Virtual LANs (VLANs) are a fundamental aspect of network design, providing

administrators with a powerful tool to segment networks logically. This article

explores the concept of VLANs, VLAN access, and trunk links, accompanied by a
practical lab guide to help you implement these concepts in a real-world
environment.

What is a VLAN?

A VLAN, or Virtual LAN, is a method of creating multiple distinct broadcast domains

within a single physical network infrastructure. Traditionally, network devices within
the same broadcast domain (such as devices connected to the same switch) are part
of the same LAN segment and can communicate directly with each other using
broadcasts and multicast transmissions. However, VLANs enable the segmentation of
these networks logically, allowing devices to communicate as if they were on
physically separate networks, regardless of their physical location.

Benefits of VLANs:

Enhanced Security: VLANs can isolate sensitive or critical network resources, such as
servers or financial data, from other parts of the network, reducing the risk of
unauthorized access or attacks.

Improved Performance: By segmenting the network into smaller broadcast

domains, VLANs help reduce network congestion and optimize bandwidth usage,
leading to improved overall network performance.

Simplified Network Management: VLANs facilitate easier network administration

by logically grouping devices based on criteria such as department, function, or
location, making it simpler to implement and enforce network policies.

Flexibility and Scalability: VLANs allow network administrators to easily add,

remove, or modify logical network segments without the need for extensive changes
to the underlying physical infrastructure, providing scalability and adaptability to
changing organizational requirements.

VLAN Access vs. Trunk Links:

To effectively implement VLANs, it's crucial to understand the distinction between

VLAN access and trunk links, as they serve different purposes in VLAN
communication.

VLAN Access:

A VLAN access link is a switch port configured to carry traffic for a single VLAN.
Devices connected to a VLAN access port are members of a specific VLAN and can
only communicate with devices within the same VLAN. When a frame enters a VLAN
access port, the switch adds a VLAN tag to the frame, indicating the VLAN to which it
belongs. This tagging ensures that the frame is forwarded only to devices within the
designated VLAN.

Trunk Links:

In contrast, a trunk link is a switch port configured to carry traffic for multiple VLANs
simultaneously. Trunk links are typically used to interconnect switches or connect
switches to routers or other networking devices. Unlike access ports, trunk ports can
carry traffic for multiple VLANs by adding VLAN tags to each frame, allowing devices
to communicate across different VLANs while maintaining VLAN segregation.

Configuring VLANs and Trunk Links:

Configuring VLANs and trunk links involves several steps:

VLAN Creation: Define the VLANs and assign VLAN IDs to each logical segment.

VLAN Membership: Assign switch ports to VLANs either as access ports or trunk
ports.

Trunk Configuration: Configure trunk links between switches, ensuring that they
support the appropriate VLANs and trunking protocols (such as IEEE 802.1Q).

VLAN Tagging: Enable VLAN tagging on trunk ports to facilitate the transmission of
frames across VLANs.

VLAN Routing: Implement inter-VLAN routing using routers or Layer 3 switches to

enable communication between devices in different VLANs.

The Lab Setup:

To conduct the practical exercises, you'll need:

1. Switches: At least two manageable switches capable of VLAN configuration.

2. Network Devices: Computers or devices to connect to the switches for
testing.
3. Console Cable: To connect to the switches for configuration.
4. Terminal Emulation Software: Such as PuTTY or Tera Term, to access the
switch CLI.

Lab Exercise 1: VLAN Creation and VLAN Access Configuration

Step 1: Connect to the Switch:

 • Connect your computer to the switch using the console cable.
• Launch the terminal emulation software and establish a console session with
the switch.

Step 2: Create VLANs:

• Access the switch CLI and enter privileged EXEC mode.

• Use the vlan vlan-id command to create VLANs. For example:

Switch(config)# vlan 10
Switch(config-vlan)# name Sales

Step 3: Configure VLAN Access Ports:

• Identify the switch ports to be assigned to specific VLANs.

• Enter interface configuration mode for each port using the interface interface-
id command.
• Assign the port to a VLAN using the switchport access vlan vlan-id command.
For example:

Switch(config)# interface GigabitEthernet0/1

Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Step 4: Verify Configuration:

• Use the show vlan and show interfaces status commands to verify VLAN and
port configurations.

Lab Exercise 2: Configuring Trunk Links

Step 1: Identify Trunk Ports:

• Determine which switch ports will be designated as trunk ports to

interconnect switches.

Step 2: Configure Trunk Ports:

• Enter interface configuration mode for each trunk port.

• Set the port mode to trunk using the switchport mode trunk command.
• Optionally, specify trunking encapsulation using the switchport trunk
encapsulation command (if required).
• Enable trunk negotiation protocols (such as DTP) or manually specify the
trunking mode.

Step 3: Verify Trunk Configuration:

 • Use the show interfaces trunk command to verify trunk port configurations.
• Ensure that the correct VLANs are allowed on each trunk link.

VLANs, VLAN access, and trunk links are essential components of modern network
design, offering administrators the flexibility and control needed to optimize network
performance and security. By following the practical exercises outlined in this guide,
you can gain hands-on experience in configuring VLANs and trunk links, preparing
you to deploy these technologies effectively in your own network environment.
Remember to always test configurations in a controlled lab environment before
implementing them in production to avoid potential disruptions.