Home > Articles > Cisco Network Technology > General Networking > Cisco Networking Academy's Introduction to VLANs

Cisco Networking Academy's Introduction to VLANs

  • Sample Chapter is provided courtesy of Cisco Press.
  • Date: Apr 7, 2014.

Chapter Description

This chapter will cover how to configure, manage, and troubleshoot VLANs and VLAN trunks. It will also examine security considerations and strategies relating to VLANs and trunks, and best practices for VLAN design.

VLAN Implementations (3.2)

VLANs allow multiple networks to exist on one or more switches. Companies commonly use VLANs to separate a user network from other networks such as a voice network, printer/copier network, and guest network.

VLAN Ranges on Catalyst Switches (3.2.1.1)

Different Cisco Catalyst switches support various numbers of VLANs. The number of supported VLANs is large enough to accommodate the needs of most organizations. For example, the Catalyst 2960 and 3560 Series switches support more than 4000 VLANs. Normal range VLANs on these switches are numbered 1 to 1005 and extended range VLANs are numbered 1006 to 4094. Figure 3-13 illustrates the available VLAN IDs on a Catalyst 2960 switch running Cisco IOS Release 15.x.

Figure 3-13

Figure 3-13 Normal VLAN ID Range

Normal Range VLANs

Used in small- and medium-sized business and enterprise networks.

  • Identified by a VLAN ID between 1 and 1005.
  • IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.
  • IDs 1 and 1002 to 1005 are automatically created and cannot be removed.
  • Configurations are stored within a VLAN database file, called vlan.dat. The vlan.dat file is located in the flash memory of the switch.
  • The VLAN Trunking Protocol (VTP) is a Cisco-proprietary Layer 2 protocol used to manage VLAN configurations between switches; VTP can learn and store only normal range VLANs.

Extended Range VLANs

  • Enable service providers to extend their infrastructure to a greater number of customers. Some global enterprises could be large enough to need extended range VLAN IDs.
  • Are identified by a VLAN ID between 1006 and 4094.
  • Configurations are not written to the vlan.dat file.
  • Support fewer VLAN features than normal range VLANs.
  • Are, by default, saved in the running configuration file.
  • VTP does not learn extended range VLANs.

Creating a VLAN (3.2.1.2)

When configuring normal range VLANs, the configuration details are stored in flash memory on the switch in a file called vlan.dat. Flash memory is persistent and does not require the copy running-config startup-config command. However, because other details are often configured on a Cisco switch at the same time that VLANs are created, it is good practice to save running configuration changes to the startup configuration.

Table 3-1 displays the Cisco IOS command syntax used to add a VLAN to a switch and give it a name.

Table 3-1 Commands Used to Create a VLAN

Enter global configuration mode.

S1# configure terminal

Create a VLAN with a valid VLAN ID number.

S1(config)# vlan vlan-id

Specify a unique name to identify the VLAN.

S1(config-vlan)# name vlan-name

Return to the privileged EXEC mode.

S1(config-vlan)# end

Figure 3-14 shows how the student VLAN (VLAN 20) is configured on switch S1. In the topology example, the student computer (PC1) has not been associated with a VLAN yet, but it does have an IP address of 172.17.20.22.

Figure 3-14

Figure 3-14 Sample VLAN Configuration

In addition to entering a single VLAN ID, a series of VLAN IDs can be entered separated by commas, or a range of VLAN IDs separated by hyphens using the vlan vlan-id command. For example, use the following command to create VLANs 100, 102, 105, 106, and 107:

S1(config)# vlan 100,102,105-107

Assigning Ports to VLANs (3.2.1.3)

After creating a VLAN, the next step is to assign ports to the VLAN. An access port can belong to only one VLAN at a time; one exception to this rule is that of a port connected to an IP phone, in which case, there are two VLANs associated with the port: one for voice and one for data.

Table 3-2 displays the syntax for defining a port to be an access port and assigning it to a VLAN. The switchport mode access command is optional, but strongly recommended as a security best practice. With this command, the interface changes to permanent access mode.

Table 3-2 Commands Used to Assign Ports to VLANs

Enter global configuration mode.

S1# configure terminal

Enter interface configuration mode for a particular port number.

S1(config)# interface interface_id

Set the port to access mode.

S1(config-if)# switchport mode access

Assign the port to a particular VLAN.

S1(config-if)# switchport access vlan vlan-id

Return to the privileged EXEC mode.

S1(config-if)# end

In Figure 3-15, VLAN 20 is assigned to port F0/18 on switch S1; therefore, the student computer (PC2) is in VLAN 20. When VLAN 20 is configured on other switches, the network administrator knows to configure the other student computers to be in the same subnet as PC2 (172.17.20.0/24).

Figure 3-15

Figure 3-15 Sample VLAN Interface Configuration

The switchport access vlan command forces the creation of a VLAN if it does not already exist on the switch. For example, VLAN 30 is not present in the show vlan brief output of the switch. If the switchport access vlan 30 command is entered on any interface with no previous configuration, then the switch displays the following:

% Access VLAN does not exist. Creating vlan 30

Changing VLAN Port Membership (3.2.1.4)

There are a number of ways to change VLAN port membership. Table 3-3 shows the syntax for changing a switch port to VLAN 1 membership with the no switchport access vlan interface configuration mode command.

