VLAN Configuration
Master virtual network segmentation through interactive CLI labs and network topology simulations
Understanding VLAN Basics
VLANs allow network segmentation using virtual rather than physical connections. Key concepts include:
-
• Broadcast domain separation
-
• Trunk vs Access ports
-
• VLAN tagging (802.1Q)
-
• Inter-VLAN routing
VLAN Configuration Example
show vlan brief
VLAN Name Status Ports
10 Management active Gi0/1, Gi0/2
20 Engineering active Gi0/3-10
30 Guest active Gi0/11-15
VLAN Access Ports
Access port configuration:
interface FastEthernet0/1
switchport mode access
switchport access vlan 20
Trunk port configuration:
interface FastEthernet0/24
switchport mode trunk
switchport trunk allowed vlan 10,20,30
Cisco 2960 Switch - Lab VLAN Configuration
2025-08-20 14:30:11 UTC
Switch>enable
Switch>configure terminal
(config)>vlan 10
VLAN 10 added:
Name: VLAN0010
(config-vlan)>exit
(config)>interface FastEthernet0/1
(config-if)>switchport mode access
(config-if)>switchport access vlan 10
VLAN Topology Visualization
VLAN Configuration Challenge
Create VLAN 30 with 3 access ports and 1 trunk port configuration
Configuration
switch(config)#vlan 30
switch(config-vlan)#exit
switch(config)#interface GigabitEthernet0/2
switch(config-if)#switchport mode trunk
switch(config-if)#end
Status Output
VLAN Trunk Ports : Gi0/2
Active VLANs : 10, 20, 30
Interface Gi0/1: access vlan 30
Your Task
- Configure VLAN 30 with 3 access ports
- Set trunk on a separate interface
- Verify configuration with 'show vlan'
VLAN Best Practices
Security Zones
- • Isolate sensitive services
- • Control inter-VLAN traffic
- • Prevent VLAN hopping attacks
Performance
- • Reduce broadcast traffic
- • Optimize routing performance
- • Segment by department/function
Management
- • Centralized VLAN database
- • VTP for dynamic management
- • NetFlow monitoring