BB's Vlan Configuration Network Lab

1. The "Why": Broadcast Domains

Implementing VLANs allows you to segment a single switch into multiple logical networks. This improves security (HR can't see Sales traffic) and performance (broadcast containment).

2. New Concept: Voice VLAN (Auxiliary VLAN)

In modern offices, computers often plug into the back of a VoIP phone, which then plugs into the wall.

This creates a unique problem: We need two VLANs on a single access port.

Access VLAN (Data): Untagged. Handled by the PC.
Voice VLAN: Tagged (802.1Q). Handled by the Phone.

When you type switchport voice vlan 110, the switch tells the phone via CDP/LLDP to tag its own traffic with ID 110, while passing PC traffic through untagged.

3. Deep Dive: IEEE 802.1Q Tagging

Trunks use Tagging to identify which VLAN a frame belongs to.

[ Dest MAC ] [ Src MAC ] [ 802.1Q TAG ] [ EtherType ] [ DATA ] [ FCS ]

The Untagged Rule: Traffic belonging to the Native VLAN (and Data VLAN on an endpoint) is sent across the trunk without a tag.

4. Topology Reference (Answer Key)

Use this to verify your final configuration:

HR (VLAN 10): HR-PC1, HR-PC2, HR-PH
Finance (VLAN 20): FIN-PC1, FIN-PC2, FIN-PH
IT (VLAN 30): IT-PC1, IT-ADMIN
Sales (VLAN 40): SALE-PC1, SALE-PC2, SALE-PH
Servers (VLAN 50): DB-SRV1, WEB-SRV1
Exec (VLAN 60): CEO-LAP, CEO-PH
IoT/Guest (VLAN 99): IOT-CAM1, IOT-CAM2, GUEST-AP
Voice (VLAN 110): All "-PH" devices

5. Command Cheat Sheet

Trunk Config (Uplinks):

sw mode trunk               ! Force Trunk Mode
sw trunk encap dot1q        ! Define Protocol
sw trunk allowed vlan add 10,110 ! Allow Data + Voice
        

Endpoint Config (PCs & Phones):

sw mode access              ! Force Access Mode
sw access vlan 10           ! Assign Data VLAN
sw voice vlan 110           ! Assign Voice VLAN
no sw access vlan           ! RESET PORT (Wipes Data & Voice)
        

Terminal Connection