How to Use VLAN Technology on Cisco Switches
1. What is VLAN?
A VLAN (Virtual Local Area Network) is a logical subdivision of a Layer 2 network. VLANs allow network administrators to segment networks into different broadcast domains, even if the devices are physically connected to the same switch.
Benefits of VLANs:
Improved security
Reduced broadcast domains
Enhanced network performance and management
Logical grouping of users by function rather than location
2. VLAN Basics on Cisco Switches
VLAN IDs range from 1 to 4094:
1 and 1002–1005: Reserved VLANs
2–1001: Normal range VLANs
1006–4094: Extended range VLANs (require VTP in transparent mode)
3. VLAN Configuration Steps
Step 1: Enter VLAN Configuration Mode
Switch# configure terminalSwitch(config)# vlan 10Switch(config-vlan)# name SalesSwitch(config-vlan)# exit
Step 2: Assign VLAN to Switch Ports
Switch(config)# interface fastethernet 0/1Switch(config-if)# switchport mode accessSwitch(config-if)# switchport access vlan 10Switch(config-if)# exit
Step 3: Verify VLAN Configuration
Switch# show vlan brief
4. VLAN Port Modes
| Mode | Description |
|---|---|
| Access | Used for end devices (e.g., PCs). Only one VLAN allowed. |
| Trunk | Carries multiple VLANs between switches or to routers. |
| Dynamic Auto | Passive mode that becomes trunk if other end is trunk or desirable. |
| Dynamic Desirable | Actively negotiates trunking. |
Set a Trunk Port
Switch(config)# interface gig0/1Switch(config-if)# switchport trunk encapsulation dot1qSwitch(config-if)# switchport mode trunkSwitch(config-if)# switchport trunk allowed vlan 10,20
5. Inter-VLAN Routing (Router-on-a-Stick)
To enable communication between VLANs, a Layer 3 device (like a router or Layer 3 switch) is required.
Router-on-a-Stick Example
Router(config)# interface gig0/0.10Router(config-subif)# encapsulation dot1Q 10Router(config-subif)# ip address 192.168.10.1 255.255.255.0Router(config)# interface gig0/0.20Router(config-subif)# encapsulation dot1Q 20Router(config-subif)# ip address 192.168.20.1 255.255.255.0
6. Best Practices
Document VLAN design with names and purposes.
Avoid using VLAN 1 for user traffic.
Use management VLAN (e.g., VLAN 99) to isolate switch management access.
Use Native VLAN tagging for security (avoid mismatches).
Secure trunk ports with allowed VLAN lists and disable unused ports.
7. Troubleshooting VLAN Issues
| Command | Purpose |
|---|---|
show vlan brief | Verify VLAN existence and port assignment |
show interfaces trunk | View trunking configuration and allowed VLANs |
show interfaces switchport | Check interface mode and assigned VLAN |
ping | Test inter-VLAN connectivity |
show mac address-table | Confirm MAC learning within VLANs |
