Lab Instructions

Computer
Networks
Products
Lecturer:
Dr Hamidreza Bagheri

York St John University

School of Science, Technology and Health

2024-2025
 VLAN Concept and Features
Background
A LAN is a group of devices connected to a single Ethernet network. A broadcast
message is a message that reaches all devices in the network. Devices use broadcast
messages to perform many essential tasks. The more devices you add to a network,
the more broadcast messages it will have. Broadcast messages reduce network
performance.

To improve network performance, administrators break the LAN network into

smaller LANs. When you break a large LAN into smaller LANs, you could create Virtual
LANs (VLANs). A VLAN is simply a logical LAN, just as its name suggests. VLANs have
similar characteristics like those of physical LANs, only that with VLANs, you can
logically group hosts even if they are physically located on separate LAN segments.
VLANs create a boundary for broadcast messages. A broadcast message generated in
a VLAN reaches all devices inside the VLAN. It does not go outside the VLAN. If two
devices belong to different VLANs, they do not exchange broadcast messages. We
treat each VLAN as a separate subnet or broadcast domain.

VLANs are configured on switches by placing some interfaces into one broadcast
domain and some interfaces into another.

A switch typically does not understand broadcast messages. When it receives a broadcast
message on one of its ports, it forwards that message from all other ports. To make this
clear, suppose an 8-port switch receives a broadcast message on port-1. It forwards the
message from port-2 to 8, as illustrated in figure below.

1|Page
A VLAN is a switch-only feature. It allows us to define ports that share broadcast
messages. If two switch ports belong to different VLANs, they do not share broadcast
messages. If two ports belong to the same VLAN, they share broadcast messages.

To see the impact if VLAN let us create two VLANs: VLAN-10 and VLAN-20 on the
switch. We assign port-1 to 4 to VLAN-10 and port-5 to 8 to VLAN-20. After this, ports
1, 2, 3, and 4 will share broadcast in VLAN-10, and ports 5, 6, 7, and 8 will share broadcast
in VLAN-20. as indicated in the following figure.

VLANs are not limited to only one switch. You can create and use them across multiple
switches. This feature allows you to organize your network logically. Let us take one more
example to understand this feature. A network has three segments. All segments are
connected through backlinks. Each segment has four PCs, as illustrated in figure below.

2|Page
Now suppose you want to break this network into three sections for three different
departments of organization, Development, Production, and Administration.

In the Development section, you want to keep six computers, two computers from each
segment. In the production section, you want to put three computers, one computer from
each segment. You have the same requirement for the administration section, one computer
from each segment.

In this situation, you can use VLANs. VLANs allow you to create logical groups of devices.
You can create three VLANs, one for each section. You need to create these VLANs using
all switches. After creating VLANs, you can add computers to their respective VLANs.

VLAN Configuration Step by Step

We use the VLAN command in global configuration mode to create a new VLAN or to
update an existing VLAN. We use the switchport mode access VLAN command in the
interface configuration mode of a port to assign it to a VLAN.

Create a Packet Tracer topology as shown in the following figure.

In this set up, we have three switches and six PCs. Each switch has a connection to
two PCs. The following steps describe the details of the topology design.

• Connect S1's FastEthernet 0/1 to PC0 and FastEthernet 0/2 to PC1.

• Connect S2's FastEthernet 0/1 to PC2 and FastEthernet 0/2 to PC3.

• Connect S3's FastEthernet 0/1 to PC4 and FastEthernet 0/2 to PC5

3|Page
• Connect S1's GigabitEthernet0/2 to S2's GigabitEthernet0/2 and S2's
GigabitEthernet0/1 to S3's GigabitEthernet0/1. Please note that the cables we use
between switches are different from the cables we use to connect PCs to switches.

• We should assign an IP to each PC. To assign an IP configuration to a PC, click PC,

click Desktop, and click IP configuration, as illustrated for PC0 in the image below.

• Repeat the same process and assign an IP configuration as mentioned in the

topology to all other PCs. Please note the IPv4, Subnet Mask, and Default Gateway.

4|Page
Configuring VLANs on switches
In this lab, we will configure two VLANs in this network: VLAN-10 and VLAN-20. We
will use VLAN-10 for the network 10.0.0.0/8. We will use VLAN-20 for the network
20.0.0.0/8. We will keep one PC from each switch in a VLAN.

Access the first switch's CLI prompt. Enter global configuration mode and use the
VLAN command to create a new VLAN. This command needs a VLAN number as an
argument. It checks the specified VLAN number for an existing VLAN before creating
a new VLAN. If it finds an existing VLAN having the specified number, it does not
create a new VLAN. It enters VLAN configuration mode for the existing VLAN. If it does
not find an existing VLAN having the specified number, it creates a new VLAN and
enters VLAN configuration mode for the new VLAN.

The following commands create VLAN-10.

Switch>enable

Switch#configure terminal

Switch(config)#vlan 10

Switch(config-vlan)#exit

Switch(config)#

The following commands create VLAN-20.

Switch(config)#vlan 20

Switch(config-vlan)#exit

Switch(config)#

5|Page
Since all three switches have PCs in these VLANs, you need to run the above
commands on all switches.

After creating VLANs, we need to assign them to the switch ports. The switchport
mode access VLANs command assigns a VLAN to the switch port. It accepts a VLAN
number as an argument. It runs in the interface configuration mode of the port. It
assigns the specified VLAN number to the port. The device connected to the port
becomes a member of the specified port.

The following commands make the device connected to port-1 a member of VLAN-10.

Switch(config)#interface fastethernet 0/1

Switch(config-if)#vlan 10

Switch(config-vlan)#exit

The following commands make the device connected to port-2 a member of VLAN-20.

Switch(config)#interface fastethernet 0/2

Switch(config-if)#vlan 20

Switch(config-vlan)#exit

Switch(config)#

6|Page
You need to run the above commands on all three switches, as shown in the image below.

A switch port can work in two modes: Access and Trunk.

• In access mode, it works with a single VLAN.

The default mode on all switch ports is access mode. If you connect an end device (e.g.,
PC) to a switch port, you do not need to change the default mode.

• In trunk mode, it works with multiple VLANs.

If you connect a switch port to another switch port, you need to change the default
mode to trunk mode on both ports.

If you wish to connect a switch to another switch, you should change their default mode
on those ports to trunk mode. Use the switchport mode trunk command to change
the default mode. Run this command in the interface configuration mode of the port.

The following commands change the default mode to trunk mode on GigabitEtherent 0/1.

Switch(config)#interface gigabitEthernet 0/1

Switch(config-if)#switchport mode trunk

7|Page
 Switch(config-if)#exit

The following commands change the default mode to trunk mode on GigabitEtherent 0/2.

Switch(config)#interface gigabitEthernet 0/2

Switch(config-if)#switchport mode trunk

Switch(config-if)#exit

Switch(config)#

Run the above commands on all switches, as shown below.

Testing and verifying VLANs

To test and verify VLAN configuration, you can check connectivity between PCs in the
same VLAN.

Click the PC icon, click Desktop, and click Command Prompt. Use the ping command to
test connectivity.

8|Page
PC0 is a member of VLAN-10. As we can see in the above image, it has connectivity with
PC2 and PC4. PC2 and PC4 are other members of VLAN-10.

Similarly, you can also test connectivity between PC1, PC3, and PC5. These are members
of VLAN-20.

9|Page
PCs in the same VLAN have connectivity. It verifies VLAN configuration.

10 | P a g e