0% found this document useful (0 votes)

27 views58 pages

VLAN Completed

The document is a project report titled 'Design and Implementation of VLAN Communication' submitted by S. Hemnath for the Bachelor of Computer Applications degree at Sri Ramakrishna Mission Vidyalaya College of Arts and Science. It details the development of a web application for managing diagnostic systems, emphasizing the importance of VLANs in enhancing network efficiency, security, and scalability. The report includes acknowledgments, system specifications, and a synopsis of the project's objectives and methodologies.

Uploaded by

bathmanathnab

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

27 views58 pages

VLAN Completed

Uploaded by

bathmanathnab

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 58

DESIGN AND IMPLEMENTATION OF VLAN

COMMUNICATION
A project report submitted to
Sri Ramakrishna Mission Vidyalaya College of Arts and Science, Coimbatore- 20 in partial
fulfillment of the requirements for the award of the degree of

BACHELOR OF COMPUTER APPLICATIONS

Project Report Submitted by

S.HEMNATH
( 22UCA018 )

Under the guidance of

Dr.M.CHANDRAN MCA., M.Phil., Ph.D.,

Associate Professor, Department of Computer Applications (UG)

DEPARTMENT OF COMPUTER APPLICATIONS

SRI RAMAKRISHNA MISSION VIDYALAYA
COLLEGE OF ARTS AND SCIENCE,
(An Autonomous Institution Affiliated to Bharathiar University,
Re-Accredited by NAAC with ‘A+’ Grade)
COIMBATORE - 641 020

APRIL – 2025

1
CERTIFICATE

This is to certify that the project entitled “DESIGN AND IMPLEMENTATION OF VLAN
COMMUNICATION’’ submitted to Sri Ramakrishna Mission Vidyalaya College of Arts and Science,
Coimbatore - 20, Affiliated to Bharathiar University, in partial fulfillment of the requirements for the award of
the degree of BACHELOR OF COMPUTER APPLICATIONS is a record of original project work done by
S.HEMNATH ( 22UCA018 ) during the Academic year 2024-2025 of his study in the Department of
Computer Applications at Sri Ramakrishna Mission Vidyalaya College of Arts and Science, Coimbatore-20,
under my supervision and guidance and the dissertation has not formed the basis for the award of any Degree /
Diploma / Associateship / Fellowship or other similar title to any candidate of any university.

Date:

Place: Coimbatore-20 Signature of the Guide

Head of the Department Principal

Internal Examiner External Examiner

2
DECLARATION

I hereby declare that the thesis entitled “DESIGN AND IMPLEMENTATION OF VLAN
COMMUNICATION ” submitted in partial fulfillment of the requirements for the award of the degree of
BACHELOR OF COMPUTER APPLICATIONS of Bharathiar University is a record of original work
done by me during the Academic Year 2024-2025 under the supervision and guidance of
Dr.M.CHANDRAN MCA.,M.Phil.,Ph.D., Associate Professor, Department of Computer Applications,
Sri Ramakrishna Mission Vidyalaya College of Arts and Science, Coimbatore - 20. The dissertation has not
formed the basis for the award of any Degree / Diploma / Associateship / Fellowship or other similar title to
any candidate of any university.

Date: Signature of the Candidate

Place: Coimbatore. S.HEMNATH

(22UCA018)

3
ACKNOWLEDGEMENT
I would like to express my sincere thanks to our Secretary, Dr. K. KANDHAPPAN M.A.,
M.Phil., D.L.L., DCHI., Ph.D., Sri Ramakrishna Mission Vidyalaya College of Arts and Science,
Coimbatore - 20 for giving me the permission to do the project.

At the outset I record my profound thanks to our Principal Dr. A. MUTHUSAMY M.Sc., M.Ed.,
M.Phil., Ph.D., Sri Ramakrishna Mission Vidyalaya College of Arts and Science, Cbe-20 for
following me to carry out this project work, I take this opportunity to acknowledge my deep sense of
gratitude to our honorable Director Dr. R. SRIDHAR M.Sc., MCA, M.Phil., Ph.D., Sri Ramakrishna
Mission Vidyalaya College of Arts and Science for permitting me to carry my project work.

I wish to express my sincere heartfelt thanks to my guide Dr. M. JAIKUMAR MCA,

M.Phil., Ph.D., M.Sc.(Psy)., Associate Professor & Head, Department of Computer Applications, Sri
Ramakrishna Mission Vidyalaya College of Arts and Science, Cbe-20 for his kind help, generous
support, valuable advice and suggestion for the successful completion of the project work.

I would also express my sincere thanks to Dr. J.M. DHAYASHANKAR MCA., M.Phil., Ph.D.,
Associate Professor, Sri. D. GOVINDARAJ M.Sc., M.Phil., (Ph.D.,) Assistant Professor, Sri. M.
RAJKUMAR MCA., Assistant Professor and all the faculty members of Department Computer
Applications, Sri Ramakrishna Mission Vidyalaya College of Arts and Science, CBE-20 for their
valuable support and suggestions in my project work.

Finally, I express my heartful gratitude to my beloved Parents and Friends without whose sustained support, I
could not have made debut in Computer Applications.

4
SYNOPSIS

The determination of the project capacitates as “DESIGN AND IMPLEMENTATION OF VLAN

COMMUNICATION” is to develop a web application to computerize the Management of Diagnostic

system that is user friendly simple, and cost-effective. It comes with the collection of information of patients,

details of the diagnosis, etc. The main function of this system is firstly registered and then store the details of

the patient and the details of the staff and get back these details as and when required, and also for the utilize

these details purposely. System input holds the patient’s details, while system output is to get these details on

the screen. The Lab Reporting System can be pass into using a username and password. And it is accessible

by each level of a user according to their part. Every user can see this data that they are approachable. And

only that user can add the data into database who has editing permission. The data can be recovers easily.

The data are efficiently protected for personal use and makes clarifying of data very rapidly.

5
CONTENT

S. NO TITLE PAGE NO

1 ABOUT THE PROJECT 01

1.1 System Specification 02
1.1.1 Hardware Specification 02
1.1.2 Software Specification 02
1.2 About the Software

3. PROPOSED SYSTEM 10
3.1 Features 10

4. SYSTEM DESIGN AND DEVELOPMENT 09

4.1 Ip Address Structure 09
4.1.1 Internet Protocol (IP) Architecture 09
4.1.2 Hierarchical IPv4 Address 10
4.1.3 IPv4 Packet Header Fields 10
4.1.4 IPv6 Packet Header Fields 11
4.1.5 Classful IP addressing 11
6
4.1.6 The High Order Bits 11
4.1.7 The IPv4 Classful Addressing Structure 12

4.2 vlan communication

13
4.2.1 Before VLANs 13
4.2.2 After VLANs
4.3 Data Flow Diagram

4.2.3 Key Characteristics of VLANs:

4.2.4 VLAN Types

4.2.5 VLAN Modes

4.2.5.1 Access Mode

4.2.5.2 Trunk Mode
5. SYSTEM DESIGN AND DEVELOPMENT
5.1 System Design
5.2 Network Architecture
5.2.1 Network Components
5.2.3 VLAN Configuration Design

5.3 System Development

5.3.1 VLAN Implementation Step
5.3.2 Trunk Configuration on Switches
6. TESTING AND IMPLEMENTATION
6.1 Network Testing and Performance Evaluation
6.1.1 Functional Testing
6.1.2 Performance Testing
6.1.3 Troubleshooting & Maintenance

7
6.2 Implementation
6.2.1 Device and IP Addressing Details
6.2.2 VLAN Segmentation & Purpose
6.3 Configuration Command
8. CONCLUSION
8.1 Conclusion
8.2 Future Enhancement

8
1. ABOUT THE PROJECT

In modern networking, Virtual Local Area Networks (VLANs) play a vital role in
improving network efficiency, security, and scalability. VLANs allow network administrators
to logically segment a physical network into multiple isolated broadcast domains, enabling
better control over data traffic flow. Unlike traditional LANs, where all connected devices
share the same broadcast domain, VLANs divide the network into independent sections,
reducing congestion and enhancing overall performance.

By using VLANs, organizations can

 Optimize network traffic by reducing unnecessary broadcast transmissions.
 Enhance security by isolating sensitive data and restricting unauthorized access.
 Improve manageability by allowing centralized control over network segments.

This project delves into the implementation, communication, and optimization of

VLANs in a real-world scenario. It provides insights into VLAN configuration, inter-VLAN
routing, security measures, and performance analysis, ensuring that the network operates
efficiently and securely.

9
1.1 SYSTEM SPECIFICIATION

1.1.1 HARDWARE SPECIFICIATION

Processor - Core i3 or Later

RAM - 1 GB or high
Hard Disk - 256 GB or high
Network Device - Router, Switch, Computer
Network Cable - UTP Cable (Category 6)
Network Connector - RJ 45 Connector

1.1.2 SOFTWARE SPECIFICIATION

Operating System - Windows 7 or laters

Simulation Tool : Cisco Packet Tracer 8.2

10
1.2 ABOUT THE SOFTWARE

1.2.1 Network simulator Tool

To establishing of network in a real time scenario is very difficult. A single test bed
takes a large amount of time and cost. So implementation of a whole network in real world is
not easily possible and very costly to. The simulator helps the network developer to check
whether the network is able to work in the real time. Thus both the time and cost of testing
the functionality of network have been reduced and implementations are made easy.

1.2.2 Cisco Packet Tracer

Cisco Packet Tracer is a powerful network simulation, visualization, collaboration,
and assessment tool that allows students to experiment with network designs and behavior.
As an integral part of the Networking Academy learning experience, Packet Tracer provides
simulation, visualization, authoring, assessment, and collaboration capabilities and facilitates
the teaching and learning of complex technology concepts.

Packet Tracer supplements physical networking equipment by allowing students to

create virtual networks with an almost unlimited number of devices; encouraging practice,
discovery, and troubleshooting. The simulation-based learning environment helps students
develop 21st century skills such as critical thinking and creative problem solving. Packet
Tracer now supports multiple platforms, including Windows, Linux and Android.

Fig 1.1: Cisco Packet Tracer Tool

11
1.2.3 Packet Tracer User Interface Glossary
When you open Packet Tracer, by default you will be presented with the following interface:
This bar provides the File, Edit, Options, View, Tools, Extensions,
1 Menu Bar and Help menus. You will find basic commands such as Open, Save, Save
as Pkz, Print, and Preferences in these menus.
This bar provides shortcut icons to the File and Edit menu commands. This
2 Main Tool Bar bar also provides buttons for Copy, Paste, Undo, Redo, Zoom, the Drawing
Palette, and the Custom Devices Dialog.
This bar provides access to these commonly used workspace
Common Tools tools: Select, Move Layout, Place Note, Delete, Inspect, Resize Shape, Add
3
Bar Simple PDU, and Add Complex PDU. See "Workspace Basics" for more
information.
You can toggle between the Physical Workspace and the Logical
Logical/Physical
Workspace with the tabs on this bar. In Logical Workspace, this bar also
4 Workspace and
allows you to go back to a previous level in a cluster, create a New
Navigation Bar
Cluster, Move Object, Set Tiled Background, and Viewport.
This area is where you will create your network, watch simulations, and
5 Workspace
view many kinds of information and statistics.
You can toggle between Realtime Mode and Simulation Mode with the tabs
Real time / on this bar. This bar also provides buttons to Power Cycle Devices and Fast
6
Simulation Bar Forward Time as well as the Play Control buttons and the Event List toggle
button in Simulation Mode.
This box is where you choose devices and connections to put into the
Network
7 workspace. It contains the Device-Type Selection Box and the Device-
Component Box
Specific Selection Box.
This box contains the type of devices and connections available in Packet
Device-Type
8 Tracer. The Device-Specific Selection Box will change depending on which
Selection Box
type of device you choose.

Device-Specific This box is where you choose specifically which devices you want to put in
9
Selection Box your network and which connections to make.

12
User Created This window manages the packets you put in the network during simulation
10
Packet Window* scenarios. See the "Simulation Mode" section for more details.

Table 1.1: Packet Tracer User Interface

1.2.4 Operating Modes

Packet Tracer operating modes reflect the network time scheme.

Real time Mode

In our network runs in a model of real time, within the limits of the protocol models
used. The network responds to your actions immediately as they would in a real device. For
example, as soon as you make an Ethernet connection, the link lights for that connection will
appear, showing the connection state (see the "Connections/Links" page for details).
Whenever you type a command in the CLI (such as ping or show), the result or response is
generated in real time and you see it as such. All network activity, particularly the flow of
PDUs across the network, happens in the Packet Tracer model of real time.

Fig 1.2: Cisco Packet Tracer Real Time Mode

Simulation Mode
you can "freeze" time -- you have direct control over time related to the flow of
PDUs. You can see the network run step by step, or event by event, however quickly or
slowly you like. You can set up scenarios, such as sending a ping packet from one device to

13
another. However, nothing "runs" until you capture it (the first time through, as with a
protocol sniffer)

14
or play it (re-playing the captured events as an animation). When you capture or play the
simulation, you will see graphical representations of packets traveling from one device to
another. You can pause the simulation, or step forward or backward in time, investigating
many types of information on specific PDUs and devices at specific times. However, other
aspects of the network will still run in real time. For example, if you turn off a port, its link
light will respond immediately by turning red

You can also hide the Event List (and the entire Simulation Panel) with the Event List
button in the Simulation Bar. You will still have access to the Play Controls on the bar.

Fig 1.3: Cisco Packet Tracer Simulation Mode

15
2. SYSTEM STUDY

2.1 EXISTING SYSTEM

All devices connected to a switch or hub were part of a single broadcast domain.
This had several limitations in terms of scalability, security, and traffic management.

2.1.1 Flat Network Architecture

 All devices in a single Local Area Network (LAN) were part of the same
broadcast domain.
 No logical segmentation of traffic; all devices received broadcast messages, leading
to network congestion.
 Switches or hubs forwarded traffic to all connected devices, even if the traffic was not
meant for them.

2.1.2 DRAWBACKS

Broadcast Storms
 Since all devices shared the same broadcast domain, excessive broadcasts could
overwhelm the network.

Security Issues
 Devices could eavesdrop on network traffic since all packets were sent to all devices.
 Sensitive data could be accessed by unintended users.

Inefficient Resource Utilization

 Lack of segmentation led to unnecessary bandwidth consumption.
 Networks had to rely on physical separation (multiple switches and routers) to
achieve isolation, increasing costs.

Difficulty in Managing Large Networks

 Every new department or user required a new physical switch or router for separation.
 No logical grouping of users, making network modifications difficult.

16
3. PROPOSED SYSTEM

3.1 FEATURES

The proposed VLAN system improves upon the traditional VLAN communication
model by integrating automation, enhanced security, scalability, and optimized traffic
management. One of the key enhancements in the proposed system is the implementation of
dynamic VLAN assignment, where devices are automatically assigned to VLANs based on
MAC addresses, protocols, or authentication methods such as 802.1X. This eliminates the
need for manual configuration and improves network efficiency.

Security is also a major focus in the proposed system. Features such as port security,
MAC filtering, and VLAN Access Control Lists (ACLs) ensure that only authorized devices
can communicate within a VLAN. Additionally, Private VLANs (PVLANs) provide further
isolation by restricting communication between devices within the same VLAN, improving
data security and reducing potential attack surfaces.

To enhance scalability, the proposed VLAN system integrates VLAN Trunking

Protocol (VTP) improvements and Spanning Tree Protocol (STP) optimizations, ensuring
seamless VLAN expansion across multiple switches. Furthermore, Quality of Service (QoS)
policies prioritize critical traffic, such as voice and video communication, ensuring smooth
network performance

17
4. SYSTEM DESIGN AND DEVELOPMENT

4.1 IP ADDRESS STRUCTURE

4.1.1 Internet Protocol (IP) Architecture

Internet Protocol (IP) is the principle communication protocol used for
relaying datagram’s (also known as network packets) across an internetwork using the
Internet Protocol Suite. Responsible for routing packets across network boundaries, it is the
primary protocol that establishes the Internet.

4.1.2 Hierarchical IPv4 Address

A 32 bit value that contains the network and host number fields. There are five classes
of internet addresses: The class indicates the size of the network and host fields. Internet
addresses are commonly displayed in dotted decimal notation format XXX.XXX.XXX.XXX.
Cla 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
ss 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
A 0 Network bits Host bits
B 1 0 Network bits Host bits
C 1 1 0 Network bits Host bits
D 1 1 1 0 Multicast group
E 1 1 1 1 0 Reserved

Fig 4.1: Classes of IPv4 Address

Fig4.2: IPv4 Address Architecture

18
4.1.3 IPv4 Packet Header Fields
IPv4 protocol defines many different fields in the packet header. These fields contain
binary values that the IPv4 services reference as they forward packets across the network.

Fig 4.3: IPv4 Address Packet Header Fields

4.1.4 IPv6 Packet Header Fields

Fig 4.4: IPv6 Address Packet Header Fields

19
4.1.5 Classful IP addressing
In 1989, ARPANET had been transformed into what we now call the Internet. Over
the next decade, the number of hosts on the Internet grew exponentially, from 159,000 in
October 1989, to over 72 million by the end of the millennium. As of January 2007, there
were over 433 million hosts on the Internet. Without the introduction of VLSM and CIDR
notation in 1993 (RFC 1519), Name Address Translation (NAT) in 1994 (RFC 1631), and
private addressing in 1996 (RFC 1918), the IPv4 32-bit address space would now be
exhausted.

Fig 4.5: Exponential growth of hosts on the Internet

4.1.6 The High Order Bits

IPv4 addresses were initially allocated based on class. In the original specification of
IPv4 (RFC 791) released in 1981, the authors established the classes to provide three
different sizes of networks for large, medium and small organizations. As a result, class A, B
and C addresses were defined with a specific format for the high order bits. High order bits
are the left-most bits in a 32-bit address.
Class High Order Bits Start End
Class A 0 0.0.0.0 127.255.255.255
Class B 10 128.0.0.0 191.255.255.255
Class C 110 192.0.0.0 223.255.255.255
Class D 1110 224.0.0.0 239.255.255.255
Class E 1111 240.0.0.0 255.255.255.255

Table 4.1:High Order Bits

20
4.1.7 The IPv4 Classful Addressing Structure
The designations of network bits and host bits were established in RFC 790 (released
with RFC 791). As shown in the fig 1.5, class A networks used the first octet for network
assignment, which translated to a 255.0.0.0 classful subnet mask. Because only 7 bits were
left in the first octet (remember, the first bit is always 0), this made 2 to the 7th power or 128
networks.
With 24 bits in the host portion, each class A address had the potential for over 16
million individual host addresses. Before CIDR and VLSM, organizations were assigned an
entire classful network address. What was one organization going to do with 16 million
addresses? Now you can understand the tremendous waste of address space that occurred in
the beginning days of the Internet, when companies received class A addresses. Some
companies and governmental organizations still have class A addresses.

