Setting up a virtual local area network (VLAN) can be a complicated process, especially if you’re operating a large enterprise network, a network with legacy or hybrid architectures, or a network with specific workloads that require additional security and regulatory compliance safeguards.
Here is an excellent YouTube for learning the basics of VLAN terms and configuration
Each VLAN configuration process will look a little different, depending on the specifications you bring to the table, and some of these steps — particularly steps five through eight — may be completed simultaneously, in a slightly different order, or even in a more automated fashion if you choose to set up a dynamic VLAN.
Still, in general, your network stands the best chance of success if you complete the following 12 VLAN configuration steps and document your processes, strategies, and requirements along the way.
1. Brainstorm VLAN Groupings
In a traditional local area network with no virtualized barriers, all devices and network components communicate and share information with each other; you’re likely setting up a VLAN in the first place because this foundational setup is too loose for your requirements. Typical would be for Video Over IP or Audio over IP or Point of Sale or Camera specific networks. But what are the ideal segments that will make your network function optimally and securely?
At this point in VLAN creation and configuration, it’s time to determine what VLAN groupings make the most sense for your network’s strategic complexities. Consider not only how many VLANs you’ll need but also the purpose each VLAN will serve and how they need to be set up to fulfill that purpose. While many organizations stick to more traditional boundaries like physical locations or departments, there may be more effective and secure ways for you to group and set up VLAN rules.
For example, if your company works closely with a third-party professional services firm that needs access to certain HR and security applications and data but not others, you could divide your VLANs based on which ones need looser versus stricter identity and access management controls. From there, determine which users and devices will align with and be assigned to each grouping.
2. Prepare Unique VLAN IDs
Every single VLAN you set up will need a unique VLAN identification number so you can segment network traffic to the appropriate places and keep documentation organized for multiple VLANs simultaneously. VLAN IDs are purely numeric and range from one to 4,095. While you don’t necessarily “need” these VLAN IDs to be operational yet, it’s a good idea to figure them out now so you can use them when labeling your network diagram in the next step.
3. Create a Logical Network Diagram or Map
Before you even begin setting up your VLANs and connecting devices and switches, the best way to ensure a successful VLAN network setup is to map out the specificities and relationships of your network with a network diagram. The labels and connections you illustrate at this stage of VLAN creation will give you the labels and organizational structure you need to keep track of all the devices, switches, routers, and other components necessary to fulfill your architectural plans.
Your team may choose to create this diagram manually or with tools that are already in your portfolio. However, a number of free and low-cost network diagramming tools specifically offer templates and icons that make it easier to illustrate the network you’re setting up, often with low-code/no-code interfaces and tools. If you’re interested in finding a network diagramming tool to make this step more efficient, consider investing in a network diagram software like Vizio.
4. Optional: Purchase Additional Equipment
Based on the VLAN grouping requirements and design(s) you’ve developed in the previous three steps, you should have a clearer picture of any missing hardware or software that you need to purchase. Perhaps you have more VLAN groupings than you expected and need to bring in additional switches and routers. Or maybe your organization is growing quickly, and you want to purchase new switches with more ports for more devices. There’s also the possibility that you are moving from a primarily on-premises network setup to a hybrid or cloud setup that requires new software or third-party relationships.
Regardless of your new requirements, start by creating an inventory list of any networking equipment you currently own, including information about switch and router formats, configurations, port counts, speeds, and other details pertinent to VLAN setup. From there, make a separate list of the networking tools you’re missing, the cost of these missing tools, and any other specialized information that should be considered during the buying process.
5. Connect Network Devices to Appropriate Switch Ports
You should now connect VLAN servers, end-user devices, and other relevant network devices — as long as their IP addresses are already configured — to the switch ports that have been selected for the corresponding VLAN group. While individual devices, ports, switches, and routers have not yet necessarily been configured in their settings to align with a certain VLAN and function, you should still know which devices and network components have been set aside for which VLANs. If you’re unsure about the switch ports that should be connecting to each device, reference your network diagram (or go back to the network diagramming stage and create a more detailed diagram).
If you are opting to create a dynamic VLAN instead of a static VLAN, steps five through eight may look a little different for you. For example, you may spend these steps creating or identifying the appropriate rule-based protocols for your devices and setting up automation rules rather than manually connecting ports and devices to VLANs.
