Virtual Local Area Networks (VLANs)

Virtual Local Area Networks, or VLANs, are a very simple concept that has been very poorly defined by the industry.

This article will explain VLANs from a practical perspective. It will be framed around the two major functions of VLANs, and concluded with an explanation of the idea behind the Native VLAN.

Finally, at the end of the article is a two question comprehension challenge – if you can successfully answer these two questions, then you can consider yourself to fully understand the concept of VLANs — the topic of configuring VLANs will be covered in another article cisco voice certifications.

Two Major Functions of VLANs

Below is a network with three different physical switches. The switches facilitate communication within networks, and the Routers facilitate communication between networks.

Each switch above independently performs the four functions of switch.

If each of these switches have 24 ports and only two are in use, then 22 ports are left wasted on each switch. Moreover, what if you need to replicate this network elsewhere and you do not have three physical switches to accommodate?

That is where the first major function of a VLAN comes into play: A VLAN allows you to take one physical switch, and break it up into smaller mini-switches.

Breaking up one Physical Switch into multiple Virtual Switches

Consider each circle on the switch below as its own mini-switch. Each of these mini-switches, or virtual switches, operate completely independent from the others — exactly as they would had there been three different physical switches.

vlans-1sw-3vlan

Traffic flow through this topology operates exactly as it did in the topology above it (with three separate physical switches).

Each virtual switch, or VLAN, is simply a number assigned to each switch port. For example, the two switch ports in the red mini-switch might be assigned to VLAN #10. The two ports in the orange mini-switch might be assigned to VLAN #20. And lastly the two switch ports in the blue mini-switch might be assigned to VLAN #30.

If a port is not explicitly assigned a VLAN number, it resides in the default VLAN, which has a VLAN number of 1.

Traffic arriving on a switch port assigned to VLAN #10 will only ever be forwarded out another switch port that belongs to VLAN #10 – a switch will never allow traffic to cross a VLAN boundary. Again, each VLAN operates as if it were a completely separate physical switch.

In the first illustration, traffic from the red switch cannot magically appear on the orange switch without first passing through a router. Similarly, in the second illustration, traffic in VLAN #10 cannot magically appear on VLAN #20 without also passing through a router.

Each of the VLANs also maintain their own, independent, MAC address table. If Host A sends a frame with a destination MAC address of Host B, that frame would still be flooded solely within the switch ports in VLAN #10.

Ultimately, assigning different ports to different VLANs allows you to re-use a single physical switch for multiple purposes. This is the first major function of a VLAN.

But that isn’t all VLANs allow you to do. The second major function is VLANs allow you to extend the smaller Virtual switches across multiple Physical switches.