VLANs

This chapter provides information and commands concerning the following topics:

• Creating static VLANs

— Using VLAN-configuration mode

— Using VLAN Database mode

• Assigning ports to VLANs

• Using the range command

• Dynamic Trunking Protocol (DTP)

• Setting the encapsulation type

• Verifying VLAN information

• Saving VLAN configurations

• Erasing VLAN configurations

• Verifying VLAN trunking

• VLAN Trunking Protocol (VTP)

— Using VLAN Database mode

— Using global configuration mode

• Verifying VTP

Creating Static VLANs

Static VLANs occur when a switch port is manually assigned by the network administrator to belong to a VLAN. Each port is associated with a specific VLAN. By default, all ports are originally assigned to VLAN 1. There are two different ways to create VLANs:

• Using the VLAN-configuration mode, which is the recommended method of creating VLANs

• Using the VLAN Database mode (which should not be used, but is still available)

Using VLAN-Configuration Mode

Switch(config)#vlan 3

Creates VLAN 3 and enters VLAN-config mode for further definitions

Switch(config-vlan)#name Engineering

Assigns a name to the VLAN. The length of the name can be from 1 to 32 characters.

Switch(config-vlan)#exit

Applies changes, increases the revision number by 1, and returns to global configuration mode

Switch(config)#

NOTE: This method is the only way to configure extended-range VLANs (VLAN IDs from 1006-4094).

NOTE: Regardless of the method used to create VLANs, the VTP revision number is increased by one each time a VLAN is created or changed.

Using VLAN Database Mode

CAUTION: The VLAN Database mode has been deprecated and will be removed in some future Cisco IOS release. It is recommended to use only VLAN-configura-tion mode.

Switch#vlan database

Enters VLAN Database mode

Switch(vlan)#vlan 4 name Sales

Creates VLAN 4 and names it Sales. The length of the name can be from 1 to 32 characters.

Switch(vlan)#vlan 10

Creates VLAN 10 and gives it a name of VLAN0010 as a default

Switch(vlan)#apply

Applies changes to the VLAN database and increases the revision number by 1

Switch(vlan)#exit

Applies changes to the VLAN database, increases the revision number by 1, and exits VLAN Database mode

Switch#

NOTE: You must apply the changes to the VLAN database for the changes to take effect. You must use either the apply command or the exit command to do so. Using the command to exit out of the VLAN database does not work in this mode because it will abort all changes made to the VLAN database—you must either use exit or apply and then the exit command.

Assigning Ports to VLANs

Switch(config)#interface fastethernet 0/1

Moves to interface configuration mode

Switch(config-if)#switchport mode access

Sets the port to access mode

Switch(config-if)#switchport access vlan 10

Assigns this port to VLAN 10

NOTE: When the switchport mode access command is used, the port will operate as a nontrunking, single VLAN interface that transmits and receives nonencapsulated frames.

An access port can belong to only one VLAN.

Using the range Command

Switch(config)#interface range fastethernet 0/1 - 9

Enables you to set the same configuration parameters on multiple ports at the same time

NOTE: There is a space before and after the hyphen in the interface range command.

Switch(config-if-range)#switchport mode access

Sets ports 1-9 as access ports

Switch(config-if-range)#switchport access vlan 10

Assigns ports 1-9 to VLAN 10

Dynamic Trunking Protocol

Switch(config)#interface fastethernet 0/1

Moves to interface configuration mode

Switch(config-if)#switchport mode dynamic desirable

Makes the interface actively attempt to convert the link to a trunk link

NOTE: With the switchport mode dynamic desirable command set, the interface will become a trunk link if the neighboring interface is set to trunk, desirable, or auto.

Switch(config-if)#switchport mode dynamic auto

Makes the interface able to convert into a trunk link

NOTE: With the switchport mode dynamic auto command set, the interface will become a trunk link if the neighboring interface is set to trunk or desirable.

Switch(config-if)#switchport nonegotiate

Prevents the interface from generating DTP frames.

NOTE: Use the switchport mode nonegotiate command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface to establish a trunk link.

Switch(config-if)#switchport mode trunk

Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link

NOTE: With the switchport mode trunk command set, the interface becomes a trunk link even if the neighboring interface is not a trunk link.

