VLAN Plan (Instructor Version)

Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Objective
Implement VLANs to segment a small- to medium-sized network.
This class activity focuses students’ thoughts on how VLANs are designed. Groups of two or three students
should be created to complete this class activity.

Scenario
You are designing a VLAN switched network for your small- to medium- sized business.
Your business owns space on two floors of a high-rise building. The following elements need VLAN consideration
and access for planning purposes:
• Management
• Finance
• Sales
• Human Resources
• Network administrator
• General visitors to your business location
You have two Cisco 3560-24PS switches.
Use a word processing software program to design your VLAN-switched network scheme.
Section 1 of your design should include the regular names of your departments, suggested VLAN names and
numbers, and which switch ports would be assigned to each VLAN.
Section 2 of your design should list how security would be planned for this switched network.
Once your VLAN plan is finished, complete the reflection questions from this activity.
Save your work. Be able to explain and discuss your VLAN design with another group or with the class.

Required Resources
Word processing program

Reflection
1. What criteria did you use for assigning ports to the VLANs?
_______________________________________________________________________________________
Number of users, types of end-devices and how many MAC addresses would need to be assigned to each
port of the VLAN, if any.
2. How could these users access your network if the switches were not physically available to general users via
direct connection?
_______________________________________________________________________________________
An additional network device could be incorporated into the network or perhaps a wireless access point or
ISR router with access to the general VLAN switchports. If this is a new building, wired connections could be
established allowing separate, direct access to network ports built into office walls or conference tables.
3. Could you reduce the number of switch ports assigned for general users if you used another device to
connect them to the VLAN network switch? What would be affected?

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
VLAN Plan

__________________________________________________________________
Bandwidth would be shared if users shared a port.

Modeling Activity Graphic Representation (designs will vary)

Instructor Notes: This is a representative example that could be “built” as a result of this activity:
Tables are used in this design - students may elect to show their switched network design in graphic format with
notes indicating port assignments, department/inter-VLAN associations and security considerations.

In this example, both switches would use the same switchport assignments and VLAN information to facilitate
network administration tasks. Switches would be connected via a configured trunk line using one of the Gigabit
ports. The remaining Gigabit ports would be reserved for connectivity to intermediary devices, additional trunk
lines or servers.

Section 1: VLAN Names and Numbers – VLAN Switchport Assignments

Assigned VLAN Name and

Department Switchport Numbers
Number

Network
Native90 Gi0/1 and Gi0/2
Administration
Management Management10 Fa0/1-0/2
Finance Finance20 Fa0/3-Fa0/6
Sales Sales30 Fa0/7-Fa0/10
Human Resources HR40 Fa0/13-Fa0/16
General General50 Fa0/17-Fa0/22
(Fa0/23 and Fa0/24 will be shut down and
(not assigned) Leave in VLAN1
reserved for future VLAN consideration)

Section 2: Security Design:

 Ports Fa0/1 and Fa/02 would be configured with two specific MAC addresses – if a non-specified MAC
address from an end-device accesses these two ports, the ports will shut down.
 Fa0/3-Fa0/16 would be assigned specific MAC addresses. The assigned addresses will be based on the
addresses recorded from the end-devices located in each department. The ports will shut down if
security is breached.
 Ports Fa0/17-Fa0/22 would be open ports for general use within the small- to medium-size business.
 Ports Fa23 and Fa24 would be shut down by the network administrator and saved for future VLAN
assignment.

Identify elements of the model that map to IT-related content:

 VLANs  VLAN assignment
 VLAN trunking  VLAN security
 VLAN domains

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2