See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/378856934

VLAN Configuration with CISCO

Article · March 2024

CITATIONS READS
0 144

1 author:

Fatemeh Nabidoust
University of Tabriz
18 PUBLICATIONS 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Fatemeh Nabidoust on 10 March 2024.

The user has requested enhancement of the downloaded file.

 VLAN Configuration with CISCO
Research Home Page: www.researchgate.net/profile/Fatemeh-Nabidoust

Fatemeh Nabidoust B. E & M. Eng of Electrical and Electronic-Telecommunication and

Computer Science-Cyber Security Engineer Department
E-mail Address: [email protected]

A B S T R A C T
Keywords:
Computer networks are becoming more complex day by day, and the more the
Network number of clients connected to the local network increases, the more difficult
it is to manage networks and monitor traffic and transmitted packets. To solve
VLAN this problem, various solutions are used, such as dividing the network into
smaller networks called sub-networks, so that the network monitoring process
Router becomes easier. Sometimes the conditions require that the addressing process
to the equipment is done statically and static addressing is used instead of the
Switch
dynamic addressing mechanism (DHCP). Before implementing a network and
other things, there are many things that should be considered, from estimating
the cost when buying a server to the necessary training on software and
hardware topics. In this regard, knowing the important concept of VLAN
allows us to manage organizational networks in the best way.

1.Introduction For example, you are the administrator of a computer

network that has 100 computers, 100 VOIP phones, 80
In order to understand the concept of VLAN, you
network cameras, and 120 devices that are wirelessly
must first know what LAN is. A local area network
connected to the Wi-Fi network. If you want to
is a computer network that connects computers in a
establish an order in addressing between this number
limited area such as a residence, school, laboratory,
of devices, it will be difficult, and all of them will
university campus, or office building. In contrast, a
randomly receive an IP address from the same range,
wide area network that not only covers a larger
and you cannot address them and separate them from
geographical distance, but also generally includes
each other. On the other hand, it is necessary that the
leased telecommunication circuits, is called a LAN.
devices that connect wirelessly to the network have no
Now imagine that this network is very wide and all
connection with other network equipment and can
kinds of equipment are used in this network.
only use the Internet network of the complex.

Page | 1
Also, you don't want any connection from the network This managed sharing yields gains in simplicity,
cameras to other network equipment and only outside security, traffic management, and economy. For
of the set to be able to see them. In addition to all the example, a VLAN can be used to separate traffic
mentioned issues, the transmission traffic of all these within a business based on individual users or groups
equipment together constitutes a significant volume of users or their roles (e.g. network administrators), or
and may cause a traffic problem. For example, if a based on traffic characteristics (e.g. low-priority
user is transferring information to a shared folder, he traffic prevented from impinging on the rest of the
may allocate a lot of bandwidth in the network and network's functioning). Many Internet hosting
this will affect the quality of the images of CCTV services use VLANs to separate customers' private
cameras and VOIP phones. zones from one other, allowing each customer's
servers to be grouped in a single network segment no
1.2. What is VLAN? matter where the individual servers are located in the
data center. Some precautions are needed to prevent
A virtual local area network (VLAN) is any broadcast traffic "escaping" from a given VLAN, an exploit
domain that is partitioned and isolated in a computer known as VLAN hopping. To subdivide a network
network at the data link layer (OSI layer 2). In this into VLANs, one configures network equipment.
context, virtual refers to a physical object recreated Simpler equipment might partition only each physical
and altered by additional logic, within the local area port (if even that), in which case each VLAN runs
network. VLANs work by applying tags to network over a dedicated network cable. More sophisticated
frames and handling these tags in networking systems devices can mark frames through VLAN tagging, so
– creating the appearance and functionality of that a single interconnect (trunk) may be used to
network traffic that is physically on a single network transport data for multiple VLANs. Since VLANs
but acts as if it is split between separate networks. In share bandwidth, a VLAN trunk can use link
this way, VLANs can keep network applications aggregation, quality-of-service prioritization, or both
separate despite being connected to the same physical to route data efficiently.
network, and without requiring multiple sets of
cabling and networking devices to be deployed. 1.3. Types of VLAN
VLANs allow network administrators to group hosts
together even if the hosts are not directly connected to • End to end VLAN: In this case, the
the same network switch. Because VLAN members of each VLAN are scattered
membership can be configured through software, this throughout the network. This mode is used
can greatly simplify network design and deployment. to share resources and apply policies and
Without VLANs, grouping hosts according to their host dispersion. In this case, troubleshooting
resource needs the labor of relocating nodes or is more complicated because the traffic of
rewiring data links. VLANs allow devices that must different VLANs is being transmitted
be kept separate to share the cabling of a physical throughout the network.
network and yet be prevented from directly
Page | 2
interacting with one another.
 • local VLAN: In this case, the hosts are
placed in VLANs based on their physical
location. For example, one floor of a
building, this design is more scalable and
easier to troubleshoot because the traffic
flow is clear. To share resources in this
method, we need routing. 1.5. Applications of vlan