TIP: The default mode is dependent on the platform. For the 2960 and 3560, the default mode is dynamic auto.

Setting the Encapsulation Type

3560Switch(config)#interface fastethernet 0/1

Moves to interface config mode

3560Switch(config-if)#switchport mode trunk

Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link

3560Switch(config-if)#switchport trunk encapsulation isl

Specifies Inter-Switch Link (ISL) encapsulation on the trunk link

3560Switch(config-if)#switchport trunk encapsulation dot1q

Specifies 802.1Q encapsulation on the trunk link

3560Switch(config-if)#switchport trunk encapsulation negotiate

Specifies that the interface negotiate with the neighboring interface to become either an ISL or DotlQ trunk, depending on the capabilities or configuration of the neighboring interface

TIP: With the switchport trunk encapsulation negotiate command set, the preferred trunking method is ISL.

CAUTION: The 2960 series switch supports only Dot1Q trunking. Verifying VLAN Information

Switch#show vlan

Displays VLAN information

Switch#show vlan brief

Displays VLAN information in brief

Switch#show vlan id 2

Displays information of VLAN 2 only

Switch#show vlan name marketing

Displays information of VLAN named marketing only

Switch#show interfaces vlan x

Displays interface characteristics for the specified VLAN

Saving VLAN Configurations

The configurations of VLANs 1 through 1005 are always saved in the VLAN database. As long as the apply or the exit command is executed in VLAN Database mode, changes are saved. If you are using VLAN-configuration mode, using the exit command will also save the changes to the VLAN database.

If the VLAN database configuration is used at startup, and the startup configuration file contains extended-range VLAN configuration, this information is lost when the system boots.

If you are using VTP transparent mode, the configurations are also saved in the running configuration, and can be saved to the startup configuration using the copy running-config startup-config command.

If the VTP mode is transparent in the startup configuration, and the VLAN database and the VTP domain name from the VLAN database matches that in the startup configuration file, the VLAN database is ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The VLAN database revision number remains unchanged in the VLAN database.

Erasing VLAN Configurations

Switch#delete flash:vlan.dat

Removes entire VLAN database from flash

WARNING: Make sure there is no space between the colon (:) and the characters vlan.dat. You can potentially erase the entire contents of the flash with this command if the syntax is not correct. Make sure you read the output from the switch. If you need to cancel, press to escape back to privileged mode:

Switch#delete flash:vlan.dat

Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch#

Switch(config)#interface fastethernet 0/5

Moves to interface config mode

Switch(config-if)#no switchport access vlan 5

Removes port from VLAN 5 and reassigns it to VLAN 1—the default VLAN

Switch(config-if)#exit

Moves to global config mode

Switch(config)#no vlan 5

Removes VLAN 5 from the VLAN database

or

Switch#vlan database

Enters VLAN Database mode

Switch(vlan)#no vlan 5

Removes VLAN 5 from the VLAN database

Switch(vlan)#exit

Applies changes, increases the revision number by 1, and exits VLAN Database mode

NOTE: When you delete a VLAN from a switch that is in VTP server mode, the VLAN is removed from the VLAN database for all switches in the VTP domain. When you delete a VLAN from a switch that is in VTP transparent mode, the VLAN is deleted only on that specific switch.

NOTE: You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.

CAUTION: When you delete a VLAN, any ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN. Therefore, it is recommended that you reassign ports to a new VLAN or the default VLAN before you delete a VLAN from the VLAN database.

Verifying VLAN Trunking

Switch#show interface fastethernet 0/1 switchport

Displays the administrative and operational status of a trunking port

VLAN Trunking Protocol

VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that allows for VLAN configuration (addition, deletion, or renaming of VLANS) to be consistently maintained across a common administrative domain.

Using Global Configuration Mode

Switch(config)#vtp mode client

Changes the switch to VTP client mode

Switch(config)#vtp mode server

Changes the switch to VTP server mode

Switch(config)#vtp mode transparent

Changes the switch to VTP transparent mode

NOTE: By default, all Catalyst switches are in server mode.

Switch(config)#no vtp mode

Returns the switch to the default VTP server mode

Switch(config)#vtp domain domainname

Configures the VTP domain name. The name can be from 1 to 32 characters long.

NOTE: All switches operating in VTP server or client mode must have the same domain name to ensure communication.

