- Identify the groups of users that need to be created. For example, the administrator may want an engineering VLAN, a sales VLAN, and an administration VLAN. Most organizations use VLAN 1 as the management VLAN and don’t have user devices connected to it.
- Engineering Department: VLAN 2
- Sales Department: VLAN 3
- Administration Department: VLAN 4
- Create the new VLANs on the switch. A console connection or Telnet session using the command line interface (CLI) or menu is a common way to configure the VLANs. Some vendors also support web-based management and SNMP configuration of VLANs.
- Configure the switch, port-by-port, for the appropriate VLAN.
For the configuration above, VLAN operation can be summarized as follows:
- The switch is configured and each port is assigned to one of three VLANs
(V2, V3, or V4).
- When user 1 in engineering connects to the engineering server, most likely an ARP request is required first to determine the MAC address of the server son that frames can be sent to it. This ARP request has a destination MAC address of ff ff ff ff ff ff (broadcast address).
- When this ARP request arrives in the switch, the switch forwards the frame through all other switch ports that are configured for VLAN 2.
- The switch doesn’t send the broadcast out the ports configured for other VLANs, thereby allowing the broadcasts to be contained.
- For network security, devices on VLAN 2 aren’t able to communicate with devices on VLAN 3 or VLAN 4.
Understanding Networking Fundamentals
SWITCH — Implementing Cisco IP Switched Networks v1.0
Wireless LAN Foundations