6. Configure Switch Ports
Now that your devices are connected to the correct switch ports, it’s time to configure the switch ports so they can perform according to their assigned functions. Many of your ports will simply need to be set up as access ports in the switch’s settings; an access port is a simple connection that allows devices to connect to only one VLAN. Access ports are most appropriate for devices and users that will not be using VLAN tagging or participating in inter-VLAN routing.
Trunk ports are also configured in a switch’s settings, but they are designed to manage higher bandwidth traffic and can manage traffic for more than one VLAN. Devices should only be connected to trunk ports if they have been authorized and configured for VLAN tagging and inter-VLAN routing. Before moving on to the next step, double-check that devices are connected to the correct type of switch port for their operational needs.
7. Set up VLAN Specifications via Network Switch Settings
All of the prework is done: It’s time to actually create the virtual local area networks you want through network switch settings. You’ll do this by accessing your network switch management interfaces and going to the section where you can create VLANs. Create the number of VLANs you determined were necessary in previous steps and assign them the unique VLAN IDs you selected in step two.
8. Assign Switch Ports to VLANs
Again, keep in mind that steps five through eight may go in a slightly different order, depending on your team and their preferences. So if you have not yet assigned switch ports to the appropriate VLAN, it’s time to do that now. Tagged ports (trunk ports) are likely already associated with the correct VLANs, but you should confirm that they are set up correctly at this time. For untagged ports (access ports), you’ll need to manually connect them to the correct VLAN. Remember, trunk ports can be associated with more than one VLAN, if appropriate.
9. Optional: Add VLAN Tags
VLAN tagging is the process through which VLAN network traffic is further segmented and specialized. When VLAN tags are in use, associated devices and ports automatically interact with devices and ports that share those same tags; however, tags also give network administrators the power to further direct traffic and support case-by-case inter-VLAN routing scenarios.
VLAN tagging is most appropriate for networks with complex traffic patterns and a diverse range of users, devices, and security permissions. If you choose to set up trunk ports with multiple VLANs running through them, as demonstrated in step six, you’ll need to make sure at least some of your VLANs receive tags so traffic doesn’t get muddled in trunk ports.
If you’re not sure if your network would benefit from VLAN tags, read this in-depth article on the topic to help you make your decision: Tagged vs. Untagged VLAN: When You Should Use Each.
10. Optional: Configure Inter-VLAN Routing
If your network requires VLAN-to-VLAN communication as a part of its regular operations, you’ll want to use the VLAN tags you set up in the previous step to direct inter-VLAN routing. While it sounds counterintuitive to open traffic flow between VLANs, many organizations choose to do this because the different layer at which routers operate makes it possible for them to still control what types of traffic flow across VLANs and when and how devices and users move from VLAN to VLAN. As part of the inter-VLAN configuration step, you may also need to set up or double-check your VLAN access controls, ensuring only approved users and devices can take advantage of inter-VLAN routing.
11. Quality-Test Your VLAN
Now that everything’s set up, it’s time to test network connectivity and performance. Make sure that all devices within the same VLAN are able to interact with each other and, conversely, that they are not able to reach devices in other VLANs. Ping and traceroute are both effective tools for testing VLAN connectivity and performance, but a number of other network security and management tools may be appropriate as well.
12. Document and Reassess VLAN Performance Periodically
Enterprise networks in particular frequently change as more devices and users, new hardware and software requirements, and new operational and security use cases arise. Network administrators and/or network security team members should maintain an up-to-date network diagram, equipment inventory, changelogs, and other configuration documentation so it’s easy to see what the network looks like now, if and where any vulnerabilities have reared their heads, and if any other changes are necessary to improve network performance. Each time you go through this process, update your documentation so you have a full history of the network and what you’ve done to maintain it.
Should You Use a Static VLAN or Dynamic VLAN?
Static and dynamic VLANs bring different advantages to network administrators, depending on the size, complexity, and requirements of their network. Below, we’ve explained how each type works and when you should use it.
Static VLAN
Static VLANs exist when network administrators manually connect network devices to physical switch ports and those devices receive their VLAN assignment based on that connection. If the device ever needs to be reassigned to a new VLAN, the network administrator would physically connect it to a new switch port that is already associated with that VLAN. In other words, a static VLAN is one in which switch ports are assigned to VLANs and devices are not assigned to VLANs; they receive their orders directly from the switch port they’re connected to.
