Free CCNA | VLANs (Part 1) | Day 16 | CCNA 200-301 Complete Course

Welcome to Jeremy’s IT Lab. This is a free, complete course for the CCNA. If you like these videos, please subscribe to follow along with the series.

Also, please like and leave a comment, and share the video to help spread this free series of videos. Thanks for your help. So, today’s topic is another big one.

Today’s topic is VLANs. VLAN stands for Virtual LAN, Virtual Local Area Network. It’s very important that you understand VLANs well for your CCNA exam, and certainly when working as a network engineer.

So, feel free to ask any questions if you don’t understand. Here are the topics we will cover in today’s video. First, what is a LAN?

We know it stands for Local Area Network, but I’ll give you a more specific definition. To help understand LANs and VLANs, we will also look at broadcast domains. After looking at LANs and broadcast domains, I will introduce you to VLANs, virtual LANs.

I will teach you the basics of VLANs, and their purpose. Finally, we will look at the basics of VLAN configuration on Cisco switches. By the way, this won’t be the only video on VLANs, the next video, Day 17, will also be on VLANs, so this video will just cover the basics.

Let’s get started. So, what is a LAN? In a previous video, I said that a LAN is a group of devices (PCs, servers, routers, switches, etc.

) in a single location, for example a home or office. Let’s take a look at a more specific definition: A LAN is a single broadcast domain. A broadcast domain is the group of devices which will receive a broadcast frame (that is, a frame with a destination MAC of all Fs) sent by any one of the members.

Let’s take a look at a diagram. So, take a look at this network here. How many broadcast domains do you think there are?

Remember, a broadcast domain includes all devices that will receive a broadcast frame. So, let’s say PC1 sends a broadcast frame, and remember that a broadcast frame is a frame with a destination MAC Address of all Fs. Which devices will receive the frame?

Well, this PC1 sends the frame out towards SW1, and what does a switch do with a broadcast frame? It floods it out all interfaces, except the one it was received on. So, the frame is sent to PC2 and R1.

What does a router do with a broadcast frame? It doesn’t forward it. It will receive the frame, but it won’t send it to other networks.

So, that means this is one broadcast domain, including PC1, PC2, SW1, and one of R1’s interfaces. So, that’s one broadcast domain. How many are left?

What if PC3 sends a broadcast frame, which devices will receive it? SW2 will receive the frame and flood it out of all interfaces, to R1, PC4, and PC5. R1, however, will not forward the broadcast frame.

So, that’s the broadcast domain, PC3, PC4, PC5, SW2, and one of R1’s interfaces. So far, we have found 2 broadcast domains. Now, how about if PC6 sends a broadcast frame, which devices will receive it?

When SW3 receives it, it will flood the frame to PC7, PC8, and R2. And R2 will not forward the frame. So, this is the broadcast domain, including PC6, 7,8, SW3, and one of R2’s interfaces.

So, we’ve found three broadcast domains so far. However, there is one more. What if R1 sends a broadcast frame out of its interface which is connected to R2?

It will be received only by R2. However, even though this is a connection with only two devices, it is still technically a broadcast domain. So, do you understand what a broadcast domain is now?

A broadcast domain is the group of devices which will receive a broadcast frame (with a destination MAC address of all Fs) sent by any one of the members. In this network here, there are four broadcast domains, and therefore four LANs. Here is a small LAN of a company.

Let’s say there are three main departments in this office, engineering, sales, and human resources. Also, the company is using the 192. 168.

1. 0/24 network for this LAN. However, this isn’t necessarily the best setup.

For both security and performance purposes, it would be best to split up these into separate subnets. For example let’s say a PC in the engineering department sends a broadcast message intended for other PCs in the engineering department. Since it’s a broadcast message, the switch will flood it out of all interfaces.

So, not only will the PCs in the engineering department receive the broadcast, ALL PCs, as well as the router, will receive the broadcast. This is a problem, for both security and network performance purposes. When it comes to performance, lots of unnecessary broadcast traffic can reduce network performance.

