Switch VLAN Configuration

By -

 Configuring VLANs on network switches typically involves using either configuration mode (also known as global configuration mode) or database mode (also known as VLAN database mode). The specific method and commands can vary depending on the switch platform and operating system. Below, I'll provide examples for both modes and cover additional tasks like assigning ports, configuring VLAN trunking, specifying VLAN encapsulation type, erasing VLAN configurations, and verifying VLAN information.

1. Configuration Mode (Global Configuration Mode):

  • In configuration mode, you configure VLANs directly under the switch's global configuration mode.

Creating VLANs:

bash
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
  • This creates VLAN 10 with the name "Sales."

Assigning Ports to VLANs:

bash
Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
  • This assigns interface GigabitEthernet0/1 to VLAN 10 as an access port.

Configuring VLAN Trunking:

bash
Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# switchport mode trunk
  • This configures interface GigabitEthernet0/24 as a trunk port, allowing it to carry multiple VLANs.

2. Database Mode (VLAN Database Mode):

  • Some older switches use VLAN database mode to configure VLANs. Note that this mode is becoming less common on modern switches.

Entering VLAN Database Mode:

bash
Switch# vlan database
Switch(vlan)#
  • Enter VLAN database mode.

Creating VLANs:

bash
Switch(vlan)# vlan 10 name Sales
  • This creates VLAN 10 with the name "Sales."

Assigning Ports to VLANs:

bash
Switch(vlan)# interface fastethernet0/1
Switch(vlan-if)# vlan-membership static 10
  • This assigns interface FastEthernet0/1 to VLAN 10.

Configuring VLAN Trunking:

bash
Switch(vlan)# interface fastethernet0/24
Switch(vlan-if)# vlan-membership dynamic 10
  • This configures interface FastEthernet0/24 as a dynamic VLAN trunk port.

3. VLAN Encapsulation Type:

  • VLAN encapsulation types depend on the switch and interface type. For example, on Cisco switches, you can set encapsulation for VLANs on a trunk port:
bash
Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# switchport trunk encapsulation dot1q
  • This sets the encapsulation type to IEEE 802.1Q (dot1q).

4. Erasing VLAN Configuration:

  • To erase VLAN configurations for a specific VLAN, you can use the no command in configuration mode:
bash
Switch(config)# no vlan 10
  • This removes VLAN 10 and all its associated configuration.

5. Verifying VLAN Information:

  • You can verify VLAN information using various show commands:
bash
Switch# show vlan
Switch# show interfaces status
  • These commands display VLAN information and interface status, respectively.
  • =======================
  • Create VLAN

  • Step 1: Access Configuration Mode

    Access the switch's command-line interface (CLI) and enter configuration mode:

    bash
    Switch> enable
Switch# configure terminal
Switch(config)#

    Step 2: Create the VLAN

    To create a VLAN, use the vlan command followed by the VLAN ID:

    bash
    Switch(config)# vlan 10

    In this example, we create VLAN 10.

    Step 3: Assign a Name to the VLAN (Optional)

    You can assign a meaningful name to the VLAN for easier identification:

    bash
    Switch(config-vlan)# name Sales

    This command sets the name of VLAN 10 to "Sales."

    Step 4: Exit Configuration Mode

    Exit configuration mode to save your changes:

    bash
    Switch(config-vlan)# exit
Switch(config)# exit

    Your newly created VLAN, VLAN 10 (Sales), is now configured on the switch. You can repeat these steps to create additional VLANs or make further configurations as needed.

  • =======================================

  • Create VLAN using Database Mode

  • Step 1: Access Privileged Exec Mode

    Access the switch's command-line interface (CLI) and enter privileged exec mode:

    bash
    Switch> enable
Switch#

    Step 2: Enter VLAN Database Mode

    Enter the VLAN database mode, which is where VLAN configuration takes place:

    bash
    Switch# vlan database
Switch(vlan)#

    Step 3: Create the VLAN

    To create a VLAN, use the vlan command followed by the VLAN ID:

    bash
    Switch(vlan)# vlan 10

    In this example, we create VLAN 10.

    Step 4: Assign a Name to the VLAN (Optional)

    You can assign a meaningful name to the VLAN for easier identification:

    bash
    Switch(vlan)# name Sales

    This command sets the name of VLAN 10 to "Sales."

    Step 5: Exit VLAN Database Mode

    Exit the VLAN database mode and return to privileged exec mode:

    bash
    Switch(vlan)# exit
Switch#

    Your newly created VLAN, VLAN 10 (Sales), is now configured on the switch.