1.4. VLAN membership methods • VLAN is used when you have 200+ devices on your
LAN.
There are two types of VLAN membership: static and • It is helpful when you have a lot of traffic on a LAN.
dynamic. In the static method, it is introduced as • VLAN is ideal when a group of users need more
port-based VLAN. Static VLAN assignments are security or being slow down by many broadcasts.
created by assigning ports to VLANs. When a device • It is used when users are not on one broadcast
enters the network, that device is automatically domain.
assumed to be a port VLAN member. If the user • Make a single switch into multiple switches.
changes the ports and needs to access the same
VLAN, the network administrator must define the VLANs address issues such as scalability, security, and
port to the VLAN for the new connection. In the static network management. Network architects set up VLANs to
method, administrators manually add switch ports to provide network segmentation. Routers between VLANs filter
VLANs. In the dynamic method, the switch broadcast traffic, enhance network security, perform address
automatically assigns appropriate VLANs to ports. summarization, and mitigate network congestion. In a network
They are created using software or as a protocol. With utilizing broadcasts for service discovery, address assignment
a VLAN Management Policy Server (VMPS), an and resolution and other services, as the number of peers on a
administrator can assign switch ports to VLANs based network grows, the frequency of broadcasts also increases.
on information such as the MAC address of the device VLANs can help manage broadcast traffic by forming multiple
connected to the port or the username used to log in broadcast domains. Breaking up a large network into smaller
to that device. When a device enters the network, the independent segments reduces the amount of broadcast traffic
switch checks a database for VLAN membership on each network device and network segment has to bear.
the port to which the device is connected. Protocol Switches may not bridge network traffic between VLANs, as
methods include Multiple VLAN Registration doing so would violate the integrity of the VLAN broadcast
Protocol (MVRP) and the somewhat obsolete GARP domain. VLANs can also help create multiple layer 3 networks
VLAN Registration Protocol (GVRP). (Figure.1) on a single physical infrastructure. VLANs are data link layer
(OSI layer 2) constructs, analogous to Internet Protocol (IP)
subnets, which are network layer (OSI layer 3) constructs.

Page | 3
In an environment employing VLANs, a one-to-one 1.6. Advantages of VLAN
relationship often exists between VLANs and IP
subnets, although it is possible to have multiple subnets • It solves a broadcast problem.
on one VLAN. Without VLAN capability, users are • VLAN reduces the size of broadcast
assigned to networks based on geography and are domains.
limited by physical topologies and distances. VLANs • VLAN allows you to add an additional layer
can logically group networks to decouple the users' of security.
network location from their physical location. By using • It can make device management simple and
VLANs, one can control traffic patterns and react easier.
quickly to employee or equipment relocations. VLANs • You can make a logical grouping of devices
provide the flexibility to adapt to changes in network by function rather than location.
requirements and allow for simplified administration. • It allows you to create groups of logically
VLANs can be used to partition a local network into connected devices that act like they are on
several distinctive segments, for instance: their own network.
• You can logically segment networks based
on departments, project teams, or functions.
• VLAN helps you to geographically structure
• Production
your network to support the growing
• Voice over IP
companies.
• Network management
• It lets you easily segment your network.
• Storage area network (SAN)
• It helps you to enhance network security.
• Guest Internet access
• You can keep hosts separated by VLAN.
• Demilitarized zone (DMZ)
• You do not require additional hardware and

A common infrastructure shared across VLAN trunks cabling, which helps you to saves costs.

can provide a measure of security with great flexibility

1.7. Disadvantages of VLAN
for a comparatively low cost. Quality of service
schemes can optimize traffic on trunk links for real-time
• A packet can leak from one VLAN to other.
(e.g. VoIP) or low-latency requirements (e.g. SAN).
• An injected packet may lead to a cyber-
However, VLANs as a security solution should be
attack.
implemented with great care as they can be defeated
unless implemented carefully. In cloud computing • Threat in a single system may spread a virus

VLANs, IP addresses, and MAC addresses in the cloud through a whole logical network.

are resources that end users can manage. To help • You require an additional router to control

mitigate security issues, placing cloud-based virtual the workload in large networks.

machines on VLANs may be preferable to placing them • A VLAN cannot forward network traffic to

directly on the Internet. other VLANs.

Page | 4
1.8. Configuration and design considerations

This tutorial explains how to configure InterVLAN

routing on Cisco routers. InterVLAN routing allows
communication between Virtual LANs. The part
explains how to configure InterVLAN routing on a
router.

Enter the following commands on the router.

Let me give you an example, take a look at the

topology image above, if you were to configure IP
settings for PC2 it should be

Page | 5
 Check whether all computers are communicating
now. If you’re doing this on a simulator like Cisco
Packet Tracer, turn on simulation mode and see how
the packets are traveling. Suppose we ping PC4 from
PC1 it takes the ICMP packet takes the following
path.

Router and Switch Physical:

Citations:
1. "Virtual LAN Security: weaknesses and countermeasures", SANS Institute InfoSec Reading
Room, SANS Institute, archived from the original on 2017-11-18, retrieved 2018-05-18.s
2. Rik Farrow. "VLAN Insecurity". Archived from the original on 2014-04-21.

Page | 6

View publication stats