Fig 4.6: Subnet Mask Base on Class

4.1.8 The IPv4 Classless Addressing Structure

To reduce the wastage of IP addresses in a block, we use sub-netting. What we do is
that we use host id bits as net id bits of a classful IP address. We give the IP address and
define the number of bits for mask along with it (usually followed by a ‘/’ symbol), like,
192.168.1.1/28. Here, subnet mask is found by putting the given number of bits out of 32 as
1, like, in the given address, we need to put 28 out of 32 bits as 1 and the rest as 0, and so, the
subnet mask would be 255.255.255.240.

21
4.2 VLAN COMMUNICATION

The VLAN is a new technology which is used to logically divide the network into
different broadcast domains. So that the packets are delivered within the port of same VLAN
group. Implementing VLAN technology enables a network to more flexibly support business
goals.

4.2.1 Before VLANs

VLANs are being widely used today, consider a small community college with
student dorms and the faculty offices all in one building. The Fig 5.1 shows the student
computers in one LAN and the faculty computers in another LAN. This works fine because
each department is physically together, so it is easy to provide them with their network
resources.

Fig 4.7: Before VLAN

4.2.2 After VLANs
VLANs provide segmentation and organizational flexibility. VLANs provide a way to
group devices within a LAN. A group of devices within a VLAN communicate as if they
were attached to the same wire. VLANs are based on logical connections, instead of physical
connections.
VLANs allow an administrator to segment networks based on factors such as
function, project team, or application, without regard for the physical location of the user or
device. Devices within a VLAN act as if they are in their own independent network, even if
they share a common infrastructure with other VLANs. Any switch port can belong to a
VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end
stations within the VLAN where the packets are sourced. Each VLAN is considered a
separate logical network, and packets destined for stations that do not belong to the VLAN

22
must be forwarded through a device that supports routing.

23
A VLAN creates a logical broadcast domain that can span multiple physical LAN
segments. VLANs improve network performance by separating large broadcast domains into
smaller ones. If a device in one VLAN sends a broadcast Ethernet frame, all devices in the
VLAN receive the frame, but devices in other VLANs do not.
VLANs enable the implementation of access and security policies according to
specific groupings of users. Each switch port can be assigned to only one VLAN.

Fig 4.8: After VLAN

A Virtual Local Area Network (VLAN) is a logical segmentation of a physical network that
groups devices into a subnetwork, regardless of their physical location. VLANs enable
network administrators to create multiple isolated networks within the same physical
infrastructure, improving security, traffic management, and network performance.

Unlike traditional LANs, where all devices within a switch belong to the same broadcast
domain, VLANs logically separate network traffic, allowing devices in different VLANs to
communicate only through a router or a Layer 3 switch. This segmentation helps reduce
network congestion, improves scalability, and enhances security by restricting unnecessary
communication between different groups of devices.

24
For example, in an organization such as a university or corporate environment, VLANs can
be created to logically separate different departments or groups while sharing the same
physical network infrastructure. This segmentation helps improve network performance,
enhance security, and simplify management. Consider the following VLAN assignments in
an educational institution:

 VLAN 10 – B.Com (Bachelor of Commerce): This VLAN is dedicated to the

commerce department, ensuring that faculty members, administrative staff, and
students in this department have a secure and isolated network for their academic
activities.

 VLAN 20 – CS (Computer Science): The CS department operates on this VLAN,

allowing students and faculty members to access computing resources, lab equipment,
and department-specific servers without interference from other departments.

 VLAN 30 – BCA (Bachelor of Computer Applications): This VLAN is designated

for the BCA department, ensuring that students working on software projects or
network-related coursework have a dedicated network environment.

 VLAN 40 – IT (Information Technology): The IT department manages networking

and system administration within the institution, and their VLAN can be configured
with enhanced security to prevent unauthorized access to critical infrastructure.

Even though all devices, including computers, printers, and access points, may be physically
connected to the same network switch, VLAN configuration ensures logical segmentation.
This means that devices within the same VLAN can directly communicate with each other,
but communication between different VLANs is restricted unless inter-VLAN routing is
enabled. Inter-VLAN routing, typically performed by a Layer 3 switch or a router, allows
controlled communication between VLANs when necessary. For example, if the CS
department (VLAN 20) needs to share data with the BCA department (VLAN 30), a
network administrator can configure inter-VLAN routing with appropriate access control
lists (ACLs) to regulate traffic flow securely.

