VLANs are typically configured via the CatOS or IOS command-line
interpreter (CLI), like any other feature. However, some IOS models, such
as the 2950 and 3550 switches, have a configurable VLAN
database with its own configuration mode and commands. This can
be a challenge for the uninitiated, especially because the configuration
for this database is completely separate from the configuration for the
rest of the switch. Even a write erase
followed by a reload will not clear the
VLAN database on these switches. Configuring through the VLAN database is
a throwback to older models that offered no other way to manage VLANs.
Luckily, all newer switches (including those with a VLAN database) offer
the option of configuring the VLANs through the normal IOS CLI. Switches
like the 6500, when running in native IOS mode, only support IOS commands
for switch configuration. The Nexus line does not have a configurable VLAN
database.
Note
Cisco recommends that you configure the VLAN Trunking Protocol (VTP) as a first step when configuring VLANs. This idea has merit, as trunks will not negotiate without a VTP domain. However, setting a VTP domain is not required to make VLANs function on a single switch. Configuring VTP is covered later (see Chapter 5, Trunking and Chapter 6, VLAN Trunking Protocol).
For CatOS, create a VLAN with the set vlan
command:
Switch1-CatOS# (enable)set vlan 10 name Lab-VLAN
VTP advertisements transmitting temporarily stopped,
and will resume after the command finishes.
Vlan 10 configuration successfulThere are a lot of options when creating a VLAN, but for the bare
minimum, this is all you need. To show the status of the VLANs, execute
the show vlan
command:
Switch1-CatOS# (enable)sho vlanVLAN Name Status IfIndex Mod/Ports, Vlans ---- -------------------------------- --------- ------- ------------------------ 1 default active 7 1/1-2 2/1-2 3/5-48 6/1-48 10 Lab-VLAN active 112 20VLAN0020 active 210 3/1-41002 fddi-default active 8 1003 token-ring-default active 11 1004 fddinet-default active 9 1005 trnet-default active 10 1006 Online Diagnostic Vlan1 active 0 internal 1007 Online Diagnostic Vlan2 active 0 internal 1008 Online Diagnostic Vlan3 active 0 internal 1009 Voice Internal Vlan active 0 internal 1010 Dtp Vlan active 0 internal 1011 Private Vlan Reserved Vlan suspend 0 internal 1016 Online SP-RP Ping Vlan active 0 internal
Notice that VLAN 10 has the name you assigned; VLAN 20âs name, which you did not assign, defaulted to VLAN0020. The output shows which ports are assigned to VLAN 20 and that most of the ports still reside in VLAN 1 (because VLAN 1 is the default VLAN, all ports reside there by default).
There are no ports in VLAN 10 yet, so add some, again using the
set vlan command:
Switch1-CatOS# (enable)set vlan 10 6/1,6/3-4VLAN10 modified.VLAN 1 modified. VLAN Mod/Ports ---- ----------------------- 10 6/1,6/3-4
Youâve now added ports 6/1, 6/3, and 6/4 to VLAN 10. Another
show vlan will reflect these
changes:
Switch1-CatOS# (enable)sho vlanVLAN Name Status IfIndex Mod/Ports, Vlans ---- -------------------------------- --------- ------- ------------------------ 1 default active 7 1/1-2 2/1-2 3/5-48 6/2,6/5-48 10Lab-VLAN active 112 6/1,6/3-420 VLAN0020 active 210 3/1-4 1002 fddi-default active 8 1003 token-ring-default active 11 1004 fddinet-default active 9 1005 trnet-default active 10 1006 Online Diagnostic Vlan1 active 0 internal 1007 Online Diagnostic Vlan2 active 0 internal 1008 Online Diagnostic Vlan3 active 0 internal 1009 Voice Internal Vlan active 0 internal 1010 Dtp Vlan active 0 internal 1011 Private Vlan Reserved Vlan suspend 0 internal 1016 Online SP-RP Ping Vlan active 0 internal
The output indicates that VLAN 1 was modified as well. This is because the ports had to be removed from VLAN 1 to be added to VLAN 10.
This method is included for the sake of completeness. Older switches that require this method of configuration are no doubt still deployed. IOS switches that support the VLAN database, such as the 3750, actually display this message when you enter VLAN database configuration mode:
3750-IOS#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.Note
If you have an IOS switch with active VLANs, but no reference is made to them in the running configuration, itâs possible they were configured in the VLAN database. Another possibility is that they were learned via VTP (we will cover this in Chapter 6). On 3750s, when the switch is in VTP server mode, even when you configure VLANs in CLI, they do not appear in the running configuration.
Since youâre more likely to see the VLAN database in older switches, Iâll continue with examples from a 2950, though they all behave pretty similarly. If you find any switch configured using the VLAN database, my advice is to convert it to an IOS configuration.
To configure VLANs in the VLAN database, you must enter VLAN
database configuration mode with the command vlan database.
Requesting help (?) lists the
commands available in this mode:
2950-IOS#vlan database2950-IOS(vlan)#?VLAN database editing buffer manipulation commands: abort Exit mode without applying the changes apply Apply current changes and bump revision number exit Apply changes, bump revision number, and exit mode no Negate a command or set its defaults reset Abandon current changes and reread current database show Show database information vlan Add, delete, or modify values associated with a single VLAN vtp Perform VTP administrative functions.
To create a VLAN, give the vlan
command followed by the VLAN number and name:
2950-IOS(vlan)#vlan 10 name Lab-VLAN
VLAN 10 added:
Name: Lab-VLANYou can show the VLANs configured from within VLAN database mode
with the command show. You have the
option of displaying the current database (show current), the
differences between the current and proposed database (show changes), or the
proposed database as it will look after you apply the changes using the
apply command or exit VLAN database
configuration mode. The default behavior of the show command is show
proposed:
2950-IOS(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 10
Name: Lab-VLAN
Media Type: Ethernet
VLAN 802.10 Id: 100010
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: NoNothing else is required to create a simple VLAN. The database will be saved upon exit:
2950-IOS(vlan)#exit
APPLY completed.
Exiting....Now, when you execute the show vlan command in
IOS, youâll see the VLAN youâve created:
2950-IOS#sho vlanVLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10Lab-VLAN active1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
Adding ports to the VLAN is accomplished in IOS interface configuration mode, and is covered in the next section.
Adding VLANs in IOS is relatively straightforward when all of the defaults are acceptable, which is usually the case. Here Iâll revert to a 3750, since youâre likely to encounter modern switches using this method.
First, enter configuration mode. From there, issue the vlan command with the identifier for the VLAN
youâre adding or changing. Next, specify a name for the VLAN with the
name subcommand (as with CatOS, a
default name of VLANxxxx
is used if you do not supply one):
3750-IOS#conf tEnter configuration commands, one per line. End with CNTL/Z. 3750-IOS(config)#vlan 103750-IOS(config-vlan)#name Lab-VLAN
Exit configuration mode and then issue the show vlan command to
see the VLANs present:
3750-IOS#sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/24, Gi1/0/25, Gi1/0/26
Gi1/0/27, Gi1/0/28, Gi1/0/29
Gi1/0/30, Gi1/0/31, Gi1/0/32
Gi1/0/33, Gi1/0/34, Gi1/0/35
Gi1/0/36, Gi1/0/37, Gi1/0/38
Gi1/0/39, Gi1/0/40, Gi1/0/41
Gi1/0/42, Gi1/0/43, Gi1/0/44
Gi1/0/46, Gi1/0/49, Gi1/0/50
Gi1/0/51, Gi1/0/52
10 Lab-VLAN active
100 VLAN0100 active
200 VLAN0200 active
300 VLAN0300 active
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------You assign ports to VLANs in IOS in interface configuration mode.