    Please note that database mode is becoming less common on modern switches, and the recommended way to configure VLANs is through configuration mode

  • =========================================

  • Assigning Ports to VLAN

  • 1. Assigning Ports as Access Ports:

    In this scenario, you configure switch ports as access ports and assign them to specific VLANs. Each access port belongs to a single VLAN, and devices connected to these ports become members of that VLAN.

    bash
    Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

    In the above example, we configure GigabitEthernet0/1 as an access port and assign it to VLAN 10.

    2. Assigning Ports as Trunk Ports:

    Trunk ports are used to carry traffic for multiple VLANs over a single link. You can assign trunk ports to allow specific VLANs by specifying which VLANs are allowed over the trunk.

    bash
    Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20

    In this example, GigabitEthernet0/24 is configured as a trunk port, and it is allowed to carry traffic for VLANs 10 and 20.

    3. Assigning Ports to Default VLAN:

    All switch ports are typically assigned to a default VLAN (often VLAN 1) unless explicitly configured otherwise. To change the default VLAN for a port:

    bash
    Switch(config)# interface FastEthernet0/2
Switch(config-if)# switchport access vlan 30

    This configuration changes the default VLAN for FastEthernet0/2 to VLAN 30.

    4. Removing a Port from a VLAN:

    To remove a port from a VLAN, you can either assign it to a different VLAN or set it to an unused VLAN (e.g., VLAN 1 for default):

    bash
    Switch(config)# interface GigabitEthernet0/3
Switch(config-if)# switchport access vlan 1

    This removes GigabitEthernet0/3 from its previous VLAN assignment and assigns it to VLAN 1

  • ==============================================

  • VLAN Trunk

  • Configuring VLAN trunks on network switches is essential for allowing the transport of multiple VLANs over a single network link, typically between switches or between a switch and a router. Trunks use tagging mechanisms (e.g., IEEE 802.1Q) to differentiate between VLANs. Here's how to configure a VLAN trunk on a Cisco switch as an example:

    1. Configure a Trunk Port on One Side:

    On one of the switches that need to communicate over the trunk, configure one of its ports as a trunk port:

    bash
    Switch1(config)# interface GigabitEthernet0/24
Switch1(config-if)# switchport mode trunk

    In this example, GigabitEthernet0/24 on Switch1 is configured as a trunk port.

    2. Configure the Other Side of the Trunk:

    On the other switch (Switch2) that will connect to Switch1 via the trunk, configure its port as a trunk as well:

    bash
    Switch2(config)# interface GigabitEthernet0/24
Switch2(config-if)# switchport mode trunk

    3. Optional: Allow Specific VLANs on the Trunk:

    By default, all VLANs are allowed on a trunk. You can restrict the allowed VLANs on the trunk if necessary:

    bash
    Switch1(config-if)# switchport trunk allowed vlan 10,20,30

    This command allows VLANs 10, 20, and 30 to traverse the trunk. Repeat this command on both switches to ensure consistency.

    4. Verify the Trunk Configuration:

    You can use the following command to verify the trunk configuration:

    bash
    Switch1# show interfaces trunk

    This command displays information about the trunk ports, including the allowed VLANs.

    5. Repeat for Additional Trunk Links:

    If you have multiple trunk links between switches, repeat the configuration steps for each trunk link.

    By configuring VLAN trunks, you enable the switches to carry traffic for multiple VLANs across a single link, allowing devices in different VLANs to communicate efficiently.

  • ===================================

  • VLAN Encapsulation Type

  • VLAN encapsulation type refers to the method used to tag Ethernet frames with VLAN information when they traverse a VLAN trunk link. The most common VLAN encapsulation method is IEEE 802.1Q, but some networks may also use ISL (Inter-Switch Link), although ISL is less common today. Below, I'll explain how to configure VLAN encapsulation type using IEEE 802.1Q on a Cisco switch as an example:

    1. Configure a Trunk Port:

    Before setting the VLAN encapsulation type, ensure that you have configured a trunk port on your switch. You can refer to the previous response for configuring a trunk port.

    2. Configure the Encapsulation Type (IEEE 802.1Q):

    To configure IEEE 802.1Q encapsulation on a trunk port, follow these steps:

    bash
    Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# switchport trunk encapsulation dot1q

    In the above example, we configure GigabitEthernet0/24 as a trunk port and set its encapsulation type to IEEE 802.1Q (dot1q). This is the recommended encapsulation method for most networks as it's an industry standard and supported by most network devices.

    3. Verify the Encapsulation Type:

    You can verify the encapsulation type using the following command:

    bash
    Switch# show interfaces trunk

    This command displays information about trunk ports, including the encapsulation type, allowed VLANs, and other relevant details.