Whether it’s a broadcast from one end host, or a switch that doesn’t know how to reach the destination MAC address so it floods the frame, we should minimize unnecessary traffic in our network. As for security, Even within the same office, you want to limit who has access to what. You can apply security policies on a router or firewall.

Because this is one LAN, PCs can reach each other directly, without traffic passing through the router. So, even if you configure security policies on the router, they won’t have any effect. We should separate these hosts so we can apply security policies that determine who can access what in the network.

So, let’s split up these departments into separate subnets. 192. 168.

1. 0/26 for the ENGINEERING department, 192. 168.

1. 64/26 for the HR department, and 192. 168.

1. 128/26 for the SALES department. However, there’s one problem.

The router is going to need an IP address in each subnet, so it will need one interface in each subnet. So, let’s replace this single connection between the switch and router with three separate connections, one in each subnet. Actually, there is a more efficient way of doing this, you don’t actually have to use three separate interfaces, but don’t worry about that for now, I will cover that in a future video.

So, you may think the problem is solved now. Let’s say this PC in the ENGINEERING department has an IP address of 192. 168.

1. 1, and this PC in the SALES department has an IP address of 192. 168.

1. 129. If PC1 sends some data to PC2, PC1 will recognize that PC2 is in a different subnet than its own, so it will set the destination MAC address to its default gateway, R1.

This is what the frame will look like, Source IP of PC1, destination IP of PC2, source MAC of PC1, and destination MAC of R1. PC1 will forward the frame to the switch, which will send it to R1, which will then change the source MAC to its own MAC, and the destination MAC to PC2’s MAC. It will then forward the frame back to the switch, which will then forward it to the destination, PC2.

Okay, so instead of PC1 being able to send traffic directly to PC2, we forced it to send the traffic through R1 first, where we would have configured some security policies and such to control exactly what traffic is allowed to pass between these subnets. However, there is still a problem. Here’s the problem.

What if the frame is a broadcast or unknown unicast frame? The switch will flood the frame out of all interfaces. For example, here’s a broadcast frame.

The source IP is PC1’s IP, and the destination IP is its subnet’s broadcast address. So, this is a broadcast frame intended to the engineering department. The source MAC is PC1’s, and the destination is the broadcast MAC address of all F’s.

Where is the problem? Well, remember that a switch is only aware up to Layer 2. It looks at Layer 2 information like source and destination MAC addresses only.

It doesn’t care about Layer 3, 4, etc. So, even though there are three separate subnets here the switch doesn’t know that. PC1 will send the frame to the switch, it will see the destination MAC address of all Fs, and then flood the frame.

I’ll say it again, this is bad in terms of both network performance and security. So, I’ve shown you that although we separated the three departments into three subnets, meaning they are separated at Layer 3, they are still in the same broadcast domain, the same Layer 2 network, or the same LAN. Now, one possible solution is to buy a separate switch for each department.

However, that is not very flexible, and network equipment isn’t cheap, so buying one or more switches for every single department could be too expensive, especially for a small enterprise. However, this is where VLANs come in. Although these PCs are all in the same LAN, Local Area Network, we can use VLANs, or Virtual Local Area Networks, to separate them at Layer 2.

We’ll assign the ENGINEERING department to VLAN10, the HR department to VLAN20, and the SALES department to VLAN30. How exactly to we assign these hosts to VLANs? We configure them on the switch.

More specifically, on the switch interfaces. You configure the switch interface to be in a specific VLAN, and then the end host connected to that interface is part of that VLAN. The switch will consider each VLAN as a separate LAN, and will not forward traffic between VLANs, including broadcast or unknown unicast traffic.

So, if we have set up these VLANs, if PC1 sends this same broadcast frame, after the frame arrives at the switch, it will be forwarded to all interfaces IN THE SAME VLAN. Because the broadcast arrived on an interface configured in VLAN10, the switch will only forward the frame to other interfaces in VLAN10. If PC1 wants sends this same unicast frame to PC2, it will function just like before.

It sends it to the switch, which sends it to the router, which changes the source and destination MAC addresses, and sends it back to the switch, which sends it to the destination. Notice that the router is used to route between VLANs. The switch does not perform this 'inter-VLAN routing'.