25
This VLAN-based segmentation not only enhances network security by preventing
unauthorized access but also reduces broadcast traffic, thereby improving overall network
performance and efficiency. Proper VLAN planning and implementation ensure a structured
and manageable network environment, particularly in large organizations with multiple
departments and varying network requirements.

4.3 Data Flow Diagram

Fig 4.9: VLAN Data Flow

26
VLAN Port Check

Start

Device Send
the Data

Check
Same No
Drop the Data
VLAN as

Yes

Forward Data
to same VLAN
(within Switch)

Is
Destination No
Drop the Data
on Same
Switch?

Yes

Forw ard Data to

Device (Same
Switch)

End

Fig 4.10: VLAN Port Check

27
4.2.3 Key Characteristics of VLANs:

1. Logical Segmentation – VLANs divide a single physical network into multiple

virtual networks without requiring separate hardware.
2. Improved Network Performance – Reduces broadcast traffic by limiting it to
specific VLANs rather than the entire network.
3. Enhanced Security – Isolates sensitive data and prevents unauthorized access
between different VLANs.
4. Better Network Management – Simplifies administration by allowing easy
reconfiguration and scalability.
5. Flexibility – Devices can be grouped based on function, department, or security level

4.2.4 VLAN Types

VLANs are classified based on how they segment network traffic and control
communication between devices. The main types of VLANs include Default VLAN, Data
VLAN, Voice VLAN, Management VLAN, Native VLAN, and Security VLANs. Each type
serves a specific purpose in network architecture.

Default VLAN
The default VLAN is the VLAN that all switch ports belong to when the switch is first
initialized. It is typically used as a fallback VLAN.
▪ VLAN 1 is the default VLAN.
For security reasons, administrators often change or restrict VLAN 1 usage.

🔹 Example: A new switch with no configuration assigns all ports to VLAN 1 by default.

Data VLAN (User VLAN)

A Data VLAN is used to carry user-generated network traffic, such as emails, web
browsing, and application data.
It isolates data traffic from other types (like voice or management traffic).
Each department or user group can be assigned a separate Data VLAN.

28
Example:
VLAN 10 – B. Com
VLAN 20 – CS
VLAN 30 – BCA
VLAN 40 – IT

This setup improves network performance and security by restricting inter-departmental traffic.

Voice VLAN
A Voice VLAN is specifically designed to carry voice-over-IP (VoIP) traffic with high
priority. Ensures low latency and high-quality voice communication.
Uses Quality of Service (QoS) to prioritize voice traffic over normal data.
Reduces packet loss, jitter, and delay for VoIP calls.

Example:
VLAN 70 is assigned for IP phones in a company, ensuring smooth VoIP
communication.

Management VLAN
A Management VLAN is dedicated to network administration tasks, such as managing
switches and routers.
Provides secure access to network administrators.
Prevents unauthorized users from accessing network configuration settings.
Typically assigned to a separate VLAN ID from user traffic.

Example:
VLAN 50 is reserved for network administrators to remotely manage switches and
routers.

29
Native VLAN
A Native VLAN is used for untagged traffic on a trunk port. When a switch receives
untagged frames on a trunk link, it assigns them to the Native VLAN.
Prevents VLAN mismatches between interconnected switches.
Default Native VLAN is VLAN 1, but it's recommended to change it for security
reasons.

Example:
If VLAN 99 is set as the Native VLAN, untagged frames on a trunk port will be
assigned to VLAN 99.

4.2.5 VLAN Modes

VLANs operate in different modes based on how they are configured and function on
network switches. The main VLAN modes determine how a switch port behaves in relation
to VLAN traffic. The two primary VLAN modes are:

4.2.5.1 Access Mode

In Access Mode, a switch port is assigned to a single VLAN and does not tag
outgoing traffic. This mode is typically used for end devices like computers, printers, and
VoIP phones.

Key Features:
The port belongs to one VLAN only.
Incoming frames are untagged and assigned to the configured VLAN.
Outgoing frames remain untagged, making it simple for non-VLAN-aware devices.
🔹 Example Configuration (Cisco Switch):

Switch(config)# interface FastEthernet 0/1

Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan
10 Switch(config-if)# exit

30
4.2.5.2 Trunk Mode
In Trunk Mode, a switch port carries multiple VLANs using VLAN tagging (IEEE
802.1Q). Trunk ports are usually used for inter-switch connections or router-to-switch
connections.

Key Features:
The port carries traffic for multiple VLANs.
Uses 802.1Q tagging to differentiate VLAN traffic.
Requires a Native VLAN for untagged frames.

