How To Setup A VLAN Network: Step-by-Step Tutorial

In practice, it is often necessary not only to form a network of computers in one office, but also to connect computers in several different offices separately to form a small office area network, and each office is required to be a separate network segment, and the whole office area is composed of several separate network segments. Then the switch is divided into a VLAN for each office, through the VLAN can not only limit the broadcast packets, but also prevent unnecessary access traffic between different network segments.

The small office peer-to-peer network formed earlier is able to achieve the purpose of sharing resources within the office. However, due to the relatively large number of computers in the office area formed by multiple offices in the company, such a large number of computers connected within a peer-to-peer network can bring some undesirable effects, such as broadcast packet effects and insecurity. Therefore, the company’s network is best divided into areas by offices and multiple areas are connected to form an office area network. It can be seen that a small office area network is a small local area network with multiple areas connected to the same switch, while using switch VLAN technology can divide different areas.

What Is VLAN Network?

VLAN, which stands for Virtual Local Area Network, is a technology that logically divides the devices in a LAN into a network by dividing them into individual networks.

The switch has a default VLAN1, which controls all ports and is a large broadcast domain. And the division of a VLAN is a small broadcast domain, and unicast and broadcast frames are spread and forwarded within the VLAN and do not enter other VLANs. Dividing VLAs improves network security, controls bandwidth consumption from broadcasts, and increases the flexibility of network connectivity.

We most commonly use VLAN segmentation based on switch ports.

VLAN Network Workflow

1. Mechanisms for Implementing VLANs

Having understood “why VLANs are needed”. Next, let’s understand how the switch uses VLANs to partition the broadcast domain. First of all, on a Layer 2 switch without any VLANs, any broadcast message will be forwarded to all ports except the receiving port, for example, when computer A sends a broadcast message, it will be forwarded to ports 2, 3, and 4.

At this point, if two VLANs are generated on the switch, red and blue; port 1.2 belongs to the red VLAN and ports 3 and 4 belong to the blue VLAN, and if a broadcast is sent from A, the switch will only forward it to other ports belonging to the same VLAN – that is, ports belonging to the same red VLAN 2, not to ports belonging to the blue VLAN. Similarly, when C sends a broadcast message, it will only be forwarded to other ports belonging to the blue VLAN. It will not be forwarded to ports belonging to the red VLAN.

In this way, VLANs are partitioned into wide insertion domains by limiting the range of broadcast frames to be forwarded. The above description distinguishes the different VLANs by red and blue colors for the sake of illustration, but in practice they are distinguished by “VLAN ID”.

2. Visually describing VLANs

To describe VLANs more intuitively, we can think of them as logically partitioning a switch into several switches. Generating red and blue VLANs on one switch can also be seen as replacing one switch with one red and one or two virtual switches. When generating new VLANs in addition to the red and blue VLANs, you can imagine that a new switch is added.

However, the switches logically generated by VLANs are not connected to each other. Therefore, after setting VLANs on the switch. If nothing else is done, there is no communication between VLANs.

The fact that they are obviously connected to the same three switches but cannot communicate with each other – this fact may be difficult to accept. But it is both a convenient and easy-to-use feature of VLANs and a reason why they are so difficult to understand.

How To Setup A VLAN Network?

The VLAN configuration process is actually very simple and requires only two steps:

naming each VLAN group
corresponding the corresponding VLAN to the corresponding switch port.

The following is the specific configuration process：

3.1. Set up the Hypertrm, connect to the 1900 switch, and configure the switch’s VLANs through the Hypertrm. The main configuration interface appears after successful connection as shown below (the switch has completed the configuration of basic information before this).

1 user now active on Management Console.

User Interface Menu

［M］Menus

［K］Command Line

［I］IP Configuration

Enter Selection:

Note: Hypertrm is a program that uses the Hypertrm program that comes with the Windows system, see related information.

3.2. Click the “K” button and select the “[K] Command Line” option in the main interface menu to enter the command line configuration interface as follows.

CLI session with the switch is open, to end the CLI session, enter [Exit].

At this point, we are in the normal user mode of the switch. Just like a router, this mode can only view the current configuration, not change it, and has limited access to commands. So we have to enter “privileged mode”.

3.3. Enter the privileged mode command “enable” at the “>” prompt in the previous step to enter the privileged mode, the command format is “>enable”, then you enter the privileged mode prompt of the switch configuration.

＃config t

Enter configuration commands，one per line. End with CNTL/Z

（config）＃

3.4. For security and convenience, let’s give each of the three Catalyst1900 switches a name and set a privileged mode login password. The following is an example for Switch1 only. The configuration code is as follows.

（config）＃hostname Switch1

Switch1（config）＃enable password level 15 XXXXXX

Switch1（config）＃

Note] The privileged mode password must be 4-8 characters. Be aware that the password entered here is displayed directly in plaintext, so pay attention to confidentiality. Level1 is the password to enter the command line interface, that is, after setting the Level1 password, the next time you connect to the switch and enter K, you will be asked to enter the password, which is the password set by Level1. And Level15 is the privileged mode password that you will be asked to enter after you enter the “enable” command.

3.5. Set the VLAN name. Because the four VLANs belong to different switches, the command for naming VLANs is “vlan vlan number name vlan name, the code for configuring VLANs 2, 3, 4 and 5 on Switch1, Switch2, Switch3 and Switch1 is.

Switch1 (config)#vlan 2 name Prod

Switch2 (config)#vlan 3 name Fina

Switch3 (config)#vlan 4 name Huma

Switch3 (config)#vlan 5 name Info

Note] The above configuration is performed according to the rules in Table 1.

3.6. In the previous step, we configured VLAN groups for each switch, and now we want to correspond these VLANs to the switch port numbers as specified in Table 1. The command corresponding to the port number is “vlan-membership static/dynamic VLAN number”. In this command, you must choose one of the “static” or “dynamic” assignment methods, but the “static” method is usually chosen. “The VLAN port number is configured as follows: www.docin.com.

3.6.1. The VLAN port number of the switch named “Switch1” is configured as follows.

Switch1（config）＃int e0/2

Switch1（config-if）＃vlan-membership static 2

Switch1（config-if）＃int e0/3

Switch1（config-if）＃vlan-membership static 2

Switch1（config-if）＃int e0/4

Switch1（config-if）＃vlan-membership static 2

…

Switch1（config-if）＃int e0/20

Switch（config-if）＃vlan-membership static 2

Switch1（config-if）＃int e0/21

Switch1（config-if）＃vlan-membership static 2

Switch1（config-if）＃

Note: “int” is the abbreviation of the command “interface”, which means interface. e0/3″ is the abbreviation of “etherne The “e0/3” is the abbreviation of “etherne”, which represents port 2 of module 0 of the switch.

3.6.2. The VLAN port number of the switch named “Switch2” is configured as follows.

Switch2(config)#int e0/2