Each interface must be configured individually with the switchport access
command (this is in contrast to the CatOS switches, which allow you to
add all the ports at once with the set vlan
command):
3750-IOS(config)#int g1/0/13750-IOS(config-if)#switchport access vlan 103750-IOS(config-if)#int g1/0/23750-IOS(config-if)#switchport access vlan 10
Modern versions of IOS allow you to apply commands to multiple
interfaces with the interface range
command. Using this command, you can accomplish the same result as
before while saving some precious keystrokes:
3750-IOS(config)#interface range g1/0/1 - 23750-IOS(config-if-range)#switchport access vlan 10
Now, when you execute the show
vlan command, youâll see that the ports have been assigned to
the proper VLAN:
3750-IOS#sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/3, Gi1/0/4, Gi1/0/5
Gi1/0/6, Gi1/0/7, Gi1/0/8
Gi1/0/9, Gi1/0/10, Gi1/0/11
Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/21, Gi1/0/22
Gi1/0/23, Gi1/0/24, Gi1/0/25
Gi1/0/26, Gi1/0/27, Gi1/0/28
Gi1/0/29, Gi1/0/30, Gi1/0/31
Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/46, Gi1/0/49
Gi1/0/50, Gi1/0/51, Gi1/0/52
10 Lab-VLAN active Gi1/0/1, Gi1/0/2
100 VLAN0100 active
200 VLAN0200 active
300 VLAN0300 active
1002 fddi-default act/unsupNX-OS uses a command interface similar to IOS. NX-OS behaves a little
bit differently, especially concerning the configuration of interfaces.
The methods used for configuring VLANs are very similar to IOS. First we
create the VLAN with the vlan
vlan-# command:
NX-7K-1-Cozy(config)# vlan 10Once youâve created the VLAN, enter VLAN configuration mode and
name the VLAN with the name
vlan-name command:
NX-7K-1-Cozy(config-vlan)# name Lab-VLANOne of the cool features of NX-OS is that you no longer need the
do command to run show commands from
configuration mode. This behavior is similar to the PIX and ASA
configuration mode, and is a most welcome change. Here, Iâve executed
the show vlan command from
within VLAN configuration mode:
NX-7K-1-Cozy(config-if)# sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Po1, Po10
10 Lab-VLAN active Po1, Eth3/2
VLAN Type
---- -----
1 enet
10 enet
Remote SPAN VLANs
-------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------Another new feature in NX-OS is the capability to configure a
range of interfaces without using the interface-range
command. Simply enter the range you want to configure as if you were
using the interface-range command in
IOS:
NX-7K-1-Cozy(config-vlan)# int e3/1 - 2This automatically puts us into interface range configuration
mode. Now we assign the ports to a VLAN the same way we would in
IOSâusing the switchport access vlan
vlan# command:
NX-7K-1-Cozy(config-if-range)# switchport access vlan 10
Warning: command rejected, Eth3/1 not a switching port
Warning: command rejected, Eth3/2 not a switching portNow thereâs a message you donât see on a Catalyst switch by
default. The Nexus 7000 switch behaves differently than a catalyst. By default, all
switch ports are router ports! To perform switch port commands on a
Nexus port, you must first put them into switchport mode with the
switchport command:
NX-7K-1-Cozy(config-if-range)#int e3/1 - 2NX-7K-1-Cozy(config-if-range)#switchportNX-7K-1-Cozy(config-if-range)#no shut
Now that we have placed the ports into switchport mode, we can assign them to a VLAN without further interruption:
NX-7K-1-Cozy(config-if-range)# switchport access vlan 10
NX-7K-1-Cozy(config-if-range)#The show vlan command now shows
our ports assigned to VLAN 10. Notice once more how Iâve executed a
show command from within
configuration mode. I love this feature!
NX-7K-1-Cozy(config-if-range)# sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
10 Lab-VLAN active Eth3/1, Eth3/2
VLAN Type
---- -----
1 enet
10 enet
Remote SPAN VLANs
-------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------Get Network Warrior, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
