Even Without Typing a Command — Understanding What show vlan Actually Shows
Source: Dev.to
Introduction
While studying for CompTIA Network+, I couldn’t quite picture what the show vlan command displays. After learning what a VLAN is and what the command actually reports, everything clicked, so I decided to write it down.
What is a VLAN?
VLAN = Virtual Local Area Network
It is a mechanism that divides a physical network into virtual segments.Why VLANs are needed
Without VLAN:
→ Everyone is in the same network
→ All data are shared across the entire organization regardless of department
→ Problems for security and performance
With VLAN:
→ Networks can be divided by department
→ Only sales staff can access data managed by the sales department
→ Security is improvedFamiliar example
Without VLAN:
→ Everyone works in one room
→ Every conversation can be heard by everyone
With VLAN:
→ Each department has its own private room
→ Conversations cannot be overheard by other departmentsConfiguration diagram
【Without VLAN】
Switch
├─ PC (Sales department)
├─ PC (Development department) ← Everyone in the same network
└─ PC (Management department)
【With VLAN】
Switch
├─ VLAN 10 (Sales department) ── PC・PC
├─ VLAN 20 (Development department) ── PC・PC ← Networks divided per department
└─ VLAN 30 (Management department) ── PC・PCWhat is the show vlan command?
It is the command to verify VLAN information on a Cisco switch.
Caution:
Theshow vlancommand is exclusive to switches running Cisco IOS. Other vendors use different commands:
| Vendor | Command |
|---|---|
| Cisco | show vlan / show vlan brief |
| Juniper | show vlans |
| HP / Aruba | show vlans |
| Dell | show vlan |
Types of the command
1. show vlan
Shows all VLAN information in detail.
2. show vlan brief
Shows a simple overview of VLANs.
- The most used command.
- Frequently appears on exams.
3. show vlan id
Shows information for a specific VLAN.
Example
show vlan id 10→ Displays only VLAN 10 information.
Output example (show vlan brief)
VLAN Name Status Ports
---- -------------------- --------- -------------------------
1 default active Gi0/1, Gi0/2
10 Sales active Gi0/3, Gi0/4
20 Engineering active Gi0/5, Gi0/6
30 Management active Gi0/7
1002 fddi-default act/unsup
1003 token-ring-default act/unsupMeaning of each column
| Column | Explanation |
|---|---|
| VLAN | VLAN ID (range 1‑4094) |
| Name | VLAN name |
| Status | active = working normally; act/unsup = not supported |
| Ports | Ports assigned to the VLAN (e.g., Gi = GigabitEthernet) |
About the default VLAN (VLAN 1)
- All ports belong to VLAN 1 by default.
- It cannot be deleted.
- Its name cannot be changed from “default”.
Security caution
Using VLAN 1 in production is risky because a mis‑configuration can cause unintended traffic across the whole network.
Best practice: Move user ports to other VLANs.
When to use the command
Troubleshooting
Verify that VLAN settings are correct.
Example: A PC cannot connect to the network →show vlan brief→ discover that the port is not assigned to the intended VLAN.
Setting confirmation
After creating a new VLAN, run the command to confirm the configuration was applied correctly.
Adding new devices
Determine which VLAN a new device should join.
Example: Adding a new PC to the sales department →show vlan brief→ note the sales VLAN ID → assign the port to that VLAN.
Summary
VLAN:
• Divides a physical network into virtual segments.
• Provides security through network segmentation.
show vlan command (Cisco IOS):
• Verifies VLAN information on a Cisco switch.
Main commands:
• show vlan → detailed information
• show vlan brief → overview (most frequently used)
• show vlan id → specific VLAN information
Typical use cases:
• Troubleshooting
• Configuration verification
• Adding new devices to a VLAN
Cautions:
• Command is Cisco‑specific.
• Avoid using VLAN 1 for production traffic.VLAN Best Practices
- Default VLAN: Devices belong to VLAN 1 by default.
- Production environments: Do not use VLAN 1 in production.
Enter fullscreen mode
Exit fullscreen modeConclusion
At first, I had no idea what the show vlan command was actually displaying. Once I understood that VLAN is a mechanism for dividing a network into virtual segments, the output — including the meaning of each column — fell into place naturally.