A VLAN is a Virtual LAN which allows us to logically separate computers on our network.
In previous years, an office would have a physical switch or hub in each office, and offices were structured around the job function. In other words, all sales people would be in the same office and would all be connected to the same switch or hub. This allowed for physical association of devices in our networks. In today’s networks people are often spread across multiple offices but we still want to have them separated from a logical point of view.
One reason we want to separate machines logically is to implement access controls. If I don’t want to allow sales people to share and copy files with the marketing people then I would need to implement an ACL (Access Control List) that would deny the traffic. This is easy to achieve if the sales and marketing people are in separate subnets and logically separated from each other. VLAN’s give us this exact option. If you computer has been plugged into a port that is configured in VLAN 10, you are only able to communicate with people in VLAN 10. In order for you to communicate with a different VLAN you traffic MUST go through a router (multi-layer switches have built in routers) and hence the router would be able to run Access lists to allow or deny the traffic.
Another reason for separating the traffic is to isolate broadcasts. Routers do not forward broadcast messages, so any broadcasts that take place on VLAN 10 would remain in VLAN 10.
Another important thing to remember about VLAN’S is:
A VLAN is equal to a Subnet. This means that if I have 2 VLANS, I have at least 2 subnets. I can have more than 1 subnet in a single VLAN, but I cannot have 1 subnet in multiple VLANS.
Below is the configuration to configure a VLAN. To see how to configure a port to belong to a VLAN see the article Configuring an Access port on a Cisco switch
AOIP.ORG# conf t
Enter global configuration mode
AOIP.ORG(config)# vlan 2
This creates VLAN 2
AOIP.ORG(config-vlan)# name sales
In order to make troubleshooting easier, naming the VLAN is a good idea. In this case ‘sales’ is the name of the VLAN
Exit VLAN mode
AOIP.ORG(config-vlan)# vlan 3
This creates VLAN 3
AOIP.ORG(config-vlan)# name marketing
Naming VLAN 3 – marketing
Exit VLAN mode
Exit global configuration mode
AOIP.ORG# show vlan
You will now be able to see which VLAN’s have been created on your device and which ports have been allocated to them.
Here is the live Demo: