Actually it was so hard to understand “why we use vlan” on the first days of my networking days. But after , day by day it was easier to get it. Generally, we are making virtual local area networks on the same switch and making them to communicate.
The main reason that we are using VLANs is seperating the broadcast traffic. As you know, on a local area network broadcasts aren’t forwarded over a router. But if you use VLAN, you don’t need a router to eleminate the broadcast traffic. You can use VLANs on a same switch and broadcast traffic is not forwarded between that VLANs. Each VLAN has own its broadcast traffic. VLANs aren’t used on plug&play ( dummy ) switches.
When you use plug and play switch ;
- Error probability is high
- Broadcast and Multicast traffic may not be banned ( Because there is no STP )
- You can face security problems
- MAC Flood may occur
Benefits Of VLAN
- Easy management
- Easy troubleshooting
- Better performance
- Summarization point
When you use VLAN, you group the users logically and you create new broadcast domains. VLAN provides subnet communication and access control. Also you can make easier and more effective QOS ( Quality Of Services ) with VLANs.
Here is a simple configuration of a VLAN :
SWITCH_A(conf)#vlan 400 SWITCH_A(conf-vlan)#name SALES SWITCH_A(conf-vlan)#exit SWITCH_A(conf)#interface Fa0/21 SWITCH_A(conf-if)#switchport mode access SWITCH_A(conf-if)#switchport access vlan 21
The step that you see on the left may vary to IOS that you use. On the latest versions you don’t need to create that VLAN before you implement it a port. It’s automatically created when you implement it. And if you are using and old IOS and just implement it to the port, you can see orange ports on your switch. The way to fix it to create that vlan on global config mode.
To monitor the VLANs that are created you can use “show vlan” command. VLAN 1 is the default VLAN on many switches and created automatically. And all ports are attached to VLAN 1 before configuration. For security reasons, i don’t offer to use VLAN 1 as the management VLAN or etc. because it is DEFAULT and known by everybody. Also VLAN 1002, 1003, 1004 and 1005 aren’t used for special reasons.
VLAN configuration is not stored in running config. So if you need to clear the VLANs in a switch, you should use that command : “delete flash : vlan.dat””
If you have many vlans on a switch and if you want to communicate it you need a layer 3 device ! Without that, you can’t communicate the vlans each other. This method’s name is inter-vlan routing.