VLANs and Trunks

VLANs Overview

VLANs – A switches is used to set up a local area network (LAN). A VLAN stands for a virtual local area network. By default, all of the ports on a Cisco switch are part of the same default VLAN (VLAN1) and therefore the same network. A VLAN is a network and a network is a broadcast domain. If you configure various switch ports for separate VLANs, then the devices on those ports will belong to separate VLANs and therefore, will be segmented into separate broadcast domains and networks. This is effectively like dividing a switch into multiple switches. This is cost effective, because instead of having multiple switches, each for a different network, you can have one switch configured for multiple VLANs and you can assign the ports on that switch to belong to whatever VLAN you need the host to belong to.

VLAN Types

Data VLAN – A data VLAN carries only user data not management data, control data or voice data.

Default VLAN – On a Cisco switch the default VLAN is VLAN1. This means that by default, when a Cisco switch boots up for the first time all the ports are automatically assigned to the default VLAN, VLAN1. You cannot delete or rename VLAN1 but you can assign the ports on the switch to a different VLAN. It is considered best practice to make all of the user ports on the switch belong to a different default VLAN, one other than VLAN1. In this way, control data such as CDP and STP (spanning tree protocol) which are by default carried on VLAN1 would be on a separate VLAN from user data.

Native VLAN – The native VLAN, if not explicitly configured, will default to the default VLAN, (VLAN1). The Native VLAN is configured for an 802.1Q Trunk port. 802.1Q trunks carry traffic from multiple VLANs by tagging the traffic with VLAN identifiers (Tagged Traffic) which identifies which packets are associated with which VLANs, and they can also carry non VLAN traffic from legacy switches or non 802.1Q compliant switches (Untagged Traffic). The switch will place untagged traffic on the Native VLAN by using a PVID identifier. Native VLAN traffic is not tagged by the switch. It is a best practice to configure the Native VLAN to be different than VLAN1 and to configure it on both ends of the trunk.

Management VLAN – The management VLAN is any VLAN you configure to allow a host to connect to the switch and remotely manage it. The management VLAN will need to be configured with an IP address and subnet mask to allow a manager to connect to the switch by either a web interface (HTTP), Telnet, SSH, or SNMP.

VLAN ID Ranges

Normal Range

  • 1 to 1005
  • VLAN1 (default), created by default, cannot be deleted
  • VLAN1002-1005 (Token Ring and FDDI default), created by default and cannot be deleted
  • Stored in the VLAN.dat file in Flash memory

Extended Range

  • 1006 – 4094
  • Extended VLAN range used by ISPs
  • Stored in Running-Config

Trunks – If you have a switch that has ports variously configured on four different VLANs, then that switch has four different networks on it. When you connect that switch to a router or to another switch you will need four ethernet connections or links, one for each VLAN/network. A more cost effective way to connect a switch with multiple VLANs to a router or switch would be to configure a Trunk. A Trunk is a special kind of port configuration which allows multiple VLANs to travel over one link. This way multiple networks can travel over one trunk instead of wasting valuable ports to connect from switch to switch or switch to router. A Cisco trunk by default uses the 802.1Q protocol. The 802.1Q protocol places and strips VLAN tags on packets to identify which VLAN they belong to.

CLI Commands

switch#show vlan
switch#show interfaces trunk

switch(config)#vlan <vlan number>
switch(config-vlan)#name <vlan name>

switch(config)#interface fa0/x
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan <1-4096>

switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan <1-1005>
switch(config-if)#switchport trunk native vlan <1-1005>

Configuring VLANs and Trunks Video Tutorials

In the video tutorials below I demonstrate how to configure VLANs and Trunks on a Cisco switch using Packet Tracer.

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *