• 12 hours
  • Medium
License

Free online content available in this course.

course.header.alt.is_video

course.header.alt.is_certifying

Got it!

Last updated on 6/30/22

Use VLANs to Reduce Your Broadcast Domains

Discover the Advantages of a VLAN

You’ve previously seen that to limit the broadcast domain, you need to use routers because they segment the broadcast domains. You could consider segmenting each service using routers, but this would be very expensive and complicated to set up.

In a switched network, we’re going to use VLANs, which provide segmentation and support flexibility within the organization. VLANs (Virtual LANs) are based on logical connections rather than physical connections.

Each VLAN is considered to be a distinct logical network. VLAN devices behave as if they were in their own, independent network, even if they share common infrastructure with other VLANs. Any switch port can belong to a VLAN.

VLANs improve network performance by splitting huge broadcast domains into smaller domains. If a VLAN device sends an Ethernet broadcast frame, all devices on that VLAN receive it, but not the devices on other VLANs.

Illustration of the organization's network in which each circle represents a broadcast domain in the organization’s network
Each circle represents a broadcast domain in the organization’s network (printers, shown in blue, are on the same broadcast domain)

The broadcast domains are now smaller, but there are more of them!

Each VLAN within a switched network corresponds to an IP network. As a result, when setting up a VLAN, you must implement a hierarchical addressing model.

Hierarchical addressing in a network means that the IP network numbers are applied to network segments or VLANs. This segmentation takes the whole network into consideration. Contiguous network addresses are reserved and configured on devices located in a specific area of the network. Here’s the slightly simplified addressing plan with the VLANs that you’re going to implement in Cisco Packet Tracer:

Groups

VLAN ID

Network address

First available address

Last available address

Network gateway

Executive

20

192.168.20.0/24

192.168.20.1

192.168.20.253

192.168.20.254

Sales

21

192.168.21.0/24

192.168.21.1

192.168.21.253

192.168.21.254

HR

22

192.168.22.0/24

192.168.22.1

192.168.22.253

192.168.22.254

Accounting

23

192.168.23.0/24

192.168.23.1

192.168.23.253

192.168.23.254

Operations

24

192.168.24.0/24

192.168.24.1

192.168.24.253

192.168.24.254

Marketing

25

192.168.25.0/24

192.168.25.1

192.168.25.253

192.168.25.254

IT

27

192.168.27.0/24

192.168.27.1

192.168.27.253

192.168.27.254

Servers

30

192.168.30.0/24

192.168.30.1

192.168.30.253

192.168.30.254

Printers

40

192.168.40.0/24

192.168.40.1

192.168.40.253

192.168.40.254

Telephones

50

192.168.50.0/24

192.168.50.1

192.168.50.253

192.168.50.254

WIFI

60

192.168.60.0/24

192.168.60.1

192.168.60.253

192.168.60.254

Administration

100

192.168.100.0/24

192.168.100.1

192.168.100.253

192.168.100.254

The following table lists the advantages of using VLANs in a network:

Benefit

Description

Smaller broadcast domains

Dividing a network into VLANs reduces the number of devices in the broadcast domain.

Optimized security

Only users of the same VLAN can communicate with each other.

Improved efficiency of IT resources.

VLANs simplify network management because users with similar requirements can be configured on the same VLAN, and VLANs can be named so that they are easier to identify.

Reduced cost

VLANs reduce the need for costly upgrades to the network and use bandwidth and existing uplinks more efficiently, which can result in savings.

Better performance

Smaller broadcast domains reduce clutter on the network and improve performance.

Simplified project and application management

VLANs group users and network devices together to cater for organizational and geographical requirements. This means you can have distinct functions that make managing a project or using a specialist application much easier.

Identify Types of VLAN

1. Default VLAN

VLAN 1 is the default VLAN on a Cisco switch. As a result, all ports on the switch are on VLAN 1. What you should know:

  • All ports are assigned to the default VLAN 1.

  • The native VLAN is the default VLAN 1.

  • The management VLAN is the default VLAN 1.

  • VLAN 1 cannot be renamed or deleted.

The command show vlan brief will show you how the VLANs have been assigned to the interfaces. All ports are currently assigned to the default VLAN 1. No native VLAN is explicitly assigned and no other VLAN is enabled. As a result, the native VLAN is defined as the management VLAN. This represents a security risk.

Switch# show vlan brief 
VLAN    Name                     Status  Ports 
----  ------------------- --------- ------------------------------- 
1  default                     active         Fa0/1, Fa0/2, Fa0/3, 
Fa0/4 
                                              Fa0/5, Fa0/6, Fa0/7,
Fa0/8 
                                              Fa0/9, Fa0/10, Fa0/11, 
Fa0/12 
                                              Fa0/13, Fa0/14, Fa0/15, 
Fa0/16 
                                              Fa0/17, Fa0/18, Fa0/19, 
Fa0/20 
                                              Fa0/21, Fa0/22, Fa0/23, 
Fa0/24 
                                              Gig0/1, Gig0/2 
1002    fddi-default         active    
1003    token-ring-default   active    
1004    fddinet-default      active    
1005    trnet-default        active    
Switch#

2. Data VLAN

The data VLANs are configured to separate traffic generated by the user. Data VLANs are used to divide a network up into groups of users or devices.

3. Native VLAN

User traffic from a VLAN must be flagged with the VLAN ID when it’s sent to another switch. Trunk ports are used between switches to handle marked traffic transmission.

VLAN 1 is the native VLAN on a Cisco switch (default VLAN). It’s generally recommended that you configure the native VLAN as an unused VLAN to distinguish it from VLAN 1 and the other VLANs. In fact, it's quite common to dedicate a fixed VLAN to the role of native VLAN for all of the trunk ports of the switched network.

4. Management VLAN

A management VLAN is a data VLAN that is configured specifically for network management traffic, including SSH, Telnet, HTTPS, HTTP and SNMP. By default, VLAN 1 is configured as a management VLAN on a layer 2 switch.

5. Voice VLAN

A separate VLAN is required to handle voice over IP (VoIP). VoIP traffic requires the following elements:

  • Consolidated bandwidth to guarantee voice quality

  • Transmission priority over other types of network traffic

  • Ability to route around the congested areas of the network

  • Delay (ping) of less than 150 ms over the entire network

Let's Recap!

In this chapter, you’ve seen:

  • that VLANs provide a logical and independent grouping of computer equipment. The advantage of creating a network with VLANs is that you can reduce the size of broadcast domains and therefore reduce network congestion.

  • that there are different types of VLAN:

    • Default VLAN

    • Data VLAN

    • Native VLAN

    • Management VLAN

    • Voice VLAN

Now you understand VLANs a bit better, we’re going to configure them on a switch in the next chapter.

Example of certificate of achievement
Example of certificate of achievement