Example Configuration (Cisco Switch):

Switch(config)# interface Fastethernet

0/1 Switch(config-if)# switchport mode
trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30
Switch(config-if)# switchport trunk native vlan 99
Switch(config-if)# exit

31
5. SYSTEM DESIGN AND DEVELOPMENT

5.1 System Design

The VLAN-based network system is designed to enhance performance, security, and
scalability by segmenting the network into multiple logical domains. This approach helps in
reducing broadcast traffic, ensuring security through isolation, and simplifying network
management. The design incorporates Layer 2 switches, Layer 3 routers, and trunking
protocols.

5.2 Network Architecture

The VLAN system consists of:
Core Layer: Manages high-speed data transfer and inter-VLAN routing.
Distribution Layer: Implements security policies and VLAN routing.
Access Layer: Provides connectivity to end-user devices.

5.2.1 Network Components

Layer 2 Switches: Used to create and manage VLANs.
Layer 3 Switches/Routers: Used for inter-VLAN routing.
Trunk Links: Configured with IEEE 802.1Q to enable communication between VLANs.

5.2.3 VLAN Configuration Design

VLAN Segmentation Strategy

VLAN 10 – B. Com (192.168.1.0/24)
VLAN 20 – CS (192.168.1.0/24)
VLAN 30 – BCA (192.168.1.0/24)
VLAN 40 – IT (192.168.1.0/24)

Trunking Implementation
802.1Q Trunking allows multiple VLANs to pass through a single link between
switches.

32
Example configuration:
Switch(config)# interface FastEthernet 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30,40

5.3 System Development

5.3.1 VLAN Implementation Steps
VLAN Creation and Assignment
Each department is assigned to a separate VLAN:
Switch(config)# vlan 10
Switch(config-vlan)# name B.Com
Switch(config-vlan)# exit
Repeat for VLAN 20, 30, 40.

Assign VLANs to switch ports:

Switch(config)# interface fa0/3

Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan
10

5.3.2 Trunk Configuration on Switches

Ensure VLAN traffic passes between
switches: Switch(config)# interface
gigabitEthernet 0/1 Switch(config-if)#
switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30,40

33
6. TESTING AND IMPLEMENTATION

6.1 Network Testing and Performance Evaluation

6.1.1 Functional Testing

Ping Tests: Verify connectivity between VLANs.
Traceroute: Ensure proper routing paths.
DHCP Assignment: Confirm VLANs get correct IP addresses.

6.1.2 Performance Testing

Bandwidth Utilization: Use iperf to test throughput.
Latency Measurements: Monitor delays using ping.
Packet Analysis: Use Wireshark to inspect VLAN traffic.

6.1.3 Troubleshooting & Maintenance

Show Commands for Debugging
show vlan brief
show ip interface brief
show mac address-table

34
6.2 Implementation
This network is designed to segregate traffic using VLANs, grouping staff and
students into their respective departments. Each device is assigned an IP address within the
same subnet (192.168.1.0/24) but is logically separated using VLANs.

6.2.1 Device and IP Addressing Details

6.2.1.1 Staff Devices

Device Interface IP Address Subnet Mask VLAN ID

B.Com Staff FastEthernet 192.168.1.1 255.255.255.0 10

CS Staff FastEthernet 192.168.1.2 255.255.255.0 20

BCA Staff FastEthernet 192.168.1.3 255.255.255.0 30

IT Staff FastEthernet 192.168.1.4 255.255.255.0 40

6.2.1.2 Student Devices

Device Interface IP Address Subnet Mask VLAN ID

B.Com Student FastEthernet 192.168.1.11 255.255.255.0 10

CS Student FastEthernet 192.168.1.12 255.255.255.0 20

BCA Student FastEthernet 192.168.1.13 255.255.255.0 30

IT Student FastEthernet 192.168.1.14 255.255.255.0 40

6.2.2 VLAN Segmentation & Purpose

Each department has its own VLAN ID, ensuring that traffic remains isolated unless
routing is configured.
 VLAN 10 (B.Com Department)
B.Com Staff and Students share a VLAN.
 VLAN 20 (CS Department)
CS Staff and Students communicate within their VLAN.

35
 VLAN 30 (BCA Department)
BCA Staff and Students are in a separate VLAN.
 VLAN 40 (IT Department)
IT Staff and Students operate in VLAN 40.