This type of VLAN is best for smaller networks, or networks that change infrequently and include fewer VLAN segments because network administrators have to manually connect (and sometimes reconnect) devices to the right ports for them to work. With a larger network that’s changing frequently, this task alone could become a full-time job and riddled with errors. Static VLANs are most advantageous for network administrators who need an easy-to-setup VLAN with predictable infrastructure and limited authentication needs.
Dynamic VLAN
A dynamic VLAN is one in which devices are assigned to that VLAN on a dynamic and semi-automated basis. Specialized criteria determine which devices are assigned to which VLANs and when. These criteria may include specialized network access controls and protocols, VLAN membership policy servers (VMPS) and databases, or some other combination of servers and data-driven rules. With a dynamic VLAN, devices are assigned to VLANs while ports frequently are not assigned to particular VLANs; they are simply the conduit through which pre-assigned device traffic flows.
Dynamic VLANs are best for larger and more complex networks that need to maintain frequently changing authentication and usage rules. It’s a much more difficult implementation process when compared to static VLAN, but for more strenuous network rules and requirements, dynamic VLAN ultimately saves network professionals time in the long run, as they can simply update protocols and VMPS entries when new VLAN assignments are needed across multiple devices.
Bottom Line: The Importance of Preparation for Optimal VLAN Performance
While the actual process of setting up a VLAN can be as simple as updating network switch settings and connecting devices to VLAN switch ports, the strategy behind a successful VLAN setup can be much more daunting. You’ll need to consider any specialized security or compliance requirements, the different device types that need access, and the resources and monitoring it will take to set up and sustain an efficient VLAN.
All the steps listed above are crucial aspects of creating and configuring a sustainable VLAN network. But perhaps the most important step of all is documenting your thought process and your network architecture, especially as they change over time. Maintaining detailed documentation will help your existing network and security team members stay on top of the most pertinent network updates and issues while simultaneously ensuring that any future members of the team receive the foundational training necessary to successfully work in your VLAN ecosystem.
Setting up a VLAN (Virtual Local Area Network) is a fundamental network configuration task that allows you to logically segment a network without changing its physical layout. VLANs are used to improve network performance, enhance security, and simplify management by dividing a single physical network into multiple logical networks.
By grouping devices on the same VLAN, even if they’re physically dispersed, you control and isolate network traffic, reduce broadcast traffic, and manage different user groups more efficiently.
VLAN setup is beneficial in various environments, from small offices to large enterprise networks, as it allows better control over network resources, minimizes security risks, and facilitates efficient troubleshooting. Whether segmenting traffic by department, user type, or security level, VLANs are essential for creating a flexible, scalable, and secure network infrastructure.
The process of creating a VLAN typically involves configuring network switches to assign specific ports or devices to a VLAN, assigning each VLAN a unique ID, and setting up IP address ranges for each VLAN. Devices within a VLAN can communicate with each other directly, but traffic between different VLANs requires inter-VLAN routing, typically through a router or Layer 3 switch.
A Layer 3 switch combines switching and routing capabilities, enabling high-speed data forwarding within networks and facilitating inter-VLAN routing, enhancing network performance and management. So, if you’ve got the right equipment, let’s get started with setting it up.
Step-by-step – How to set up a VLAN
The best way to learn how to set up a VLAN – apart from going to networking school – is to actually do it in a practical exercise. Our assumptions are you have an Allonis L3 Network switch that supports VLANs.
Physical and Logical Connections
In this network configuration, our router will have a single physical or logical connection to our network. This router will help bridge the two VLANs – that cannot communicate with one another – by connecting to our switch via a single cable.
Data Packet Journey
Here’s how it works: data packets that are sent out from a computer in the Accounting VLAN – and intended for a computer in the Logistics VLAN – will travel to the switch. The switch, upon recognizing the packets need to cross over to another VLAN, will forward the traffic to the router.
Understanding Sub-Interfaces
The router, meanwhile, will have one physical interface (a network cable, in our example) that has been split into two logical sub-interfaces. The sub-interfaces will each be authorized to access one VLAN.