Table 3-3 Remove VLAN Configuration Commands

Enter global configuration mode.

S1# configure terminal

Enter interface configuration mode for a particular port number.

S1(config)# interface interface_id

Assign the port to a particular VLAN.

S1(config-if)# no switchport access vlan vlan-id

Return to the privileged EXEC mode.

S1(config-if)# end

Interface F0/18 was previously assigned to VLAN 20. The no switchport access vlan command is entered for interface F0/18. Examine the output in the show vlan brief command that immediately follows as shown in Figure 3-16. The show vlan brief command displays the VLAN assignment and membership type for all switch ports. The show vlan brief command displays one line for each VLAN. The output for each VLAN includes the VLAN name, status, and switch ports.

Figure 3-16

Figure 3-16 Sample Interface Removal of a VLAN

VLAN 20 is still active, even though no ports are assigned to it. The show interfaces fa0/18 switchport output verifies that the access VLAN for interface F0/18 has been reset to VLAN 1.

S1# show interfaces fa0/18 switchport
Name: Fa0/18
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
<output omitted>

A port can easily have its VLAN membership changed. It is not necessary to first remove a port from a VLAN to change its VLAN membership. When an access port has its VLAN membership reassigned to another existing VLAN, the new VLAN membership simply replaces the previous VLAN membership. In the following output, port F0/11 is assigned to VLAN 20.

S1# config t
S1(config)# interface fastethernet0/11
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
S1(config-if)# end
S1# show vlan brief

VLAN Name                     Status     Ports
---- ---------------------- --------- --------------------------
1    default                  active     Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gig1/1
                                                Gig1/2
20   VLAN0020                 active            Fa0/11
1002 fddi-default             act/unsup
1003 token-ring-default       act/unsup
1004 fddinet-default          act/unsup
1005 trnet-default            act/unsup

Deleting VLANs (3.2.1.5)

In Figure 3-17, the no vlan vlan-id global configuration mode command is used to remove VLAN 20 from the switch. Switch S1 had a minimal configuration with all ports in VLAN 1 and an unused VLAN 20 in the VLAN database. The show vlan brief command verifies that VLAN 20 is no longer present in the vlan.dat file after using the no vlan 20 command.

Figure 3-17

Figure 3-17 Deleting a VLAN

Alternatively, the entire vlan.dat file can be deleted using the delete flash:vlan.dat privileged EXEC mode command. The abbreviated command version (delete vlan.dat) can be used if the vlan.dat file has not been moved from its default location. After issuing this command and reloading the switch, the previously configured VLANs are no longer present. This effectively places the switch into its factory default condition concerning VLAN configurations.

Verifying VLAN Information (3.2.1.6)

After a VLAN is configured, VLAN configurations can be validated using Cisco IOS show commands.

Table 3-4 shows common show vlan command options.

Table 3-4 The show vlan Command Options

show vlan [brief | id vlan-id | name vlan-name | summary]

Display one line for each VLAN with the VLAN name, status, and associated ports.

brief

Display information about a single VLAN identified by the VLAN ID number, which can be a number between 1 and 4094.

id vlan-id

Display information about a single VLAN identified by a VLAN name. The VLAN name is an ASCII string from 1 to 32 characters.

name vlan-name

Display VLAN summary information.

summary

Table 3-5 shows common show interfaces command options.

Table 3-5 The show interfaces Command Options

show interfaces [interface-id | vlan vlan-id] | switchport

Valid interfaces include physical ports (including type, module, and port number) and port channels. The port-channel range is 1 to 6.

interface-id

VLAN identification, which is a number from 1 to 4094.

vlan vlan-id

Display the administrative and operational status of a switch port,including port blocking and port protection settings.

switchport

In Figure 3-18, the show vlan name student command produces output that is not easily interpreted. The preferable option is to use the show vlan brief command. The show vlan summary command displays the count of all configured VLANs. The output in Figure 3-18 shows seven VLANs.

Figure 3-18

Figure 3-18 Using the show vlan Command

The show interfaces vlan vlan-id command displays details that are beyond the scope of this course. The important information appears on the second line in the output, indicating that VLAN 20 is up.

S1# show interfaces vlan 20
Vlan 20 is up, line protocol is down
 Hardware is EtherSVI, address is 001c.57ec.0641 (bia 001c.57ec.0641)
 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
Last input never, output never, output hang never
 Last clearing of "show interface" counters never
 Input queue: 0/75/0/0 (size/max/drops/flushes);
 Total output drops: 0
 Queueing strategy: fifo
 Output queue: 0/40 (size/max)
 5 minute input rate 0 bits/sec, 0 packets/sec
 5 minute output rate 0 bits/sec, 0 packets/sec
   0 packets input, 0 bytes, 0 no buffer
   Received 0 broadcasts (0 IP multicast)
   0 runts, 0 giants, 0 throttles
   0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
   0 packets output, 0 bytes, 0 underruns
   0 output errors, 0 interface resets
   0 output buffer failures, 0 output buffers swapped out
<output omitted>
7. VLAN Trunks (3.2.2) | Next Section Previous Section

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020