Understanding
VLANs-
A VLAN is a switched network that is logically
segmented
By function, project team, or application, without regard to the
physical locations of the users. VLANs have the same attributes as physical
LANs, but you can group end stations even if they are not physically located on
the same LAN segment. Any switch port can belong to a VLAN, and unicast,
broadcast, and multicast packets are forwarded and flooded only to end stations
in the VLAN. Each VLAN is considered a logical network, and packets destined for
stations that do not belong to the VLAN must be forwarded through a router or a
switch supporting fallback bridging. VLANs can be formed with ports across the
stack. Because a VLAN is considered a separate logical network, it contains its
own bridge Management Information Base (MIB) information and can support its
own implementation of spanning tree.
VLAN ranges and functions-
|
Feature
|
Default Setting
|
|
Interface mode
|
switchport mode dynamic auto
|
|
Allowed VLAN range
|
VLANs 1 to 4094
|
|
VLAN range eligible for pruning
|
VLANs 2 to 1001
|
|
Default VLAN (for access ports)
|
VLAN 1
|
|
Native VLAN (for IEEE 802.1Q trunks)
|
VLAN 1
|
Membership Mode
|
VLAN Membership Characteristics
|
VTP Characteristics
|
Static
access
|
A static-access
port can belong to one VLAN and is manually assigned to that VLAN.
|
VTP is not
required. If you do not want VTP to globally propagate information, set the
VTP mode to transparent. To participate in VTP, there must be at least one
trunk port on the switch stack connected to a trunk port of a second switch
or switch stack.
Stacking is
supported only on Catalyst 2960-S switches running the LAN base image.
|
Trunk
(IEEE 802.1Q)
|
A trunk port is a member of all VLANs by default,
including extended-range VLANs, but membership can be limited by configuring
the allowed-VLAN list. You can also modify the pruning-eligible list to block
flooded traffic to VLANs on trunk ports that are included in the list.
|
VTP is recommended
but not required. VTP maintains VLAN configuration consistency by managing
the addition, deletion, and renaming of VLANs on a network-wide basis. VTP
exchanges VLAN configuration messages with other switches over trunk links.
|
Dynamic
access
|
A dynamic-access port can belong to one VLAN (VLAN ID 1
to 4094) and is dynamically assigned by a VMPS. The VMPS can be a Catalyst
5000 or Catalyst 6500 series switch, for example, but never a Catalyst 2960
or 2960-S switch. The Catalyst 2960 or 2960-S switch is a VMPS client.
You can have dynamic-access ports and trunk ports on the
same switch, but you must connect the dynamic-access port to an end station
or hub and not to another switch.
|
VTP is required.
Configure the VMPS and the client with the same VTP
domain name.
To participate in VTP, at least one trunk port on the
switch stack must be connected to a trunk port of a second switch or switch
stack.
|
Voice
VLAN
|
A voice VLAN port is an access port attached to a Cisco
IP Phone, configured to use one VLAN for voice traffic and another VLAN for
data traffic from a device attached to the phone.
|
VTP is not
required; it has no effect on a voice VLAN.
|
Configuring Normal-Range VLANs-
Normal-range VLANs are VLANs with VLAN IDs 1 to 1005. If the switch is in VTP server or VTP transparent mode, you can add, modify or remove configurations for VLANs 2 to 1001 in the VLAN database. (VLAN IDs 1 and 1002 to 1005 are automatically created and cannot be removed.)Configurations for VLAN IDs 1 to 1005 are written to the file vlan.dat (VLAN database), and you can display them by entering the show vlan privileged EXEC command. The vlan.dat file is stored in flash memory on the stack master. Stack members have a vlan.dat file that is consistent with the stack master.
Beginning in privileged EXEC mode, follow these steps
to assign a port to a VLAN in the VLAN database:
Command
|
Purpose
|
| configure terminal |
Enter global configuration mode
|
interface interface-id
|
Enter the interface to be added to the VLAN.
|
| switchport mode access |
Define the VLAN membership mode for the port (Layer 2 access port).
|
switchport access vlan vlan-id
|
Assign the port to a VLAN. Valid VLAN IDs are 1 to 4094.
|
| end |
Return to privileged EXEC mode.
|
show running-config interface interface-id
|
Verify the VLAN membership mode of the interface.
|
show interfaces interface-id switchport
|
Verify your entries in the Administrative
Mode and the Access Mode
VLANfields of the display.
|
| copy running-config startup-config |
(Optional) Save your entries in the configuration file.
|
NOTE- To return
an interface to its default configuration, use the default interface interface-id interface
configuration command.
This example shows how to configure a port as an
access port in VLAN 2:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 2
Switch(config-if)# end
Configuring Extended-Range VLANs-
With VTP version 1 and version 2, when the switch is in VTP transparent mode (VTP disabled), you can create extended-range VLANs (in the range 1006 to 4094). VTP version supports extended-range VLANs in server or transparent move. Extended-range VLANs enable service providers to extend their infrastructure to a greater number of customers. The extended-range VLAN IDs are allowed for any switchport commands that allow VLAN IDs.With VTP version 1 or 2, extended-range VLAN configurations are not stored in the VLAN database, but because VTP mode is transparent, they are stored in the switch running configuration file, and you can save the configuration in the startup configuration file by using the copy running-config startup-config privileged EXEC command. Extended-range VLANs created in VTP version 3 are stored in the VLAN database.
Beginning in privileged EXEC mode, follow these steps
to create an extended-range VLAN:
|
Command
|
Purpose
|
|
configure terminal
|
Enter global configuration mode.
|
|
vtp mode transparent
|
Configure the switch for VTP transparent mode,
disabling VTP.
Note This step is not
required for VTP version 3.
|
|
vlan vlan-id
|
Enter an extended-range VLAN ID and enter VLAN configuration mode.
The range is 1006 to 4094.
|
|
mtu mtu-size
|
(Optional) Modify the VLAN by changing the MTU
size.
Note Although all VLAN
commands appear in the CLI help, only the mtu mtu-size, and remote-span commands are supported for extended-range VLANs.
|
|
remote-span
|
(Optional) Configure the VLAN as the RSPAN VLAN.
RSPAN is supported only if the switch is running the LAN Base image.
|
|
end
|
Return to privileged EXEC mode.
|
|
show vlanid vlan-id
|
Verify that the VLAN has been created.
|
|
copy running-config startup config
|
Save your entries in the switch startup
configuration file. To save extended-range VLAN configurations, you need to
save the VTP transparent mode configuration and the extended-range VLAN
configuration in the switch startup configuration file. Otherwise, if the
switch resets, it will default to VTP server mode, and the extended-range
VLAN IDs will not be saved.
Note With VTP version 3,
the VLAN configuration is also saved in the VLAN database.
|
NOTE- To delete
an extended-range VLAN, use the no vlan vlan-id global configuration command.
The procedure for assigning static-access ports to an
extended-range VLAN is the same as for normal-range VLANs.
This example shows how to create a new extended-range
VLAN with all default characteristics, enter VLAN configuration mode, and save
the new VLAN in the switch startup configuration file:
Switch(config)# vtp mode transparent
Switch(config)# vlan 2000
Switch(config-vlan)# end
Switch# copy running-config startup config