Packet Forwarding Mechanism
When the data packets arrive at the router, they will be forwarded to the correct VLAN via the authorized sub-interface and then arrive at their intended destination.
Our Router on a Stick VLAN setup, with inter-VLAN capabilities, will look like this:
https://cdn.comparitech.com/wp-content/uploads/2021/02/How-to-Set-Up-a-VLAN-final-design-300x170.jpg 300w" alt="How to Set Up a VLAN final design" width="628" height="355" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Planning your tasks
The whole task of creating our network architecture will be divided into four main categories where you will:
- Connect all devices to form the correct architecture
- Configure interfaces so all the devices can “talk” to one another
- Create VLANs and assign computers to their respective VLANs
- Confirm correct configuration by demonstrating the computers cannot communicate beyond their VLAN
So, without further ado, let’s start creating our VLAN. Remember, it will initially have a switch and four computers connected to it. You can bring the router into the design later if you choose to do so.
Connect all devices
Drag and drop a switch, a router, and four computers into the main design board. For our demo, we will be using a 2960 switch and a 2911 router. The switch will connect to four computers (PC0, PC1, PC2, and PC3) using copper straight-through wire connections (you will see the description of the hardware and connection types at the very bottom of the Tracer window).
Next, connect the switch to each computer using the FastEthernet ports.
https://cdn.comparitech.com/wp-content/uploads/2021/02/Connecting-switch-and-computers-1-300x170.jpg 300w" alt="Connecting switch and computers 1" width="628" height="355" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Once all devices are connected you should have all-green traffic flowing between the devices. As the tool tries to emulate devices booting and connecting in the real world, it might take a minute or two. So don’t worry if the data flow indicators remain orange for a few seconds. If your connections and configurations are correct, it will all soon change to green.
https://cdn.comparitech.com/wp-content/uploads/2021/02/Connecting-switch-and-computers-2-300x170.jpg 300w" alt="Connecting switch and computers 2" width="628" height="355" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
To make things easier to grasp, let’s mark the two computers on the left as belonging to the Accounting department (blue) and the other two as belonging to the Logistics departments (red).
https://cdn.comparitech.com/wp-content/uploads/2021/02/ACCT-and-LOGS-VLAN-300x170.jpg 300w" alt="ACCT and LOGS VLAN" width="628" height="355" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Configure interfaces
Now, let’s start assigning IP addresses so our computers can start communicating with one another. The IP assignments will look like this:
- ACCT PC0 = 192.168.1.10/255.255.255.0
- ACCT PC1 = 192.168.1.20/255.255.255.0
- LOGS PC2 = 192.168.2.10/255.255.255.0
- LOGS PC3 = 192.168.2.20/255.255.255.0
The default gateway for the computers is 192.168.1.1 for the first two in Accounting, and 192.168.2.1 for the last two computers in Logistics. You can access the configuration by going to the Desktop menu and then clicking on the IP Configuration window.
https://cdn.comparitech.com/wp-content/uploads/2021/02/Desktop-configuration-and-IP-configuration-menu-300x170.jpg 300w" alt="Desktop configuration and IP configuration menu" width="628" height="355" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Once you’re there, start filling in the configurations for all the computers:
https://cdn.comparitech.com/wp-content/uploads/2021/02/IP-address-and-Default-Gateway-configuation-300x292.jpg 300w" alt="IP address and Default Gateway configuration" width="563" height="548" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
When you are done, we can now move on to the switch. First, though, we need to remember that there will be two types of ports on our switch:
- Access Ports: these are the ports that will be used to allow everyday devices like computers and servers to connect to it; in our example, these are the FastEthernet 0/1, FastEthernet 1/1, FastEthernet 2/1, and FastEthernet 3/1 – one for each computer.
- Trunk Ports: these are the ports that allow a switch to communicate with another switch – or in our example a VLAN-to-VLAN communication on the same switch (via the router) – to expand the network; we will use the GigaEthernet0/0 ports on both the connectivity devices.
With that in mind, let’s move on to the fun part – configuring the switch to run our VLANs.
Create VLANs and assign computers
So, let’s create the VLANs first – they will be named ACCT (VLAN 10) and LOGS (VLAN 20).