    4. Optional: Changing Back to ISL (Inter-Switch Link):

    If you need to use ISL encapsulation for some reason (note that ISL is less common and not as widely supported), you can change the encapsulation type as follows:

    bash
    Switch(config)# interface GigabitEthernet0/24
Switch(config-if)# no switchport trunk encapsulation dot1q
Switch(config-if)# switchport trunk encapsulation isl

    Remember that for ISL encapsulation, both ends of the trunk link must support ISL, and the VLAN information is encapsulated differently compared to 802.1Q.

  • ============================================================Configuration VLAN Voice and Data with Trust

  • Configuring VLANs for both voice and data traffic with trust on a Cisco switch is a common practice in converged networks. This allows you to separate voice and data traffic into different VLANs while ensuring that the switch trusts the marking (CoS or DSCP values) of incoming packets for Quality of Service (QoS) prioritization. Here's a step-by-step guide to configuring VLANs for voice and data with trust on a Cisco switch:

    Assumptions:

    • Your switch is a Cisco Catalyst switch.
    • You have already configured the necessary VLANs (one for voice and one for data) and configured your IP routing if inter-VLAN routing is required.

    1. Configure VLANs:

    Ensure that you have configured the VLANs for voice and data on your switch. Replace VLAN IDs and names as needed:

    bash
    Switch(config)# vlan 10
Switch(config-vlan)# name Voice
Switch(config-vlan)# exit

Switch(config)# vlan 20
Switch(config-vlan)# name Data
Switch(config-vlan)# exit

    2. Configure Voice VLAN:

    Assign the voice VLAN to the switch port where the IP phone is connected. Also, enable the voice VLAN feature to automatically tag voice traffic with the appropriate VLAN ID:

    bash
    Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)# switchport voice vlan 10

    In the above example, GigabitEthernet0/1 is configured as an access port in VLAN 20 for data traffic and automatically tags voice traffic with VLAN 10.

    3. Trust CoS/DSCP Values:

    By default, a Cisco switch does not trust the CoS/DSCP values of incoming packets. You need to configure trust on the switch port to ensure that it respects the QoS markings:

    bash
    Switch(config-if)# mls qos trust cos
Switch(config-if)# mls qos trust dscp

    This configuration trusts both the CoS (Class of Service) and DSCP (Differentiated Services Code Point) values of incoming packets.

    4. Verify the Configuration:

    You can verify the configuration using the following commands:

    bash
    Switch# show vlan
Switch# show interface GigabitEthernet0/1 switchport
Switch# show mls qos interface GigabitEthernet0/1

    These commands display VLAN information, switchport configuration, and QoS settings for the specified interface.

  • =======================================================

  • Configuration VLAN Voice and Data without Trust

  • Configuring VLANs for both voice and data traffic without trusting CoS/DSCP values on a Cisco switch is a common practice when you want to segregate voice and data traffic into different VLANs but do not rely on the QoS markings in incoming packets for prioritization. Here's a step-by-step guide to configuring VLANs for voice and data without trust on a Cisco switch:

    Assumptions:

    • Your switch is a Cisco Catalyst switch.
    • You have already configured the necessary VLANs (one for voice and one for data) and configured your IP routing if inter-VLAN routing is required.

    1. Configure VLANs:

    Ensure that you have configured the VLANs for voice and data on your switch. Replace VLAN IDs and names as needed:

    bash
    Switch(config)# vlan 10
Switch(config-vlan)# name Voice
Switch(config-vlan)# exit

Switch(config)# vlan 20
Switch(config-vlan)# name Data
Switch(config-vlan)# exit

    2. Configure Voice VLAN:

    Assign the voice VLAN to the switch port where the IP phone is connected. Also, enable the voice VLAN feature to automatically tag voice traffic with the appropriate VLAN ID:

    bash
    Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)# switchport voice vlan 10

    In the above example, GigabitEthernet0/1 is configured as an access port in VLAN 20 for data traffic and automatically tags voice traffic with VLAN 10.

    3. Disable CoS/DSCP Trust:

    By default, a Cisco switch trusts the CoS/DSCP values of incoming packets. To disable trust on the switch port, use the following commands:

    bash
    Switch(config-if)# no mls qos trust cos
Switch(config-if)# no mls qos trust dscp

    This configuration ensures that the switch does not trust or rely on the QoS markings in incoming packets for prioritization.

    4. Verify the Configuration:

    You can verify the configuration using the following commands:

    bash
    Switch# show vlan
Switch# show interface GigabitEthernet0/1 switchport

    These commands display VLAN information and switchport configuration for the specified interface.

    With this configuration, you have segregated voice and data traffic into separate VLANs without relying on the QoS markings in incoming packets for prioritization. This can be suitable for scenarios where you have limited control over the QoS markings on devices in your network.