Switch(config)#vtp password password

Configures a VTP password. In Cisco IOS Software Release 12.3 and later, the password is an ASCII string from 1 to 32 characters long. If you are using a Cisco IOS release earlier than 12.3, the password length ranges from 8 to 64 characters long.

NOTE: To communicate with each other, all switches must have the same VTP password set.

Switch(config)#vtp v2-mode

Sets the VTP domain to Version 2. This command is for Cisco IOS Software Release 12.3 and later. If you are using a Cisco IOS release earlier than 12.3, the command is vtp version 2.

NOTE: VTP Versions 1 and 2 are not interoperable. All switches must use the same version. The biggest difference between Versions 1 and 2 is that Version 2 has support for Token Ring VLANs.

Switch(config)#vtp pruning

Enables VTP pruning

NOTE: By default, VTP pruning is disabled. You need to enable VTP pruning on only one switch in VTP server mode.

NOTE: Only VLANs included in the pruning-eligible list can be pruned. VLANs 2 through 1001 are pruning eligible by default on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change which eligible VLANs can be pruned, use the interface-specific switchport trunk pruning vlan command:

Switch(config-if)#switchport trunk pruning vlan remove 4, 20-30

! Removes VLANs 4 and 20-30

Switch(config-if)#switchport trunk pruning vlan except 40-50

! All VLANs are added to the pruning list except for 40-50

Using VLAN Database Mode

The VLAN Database mode has been deprecated and will be removed in some future Cisco IOS release. Recommended practice dictates using only the VLAN-configuration mode.

Switch#vlan database

Enters VLAN Database mode

Switch(vlan)#vtp client

Changes the switch to VTP client mode

Switch(vlan)#vtp server

Changes the switch to VTP server mode

Switch(vlan)#vtp transparent

Changes the switch to VTP transparent mode

NOTE: By default, all Catalyst switches are in server mode.

Switch(vlan)#vtp domain domainname

Configures the VTP domain name. The name can be from 1 to 32 characters long.

NOTE: All switches operating in VTP server or client mode must have the same domain name to ensure communication.

Switch(vlan)#vtp password password

Configures a VTP password. In Cisco IOS Release 12.3 and later, the password is an ASCII string from 1 to 32 characters long. If you are using a Cisco IOS release earlier than IOS 12.3, the password length ranges from 8 to 64 characters long.

NOTE: All switches must have the same VTP password set in order to communicate with each other

Switch(vlan)#vtp v2-mode

Sets the VTP domain to Version 2. This command is for Cisco IOS Release 12.3 and later. If you are using a Cisco IOS release earlier than 12.3, the command is vtp version 2.

NOTE: VTP Versions 1 and 2 are not interoperable. All switches must use the same version. The biggest difference between Versions 1 and 2 is that Version 2 has support for Token Ring VLANs.

Switch(vlan)#vtp pruning

Enables VTP pruning.

NOTE: By default, VTP pruning is disabled. You need to enable VTP pruning on only one switch in VTP server mode.

NOTE: Only VLANs included in the pruning-eligible list can be pruned. VLANs 2 through 1001 are pruning eligible by default on trunk ports. Reserved VLANs and extended-range VLANs cannot be pruned. To change which eligible VLANs can be pruned, use the interface-specific switchport trunk pruning vlan command:

Switch(config-if)#switchport trunk pruning vlan remove 4, 20-30

! Removes VLANs 4 and 20-30

Switch(config-if)#switchport trunk pruning vlan except 40-50

All VLANs are added to the pruning list except for 40 through 50.

Switch(vlan)#exit

Applies changes to VLAN database, increases the revision number by 1, and exits back to privileged mode

Verifying VTP

Switch#show vtp status

Displays general information about VTP configuration

Switch#show vtp counters

Displays the VTP counters for the switch

NOTE: If trunking has been established before VTP is set up, VTP information is propagated throughout the switch fabric almost immediately. However, because VTP information is advertised only every 300 seconds (5 minutes) unless a change has been made to force an update, it can take several minutes for VTP information to be propagated.

Configuration Example: VLANs

Figure 2-1 shows the network topology for the configuration that follows, which shows how to configure VLANs using the commands covered in this chapter.