Go to the switch’s CLI to type in the commands:
Switch#config terminal Switch(config)#vlan 10 Switch(config-vlan)#name ACCT Switch(config-vlan)#vlan 20 Switch(config-vlan)#name LOGS
The commands in your CLI should look like this:
https://cdn.comparitech.com/wp-content/uploads/2021/02/Switch-create-VLAN-CLI-300x292.jpg 300w" alt="Switch create VLAN CLI" width="563" height="548" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Or, if you’re not up to it, you can simply use the GUI to create the VLANs (and still see the commands run as they are being executed below). Go to the Config-VLAN Database menu and ADD the VLANs by entering their numbers (10,20) and names (ACCT, LOGS).
https://cdn.comparitech.com/wp-content/uploads/2021/02/Switch-create-VLAN-GUI-300x292.jpg 300w" alt="Switch create VLAN GUI" width="563" height="548" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Next, we need to assign each port, which the switch uses to connect the computers, to their respective VLANs.
You can simply choose the interface and then check the box of the corresponding VLAN from the configuration menu on the right:
https://cdn.comparitech.com/wp-content/uploads/2021/02/Assign-switch-port-to-a-VLAN-300x292.jpg 300w" alt="Assign switch port to a VLAN" width="563" height="548" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
As you can see from the image above, you can alternatively go into the CLI interface of each port and use the command: switchport access vlan 10 to perform the same task.
Don’t worry; there is a shorter way of doing this in case there are a large number of ports to assign. For example, if you had 14 ports, the command would be:
Switch(config-if)#int range fa0/1-14 Switch(config-if-range)#switchport mode access
The second command makes sure that the switch understands the ports are to be ACCESS ports and not TRUNK ports.
Confirm correct configuration
And that’s it; we have created two VLANs on the same switch. To test it, and confirm our configuration is correct, we can try pinging P1 and P3 from P0. The first ping should be fine while the second one should time out and lose all the packets:
https://cdn.comparitech.com/wp-content/uploads/2021/02/VLAN-ping-test-no-router-272x300.jpg 272w" alt="VLAN ping test - no router" width="584" height="644" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
How to set up an inter-VLAN
Rationale Behind Inter-VLAN
Now, although we have divided the computers into two VLANs – as was required – it makes more sense that the two departments (Accounting and Logistics) would need to communicate with one another. This would be the norm in any real-life business environment. After all, logistics couldn’t be purchased or supplied without financial backing, right?
Objective of Inter-VLAN Setup
So, we need to make sure that ACCT and LOGS are able to communicate – even if they are on separate VLANs. This means we need to create an inter-VLAN communication.
Initial Setup Requirements
Here’s how to go about it!
We will need the help of our router; it will act as a bridge between the two VLANS – so, go ahead and add a router to your design if you haven’t already done so.
Router and Switch Configuration
Jumping into the configuration, we must understand that we will use one port on the router for both VLANs’ communication by “splitting” it into two ports. Meanwhile, the switch will only use one TRUNK port to send and receive all communications to, and from, the router.
Sub-Interface Creation and Configuration
So, going back to our router, we will split the GigabitEthernet0/0 interface into GigabitEthernet0/0.10 (for VLAN10) and GigabitEthernet0/0.20 (for VLAN20). We will then use the IEEE 802.1Q standard protocol for interconnecting switches, routers, and for defining VLAN topologies.
Assigning the Sub-Interfaces
Once done, these “sub-interfaces” – as they called – are then assigned to each VLAN that we want to connect or bridge.
Setting IP Addresses for Sub-Interfaces
Finally, remember the gateways – 192.168.1.1 and 192.168.2.1 – we added to the computers’ configurations earlier? Well, these will be the new IP addresses of the split ports or sub-interfaces on the router.
The CLI commands to create the sub-interfaces under the GigabitEthernet0/0 interface would be:
Router (config)#interface GigabitEthernet0/0.10 Router (config-subif)#encapsulation dot1q 10 Router (config-subif)#ip address 192.168.1.1 255.255.255.0
Repeating it all for the second sub-interface and VLAN we get
Router (config)#interface GigabitEthernet0/0.20 Router (config-subif)#encapsulation dot1q 20 Router (config-subif)#ip address 192.168.2.1 255.255.255.0
Once you close the CLI, you can confirm your configuration is correct by simply moving the mouse over the router to see your work, which should look something like this:
https://cdn.comparitech.com/wp-content/uploads/2021/02/Router-sub-interface-configuration-shortcut-menu-300x170.jpg 300w" alt="Router sub-interface configuration shortcut menu" width="628" height="355" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Now, we know that we can only connect our sub-interfaces (on the router) to our switch via its trunk port – and so, we will need to create it now.
