VLANs are typically configured via the CatOS or IOS command-line interpreter (CLI),
like any other feature. However, some IOS models, such as the 2950 and 3550 switches, have
a configurable VLAN database with its own configuration mode and
commands. This can be a challenge for the uninitiated, especially because the
configuration for this database is completely separate from the configuration for the rest
of the switch. Even a write erase followed by a
reload will not clear the VLAN database on these
switches. Configuring through the VLAN database is a throwback to older models that
offered no other way to manage VLANs. All newer switches (including those with a VLAN
database) offer the option of configuring the VLANs through the normal IOS CLI. Switches
like the 6500, when running in native IOS mode, only support IOS commands for switch
configuration.
Tip
Cisco recommends that the VLAN Trunking Protocol (VTP) be configured as a first step when configuring VLANs. This idea has merit, as trunks will not negotiate without a VTP domain. However, setting a VTP domain is not required to make VLANs function on a single switch. Configuring VTP is covered later (see Chapter 5 and Chapter 6).
For CatOS, creating a VLAN is accomplished with the set
vlan command:
Switch1-CatOS# (enable)set vlan 10 name Lab-VLAN
VTP advertisements transmitting temporarily stopped,
and will resume after the command finishes.
Vlan 10 configuration successfulThere are a lot of options when creating a VLAN, but for the bare minimum, this is
all that's needed. To show the status of the VLANs, execute the show vlan command:
Switch1-CatOS# (enable)sho vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 7 1/1-2
2/1-2
3/5-48
6/1-48
10 Lab-VLAN active 112
20 VLAN0020 active 210 3/1-4
1002 fddi-default active 8
1003 token-ring-default active 11
1004 fddinet-default active 9
1005 trnet-default active 10
1006 Online Diagnostic Vlan1 active 0 internal
1007 Online Diagnostic Vlan2 active 0 internal
1008 Online Diagnostic Vlan3 active 0 internal
1009 Voice Internal Vlan active 0 internal
1010 Dtp Vlan active 0 internal
1011 Private Vlan Reserved Vlan suspend 0 internal
1016 Online SP-RP Ping Vlan active 0 internalNotice that VLAN 10 has the name you assigned; VLAN 20's name, which you did not assign, defaulted to VLAN0020. The output shows which ports are assigned to VLAN 20, and that most of the ports still reside in VLAN 1. (Because VLAN 1 is the default VLAN, all ports reside there by default.)
There are no ports in VLAN 10 yet, so add some, again using the set vlan command:
Switch1-CatOS# (enable)set vlan 10 6/1,6/3-4
VLAN 10 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
10 6/1,6/3-4You've now added ports 6/1, 6/3, and 6/4 to VLAN 10. A show
vlan will reflect these changes:
Switch1-CatOS# (enable)sho vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 7 1/1-2
2/1-2
3/5-48
6/2,6/5-48
10 Lab-VLAN active 112 6/1,6/3-4
20 VLAN0020 active 210 3/1-4
1002 fddi-default active 8
1003 token-ring-default active 11
1004 fddinet-default active 9
1005 trnet-default active 10
1006 Online Diagnostic Vlan1 active 0 internal
1007 Online Diagnostic Vlan2 active 0 internal
1008 Online Diagnostic Vlan3 active 0 internal
1009 Voice Internal Vlan active 0 internal
1010 Dtp Vlan active 0 internal
1011 Private Vlan Reserved Vlan suspend 0 internal
1016 Online SP-RP Ping Vlan active 0 internalThe output indicates that VLAN 1 was modified as well. This is because the ports had to be removed from VLAN 1 to be added to VLAN 10.
This method is included for the sake of completeness. Older switches that require this method of configuration are no doubt still deployed. Newer switches that support the VLAN database, such as the 3550, actually display this message when you enter VLAN database configuration mode:
3550-IOS#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.Tip
If you have an IOS switch with active VLANs, but no reference is made to them in the running configuration, it's possible that they were configured in the VLAN database. Another possibility is that they were learned via VTP (we will cover this in Chapter 6).
To configure VLANs in the VLAN database, you must enter VLAN database configuration
mode with the command vlan database. Requesting help
(?) lists the commands available in this
mode:
2950-IOS#vlan database2950-IOS(vlan)#?VLAN database editing buffer manipulation commands: abort Exit mode without applying the changes apply Apply current changes and bump revision number exit Apply changes, bump revision number, and exit mode no Negate a command or set its defaults reset Abandon current changes and reread current database show Show database information vlan Add, delete, or modify values associated with a single VLAN vtp Perform VTP administrative functions.
To create a VLAN, give the vlan command followed
by the VLAN number and name:
2950-IOS(vlan)#vlan 10 name Lab-VLAN
VLAN 10 added:
Name: Lab-VLANYou can show the VLANs configured from within VLAN database mode with the command
show. You have the option of displaying the current
database (show current), the differences between the
current and proposed database (show changes), or the
proposed database as it will look after you apply the changes using the apply command or exit VLAN database configuration mode. The
default behavior of the show command is show proposed:
2950-IOS(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 10
Name: Lab-VLAN
Media Type: Ethernet
VLAN 802.10 Id: 100010
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: NoNothing else is required to create a simple VLAN. The database will be saved upon exit:
2950-IOS(vlan)#exit
APPLY completed.
Exiting....Now, when you execute the show vlan command in
IOS, you'll see the VLAN you've created:
2950-IOS#sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 Lab-VLAN active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default activeAdding ports to the VLAN is accomplished in IOS interface configuration mode, and is covered in the next section.
Adding VLANs in IOS is relatively straightforward when all of the defaults are
acceptable, which is usually the case. First, enter configuration mode. From there,
issue the vlan command with the identifier for the
VLAN you're adding or changing. Next, specify a name for the VLAN with the name subcommand (as with CatOS, a default name of VLANxxxx
is used if you do not supply one):
2950-IOS#conf tEnter configuration commands, one per line. End with CNTL/Z. 2950-IOS(config)#vlan 102950-IOS(config-vlan)#name Lab-VLAN
Exit configuration mode, then issue the show vlan
command to see the VLANs present:
2950-IOS#sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
10 Lab-VLAN active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default activeAssigning ports to VLANs in IOS is done in interface configuration mode. Each
interface must be configured individually with the switchport
access command (this is in contrast to the CatOS switches, which allow you
to add all the ports at once with the set vlan
command):
2950-IOS(config)#int f0/12950-IOS(config-if)#switchport access vlan 102950-IOS(config-if)#int f0/22950-IOS(config-if)#switchport access vlan 10
Newer versions of IOS allow commands to be applied to multiple interfaces with the
interface range command. Using this command, you
can accomplish the same result as before while saving some precious keystrokes:
2950-IOS (config)#interface range f0/1 - 22950-IOS (config-if-range)#switchport access vlan 10
Now, when you execute the show vlan command,
you'll see that the ports have been assigned to the proper VLAN:
2950-IOS#sho vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 Lab-VLAN active Fa0/1, Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default activeGet Network Warrior now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
