What is a VLAN?
Logical segmentation of a physical switch
VLANs group switch ports into separate logical networks. Devices in different VLANs cannot communicate without a Layer 3 device — even on the same physical switch.
Benefits: Security isolation · Reduced broadcast domains · Traffic segmentation · Simplified management
10
Sales
Fa0/1–Fa0/8
20
HR
Fa0/9–Fa0/16
30
Eng
Fa0/17–22
99
Mgmt
SVI only
Default VLANVLAN 1 (all ports default)
Native VLANVLAN 1 — untagged on trunk
Voice VLANSeparate VLAN for IP phones
Max VLANs4096 (12-bit VLAN ID)
802.1Q Trunking
Carrying multiple VLANs over one link
A trunk port carries traffic for multiple VLANs by inserting a 4-byte 802.1Q tag into each Ethernet frame to identify its VLAN.
802.1Q Frame Structure
DST MAC
6B
SRC MAC
6B
802.1Q TAG ★
4B
EtherType
2B
Payload
46–1500B
FCS
4B
Tag contains: TPID (0x8100) + PCP (3b) + DEI (1b) + VLAN ID (12 bits → 0–4095)
Native VLAN framesSent UNTAGGED on trunk
All other VLAN framesSent TAGGED
DTP dynamic autoPassive — responds only
DTP dynamic desirableActive — initiates trunk
Security: Change native VLAN from VLAN 1 to prevent VLAN hopping attacks.
Inter-VLAN Routing Methods
Three ways to route between VLANs
METHOD 1 — Legacy
Separate Router Interfaces
One physical router port per VLAN. Doesn't scale — rarely used.
METHOD 2 — ROAS ★ Common in NetAcad labs
Router-on-a-Stick
One trunk link to router. Router subinterfaces per VLAN with
encapsulation dot1Q.METHOD 3 — Enterprise Best Practice
Layer 3 Switch + SVIs
Switch Virtual Interfaces per VLAN +
ip routing. Fastest, most scalable.STP & EtherChannel
Loop prevention and link aggregation
STP prevents Layer 2 broadcast storms in redundant topologies by blocking one or more paths. Elects a Root Bridge — lowest Bridge ID wins.
| Port Role | Description |
|---|---|
| Root Port | Best path to Root Bridge |
| Designated | Forwards frames on segment |
| Alternate | Blocked — standby path |
PortFastSkip Listening/Learning (access ports)
BPDU Guarderr-disable if BPDU received
PVST+STP per VLAN (Cisco default)
Rapid PVST+Fast convergence (~1–2s)
EtherChannel bundles 2–8 ports into one logical link. LACP (IEEE 802.3ad) or PAgP (Cisco). STP sees it as a single interface.
VLAN Knowledge Drills
Multiple choice questions on VLANs, trunking, STP, and EtherChannel.
0
Correct
0
Wrong
0
Streak 🔥
60s
QUESTION 1 · VLANS
Packet Tracer Labs
Step-by-step VLAN configuration walkthroughs.
VLAN Topology Diagrams
VLAN Cheatsheet
VLAN & Trunk Configuration
# Create and name VLANs
S1(config)# vlan 10
S1(config-vlan)# name Sales
S1(config)# vlan 99
S1(config-vlan)# name Management
# Assign access port to VLAN
S1(config)# interface Fa0/6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
# Configure 802.1Q trunk
S1(config)# interface Gi0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# switchport trunk allowed vlan 10,20,99
# Verify
S1# show vlan brief
S1# show interfaces trunk
S1# show interfaces Gi0/1 switchport
ROAS & L3 Switch
# Router-on-a-Stick subinterfaces
R1(config)# interface G0/0/0.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 192.168.10.1 255.255.255.0
R1(config)# interface G0/0/0.20
R1(config-subif)# encapsulation dot1Q 20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0
R1(config)# interface G0/0/0
R1(config-if)# no shutdown
# L3 Switch SVIs
SW(config)# ip routing
SW(config)# interface vlan 10
SW(config-if)# ip address 192.168.10.1 255.255.255.0
SW(config-if)# no shutdown
STP Configuration
# Set root bridge (low priority wins)
S1(config)# spanning-tree vlan 1 priority 4096
S1(config)# spanning-tree vlan 1 root primary
# PortFast on access ports
S1(config-if)# spanning-tree portfast
S1(config-if)# spanning-tree bpduguard enable
# Enable Rapid PVST+
S1(config)# spanning-tree mode rapid-pvst
# Verify STP
S1# show spanning-tree
S1# show spanning-tree vlan 10
EtherChannel Configuration
# LACP EtherChannel (IEEE)
S1(config)# interface range Fa0/1-2
S1(config-if-range)# channel-group 1 mode active
# Neighbour uses: mode passive or active
# PAgP EtherChannel (Cisco)
S1(config-if-range)# channel-group 1 mode desirable
# Neighbour uses: mode auto or desirable
# Configure logical port-channel
S1(config)# interface port-channel 1
S1(config-if)# switchport mode trunk
# Verify
S1# show etherchannel summary
S1# show etherchannel port-channel
Topic Checklist
Track your progress through VLAN concepts.
0%
Complete