunk Port Carries traffic for multiple VLANs; connects switches
Switch Layer 2 device that supports VLAN configuration
Router / Layer 3 Switch Required for inter-VLAN communication

Types of VLANs

1. Default VLAN

  • VLAN 1 on most switches

  • All ports are assigned to this VLAN by default

2. Data VLAN

  • Carries user-generated traffic (e.g., VLAN 10 for HR)

3. Voice VLAN

  • Separate VLAN for VoIP traffic; prioritizes voice packets

4. Management VLAN

  • Used for switch management (e.g., SSH, SNMP)

5. Native VLAN

  • Un-tagged traffic goes to this VLAN on trunk links (default is VLAN 1)

6. Black Hole VLAN

  • Used to drop untrusted or unused port traffic

VLAN Configuration (Cisco Example)

Step 1: Create VLANs

Switch(config)# vlan 10
Switch(config-vlan)# name HR
Switch(config)# vlan 20
Switch(config-vlan)# name Finance

Step 2: Assign Ports to VLANs

Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Step 3: Configure a Trunk Port

Switch(config)# interface fa0/24
Switch(config-if)# switchport mode trunk

Trunking and 802.1Q

Trunk links carry traffic from multiple VLANs between switches using tagging.

  • IEEE 802.1Q is the standard trunking protocol.

  • Tags VLAN ID in Ethernet frames

  • Native VLAN traffic is not tagged

Command:

Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk

VLAN Routing (Inter-VLAN Communication)

Devices in different VLANs cannot communicate unless routed through a Layer 3 device.

Methods:

  1. Router-on-a-Stick

    • Single router interface with sub-interfaces for each VLAN

    • Requires trunking

interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

  1. Layer 3 Switch

    • Enables routing between VLANs without external router

interface vlan 10
 ip address 192.168.10.1 255.255.255.0
ip routing

VLAN Best Practices

  • Assign meaningful names to VLANs

  • Use standard VLAN ranges (2–1001) for compatibility

  • Reserve VLAN 1 only for management or default use

  • Secure unused ports by placing them in a dummy VLAN

  • Use trunking only where necessary

  • Enable VTP pruning to minimize broadcast traffic

VTP (VLAN Trunking Protocol)

Helps manage VLANs across multiple switches.

Mode Description
Server Can create, modify, delete VLANs
Client Receives updates from server
Transparent Does not participate, forwards updates

Command:

Switch(config)# vtp mode server
Switch(config)# vtp domain mydomain
Switch(config)# vtp password cisco

Security Considerations

  • Disable unused switch ports

  • Change the default VLANs

  • Avoid using VLAN 1 for user traffic

  • Use port security to limit devices per port

  • Disable DTP (Dynamic Trunking Protocol) if not needed

Switch(config-if)# switchport nonegotiate

Common VLAN Issues

Issue Solution
Incorrect VLAN assignment Recheck VLAN configuration on access port
Native VLAN mismatch Ensure same native VLAN on both trunk ends
VTP version mismatch Set all switches to same VTP version
No inter-VLAN routing Verify router-on-stick or Layer 3 config
Trunk port not working Check encapsulation and mode settings

Real-World VLAN Use Cases

  • University Network: Separate VLANs for students, staff, and labs

  • Corporate Office: VLANs per department (HR, Sales, IT)

  • Retail Chain: VLANs for POS systems, guest Wi-Fi, and surveillance

  • Data Center: VLANs for application tiers (web, app, DB)

Conclusion

VLANs are powerful tools for logically segmenting networks to enhance security, performance, and scalability. By grouping users and devices based on roles instead of location, VLANs simplify network management while enforcing access control. Understanding VLAN fundamentals, trunking, inter-VLAN routing, and best practices is essential for designing efficient and secure networks.

Featured Products


dot imageCCNA 200-301 Practice Exam

dot imageCCNA NetSim with Designer

dot imageComptia A+ Labsim

dot imageComptia Network+ Labsim

Anand Software and Training Pvt. Ltd. is not associated with Cisco® organization or any other company. CCNA is a trademarks of Cisco® organization. All trademarks are duly acknowledged. All practice tests and study material provided here is the copyright of Anand Software and Training Pvt. Ltd. All rights reserved.