Vlans
Chapter 20: VLANs and Virtual Networks
Section titled “Chapter 20: VLANs and Virtual Networks”20.1 Introduction to VLANs
Section titled “20.1 Introduction to VLANs”VLAN (Virtual Local Area Network) logically segments a network.
VLAN Overview+------------------------------------------------------------------+
Why Use VLANs?+------------------------------------------------------------------+| - Reduce broadcast domains || - Improve security || - Easier network management || - Flexibility in network design || - Cost-effective (no physical rewiring) |+------------------------------------------------------------------+
VLAN Benefits:+------------------------------------------------------------------+| - Broadcast control || - Security isolation || - Logical grouping by function/department || - Easy to change without physical changes || - Spanning Tree optimization |+------------------------------------------------------------------+
VLAN Numbers:+------------------------------------------------------------------+| Range | Usage | Notes ||------------|------------------------------|---------------------|| 1 | Default VLAN | Cannot be deleted || 2-1001 | Normal VLANs | Usable range || 1002-1005 | Reserved (FDDI, Token Ring)| Legacy || 1006-4094 | Extended VLANs | Some switches only |+------------------------------------------------------------------+
+------------------------------------------------------------------+20.2 VLAN Types
Section titled “20.2 VLAN Types” VLAN Types+------------------------------------------------------------------+
1. Data VLAN+------------------------------------------------------------------+| - Carries user data || - Regular network traffic || - Most common type |+------------------------------------------------------------------+
2. Voice VLAN+------------------------------------------------------------------+| - VoIP traffic || - QoS priority || - Separate from data |+------------------------------------------------------------------+
3. Management VLAN+------------------------------------------------------------------+| - Switch management || - Separate from user traffic || - Usually VLAN 1 (but recommended different) |+------------------------------------------------------------------+
4. Native VLAN+------------------------------------------------------------------+| - Untagged traffic on trunk ports || - Default: VLAN 1 || - Should be changed for security |+------------------------------------------------------------------+
5. Private VLAN+------------------------------------------------------------------+| - Further isolate ports within VLAN || - Community: Can talk to each other + uplink || - Isolated: Can only talk to uplink |+------------------------------------------------------------------+
+------------------------------------------------------------------+20.3 VLAN Tagging (802.1Q)
Section titled “20.3 VLAN Tagging (802.1Q)” 802.1Q Tagging+------------------------------------------------------------------+
Ethernet Frame without VLAN:+------------------------------------------------------------------+| Dst MAC | Src MAC | Type/Length | Data | FCS || 6 bytes | 6 bytes | 2 bytes | | 4 bytes |+------------------------------------------------------------------+
Ethernet Frame with 802.1Q:+------------------------------------------------------------------+| Dst MAC | Src MAC | TPID | TCI | Type/Length | Data | FCS || 6 bytes | 6 bytes | 2 bytes| 2 bytes| 2 bytes | | 4 bytes| | | +-- VLAN ID (12 bits) | - Priority (3 bits) | - DEI/CFI (1 bit) | - VLAN ID (12 bits) |+------------------------------------------------------------------+
VLAN Tag Process:+------------------------------------------------------------------+
Host (untagged) -> Switch -> Adds VLAN Tag -> Trunk Link -> Switch | v Strips VLAN Tag <- Host+------------------------------------------------------------------+
+------------------------------------------------------------------+20.4 VLAN Configuration on Linux
Section titled “20.4 VLAN Configuration on Linux”Create VLAN Interface
Section titled “Create VLAN Interface”# Install VLAN packagesudo pacman -S vlan
# Create VLAN interfacesudo ip link add link eth0 name eth0.10 type vlan id 10
# Or using vconfig (older method)sudo vconfig add eth0 10
# Assign IPsudo ip addr add 192.168.10.1/24 dev eth0.10sudo ip link set eth0.10 up
# Make persistent (systemd)# /etc/systemd/network/10-vlan.network[Match]Name=eth0.10
[Network]Address=192.168.10.1/24VLAN=10
# Or using /etc/conf.d/netif-defines# /etc/conf.d/networking-sethostnamevlans_eth0="10 20 30"
# Or using NetworkManagernmcli connection add type vlan ifname eth0.10 dev eth0 id 10Bridge VLANs
Section titled “Bridge VLANs”# Create bridgesudo brctl addbr br0
