Understanding VLANs on Cisco Routers and Switches

Historically, creating multiple networks required multiple switches, but VLANs (Virtual Local Area Networks) changed all of that. Now, more than one network can be created on a single switch.

If the switch has 24 ports, then it can have 24 separate networks on it. In most cases, Cisco switches support 1024 or more created VLANs per switch. Cisco's command structure for creating multiple networks and assigning them to ports is simple and straight forward.

What are VLANs anyway?
VLANs are simply a way of separating traffic logically rather than physically. Each data packet that the switch receives is labeled with a VLAN id that tells the switch which network that the packet belongs to. Sometimes the process is called "tagging" because of the VLAN id tag that is added to the data packet. The switchport access VLAN command demonstrated above tells the switch to remove the VLAN id before the data packet is forwarded onto the computer connected to that switch port.

First, create the VLANs.
switchA>en
switchA#configure terminal
switchA(config)#vlan 5
switchA(config-vlan)#description Accounting
switchA(config)#vlan 10
switchA(config-vlan)#description Marketing

This defines two separate networks on the switch that can by used for ports. VLAN 5 could be used for the Accounting department and VLAN 10 could be used for the Marketing department. After the ports are assigned to the correct VLAN, computers in the Accounting department will not be able to see the Marketing department. It will be as if each department had its own switch.

Configure the ports
switchA(config)#int fa0/1
switchA(config-if)#description Markg-1
switchA(config-if)#switchport mode acess
switchA(config-if)#switchport access vlan 5
switchA(config)#int fa0/2
switchA(config-if)#description Acctg-1
switchA(config-if)#switchport mode acess
switchA(config-if)#switchport access vlan 10

In some versions of the software, Cisco switches will allow the administrator to create VLAN assignments without first creating VLANs. If the VLAN is not properly created, the switch will discard the packets and the computers on that VLAN will not be able to communicate. The VLANs can be created after the ports are assigned.
Viewing VLAN information
Information on the switch's configured VLANs can be viewed in two ways. First with the show vlan command and second with the show interface command. If the
switchA>show vlan

VLAN Name Status Ports
---- -------------------------------- ---------
5 Accounting active fa0/1
10 Marketing active fa0/2

switchA>show interface status
Port Name Status Vlan Duplex Speed
fa0/1 Markg-1 connected 5 full 100
fa0/1 Acctg-1 inactive 10 full 100

VLAN 1 is default:
The default configuration for a Cisco switch is for every port to be on VLAN 1. Even when the the configuration does not show a switchport access vlan command on the port, it is assumed that the port is on VLAN 1. Once a port is assigned to a new VLAN, like the Accounting VLAN 5, it can no longer communicate directly with the other unconfigured ports.