3.1. VLANs Configuration
💡 First Principle: Without VLANs, all ports on a switch belong to one broadcast domain—every broadcast reaches every device. VLANs create virtual switches within a physical switch, isolating broadcast traffic and improving security. Devices in different VLANs cannot communicate without a router (Layer 3), even if they're plugged into the same physical switch.
Consider this scenario: Your office has HR, Finance, and IT on the same floor, sharing one switch. Without VLANs, when an HR user's PC sends a broadcast (like "who has 10.1.1.1?"), Finance and IT devices all receive it—and respond. Worse, anyone with a packet sniffer can see traffic from other departments. With VLANs, HR's broadcasts stay in HR's VLAN. Finance can't even see the traffic exists. It's like having three separate switches, but you only bought one.
What breaks without proper VLAN design: Broadcast storms affect everyone. A compromised machine in one department can attack devices in others. Compliance auditors ask why payroll data traverses the same network segment as the guest WiFi. VLANs solve all three problems.
Why VLANs Matter
Loading diagram...
Loading diagram...
VLAN Ranges
| Range | VLAN Numbers | Usage |
|---|---|---|
| Normal | 1-1005 | Standard use, stored in vlan.dat |
| Extended | 1006-4094 | Requires VTP transparent mode or VTPv3 |
| Reserved | 1002-1005 | Token Ring and FDDI (legacy) |