¶ Introduce
¶ VLAN
A VLAN (Virtual Local Area Network) is a way to divide a physical computer network into multiple, separate virtual networks. This allows you to group computers based on function, department, or project—without changing the existing physical wiring.
¶ Configuration
¶ VLAN Creation
| Command | Description |
|---|---|
S1(config)#vlan [vlan-ID] |
Creates a VLAN and assigns a VLAN number |
S1(config-vlan)#name [name] |
Assigns a name to the VLAN |
Example:
vlan 10
name VLAN-10
vlan 20
name VLAN-20
vlan 99
name VLAN-Management
¶ Assigning VLAN to Interfaces
After creating VLANs, you can assign switch ports to them.
| Command | Description |
|---|---|
S1(config)#interface [int-id] |
Use interface range to configure multiple ports |
S1(config-if)#switchport mode access |
Sets the interface to access mode |
S1(config-if)#switchport access vlan [vlan-id] |
Assigns the interface to a specific VLAN |
Example:
interface GigabitEthernet1/0
switchport mode access
switchport access vlan 10
interface range GigabitEthernet2/0 - 3
switchport mode access
switchport access vlan 20
¶ Deleting a VLAN
| Command | Description |
|---|---|
S1(config)#no vlan [vlan-id] |
Deletes a specific VLAN |
S1(config)#delete flash:vlan.dat |
Deletes the VLAN database file from flash memory |
¶ Removing an Interface from a VLAN
| Command | Description |
|---|---|
S1(config)#interface [int-id] |
Enter interface configuration mode |
S1(config-if)#no switchport access vlan [vlan-id] |
Removes the VLAN assignment from the port |
⚠️ When a VLAN is deleted, ports assigned to that VLAN become inactive.
However, if you useno switchport access vlan [vlan-id], the port returns to VLAN 1.
¶ Lab
¶ Topology
Before VLAN configuration, all four end hosts are on the same LAN (192.168.0.0/24) and can communicate with each other.
After configuring VLANs, we’ll split the topology into two separate VLANs to isolate traffic.
| Host | VLAN |
|---|---|
| PC1, PC2 | VLAN 10 |
| PC3, PC4 | VLAN 20 |
¶ Configuration
¶ Create VLANs
Switch(config)#vlan 10
Switch(config-vlan)#name BIRU
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name MAGENTA
Switch(config-vlan)#exit
¶ Assign Ports to VLANs
Switch(config)#interface f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#interface f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
You can also use interface range to configure multiple interfaces at once:
Switch(config)#interface range f0/3-4
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
¶ Check VLAN Summary
Switch#show vlan brief
Sample Output:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5 - Fa0/24, Gig0/1, Gig0/2
10 BIRU active Fa0/1, Fa0/2
20 MAGENTA active Fa0/3, Fa0/4
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
¶ Verification
C:\>ping 192.168.0.2
Pinging 192.168.0.2 with 32 bytes of data:
Reply from 192.168.0.2: bytes=32 time<1ms TTL=128
Reply from 192.168.0.2: bytes=32 time<1ms TTL=128
Reply from 192.168.0.2: bytes=32 time<1ms TTL=128
Reply from 192.168.0.2: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 192.168.0.3
Pinging 192.168.0.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 192.168.0.4
Pinging 192.168.0.4 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.4:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 192.168.0.1
Pinging 192.168.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 192.168.0.2
Pinging 192.168.0.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>ping 192.168.0.4
Pinging 192.168.0.4 with 32 bytes of data:
Reply from 192.168.0.4: bytes=32 time<1ms TTL=128
Reply from 192.168.0.4: bytes=32 time<1ms TTL=128
Reply from 192.168.0.4: bytes=32 time<1ms TTL=128
Reply from 192.168.0.4: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.0.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Max