A VLAN(Virtual LAN) is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

  • A Layer 2 Security
  • Divides a Single Broadcast domain into Multiple Broadcast domains.
  • By default, all ports of the switch are in VLAN1. This VLAN1 is known as
    Administrative VLAN or Management VLAN
  • VLAN can be created from 2 – 1001
  • It Can be Configured on a Manageable switch only
  • There are 2 Types of VLAN Configuration
  1. Static VLAN
  2. Dynamic VLAN

By default, routers allow broadcasts only within the originating network but switches
forward broadcasts to all segments. The reason it’s called a flat network is because it’s one Broadcast domain , not because its design is physically flat. (Flat Network Structure)

  • Network adds, moves and changes are achieved by configuring a port into the appropriate VLAN.
  • A group of users needing high security can be put into a VLAN so that no users outside
    of the VLAN can communicate with them.
  • As a logical grouping of users by function, VLANs can be considered independent
    from their physical or geographic locations.
  • VLANs can enhance network security.
  • VLANs increase the number of broadcast domains while decreasing their size.

The key benefits of implementing VLANs include:

  • Allowing network administrators to apply additional security to network communication
  • Making expansion and relocation of a network or a network device easier
  • Providing flexibility because administrators are able to configure in a centralized
  • environment while the devices might be located in different geographical locations
  • Decreasing the latency and traffic load on the network and the network devices, offering increased performance

VLANs also have some disadvantages and limitations as listed below:

  • High risk of virus issues because one infected system may spread a virus through the whole logical network
  • Equipment limitations in very large networks because additional routers might be needed to control the workload
  • More effective at controlling latency than a WAN but less efficient than a LANvlan-techbuddies

Static VLAN

  • Static VLAN’s are based on port numbers
  • Need to manually assign a port on a switch to a VLAN
  • Also called Port-Based VLANs
  • It can be a member of single VLAN and not multiple VLAN’s

Static VLAN using Database command :

Creation of VLAN

Switch # vlan database
Switch(vlan)# vlan  name 
Switch(vlan)# exit

Assigning port in VLAN

Switch#config terminal
Switch(config)# int fastethernet 
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan


Switch # show vlan

VLAN Creation in config Mode:

Switch(config)# vlan 
Switch(config-Vlan)# name 
Switch(config-Vlan)# Exit

Assigning ports in VLAN

Switch(config)# interface  
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access Vlan
  • The range command (Assigning multiple ports at same time)
  • The range command, you can use on switches to help you configure multiple ports at the same time
Switch(config)# interface range fastEthernet 0/1 - 12

Dynamic VLAN

  • Dynamic VLAN’s are based on the MAC address of a PC
  • Switch automatically assigns the port to a VLAN
  • Each port can be a member of multiple VLAN’s
  • For Dynamic VLAN configuration, a software called VMPS( VLAN Membership Policy
    Server) is needed