Step-by-Step Guide to Setting Up VLANs for Network Segmentation & Automation

Introduction

VLAN (Virtual Local Area Network) segmentation is a crucial technique for improving network security, performance,
and manageability. By separating traffic into different VLANs, organizations can control access, reduce congestion,
and enhance security. This guide covers VLAN setup, inter-VLAN communication, and automation using Ansible and
Python.

1. Understanding VLANs

What is a VLAN?

A VLAN is a logical grouping of network devices that behave as if they are on the same physical network, even though
they may be spread across multiple switches.

Benefits of VLANs:

✅ Improved Security – Isolates sensitive traffic.

✅ Better Performance – Reduces network congestion.

✅ Simplified Management – Logical separation without requiring additional hardware.

✅ Cost Efficiency – Minimizes the need for extra physical devices.

2. Planning Your VLAN Setup

Before configuring VLANs, determine the segmentation strategy. A common approach is:

 VLAN 10 – Management (For network administrators)

 VLAN 20 – HR Department

 VLAN 30 – IT Department

 VLAN 40 – Guest Network

3. Configuring VLANs on a Managed Switch

Step 1: Access the Switch

1. Connect to the switch via console, SSH, or web GUI.

2. Log in with admin credentials.

Step 2: Create VLANs

If using a Cisco switch, enter the following commands:

configure terminal

vlan 10

name Management

vlan 20

name HR

vlan 30
name IT

vlan 40

name Guest

exit

This creates VLANs and assigns them names.

Step 3: Assign Ports to VLANs

Assign specific switch ports to VLANs:

interface FastEthernet0/1

switchport mode access

switchport access vlan 10

exit

interface FastEthernet0/2

switchport mode access

switchport access vlan 20

exit

Repeat for all necessary ports.

Step 4: Configure Trunk Ports

If you need to allow VLAN traffic between switches:

interface GigabitEthernet0/1

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40

exit

4. Inter-VLAN Communication

Do VLANs Need a Layer 3 Switch or Router?

 A trunk port alone does not enable VLAN communication.

 A Layer 3 switch (L3) or a router is needed for inter-VLAN routing.

1️⃣ Without a Layer 3 Switch (Only Layer 2 Switches)

❌ VLANs remain isolated unless a router or L3 switch is used.

2️⃣ With a Layer 3 Switch (Inter-VLAN Routing)

✅ The Layer 3 switch routes traffic between VLANs using SVIs (Switch Virtual Interfaces).

interface vlan 10

ip address 192.168.10.1 255.255.255.0

no shutdown
interface vlan 20

ip address 192.168.20.1 255.255.255.0

no shutdown

interface gigabitEthernet0/1

switchport mode trunk

✅ This enables inter-VLAN routing on a Layer 3 switch.

3️⃣ Using a Router-on-a-Stick (If No L3 Switch)

A router-on-a-stick setup connects a Layer 2 switch to a router via a trunk port, and subinterfaces on the router
handle inter-VLAN routing.

5. Network Topology Diagram

Basic VLAN and Inter-VLAN Routing Setup

+----------------------+ +---------------------+ +----------------------+

| Layer 2 Switch |-------| Layer 3 Switch |------| Router-on-a-Stick |

| VLAN 10, 20, 30, 40 | Trunk | VLAN Interfaces | Trunk | Subinterfaces |

+----------------------+ +---------------------+ +----------------------+

6. Automating VLAN Configuration

Automating VLAN Setup with Ansible

Step 1: Install Ansible

pip install ansible ansible-core

ansible-galaxy collection install cisco.ios

Step 2: Create Inventory File (hosts.yml)

all:

hosts:

switch1:

ansible_host: 192.168.1.1

ansible_user: admin

ansible_password: password

ansible_network_os: cisco.ios

Step 3: Create VLAN Playbook (vlan_config.yml)

- name: Configure VLANs on Cisco Switch

hosts: all

gather_facts: no
 tasks:

- name: Create VLANs

cisco.ios.ios_config:

lines:

- vlan 10

- name Management

- vlan 20

- name HR

- vlan 30

- name IT

Step 4: Run the Playbook

ansible-playbook -i hosts.yml vlan_config.yml

✅ VLANs 10, 20, and 30 are created automatically.

Automating VLAN Setup with Python (Netmiko)

Step 1: Install Netmiko

pip install netmiko

Step 2: Python Script (vlan_setup.py)

from netmiko import ConnectHandler

device = {

"device_type": "cisco_ios",

"host": "192.168.1.1",

"username": "admin",

"password": "password",

commands = [

"vlan 10",

"name Management",

"vlan 20",

"name HR",

"vlan 30",

"name IT",
 "interface FastEthernet0/1",

"switchport mode access",

"switchport access vlan 10",

"exit",

"interface FastEthernet0/2",

"switchport mode access",

"switchport access vlan 20",

"exit",

net_connect = ConnectHandler(**device)

output = net_connect.send_config_set(commands)

print(output)

net_connect.disconnect()

Step 3: Run the Script

python vlan_setup.py

✅ VLANs and port assignments are configured automatically.

7. Conclusion

VLANs provide a structured and efficient way to segment networks, improving security and performance. Proper
planning and configuration ensure a well-functioning network that meets organizational needs.

📌 Need Help with VLAN Setup? Contact Radius Technologies for expert network solutions!

📩 Email: [email protected]