VLANs

Why use VLANs:

Essential procedures:

Advanced topics and procedures:

Tips on using this window:

  • Click the column headings to sort information.
  • Click Submit to save your changes.
  • Click Cancel to discard unsaved changes.

Back to the top

What Is a VLAN

A VLAN is a logical segment of network users and resources grouped by function, team, or application. This segmentation is without regard to the physical location of the users and resources. For example, VLANs can be based on the departments in your company or by sets of users who communicate mostly with each other. The switch supports up to 32 VLANs.

Using VLANs, you can isolate different types of traffic (such as voice and data) to preserve the quality of the transmission and to minimize excess traffic among the logical segments. You can also use VLANs to isolate different types of users. For example, you can restrict specific data broadcasts to specific logical workgroups for security purposes, such as keeping information about employee salaries only to devices in a VLAN created for payroll-related communications.

Each port on the switch is a member of a VLAN. Devices that are attached to the switch ports in the same VLAN can communicate with each other and can share the same data broadcasts and system resources. Devices that are attached to switch ports in different VLANs cannot communicate with each other through the switch. Communication between VLANs must go through a router or Layer 3 switch.

Back to the top

VLAN Types

The switch supports up to 32 VLANs, including a default VLAN. Every VLAN is identified by its name and ID number. Every switch port belongs to a VLAN.

The default VLAN is named default. During initial setup, you can assign an ID to the default VLAN. The ID can be from 1 to 1001 where 1 is the default ID. After initial setup, you cannot change the name or ID of the default VLAN.

The default VLAN is usually the management VLAN. After initial setup, you can designate any user-defined VLAN on the switch as the management VLAN. Network administrators can assign a port on each switch to the management VLAN. This ensures administrative access to all users, devices, and traffic on the network.

An access VLAN is for ports that can only belong to one VLAN. Ports applied with these port roles—Desktop, IP Phone+Desktop, Printer, Server, Guest, and Other—can only belong to an access VLAN.

A native VLAN is for ports that can belong to a VLAN trunk (a port belonging to more than one VLAN). Ports applied with these port roles—Switch, Router, and Access Point—can belong to a native VLAN.

You can assign switch ports to either the default VLAN or the user-defined VLANs.

We recommend that you first determine your VLAN needs before creating additional VLANs. Using only the default VLAN might be enough to meet your network requirements.

Note: If you decide to create additional VLANs, you must also create VLANs specifically for guest and voice traffic. The names for these VLANs, Cisco-Guest and Cisco-Voice, are case sensitive. For more information about these VLANs, see Cisco-Guest and Cisco-Voice VLANs.

After you have decided which ports belong to which VLANs, make sure that each port is applied with the appropriate port role and then assign the port to the VLAN.

Back to the top

Cisco-Guest and Cisco-Voice VLANs

It is important to note that you can assign all ports, regardless of their Smartports role, to the default VLAN (default-1). However, when you create additional VLANs, you must also create these VLANs:

  • Cisco-Guest: The VLAN to which all ports that are applied with the Guest port role must be assigned. This VLAN ensures that all guest and visitor traffic is segregated from the rest of your network traffic and resources.
  • Cisco-Voice: The VLAN to which all ports that are applied with the IP Phone+Desktop port role must be assigned. This VLAN ensures that all voice traffic has better quality of service and is not mixed with data traffic.

Notes:

  • The VLAN names, Cisco-Guest and Cisco-Voice, are case-sensitive.
  • Only ports applied with the Guest port role can be assigned to the Cisco-Guest VLAN. Only ports applied with the IP Phone+Desktop port role or the Server port role can be assigned to the Cisco-Voice VLAN.

Back to the top

Create a VLAN

  1. Click Create from the VLANs window. The switch supports up to 32 VLANs.

  2. Enter a VLAN name. The name can have up to 32 alphanumeric characters.

    Note: A VLAN for guest or visitor traffic must be named Cisco-Guest. A VLAN for voice traffic, must be named Cisco-Voice. These VLAN names are case sensitive.

  3. Enter a VLAN ID. The ID can be from 2 to 1001.

  4. Click Done.


  5. Repeat Steps 1 to 4 until you have created all your VLANs.

    Note: You can create up to 32 VLANs on the switch.

  6. Click Submit to save your changes.

Back to the top

Change a VLAN

  1. From the VLANs window, change the name of the VLAN. The name can have up to 32 alphanumeric characters.

    Note: You can change the name of the VLAN, but not the VLAN ID.

  2. Click Submit to save your changes.

Back to the top

Delete a VLAN

  1. From the VLANs window, select one or more VLANs:

    • Check the check box at the top of the Delete column to select all VLANs.
    • Check the check box for one or more specific VLANs.

    Note: You cannot delete the default VLAN.

  1. Click Submit to save your changes.

Back to the top

Change Advanced VLAN Options

Changing the advanced VLAN options involves enabling or disabling Spanning Tree Protocol (STP) and Internet Group Management Protocol (IGMP) snooping on the switch ports. These options are enabled by default.

We recommend that you leave these options enabled for the benefits that they provide:

  • STP prevents network loops by enabling only one active path for traffic. STP also provides a redundant path if the active path becomes unavailable.
  • IGMP snooping reduces duplicate and excess traffic on the network by forwarding IP multicast traffic to specific switch ports rather than by flooding all ports. Only ports that are members of specific IP multicast groups receive multicast messages.

Note: Disabling STP can affect connectivity to the network. Disabling IGMP snooping can adversely affect the network performance.

To enable STP or IGMP snooping on one or more ports:

  1. Select one or more ports :

    • Check the check box at the top of the appropriate column (STP or IGMP Snooping) to enable the feature on all ports.
    • Check the check box for one or more specific ports.

  1. Click Submit to save your changes.

Uncheck the check box for a specific VLAN to disable the feature (STP or IGMP snooping) on the port.

Back to the top