VLAN - Part 4 (How to Configure Cisco VLANs) - www.ipcisco.com : www.ipcisco.com
Content Protection by DMCA.com

How to Configure Cisco VLANs



To Configure Cisco VLAN, firstly create the VLAN with the VLAN ID and then give it a name;
(The standard VLAN number range is 1 to 1005. 1002 to 1005 is reserved for Token Ring and FDDI.And lastly 1006 to 4094 range is used by VTP transparent mode)

Switch A (config)# vlan 2
Switch A (config-vlan)# name SecondDepartment

To assign a port to a VLAN firstly make that port access(because it will be an access port) then assign it to the VLAN;

Switch A (config)# interface fa0/0
Switch A (config-if)# switchport mode access
Switch A (config-if)# switchport access vlan 2

To configure a trunk port manually (better than using DTP);

Switch A (config)# interface fa0/1
Switch A (config-if)# switchport mode trunk
Switch(config-if)# switchport nonegotiate

To configure a trunk by using DTP(Dynamic Trunking Protocol);
(to actively form a trunk by desirable and pasively wait the other end to form a trunk by auto)

Switch(config)# interface fa0/1
Switch(config-if)# switchport mode dynamic desirable
Switch(config-if)# switchport mode dynamic auto

To select frame tagging protocol (for VLAN transfer between swicthes):

Switch A (config-if)# switchport trunk encapsulation isl

OR

Switch A (config-if)# switchport trunk encapsulation dot1.q

OR (using DTP)

Switch A (config-if)# switchport trunk encapsulation negotiate

To configure VLANs that will be carried in the trunk:
(to do an allowed VLAN list for trunk, to remove a VLAN and to add a VLAN)

Switch A (config-if)# switchport trunk allowed vlan 2,3,4,5
Switch A (config-if)# switchport trunk allowed vlan remove 4
Switch A (config-if)# switchport trunk allowed vlan except 3-5
Switch A (config-if)# switchport trunk allowed vlan add 6
Switch A (config-if)# switchport trunk allowed vlan all		

Native VLAN Configuration on a trunk port:

Switch A (config)# interface fa0/1
Switch A (config-if)# switchport mode trunk 
Switch A (config-if)# switchport trunk native vlan 5

To make the trunk to tag Native VLAN:

Switch A (config)# vlan dot1q tag native
Switch A (config)# interface fa0/1
Switch A (config-if)# switchport trunk native vlan 6

To see the VLAN assignment, use the following commands:

Switch A # show vlan
Switch A # show vlan brief
Switch A # show interface trunk
Switch A # show interface fa0/1 switchport

If you do not see any port on the output of show vlan or show vlan brief commands, it means that, missing port is a trunk port.

Switch#show vlan 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    VLAN0002                         active    Fa0/2, Fa0/3
3    VLAN0003                         active    Fa0/4
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 tr    101003     1500  -      -      -        -    -        0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   

For summary VLAN information, you can use show vlan vrief command.

Switch#show vlan brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    VLAN0002                         active    Fa0/2, Fa0/3
3    VLAN0003                         active    Fa0/4
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    

For a trunk port, you can check the port information like below:

Switch#show interfaces fastEthernet 0/1 switchport 
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false

For an access port, you can check the port information like below:

Switch#show interfaces fastEthernet 0/2 switchport 
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 2 (VLAN0002)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none

The output of show interfaces trunk command is below:

Switch#show interfaces trunk 
Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/1       2-4

Port        Vlans allowed and active in management domain
Fa0/1       2,3

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       2,3
Switch#

To Sum up…

To sum up to configure Cisco VLAN, you need to think and configure the following parts:

– Creating VLAN and naming that VLAN
– Assigning access port to the VLAN
– Trunk configuration (manual OR by DTP, desirable or auto)
– Frame-tagging protocol (ISL or dot1.q)
– Native VLAN
– Allowed VLANs on trunks
– Checking the configuration by Show commands


We will continue with a packet tracer example for VLAN configuration. Continue with the next post ;)

To learn mode about VLAN(Vİrtual Local Area Network)s, continue with the following posts ;)

VLAN – Part 1
VLAN – Part 2 (VLAN Assignments and VLAN Port Types)
VLAN – Part 3 (VLAN Frame Tagging Protocols, ISL and Dot1.q)
VLAN – Part 4 (How to Configure Cisco VLANs)
VLAN – Part 5 (Packet Tracer VLAN Configuration Example)




About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

Leave a Reply


Copy Protected by Chetan's WP-Copyprotect.