A VLAN is a switched
network that is logically segmented by function, team, or application, without
regard to the physical location of the users. Packets received on a port are
forwarded only to ports that belong to the same VLAN as the receiving port.
Network devices in different VLANs cannot communicate with one another without
a Layer 3 device to route traffic between the VLANs.
VLAN partitions
provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC
address table. A VLAN comes into existence when a local port is configured to
be associated with the VLAN, when the VLAN Trunking Protocol (VTP) learns of
its existence from a neighbor on a trunk, or when a user creates a VLAN.
VLANs can
be formed with ports across the stack.
To configure VLANs,
use the
vlan
vlan-id global configuration command to enter VLAN
configuration mode. The VLAN configurations for normal-range VLANs (VLAN IDs 1
to 1005) are saved in the VLAN database. If VTP is version 1 or 2, to configure
extended-range VLANs (VLAN IDs 1006 to 4094), you must first set VTP mode to
transparent. Extended-range VLANs created in transparent mode are not added to
the VLAN database but are saved in the
device
running configuration. With VTP version 3, you can create extended-range VLANs
in client or server mode. These VLANs are saved in the VLAN database.
In a switch stack, the VLAN
database is downloaded to all switches in a stack, and all switches in the
stack build the same VLAN database. The running configuration and the saved
configuration are the same for all switches in a stack.
Add ports to a VLAN by
using the
switchport
interface configuration commands:
-
Identify the
interface.
-
For a trunk port,
set trunk characteristics, and, if desired, define the VLANs to which it can
belong.
-
For an access
port, set and define the VLAN to which it belongs.