All you need to do is go in the switch’s GigabitEthernet0/0 configuration and run: switchport mode trunk.
And there you have it; you have just created two VLANs that contain two computers each and which can still communicate with one another. You can prove this by pinging the first Logistics computer (PC2) with IP address 192.168.2.10 from the first Accounting computer (PC0) with the IP address 192.168.1.10:
https://cdn.comparitech.com/wp-content/uploads/2021/02/Ping-LOGS-PC-from-ACCT-PC-Success-300x292.jpg 300w" alt="Ping LOGS PC from ACCT PC - Success" width="563" height="548" style="box-sizing: border-box; border: 0px; vertical-align: middle; font-weight: inherit; outline: 0px; contain-intrinsic-size: 3000px 1500px; margin: 0px auto; display: block; max-width: 100%; height: auto; border-radius: 6px;" loading="lazy" decoding="async" />
Great Success!
Why set up a VLAN or inter-VLAN
At this point, some of you may be wondering why we would need to go through this exercise and bother with VLANs or inter-VLANs at all. Well, there are many reasons, some of which are:
- Security Breaking up a network into components ensures that only authorized users and devices can access a sub-network. You wouldn’t want your accountants to interfere with the work of your logistics department or vice versa.
- Safety In case there is a virus outbreak, only one subnet would be affected as the devices on one subnet wouldn’t be able to communicate – and thus transfer – the virus to another one. This way, clean-up procedures would be focused on that one subnet which also makes it easier to identify the culprit machine a lot faster.
- Ensures privacy by isolation If someone wanted to find out about your network’s architecture (with the intent of attacking it), they would use a packet sniffer to map out your layout. With isolated sub-networks, the culprits would only be able to get a partial picture of your network thus denying them critical information about your vulnerabilities, for example.
- Eases network traffic Isolated sub-networks can keep traffic usage down by keeping resource-intensive processes limited to their own scope and not overwhelming the whole network. This means, just because IT is pushing critical updates to the accounting machines, doesn’t mean the logistics department has to face a network slowdown too.
- Traffic prioritization With businesses that have various types of data traffic the sensitive or resource-hogging packets (VoIP, media, and large data transfers, for example) can be assigned to a VLAN with larger broadband while those that only need the network to send out emails can be assigned to a VLAN with lesser bandwidth.
- Scalability When a business needs to scale-up the resources available to its computers it can reassign them to new VLANs. Their administrators simply create a new VLAN and then move the computers into them with ease.
As we can see, VLANs help protect a network while also improving the performance of the data packets that travel around it.
Static VLAN vs Dynamic VLAN
We thought it would be worth mentioning that there are two types of VLANs that available for implementation:
Static VLAN
This VLAN design depends on hardware to create the sub-networks. The computers are assigned to a specific port on a switch and plugged right in. If they need to move to another VLAN, the computers are simply unplugged from the old switch and plugged back into the new one.
The problem with this is that anyone can move from one VLAN to another one by simply switching the ports they are connected to. This means administrators would require physical security methods or devices put in place to prevent such unauthorized accesses.
Dynamic VLAN
This is the VLAN we have just created in the exercise we did earlier. In this VLAN architecture, we have software VLANs where the administrators simply use logic to assign specific IP or MAC addresses to their respective VLANs.
This means devices can be moved to any part of the business, and as soon as they connect to the network, they return to their pre-assigned VLANs. There is no need for additional configurations.
If there is one drawback with this scenario, it can only be that the business would need to invest in an intelligent switch – a VLAN Management Policy Switch (VMPS) – which can be on the expensive side when compared to the traditional switch used in static VLANs.
It can also be safely assumed here that businesses with a few computers and a smaller IT budget can choose to implement a static VLAN while those with a large number of devices and a need for more efficiency and security would be wise to invest in a dynamic VLAN.
