Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
3.2.1. VLANs and Trunking
VLAN (Virtual LAN): Logically segments a single switch into multiple broadcast domains. Devices in different VLANs cannot communicate directly—they require Layer 3 routing, even if on the same physical switch.
Why VLANs matter:
- Security: Isolate sensitive traffic (finance VLAN, guest VLAN)
- Performance: Limit broadcast domains (broadcast in VLAN 10 doesn't reach VLAN 20)
- Flexibility: Group users by function regardless of physical location
Port Types:
| Port Type | Function | Tagging |
|---|---|---|
| Access | Connects end devices | Untagged (one VLAN only) |
| Trunk | Connects switches, carries multiple VLANs | Tagged (802.1Q adds VLAN ID) |
Key Trunk Concepts:
- 802.1Q tagging: Inserts 4-byte tag (including 12-bit VLAN ID) into frame header
- Native VLAN: Untagged traffic on a trunk is assigned to this VLAN (default: VLAN 1)
- Voice VLAN: Separate VLAN for VoIP phones sharing port with PC
⚠️ Exam Trap: Native VLAN mismatch causes connectivity issues. If Switch A's native VLAN is 10 and Switch B's is 20, untagged frames are misinterpreted. Both trunk endpoints must agree on native VLAN.
SVI (Switch Virtual Interface): A virtual interface representing a VLAN on a Layer 3 switch. The SVI provides the default gateway IP for devices in that VLAN, enabling the switch to route between VLANs.
Written byAlvin Varughese
Founder•15 professional certifications