Configuring and Verifying VLANs Spanning Multiple Switches 

Configuring and Verifying VLANs Spanning Multiple Switches 

by

Virtual Local Area Networks (VLANs) are essential for organizing and segmenting networks efficiently. VLANs help reduce broadcast traffic, enhance security, and improve overall performance. In this post, we’ll learn how to configure and verify VLANs (in the normal range) across multiple switches, and explore key concepts like access ports, default VLANs, and connectivity.

Configuring and Verifying VLANs Spanning Multiple Switches 

Before diving directly into Configuring and Verifying VLANs Spanning Multiple Switches, let us understand the basics of VLAN, its necessity and its types.

What is VLAN?

A VLAN (Virtual Local Area Network) is a logical segmentation of a physical network into multiple broadcast domains. Each VLAN operates as an independent network, even though multiple VLANs may exist on the same switch or be extended across multiple switches.

A VLAN divides a single physical network into multiple virtual networks, allowing devices in the same VLAN to communicate as if they were on the same physical network, even if they are connected to different switches.

💡 Note: 
A broadcast domain is a group of devices in a network where any broadcast frame (destination MAC FFFF.FFFF.FFFF) sent by one device is received by all other devices within that same domain.

Why VLAN is needed?

VLANs are needed because they make networks more secure, efficient, and easier to manage. Without VLANs, all devices on a switch would be part of the same broadcast domain, meaning unnecessary traffic, poor performance, and security risks.

Here are the key points why VLAN is needed:

  1. Improves Network Security
    • VLANs isolate network traffic between departments or user groups.
    • For example, the Finance VLAN is separated from the Guest VLAN, preventing unauthorized access to sensitive financial data.
    • Communication between VLANs requires a router or Layer 3 switch, adding a security control point.
  2. Reduces Broadcast Traffic
    • In a large flat network, broadcast messages go to all devices — wasting bandwidth.
    • VLANs create separate broadcast domains, so broadcasts stay within each VLAN.
    • This reduces congestion and improves overall performance.
  3. Enhances Network Performance
    • By limiting broadcast domains and grouping similar traffic, VLANs reduce unnecessary load on network devices.
    • Departments get dedicated bandwidth for their operations.
  4. Simplifies Network Management
    • You can group users by function (HR, IT, Sales) instead of by physical location.
    • When users move desks or floors, they can remain in the same VLAN with minimal reconfiguration.
  5. Enables Better Network Design
    • VLANs allow logical segmentation — you can design networks based on business needs rather than cabling structure.
    • They are essential for advanced technologies like Voice VLANs, Inter-VLAN routing, and Quality of Service (QoS).

VLAN Range

VLANs are identified by VLAN IDs, which are numerical values ranging from 1 to 4094. These IDs are divided into three main ranges based on their purpose and configuration method.

  1. Normal Range VLANs – ranges from VLAN 1 – 1005. They are stored in vlan database files as vlan.dat in flash memory. Commonly used in small and medium networks. They are supported by all switches
    • VLAN 1 is the default VLAN (used for management and control traffic like CDP, STP, etc.)
    • VLANs 1002–1005 are reserved for legacy technologies (Token Ring and FDDI)
  2. Extended Range VLANs ranges from VLAN 1006 – 4094. They are stored in running configuration (not vlan.dat). They are used by ISPs and large enterprises. They are supported only in VTP transparent mode.
  3. Reserved VLAN: VLAN 0 and VLAN 4095 are the Reserved VLANs. VLAN 0 is used for priority tagging in QoS (Quality of Service). VLAN 4095 is reserved internally for system use.

Types of VLAN

VLANs are classified into different types.

  • Default VLAN: Every switch has a default VLAN that all ports belong to initially.
    On Cisco switches, VLAN 1 is the default VLAN. It is used for control plane traffic like CDP (Cisco Discovery Protocol), STP (Spanning Tree Protocol), and VTP.
  • Data VLAN: A VLAN created to carry user-generated traffic, such as PCs, printers, and IP phones. It segregates traffic by department or function
  • Voice VLAN: It is designed to handle VoIP (Voice over IP) traffic and ensures high quality of service (QoS) by prioritizing voice packets. It also keeps voice traffic separate from regular data traffic to avoid delay or jitter.
  • Management VLAN: It is used for remote switch management (SSH, Telnet, SNMP, HTTP) and isolates management traffic from user data for better security.
  • Native VLAN: It carries untagged traffic on a trunk portand is used when connecting devices that don’t support VLAN tagging (e.g., older hardware).
  • Trunk VLAN (Allowed VLANs): It carries multiple VLANs between switches using a single trunk link and ensures inter-switch communication for multiple VLANs.

How VLAN Works

Let us take an example of a corporate office which have two departments namely SALES and HR.

In the above scenario, both the departments are sharing the same broadcast domain through unmanaged switches S1, S2 and S3. Suppose PC1 wants to share some information to PC3 within the SALES department, PC1 then broadcasts frames for PC3. However, the broadcast frames are received by all the PCs of the corporate building. Without VLANs, all devices in these departments would be in one broadcast domain, causing unnecessary traffic and potential security risks.

When VLANs are configured,

  • The single physical network is divided into multiple logical networks.
  • Devices in one VLAN can communicate with each other directly.
  • Devices in different VLANs cannot communicate unless a router or Layer 3 switch is used.
  • Since broadcast traffic is limited to each VLAN, the overall network congestion reduces.

Since, there ae two separate departments: HR and SALES, we can configure separate VLANs for them. If SALES is assigned VLAN 10 and HR – VLAN 20, they are isolated from each other unless routing is allowed.

Configuring VLAN spanning multiple switches

Configuring VLAN spanning multiple switches

By default, a VLAN is limited to one switch. When you want the same VLAN (for example, VLAN 10 – SALES) to exist across several switches, you must extend the VLAN using trunk links. A trunk link allows multiple VLANs to travel between switches through a single physical connection.

Here is the step-by-step guide to configure on the multiple switches using the above topology.

  • Step 1: Configure IP address to all th PCs
  • Step 2: Create VLAN to all the switches.
  • Step 3: Assign Switch port to VLAN

Let us configure the VLAN to the above topology. Given Parameters are as under:

DepartmentVLAN IDNetwork Address
SALESVLAN 10192.168.1.0/24
HRVLAN 20192.168.2.0/24

VLANs (Virtual Local Area Networks) are connected using Access Links and Trunk Links depending on how devices and switches need to communicate.

  • Access Link: Access link Connect end devices (like PCs, printers, IP phones) to a specific VLAN. An access link carries traffic for only one VLAN. Frames are untagged — the switch knows which VLAN the port belongs to internally.
  • Trunk Link: Connect switches to other switches, or switches to routers, carrying multiple VLANs across a single physical link. They allow traffic from many VLANs to pass through one cable.

Access Link (Access Port) Connectivity

DevicesVLAN Membership IP AddressesConnected to Interfaces
PC 1VLAN 10 – SALES192.168.1.2/24Fa 0/1 of S1
PC 3VLAN 10 – SALES192.168.1.3/24Fa 0/1 of S2
PC 5VLAN 10 – SALES192.168.1.4/24Fa 0/1 of S3
PC 2VLAN 20 – HR192.168.2.2/24Fa 0/2 of S1
PC4VLAN 20 – HR192.168.2.3/24Fa 0/2 of S2
PC 6VLAN 20 – HR192.168.2.4/24Fa 0/2 of S3

Trunk Link (Trunk Port) Connectivity

There are three Ethernet switches S1, S2 and S3. Thay are connected to each other using trunk link and the interfaces are used as follows:

  • Interface Gigabit Ethernet 0/2 of S1 is connected with Gigabit Ethernet 0/1 of S2
  • Interface Gigabit Ethernet 0/2 of S2 is connected with Gigabit Ethernet 0/1 of S1

Step1: Configure IP address to all PCs.

Assign the given IP addresses and subnet mask to all Pcs as mentioned in the table above.

Assigning IP addresses to PC

Th PC 1 IP address and subnet mask configuration is given above. Similarly, you can assign IP address and subnet mask to the remaining PCs.

Step 2: Create VLAN to all the switches.

Switch>enable
Switch#config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#vlan 10
S1(config-vlan)#
S1(config-vlan)#name SALES
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name HR
S1(config-vlan)#exit
S1(config)#

Creating VLAN 10 and VLAN 20 IN S1

creating VLANs

Similarly, create VLAN10 VLAN 20 In S2 and S3 To verify VLAN configuration, Use the Following command

S1# show vlan brief

The output will be:

show vlan brief

Here, you can see VLAN 10 and VLAN 20 are created for SALES and HR respectively. But no switch ports are assigned to any VLAN.

Step 3: Assign Switch port to VLAN

Now let us assign switch port to the interfaces of all the switches: access ports to pc and trunk port to switch to switch link.

For S1:

S1(config)#interface fa0/1
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#exit
S1(config)#
S1(config)#interface fa0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 20
S1(config-if)#exit
S1(config)#
S1(config)#
S1(config)#interface g0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk allowed vlan 10,20
S1(config-if)#exit

Similarly, you can configure the switches S2 and S3 to assign access port and trunk ports to their interfaces.

Configuring VLAN spanning multiple switches - commands

To verify the VLAN and switchport configuration, use the following commands

S1#show vlan brief

From the above output, it clear that VLAN 10 and VLAN 20 are assigned switch ports for S1.

Verifying VLAN Configuration

The following commands are useful in verifying VLAN configuration.

Switch# show vlan brief                --------> To check VLAN
Switch# show interfaces trunk      --------> To verify trunk
Switch# show mac address-table  --------> To check mac address-table
Switch#show interfaces status     ---------> To verify  each port’s operational mode (access/trunk),      
                                                                       assigned VLAN, and link status.

Related posts:

Leave a Comment