  • ==================================================

  • Erasing VLAN Configuration

  • Erasing VLAN configurations on a Cisco switch is a straightforward process. If you want to remove VLAN configurations and start fresh, follow these steps:

    Note: Be cautious when erasing VLAN configurations, as it will remove all associated VLAN settings, including VLAN IDs, names, and port assignments.

    1. Access Configuration Mode:

    Access the switch's command-line interface (CLI) and enter configuration mode:

    bash
    Switch> enable
Switch# configure terminal
Switch(config)#

    2. Erase VLANs:

    To erase VLAN configurations, you can use the no command followed by the vlan command and the VLAN IDs you want to remove. For example, if you want to erase VLANs 10 and 20, use the following commands:

    bash
    Switch(config)# no vlan 10
Switch(config)# no vlan 20

    Repeat the no vlan command for each VLAN you want to remove.

    3. Verify the Erased VLANs:

    You can verify that the VLANs have been erased by checking the VLAN database:

    bash
    Switch# show vlan brief

    This command will display a list of configured VLANs. If the VLANs you erased are no longer listed, it indicates that the configuration has been successfully removed.

    4. Save the Configuration (Optional):

    After erasing VLAN configurations, it's a good practice to save the changes to the startup configuration to ensure they persist after a reboot:

    bash
    Switch# write memory

    This command saves the current running configuration to the startup configuration.

  • ===================================================

  • Verifying VLAN Information

  • 1. Show VLAN Brief:

    This command displays a brief summary of all configured VLANs on the switch, including their VLAN IDs and names:

    bash
    Switch# show vlan brief

    2. Show VLAN Information for a Specific VLAN:

    To view detailed information for a specific VLAN (e.g., VLAN 10), use the following command:

    bash
    Switch# show vlan id 10

    This command will provide detailed information about VLAN 10, including its name, status, and associated ports.

    3. Show Interface VLAN Brief:

    To see a summary of all VLAN interfaces (SVIs) on the switch, use the following command:

    bash
    Switch# show interface vlan brief

    This command displays information about SVIs, including their VLAN associations, IP addresses, and status.

    4. Show VLAN Membership for a Specific Port:

    To check which VLAN a specific switch port (e.g., GigabitEthernet0/1) is a member of, you can use the following command:

    bash
    Switch# show interfaces GigabitEthernet0/1 switchport

    This command will display VLAN membership information for the specified port.

    5. Show Trunk Ports:

    To see which ports are configured as trunk ports and which VLANs are allowed on those trunks, you can use the following command:

    bash
    Switch# show interfaces trunk

    This command provides information about trunk ports, including their encapsulation type, allowed VLANs, and operational status.

    6. Show VLAN Configuration:

    To view the entire VLAN configuration, including VLAN IDs, names, and port assignments, use the following command:

    bash
    Switch# show running-config | include vlan

    This command will display the VLAN configuration section of the running configuration.

    7. Show MAC Addresses in VLAN:

    To see a list of MAC addresses associated with a specific VLAN (e.g., VLAN 10), you can use the following command:

    bash
    Switch# show mac address-table vlan 10

    This command provides a list of MAC addresses and the corresponding switch ports in the specified VLAN.


Comments

Post a Comment

Popular posts from this blog

CCNA Router and Catalyst Switch IOS Command Reference

By -
CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam. Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls: ·   Config# terminal editing - allows for enhanced editing commands ·   Config# terminal monitor - shows output on telnet session ·   Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: ·   Config# hostname ROUTER_NAME Banner: ·   Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: ·   Config# description THIS IS THE SOUTH ROUTER - can be entered ...
Read more

Network Technologies

By -
Image
Common Networking Protocols TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP. UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities. SMTP - Used to reliably send and receive mail over the Internet. FTP - ...
Read more

About myself

By -
With a track record of delivering innovative IT solutions and optimizing technology infrastructure, Prashant Shrivastava is the driving force behind the organization's digital transformation journey from 2007. Expertise in ERP Implementation: Prashant Shrivastava brings a wealth of experience in Enterprise Resource Planning (ERP) implementation, having successfully overseen multiple projects. ERP systems are vital for streamlining business processes, enhancing data visibility, and improving decision-making. He possesses a deep understanding of ERP modules, such as finance, human resources, supply chain, and customer relationship management, ensuring seamless integration across all departments. Infrastructure Administration and System Administration: As a Head of IT, Prashant Shrivastava has a strong foundation in both Infrastructure and System Administration. This expertise includes managing servers, networks, databases, and ensuring the overall stability and security of the IT env...
Read more