Conclusion
We hope you have found all the information you needed to learn about how to set up a VLAN. We also hope that the exercise was easy to follow and that you can now go on to build upon the knowledge you have gained. Because, even as you continue to scale upwards, these basic steps remain the same – you simply continue to add hardware and configurations to the basics.
VLAN FAQs
What is a VLAN?
A VLAN is a method that makes networks more efficient by reducing the scope of broadcast transmissions to just a section of the network. A broadcast goes to every part of the network, which can create a lot of traffic all over the system, including to areas that will never need to receive that broadcast or respond to it. Effectively, a VLAN divides up a network into sections.
How is a VLAN different from a LAN?
LAN stands for Local Area Network, which is the common name for a typical network inside an office. The virtual LAN (VLAN) creates sections of that LAN, which seem to be separate systems, even though they are actually all connected together. The segmentation of the LAN into VLANs happens at the Data Link Layer (Layer 2), so it is implemented on switches and bridges.
Routers are at the Network Layer (Layer 3). They operate for the entire network but use software techniques to distinguish between VLAN sections. The router can bridge between these sections with inter-VLAN routing.
What are the types of VLAN?
There are five types of VLAN:
- Default VLAN: Switches have settings that can implement VLANs but these are all initially set to VLAN1. As all switches have the same VLAN, there is only one VLAN operating, which effectively means that the technology is disabled.
- Data VLAN: Also known as a user VLAN, this strategy creates two groups: one for users and one for devices. This ill only carry data.
- Voice VLAN: Meant for the office telephone network and implemented with VoIP, this VLAN carries voice traffic. This traffic gets priority over data traffic to ensure a high quality of service.
- Management VLAN: Accesses the management functions of a switch for tasks such as logging, and extracting activity and status data for system monitoring. When other VLANs are set up, the management VLAN should be left as VLAN1.
- Native VLAN: Used for trunk ports that handle traffic from all VLANs, creating a common transmission channel that traffic can be split out of for individual VLANs.
Constructing a Virtual Local Area Network (VLAN)
In a system that includes other types of networked devices than Dante / AES67 or VideoOverIP, or a large-scale system that comprises of many media devices, you can avoid unnecessary packet transfers between the different types of device and make the network more stable by segmenting it. Ideally, a separate number of switches should be prepared for each network segment, but you can reduce the required number of switches and cables by using VLANs to create network segments. This method can reduce maintenance costs as well.
Network segmentation refers to the creation of virtual local area networks (VLANs) that are distinct from physical connections. When there are different types of networked devices within a system, you can create VLANs so that while the networks may share the same physical switches, they function as separate virtual networks.

You can provide connections between switches for each VLAN, but you can also use VLAN tagging so that data for various VLANs can be transferred over a single trunk (cable). This enables you to create virtual networks that are separate from the physical wiring.

Here, we will present an example in which two VLANs are created and the switches are connected by a trunk. For example, in a live system using a CL/QL Series console, VLAN 1 (ports 1 and 2) could be used as the control network and VLAN 2 (ports 3 to 8) could be used as the AES67 / Dante or VideoOIP network. It is recommended to create separate VLANs for each media type ie: AES67 / Dante network vs. VideoOverIP network.

In the above example, it could also be said that VLAN 1 is the 100 Mbps control network while VLAN 2 is the broadband 1 Gbps network for audio transmission (Dante and / or AES67). By segmenting these networks, you can prevent the 1 Gbps network from overburdening the 100 Mbps network (although both networks coexist in the trunk). In the rest of this section, we will configure VLAN settings according to the example network configuration described above.
You can use network segmentation to connect the primary and secondary AES67/Dante lines to the same switch, but we recommend that you avoid doing this, because while connecting the lines to the same switch may provide the redundancy necessary for handling cable problems and other issues, if the switch malfunctions, both lines will be cut off.

Before you perform the following settings, make sure that the PC is connected to VLAN 1, which is the VLAN that you will be configuring first (in this example, the PC should be connected to port 1 or 2). VLAN 1 is a special default VLAN, so you should always connect the PC to a VLAN 1 port when you configure switch settings.
