A VLAN is a switched
network that is logically segmented by function, team, or application, without
regard to the physical location of the users. Packets received on a port are
forwarded only to ports that belong to the same VLAN as the receiving port.
Network devices in different VLANs cannot communicate with one another without
a Layer 3 device to route traffic between the VLANs.
provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC
address table. A VLAN comes into existence when a local port is configured to
be associated with the VLAN, when the VLAN Trunking Protocol (VTP) learns of
its existence from a neighbor on a trunk, or when a user creates a VLAN. VLANs
can be formed with ports across the stack.
To configure VLANs,
vlan-id global configuration command to enter VLAN
configuration mode. The VLAN configurations for normal-range VLANs (VLAN IDs 1
to 1005) are saved in the VLAN database. If VTP is version 1 or 2, to configure
extended-range VLANs (VLAN IDs 1006 to 4094), you must first set VTP mode to
transparent. Extended-range VLANs created in transparent mode are not added to
the VLAN database but are saved in the
switch running configuration. With VTP
version 3, you can create extended-range VLANs in client or server mode. These
VLANs are saved in the VLAN database.
In a switch stack, the VLAN database is
downloaded to all switches in a stack, and all switches in the stack build the
same VLAN database. The running configuration and the saved configuration are
the same for all switches in a stack.
Add ports to a VLAN by
interface configuration commands:
For a trunk port,
set trunk characteristics, and, if desired, define the VLANs to which it can
For an access
port, set and define the VLAN to which it belongs.
For a tunnel port,
set and define the VLAN ID for the customer-specific VLAN tag.