It must send the traffic through the router. Notice, traffic arrives on a VLAN10 interface is forwarded out of a VLAN10 interface. Also, traffic that arrives on a VLAN30 interface is forwarded out of a VLAN30 interface.

Both in the same VLAN. A switch will never forward traffic directly between two VLANs like this. Well, first of all, the two hosts are in separate subnets, so PC1 itself will send the traffic to its default gateway, R1.

However, even if PC1 and PC2 were in the same subnet, the switch wouldn’t forward the traffic from PC1 to PC2, because they are in separate VLANs. Just a bit of review. VLANs are configured on switches on a per-interface basis.

VLANs logically separate end hosts at Layer 2. Although the hosts in the topology we looked at were physically connected to the same switch, and therefore in the same broadcast domain, we used VLANs to logically separate them, and put them in separate broadcast domains. Switches do not forward traffic directly between hosts in different VLANs.

As I showed you, the switch must forward the traffic to a router. Actually, there are a couple other methods of inter-VLAN routing, and I will cover them in a future video. Finally, let’s take a look at basic VLAN configuration.

I’ve added the interface numbers to the diagram, interfaces in VLAN10 are G1/0 through G1/3. Interfaces in VLAN2 are G2/0 through G2/2. And interfaces in VLAN30 are G3/0 through G3/3.

Let’s go into the CLI and put these interfaces into the proper VLANs. Before configuration, lets look at the VLANs that exist by default on a switch. In this output, you can see I used the command SHOW VLAN BRIEF.

It displays the VLANs that exist on the switch, and which interfaces are in each VLAN. Here, you can see VLAN1, with the name DEFAULT. This is the VLAN that all interfaces are assigned to by default.

So, even if you don’t configure any VLANs, all interfaces are in VLAN1 by default. Under ports you can see all of the interfaces on this device, from G0/0 to G3/3. Under it are four other VLANs, 1002 to 1005, used for FDDI and token ring.

These are old technologies that you don’t need to know for the CCNA, but feel free to google them if you’re curious. VLANS 1 and 1002-1005 exist by default and cannot be deleted, remember that! This is how you assign interfaces to a VLAN.

First, I used the interface range command to configure all of the VLAN 10 interfaces at once. Use the SWITCHPORT MODE ACCESS command to set the interface as an access port. What is an access port?

An access port is a switchport which belongs to a single VLAN, and usually connects to end hosts like PCs. That’s why it’s called an ACCESS port, it gives the end hosts ACCESS to the network. There is another important type of switchport called a trunk port.

Switchports which carry multiple VLANs are called ‘trunk ports’. I will cover trunk ports in depth in the next video, but for today’s video we will focus only on access ports, and take it step-by-step. A switchport connected to an end host should enter access mode by default, however it’s always a good idea to explicitly configure the setting and not rely on autonegotiation of port type.

Anyway, the last command after SWITCHPORT MODE ACCESS is SWITCHPORT ACCESS VLAN 10. This is the command that actually assigns the VLAN to the port. Notice the message that appears after this command.

%Access VLAN does not exist. Creating vlan 10. Because VLAN10 didn’t exist on the device yet, it was created automatically when we assigned the interface to VLAN10.

I’ll show you how to manually create a VLAN in the next slide. Next, I again used the interface range command to configure all of the VLAN20 interfaces at once. I used the same SWITCHPORT MODE ACCESS command, then SWITCHPORT ACCESS VLAN 20 to assign the interfaces to VLAN 20.

Finally, I did the same for VLAN30, and once again the VLAN was created automatically. So, I used the show vlan brief command once again, and here you can see the three VLANs we created, and the ports we assigned to each VLAN. Notice the default names of each VLAN, let’s change those to make it more understandable.

So, I used the VLAN 10 command to enter configuration mode for VLAN 10. By the way, this is the command to create a VLAN, also. But in this case, it was already automatically created when we assigned the interfaces.

Next, I assign the name with this simple command, NAME ENGINEERING. Then I do the same for VLAN 20, HR, and vlan 30, SALES. Finally, I confirmed once more with SHOW VLAN BRIEF.

Notice that the names have been changed to engineering, HR, and sales. Okay, so that’s all for the configurations. If I use the command PING 255.

