A VLAN (Virtual Local Area Network) Allows us to take one physical switch and chop it up into multiple “virtual” switches. It is the ultimate tool for security, organization, and broadcast control.
Today, we’re breaking down how we keep traffic separated and how we move all that data across a single cable using Trunking
1. Why Use VLANs?
Without VLANs, every device plugged into a switch is in the same Broadcast Domain. If one computer sends out a broadcast, every other computer has to process it. In a large school, this “noise” would eventually crash the network.
VLANs Solve this by:
- Security: Keeping different groups (Staff, Admins, Security Cameras, IoT) isolated.
- Organization: Grouping users by department rather than where their desk is physically located
- Performance: Reducing the sie of broadcast domains so the network stays snappy.
2. Access Ports vs. Trunk Ports
When you configure a switch port for a VLAN, it can be one of two types:
Access Ports
These are “single-VLAN” ports, you plug an end-device (like a laptop or. a printer) into an access port, and it is assigned to exactly one VLAN. The device doesn’t even know it’s on a VLAN; the switch handles all the labeling.
Trunk Ports
What happens when you have two switches in different closets that both need to carry traffic? You don’t want to run 10 separate cables between them. Instead, you create a Trunk Port. A trunk port is a “super-highway” that allows traffic from ALL VLANs to travel across a single physical link.
3. The Secret Sauce: 802.1Q Tagging
How does Switch B know which packet belongs to which VLAN when it arrives from Switch A? it uses the IEEE 802.1Q Standard
When a frame enters a trunk port, the switch “tags” it with a small 4-byte header containing the VLAN ID. When it reaches the other side, the receiving switch reads the tag, strips it off, and sends the data to the correct destination
4. The “Support Associate” Reality: Native VLANs
Once concept that often trips up technicians is the Native VLAN. By default, any traffic that arrives on a trunk port without a tag is put into the Native VLAN (usually VLAN 1).
- Pro-Tip: For security, professional IT shops usualy change the Native VLAN to something unused (like VLAN 999) to prevent “VLAN Hopping” attacks. If you see a “Native VLAN Mismatch” error in your switch logs, it means the two ends of your trunk cable don’t agree on which VLAN is the “untagged” one!
5. Troubleshooting VLANs
When a new device at work has “Limited or No Connectivity.” check these three things:
- Port Assignment: Is the port actually assigned to the right VLAN? (Use: show vlan brief).
- VLAN Existence: Does the VLAN even exist on this specific switch?
- Trunking: If the device is oin a different building, is the trunk link between buildings actually allowing that specific VLAN ID to pass through?
What’s Next?
VLANs Keep people apart, but eventually, those people need to talk to each other (like a teacher needing access to the internet). Tomorrow, we look at the “Gateway”: The Router. We’ll discuss how routers move data between VLANs using a concept called “Router on a stick.”
📚 Sources & Further Reading.
- CompTIA Network+ N10-009: Objective 1.2 – Configure and verify virtual LANs (VLANs).
- The Cyber Ledger: The Network Switch: Brains of the LAN
- Jason Dion: Section 8: Ethernet Switching
This article is an independent summary of my learning journey. All trademarks and copyrighted materials belong to their respective owners.