Configuring VLANs on a Cisco switch is a fundamental skill for the CCNA exam and for real-world networking. This post covers an objective for Cisco’s CCNA 200-301 certification. A VLAN is a virtual LAN, a separate broadcast domain on the switch allowing devices configured on the same VLAN to communicate with each other.
A VLAN is used to segment devices on their own layer 2 broadcast domain. Usually, a VLAN will be tied to a layer 3 network but we’ll leave that for a future discussion.
Devices on different VLANs cannot communicate with a device on another VLAN without some routing configuration. But we will focus on layer 2 switching here.
A VLAN is defined on the Cisco switch and then configured on a switch port. This is also considered tagging from other vendors.
Defining a VLAN
The first step to configuring a VLAN is to define it on the switch. We create a VLAN in configuration mode with the vlan statement followed by a VLAN number. In the VLAN configuration mode, we can name the VLAN to whatever we like.
To verify if the VLAN has been configured, we issue show vlan to see the output of the VLAN database which contains all our VLAN configuration.
netsw-01#config t Enter configuration commands, one per line. End with CNTL/Z. netsw-01(config)#vlan 100 netsw-01(config-vlan)#name MANAGEMENT netsw-01(config-vlan)#end netsw-01#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/11, Gi1/0/13, Te1/0/1, Te1/0/2 100 MANAGEMENT active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 100 enet 100100 1500 - - - - - 0 0 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------
Configuring a Data VLAN On An Access Port
The next step is to add the VLAN to an access port.
netsw-01(config)#interface g1/0/1 netsw-01(config-if)#switchport access vlan 100 netsw-01(config-if)#switchport mode access
switchport access vlan <vlan-number> configures the access port on the corresponding VLAN.
Then we make the switch port configured for access mode with the interface command, switchport mode access. In this mode, the switch port will only be configured to use the VLAN that is assigned.
Configuring a Voice VLAN On An Access Port
Defining a voice VLAN just requires a small change in the command syntax. First, the voice VLAN must be defined as we have above. When a Cisco phone connects to this port, it will use the voice VLAN.
netsw-01#config t Enter configuration commands, one per line. End with CNTL/Z. netsw-01(config)#vlan 101 netsw-01(config-vlan)#name VOIP_NET netsw-01(config-vlan)#exit netsw-01(config)#int g1/0/1 netsw-01(config-if)#switchport voice vlan 101 netsw-01(config-if)#end
Verifying VLAN Configuration
It’s always worth verifying the configuration is correct. After configuring a VLAN, a simple command will show the contents of the VLAN database, show vlan brief. You’ll also see which access ports have the VLAN assigned to it. Note that trunk ports will not be listed here.
netsw-01#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/11, Gi1/0/13, Te1/0/1, Te1/0/2 100 MANAGEMENT active Gi1/0/9 101 VOIP_NET active Gi1/0/9
When it comes to individual access port configuration, we can show the running configuration for the interface with show run interface <interface>. Two things to remember, the switch port needs to have switchport mode access configured and the VLAN configuration with switchport access vlan <vlan-number>.
netsw-01#sh run interface g1/0/1 Building configuration... ! interface GigabitEthernet1/0/1 switchport access vlan 100 switchport mode access switchport voice vlan 101 spanning-tree portfast edge end
Another method to verify if a device is on the correct VLAN is to issue show mac-address table interface g1/0/1.
The output will display the connected MAC address of the device on the switch port and to which VLAN it is seen on.
netsw-01#show mac address-table interface g1/0/1 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 100 5254.0000.0005 DYNAMIC Gi1/0/1 Total Mac Addresses for this criterion: 1
Takeaway
As part of the Cisco CCNA 200-301 certification, an understanding of the VLAN configuration of a switch port is required. The above text is an overview of configuring a VLAN on a Cisco switch, configuring an access port to a single VLAN in access mode, and then verification of operation with different show commands.
Leave a Reply