# Add physical interface (trunk)sudo brctl addif br0 eth0
# Or with iproute2sudo ip link add br0 type bridgesudo ip link set eth0 master br020.5 Inter-VLAN Routing
Section titled “20.5 Inter-VLAN Routing” Inter-VLAN Routing+------------------------------------------------------------------+
Without Router:+------------------------------------------------------------------+
VLAN 10: 192.168.10.0/24VLAN 20: 192.168.20.0/24
Hosts cannot communicate (different broadcast domains)
With Router:+------------------------------------------------------------------+
VLAN 10: 192.168.10.0/24 - Router .1VLAN 20: 192.168.20.0/24 - Router .1
Router forwards between VLANs
Router Subinterfaces (Router-on-a-Stick):+------------------------------------------------------------------+
Router | +-- eth0.10 (192.168.10.1/24) +-- eth0.20 (192.168.20.1/24)
Trunk to switch+------------------------------------------------------------------+
Configuration:+------------------------------------------------------------------+
# Ciscointerface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0
# Linux (VLAN interface as router)ip link add eth0.10 link eth0 type vlan id 10ip addr add 192.168.10.1/24 dev eth0.10
+------------------------------------------------------------------+
+------------------------------------------------------------------+20.6 VLAN Trunking Protocol (VTP)
Section titled “20.6 VLAN Trunking Protocol (VTP)” VTP Overview+------------------------------------------------------------------+
What is VTP?+------------------------------------------------------------------+| - Cisco proprietary || - Distributes VLAN info across switches || - Reduces configuration effort |+------------------------------------------------------------------+
VTP Modes:+------------------------------------------------------------------+| Mode | Function ||------------|-----------------------------------------------------|| Server | Can add/modify/delete VLANs || Client | Cannot modify, learns from server || Transparent| Has own VLAN database, doesn't participate |+------------------------------------------------------------------+
VTP Versions:+------------------------------------------------------------------+| Version | Changes ||----------|------------------------------------------------------|| 1 | Basic || 2 | Token Ring support || 3 | Extended VLANs, better authentication |+------------------------------------------------------------------+
VTP Configuration:+------------------------------------------------------------------+
vtp domain MyDomainvtp mode servervtp password MyPasswordvtp version 3
+------------------------------------------------------------------+
Note: VTP is Cisco-specific. Consider using VLAN Trunking (802.1Q)directly between switches instead.
+------------------------------------------------------------------+20.7 VXLAN (Virtual Extensible LAN)
Section titled “20.7 VXLAN (Virtual Extensible LAN)” VXLAN Overview+------------------------------------------------------------------+
What is VXLAN?+------------------------------------------------------------------+| - Layer 3 network overlay || - Extends VLANs over Layer 3 infrastructure || - Supports up to 16 million VLANs (vs 4094) || - Used in data centers |+------------------------------------------------------------------+
VXLAN vs VLAN:+------------------------------------------------------------------+| Feature | VLAN | VXLAN ||-----------------|-----------|------------------------------------|| Max Networks | 4094 | 16 million || Layer 2 over L3 | No | Yes || MAC-in-UDP | No | Yes || Scalability | Limited | Highly scalable |+------------------------------------------------------------------+
VXLAN Header:+------------------------------------------------------------------+| Outer MAC | Outer IP | UDP | VXLAN | Inner Ethernet Frame || + 8 bytes + 20 bytes | 8 | 8 bytes| |+------------------------------------------------------------------+
VXLAN Use Cases:+------------------------------------------------------------------+| - Multi-tenant cloud || - Data center virtualization || - VM migration across L3 boundaries || - Stretch VLAN across data centers |+------------------------------------------------------------------+
+------------------------------------------------------------------+Summary
Section titled “Summary”In this chapter, you learned:
- ✅ VLAN basics and benefits
- ✅ VLAN types (Data, Voice, Management, Native)
- ✅ 802.1Q VLAN tagging
- ✅ VLAN configuration on Linux
- ✅ Inter-VLAN routing
- ✅ VTP overview
- ✅ VXLAN for Layer 3 overlay
Next Chapter
Section titled “Next Chapter”Chapter 21: Network Architecture
Last Updated: February 2026