A VLAN is a switched network that is logically segmented by function, team, or application, without regard to the physical
location of the users. Packets received on a port are forwarded only to ports that belong to the same VLAN as the receiving
port. Network devices in different VLANs cannot communicate with one another without a Layer 3 device to route traffic between
the VLANs.
VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC address table. A VLAN comes
into existence when a local port is configured to be associated with the VLAN, when the VLAN Trunking Protocol (VTP) learns
of its existence from a neighbor on a trunk, or when a user creates a VLAN. VLANs can be formed with ports across the stack.
To configure VLANs, use the vlan
vlan-id global configuration command to enter VLAN configuration mode. The VLAN configurations for normal-range VLANs (VLAN IDs 1
to 1005) are saved in the VLAN database. If VTP is version 1 or 2, to configure extended-range VLANs (VLAN IDs 1006 to 4094),
you must first set VTP mode to transparent. Extended-range VLANs created in transparent mode are not added to the VLAN database
but are saved in the
device
running configuration. With VTP version 3, you can create extended-range VLANs in client or server mode in addition to transparent
mode. These VLANs are saved in the VLAN database.
In a switch stack, the VLAN database is downloaded to all switches in a stack, and all switches in the stack build the same
VLAN database. The running configuration and the saved configuration are the same for all switches in a stack.
Add ports to a VLAN by using the switchport command in interface configuration mode.
-
Identify the interface.
-
For a trunk port, set trunk characteristics, and, if desired, define the VLANs to which it can belong.
-
For an access port, set and define the VLAN to which it belongs.