255. 255. 255 on PC1, which sends a ping with the destination MAC address of all Fs, the broadcast MAC, the broadcast will only reach hosts in VLAN10.

Likewise, if I use the same command on PC2, the broadcast will only reach PCs in VLAN30. Okay, so before moving on to today’s quiz let’s review what we covered. We talked about what a LAN is, and I defined it as a broadcast domain, the group of devices that will receive a broadcast frame sent by another member in the group.

Then I talked about what a VLAN is. It’s essentially a way to logically split up a Layer 2 broadcast domain, to make multiple separate broadcast domains. We also talked about the purpose of VLANs.

The two big reasons are network performance and security. VLANs help to reduce unnecessary broadcast traffic, which helps prevent network congestion and therefore improve network performance. Limiting broadcast and unknown unicast traffic like this also improves network security, since these messages won’t be received by devices outside of the VLAN.

You should always make sure that network traffic isn’t sent unnecessarily to other devices as much as possible. Finally, we looked at how to configure VLANs on Cisco switches. Specifically, we configured access ports on a Cisco switch and assigned them to a specific VLAN.

There is still plenty to cover about VLANs, but this should be a good foundation. In day 17’s video we will cover more topics regarding VLANs. Okay, let’s go on to today’s quiz.

First up, question 1. How many broadcast domains are shown in this network diagram? Pause the video and count how many broadcast domains you see.

Note that no VLANs have been configured, so all hosts are in the same default VLAN, VLAN1. Pause the video now. Okay, let’s check the answer.

There are 6 broadcast domains in this network diagram. Basically, each router interface and everything connected to it are in one broadcast domain, since no VLANs have been configured. Let’s go to question 2.

How many broadcast domains are shown in this network diagram? Take note of the configured VLANs. Pause the video to think about your answer.

OK, let’s check. There are 5 broadcast domains here. One for each of the configured VLANs, and the connection between the two routers is a broadcast domain as well.

Let’s go to question 3. What happens if you try to assign a switch interface to a VLAN that doesn’t exist? A, the command will fail.

B, the switch will create the VLAN. C, the interface will be disabled until you create the VLAN. Or D, all VLANs exist by default.

Pause the video to think about your answer. Okay, the answer is B, the switch will create the VLAN. As I showed earlier in this video, if you assign a switch interface to a VLAN that doesn’t exist yet, the switch will create the VLAN automatically.

Let’s go to question 4. If PC3 sends a broadcast message, how many devices will receive it? Pause the video to think about your answer.

Okay, let’s check the answer. The answer is 3. First of all, the switch will receive it, then it will send it out of all interfaces in VLAN20, so the router and the other PC in VLAN20, making a total of 3 devices.

If no VLANs were configured, ALL other PCs would receive it, but since we have configured VLANs, only these devices in the same VLAN will receive it. Let’s go to the final question, question 5. You create VLANs 10, 20, and 30 on a Cisco switch.

How many VLANs will be displayed in the output of the show vlan brief command? A, 3. B, 5.

C, 8. Or D, 10. Pause the video to think about your answer.

The answer is C, 8. Let’s check it out. As you can see, there are 8 total VLANs.

VLANs 1, and 1002, 3, 4, and 5 exist by default and cannot be deleted. So, if you create three additonal VLANs, there will be a total of 8 VLANs on the switch. Okay, that’s all for the quiz.

There will be supplementary materials for this video to help you review and practice what you’ve learned. There will be a flash card link in the video description which you can use with the flashcard software Anki to help you review. There will also be a packet tracer practice lab which you can use to practice the configurations learned in this video.

That will be in a separate video. Before I wrap up this video, I want to say thank you so much to my JCNP-level channel members, Yonatan, Mike, Aleksander, Vance, Magrathea, Devin, Charlsetta, and Lito. Sorry if I pronounced any of your names incorrectly!

But thank you so much for your support. Thank you for watching. Please subscribe to the channel, like the video, leave a comment, and share the video with anyone else studying for the CCNA.

If you want to leave a tip, check the links in the description. I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the Brave browser. That's all for now.