A LAN is a local area network and is defined as all devices in the same broadcast domain. If you remember, routers stop broadcasts, switches just forward them.

What is a VLAN?

vlan is a logical configuration of a network on switch port to segment IP traffic. Using vLans reduce h/w needs by allowing a switch to segment IP traffic into multiple IP subnets on a port by port configuration.

This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN.

Are VLANs required?

It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another.

When do I need a VLAN?

You need to consider using VLAN’s in any of the following situations:

• You have more than 200 devices on your LAN
• You have a lot of broadcast traffic on your LAN
• Groups of users need more security or are being slowed down by too many broadcasts?
• Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users.
• Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network?

A common question is why not just subnet the network instead of using VLAN’s? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations, not going back to the same router, can be on the same network. The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router.

With a VLAN, one device can be connected to one switch, another device can be connected to another switch, and those devices can still be on the same VLAN (broadcast domain).

How can devices on different VLAN’s communicate?

Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.

What is a trunk port?

Let us say we have switch with two vlans. If communication between vlans is needed, it must go through a router. Communication between vlans cannot happen in L2. Switches are L2 and Routers are L3. communication from vlan1 will go to its switch and from there, it goes to the router(L3) and from router it comes back to the switch and from switch it goes to the vlan2. so, we need a port for this transfer to happen. This communication goes through a port called Trunk port.

A trunk port is a port on a switch that can be assigned to carry multiple VLANs across switches or increase overall bandwidth/throughput.

A trunk port is a port that is assigned to carry traffic for all the VLANs that are accessible by a specific switch, a process known as trunking.(when we combine one or more switches or one or more routers, the port which we use to send/receive data about vLans is trunk port). Trunk port is aware of all the vLANs in the switch.

A trunk port is capable of having more than one VLAN set up on the interface. As a result, it is able to carry traffic for numerous VLANs at the same time.

To accurately deliver traffic on a trunk port with multiple VLANs, the device makes use of tagging, or the IEEE 802.1Q encapsulation method. In this method, a tag inserted within the frame header. This tag carries details regarding the particular VLAN to which the packet and frame belong. This approach enables packets, which are encapsulated for multiple VLANs, to cross exactly the same port as well as retain the traffic separation among the VLANs. Also, the encapsulated VLAN tag permits the trunk to switch the traffic from one end to another via the network over the same VLAN.

A trunk port carries/receives traffic to/from all VLANs by default. All VLAN IDs are permitted on all trunks. However, it is possible to remove VLANs from this comprehensive list to stop traffic from particular VLANs from passing over the trunks.

What do VLAN’s offer?

VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts.

VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on their own network.

Article Summary

Here is what we have learned:

• A VLAN is a broadcast domain formed by switches
• Administrators must create the VLAN’s then assign what port goes in what VLAN, manually.
• VLAN’s provide better performance for medium and large LAN’s.
• All devices, by default, are in VLAN 1.
• A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one VLAN.
• For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch.