Filter
Top Products
Chapter 2. VLANs | 16
2
2. VLANs
Virtual LANs
This chapter provides the following examples:
• Create Two VLANs on page 17
• Assign Ports to VLAN2 on page 19
• Create Three VLANs on page 20
• Assign Ports to VLAN3 on page 22
• Assign VLAN3 as the Default VLAN for Port 1/0/2 on page 24
• Create a MAC-Based VLAN on page 25
• Create a Protocol-Based VLAN on page 28
• Virtual VLANs: Create an IP Subnet–Based VLAN on page 31
• Voice VLANs on page 33
• Private VLANs on page 44
• Assign Private-VLAN Types (Primary, Isolated, Community) on page 46
• Configure Private-VLAN Association on page 48
• Configure Private-VLAN Port Mode (Promiscuous, Host) on page 49
• Configure Private-VLAN Host Ports on page 50
• Map Private-VLAN Promiscuous Port on page 52
Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both
bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header,
which is fast. Like a router, it partitions the network into logical segments, which provides better
administration, security, and management of multicast traffic.
A VLAN is a set of end stations and the switch ports that connect them. You can have different
reasons for the logical division, such as department or project membership. The only physical
requirement is that the end station and the port to which it is connected both belong to the same
VLAN.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in
the Layer 2 header of packets transmitted on a VLAN. An end station might omit the tag, or the
VLAN portion of the tag, in which case the first switch port to receive the packet can either reject
it or insert a tag using its default VLAN ID. A given port can handle traffic for more than one
VLAN, but it can support only one default VLAN ID.