6.3 Configuration Command

Sw2_Rajeshwari Configuration

Switch>
Switch>ena
Switch#config t
Switch(config)#hostname Sw2_Rajeshwari

Sw2_Rajeshwari(config)#vlan 10
Sw2_Rajeshwari(config-vlan)#name B.Com
Sw2_Rajeshwari(config-vlan)#exi

Sw2_Rajeshwari(config)#vlan 20
Sw2_Rajeshwari(config-vlan)#name CS
Sw2_Rajeshwari(config-vlan)#ex

Sw2_Rajeshwari(config)#vlan 30
Sw2_Rajeshwari(config-vlan)#name BCA
Sw2_Rajeshwari(config-vlan)#ex

Sw2_Rajeshwari(config)#vlan 40
Sw2_Rajeshwari(config-vlan)#name IT
Sw2_Rajeshwari(config-vlan)#exit

36
Sw2_Rajeshwari(config)#interface range fastEthernet 0/5-
6 Sw2_Rajeshwari(config-if-range)#switchport mode trunk
Sw2_Rajeshwari(config-if-range)#exit

Sw2_Rajeshwari#show vlan

Switch>ena
Switch#config t
Switch(config)#hostname Sw1_Rajeshwari

Sw2_Rajeshwari(config)#vlan 10
Sw2_Rajeshwari(config-vlan)#name B.Com
Sw2_Rajeshwari(config-vlan)#exi

Sw2_Rajeshwari(config)#vlan 20
Sw2_Rajeshwari(config-vlan)#name CS
Sw2_Rajeshwari(config-vlan)#ex

37
Sw2_Rajeshwari(config)#vlan 30
Sw2_Rajeshwari(config-vlan)#name BCA
Sw2_Rajeshwari(config-vlan)#ex

Sw2_Rajeshwari(config)#vlan 40
Sw2_Rajeshwari(config-vlan)#name IT
Sw2_Rajeshwari(config-vlan)#exit

Sw1_Rajeshwari(config)#interface fastEthernet 0/1

Sw1_Rajeshwari(config-if)#switchport mode access
Sw1_Rajeshwari(config-if)#switchport access vlan 10
Sw1_Rajeshwari(config-if)#exi

Sw1_Rajeshwari(config)#interface fastEthernet 0/2

Sw1_Rajeshwari(config-if)#switchport mode access
Sw1_Rajeshwari(config-if)#switchport access vlan 20
Sw1_Rajeshwari(config-if)#exi

Sw1_Rajeshwari(config)#interface fastEthernet 0/3

Sw1_Rajeshwari(config-if)#switchport mode access
Sw1_Rajeshwari(config-if)#switchport access vlan 30
Sw1_Rajeshwari(config-if)#ex

Sw1_Rajeshwari(config)#interface fastEthernet 0/4

Sw1_Rajeshwari(config-if)#switchport mode access
Sw1_Rajeshwari(config-if)#switchport access vlan 40
Sw1_Rajeshwari(config-if)#ex

Sw1_Rajeshwari(config)#interface fastEthernet 0/5

Sw1_Rajeshwari(config-if)#switchport mode trunk
Sw1_Rajeshwari(config-if)#^Z
Sw1_Rajeshwari#

38
Sw1_Rajeshwari#show vlan

Switch>
Switch>ena
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname Sw3_Rajeshwari
Sw3_Rajeshwari(config)#vtp mode client
Setting device to VTP CLIENT mode.

Sw3_Rajeshwari(config)#vtp domain SP
Domain name already set to SP.

Sw3_Rajeshwari(config)#interface fastEthernet 0/1

Sw3_Rajeshwari(config-if)#switchport mode access
Sw3_Rajeshwari(config-if)#switchport access vlan 10
Sw3_Rajeshwari(config-if)#exi

39
Sw3_Rajeshwari(config)#interface fastEthernet 0/2
Sw3_Rajeshwari(config-if)#switchport mode access
Sw3_Rajeshwari(config-if)#switchport access vlan 30
Sw3_Rajeshwari(config-if)#exi

Sw3_Rajeshwari(config)#interface fastEthernet 0/3

Sw3_Rajeshwari(config-if)#switchport mode access
Sw3_Rajeshwari(config-if)#switchport access vlan 30
Sw3_Rajeshwari(config-if)#exi

Sw3_Rajeshwari(config)#interface fastEthernet 0/2

Sw3_Rajeshwari(config-if)#switchport mode access
Sw3_Rajeshwari(config-if)#switchport access vlan 20
Sw3_Rajeshwari(config-if)#exi

Sw3_Rajeshwari(config)#interface fastEthernet 0/4

Sw3_Rajeshwari(config-if)#switchport mode access
Sw3_Rajeshwari(config-if)#switchport access vlan 40
Sw3_Rajeshwari(config-if)#exit
Sw3_Rajeshwari#

Sw3_Rajeshwari#
Sw3_Rajeshwari#config t
Enter configuration commands, one per line. End with CNTL/Z.

Sw3_Rajeshwari(config)#interface fastEthernet 0/6

Sw3_Rajeshwari(config-if)#switchport mode trunk
Sw3_Rajeshwari(config-if)#ex
Sw3_Rajeshwari#

40
Sw3_Rajeshwari#show vlan brief

Verification Command

Sw1_Rajeshwari#show vlan id 10