Figure 2-1 Network Topology for VLAN Configuration Example

Figure 2-1 Network Topology for VLAN Configuration Example

3560 Switch

Switch>enable

Moves to privileged mode

Switch#configure terminal

Moves to global configuration mode

Switch(config)#hostname 3560

Sets the host name

3560(config)#vtp mode server

Changes the switch to VTP server mode. Note that server is the default setting for a 3560 switch.

3560(config)#vtp domain bcmsn

Configures the VTP domain name to bcmsn

3560(config)#vtp password tower

Sets the VTP password to tower

3560(config)#vlan 10

Creates VLAN 10 and enters VLAN-configuration mode

3560(config-vlan)#name Admin

Assigns a name to the VLAN

3560(config-vlan)#exit

Increases the revision number by 1 and returns to global configuration mode

3560(config)#vlan 20

Creates VLAN 20 and enters VLAN-configuration mode

3560(config-vlan)#name Accounting

Assigns a name to the VLAN

3560(config-vlan)#vlan 30

Creates VLAN 30 and enters VLAN-configuration mode. Note that you do not have to exit back to global configuration mode to execute this command.

3560(config-vlan)#name Engineering

Assigns a name to the VLAN

3560(config-vlan)#exit

Increases the revision number by 1 and returns to global configuration mode

3560(config)#interface range fasthethernet 0/1 - 8

Enables you to set the same configuration parameters on multiple ports at the same time

3560(config-if-range)#switchport mode access

Sets ports 1-8 as access ports

3560(config-if-range)#switchport access vlan 10

Assigns ports 1-8 to VLAN 10

3560(config-if-range)#interface range fastethernet 0/9 - 15

Enables you to set the same configuration parameters on multiple ports at the same time

3560(config-if-range)#switchport mode access

Sets ports 9-15 as access ports

3560(config-if-range)#switchport access vlan 20

Assigns ports 9-15 to VLAN 20

3560(config-if-range)#interface range fastethernet 0/16 - 24

Enables you to set the same configuration parameters on multiple ports at the same time

3560(config-if-range)#switchport mode access

Sets ports 16-24 as access ports

3560(config-if-range)#switchport access vlan 30

Assigns ports 16-24 to VLAN 30

3560(config-if-range)#exit

Returns to global configuration mode

3560(config)#interface gigabitethernet 0/1

Moves to interface configuration mode

3560(config-if)#switchport trunk encapsulation dotlq

Specifies 802.1Q encapsulation on the trunk link

3560(config-if)#switchport mode trunk

Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link

3560(config-if)#exit

Returns to global configuration mode

3560(config)#exit

Returns to privileged mode

3560#copy running-config startup-config

Saves the configuration in NVRAM

2960 Switch

Switch>enable

Moves to privileged mode

Switch#configure terminal

Moves to global configuration mode

Switch(config)#hostname 2960

Sets the host name

2960(config)#vtp mode client

Changes the switch to VTP client mode

2960(config)#vtp domain bcmsn

Configures the VTP domain name to bcmsn

2960(config)#interface range fastethernet 0/1 - 8

Enables you to set the same configuration parameters on multiple ports at the same time

2960(config-if-range)#switchport mode access

Sets ports 1-8 as access ports

2960(config-if-range)#switchport access vlan 10

Assigns ports 1-8 to VLAN 10

2960(config-if-range)#interface range fastethernet 0/9 - 15

Enables you to set the same configuration parameters on multiple ports at the same time

2960(config-if-range)#switchport mode access

Sets ports 9-15 as access ports

2960(config-if-range)#switchport access vlan 20

Assigns ports 9-15 to VLAN 20

2960(config-if-range)#interface range fastethernet 0/16 - 24

Enables you to set the same configuration parameters on multiple ports at the same time

2960(config-if-range)#switchport mode access

Sets ports 16-24 as access ports

2960(config-if-range)#switchport access vlan 30

Assigns ports 16-24 to VLAN 30

2960(config-if-range)#exit

Returns to global configuration mode

2960(config)#int gigabitethernet 0/ 1

Moves to interface configuration mode

2960(config-if)#switchport mode trunk

Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link

2960(config-if)#exit

Returns to global configuration mode

2960(config)#exit

Returns to privileged mode

2960#copy running-config startup-config

Saves the configuration in NVRAM

Was this article helpful?

0 0

Post a comment