First, create the necessary VLAN. In the default settings, only VLAN 1 exists, so add VLAN 2. In the following page, click “Add”. In the VLAN ID box in the dialog box that appears, type “2”, and click “Apply”. When you are creating multiple VLANs, entering a VLAN name can help you identify each individual VLAN (but you do not have to enter a name).
Next, you will need to set the VLAN mode for each switch port. By default, each port is a trunk port, so you will have to change ports 1 to 8 to access ports. In the following page, select port 1, and then click “Edit”. Click "VLAN / Port Setting" on Allonis L3 switches.
In the dialog box that appears, select “Access”.
Change ports 2 to 8 to access ports in the same way. To set the ports more quickly, click “Copy Settings” while port 1 is selected, and copy the settings to ports 2 to 8.
Next, assign each port to one of the VLANs. In the following page, you can specify which ports are allowed to access each VLAN. For Allonis L3 switches, click on "VLAN / Membership". First, make sure that VLAN ID is set to “1” and Interface Type is set to “Port”. Ports 3 to 8 will not be included in VLAN 1, so set them to “Forbidden”. Ports 9 and 10 are the trunk ports, but VLAN 1 includes special default VLAN settings, so leave them set to “Untagged”. Before you switch to the settings for VLAN 2, don’t forget to click “Apply”.
To switch to the settings for VLAN 2, set VLAN ID to “2”, and click “Go”. Ports 1 and 2 will not be included in VLAN 2, so set them to “Forbidden”. Ports 3 to 8 will be included in VLAN 2, so set them to “Untagged”. Ports 9 and 10 are the trunk ports, so set them to “Tagged”. On Allonis L3 Switches, "VLAN / Membership" you can choose a port and add it to the defined VLANS it should belong to.
The VLANs (VLAN 1 and VLAN 2) have now been successfully created within the switch, and the trunk ports (ports 9 and 10) make it possible for these virtual networks to span across switches. Don’t forget to save the settings after you change them.
Text from:
One of the big advantages of the myServer 6 control system is that it uses modern browser technology to access the system's user interfaces. This doesn't require an "App" (software) to be installed specifically for viewing the user interface. Just use a modern browser and link to it! But first, the device has to be on the network so it can "see" the myServer 6 controller's webserver.
Apple iOS device networking:
Wifi:
Click Settings icon
Ensure Wifi is enabled
Select your visible WiFi access point in the "My Networks" list. If you haven't connected to this network before, you will be prompted to add your WiFi network password. If all is good, then you should be connected to it.
To set networking details like DHCP / Static, click on the "i" button next to the connected network to access those properties.
Ethernet:
Available are networking "dongles" that plug into the Lightning or USB-C connector. When the device detects that, you will have an Ethernet choice for networking the device. Same process as WiFi applies to establish the proper networking details.
Read some of the Android networking bits below as the recommendations also apply to Apple iOS devices.
Make these settings:
ipad / settings /safari / request desktop site / off
Configuring an Android OS equipped device for networking is easy.
Allonis's SmartRemote, Conference room tablets, use the Android OS.
When the device boots, it likely will be at the Android Desktop. Note: if you are using a device like SmartRemote that has the "myUI.apk" running, simply swipe up and then hit the "X" at the top right of the myUI application window to shut it down.
Select Settings Icon.
Select Network & Internet
Choose Wi-Fi or Ethernet (depending on which connection type you will be using). Ethernet (cable) is always more reliable.
Ethernet:
If you select Ethernet, ensure the "Ethernet is Enabled" button is On.
By default, the DHCP is enabled on most devices. This means the device will get it's IP address from the DHCP server on the network (typically from the "router"). Note: the network must be running and the device is connected to it to get a network address. It is important to note that most of the time, the IP address should be known and never change. This can be implemented by "Reserving" an IP address on the DHCP server (the "router").
If you want to "Static" address the device, click on Static. You now can access the IP address / Gateway / Subnet / DNS fields to properly address the device. Note: most of the time, the IP address should always be known and never change. This is best done using Static addressing.
Wi-Fi:
Select your active WiFi access point name from the populated list. Click on that and add your known WiFi password for that network. Note this is case sensitive.
Like described above, select DHCP or Static addressing and configure those network properties.
Your Android device should now be on the network and ready for use!
You can determine the devices current networking info by clicking on: Settings / System / About / Status You can see the devices MAC address and current IP address.