Catalyst 4000 Family Switch, Cisco IOS Software Configuration Guide, 12.1(11b)EW
Configuring VLANs
Download this chapter
Configuring VLANsConfiguring VLANs
Download the complete book
Cisco IOS Software Configuration Guide for the Catalyst 4000 Family Switch, Release 12.1(11b)EWCisco IOS Software Configuration Guide for the Catalyst 4000 Family Switch, Release 12.1(11b)EW (PDF - 3 MB)
give_us_feedback

Table Of Contents

Understanding and Configuring VLANs

Overview of VLANs

VLAN Configuration Guidelines and Restrictions

VLAN Default Configuration

Configuring VLANs

VLAN Configuration Options

VLAN Configuration in Global Configuration Mode

VLAN Configuration in VLAN Database Mode

Configuring VLANs in Global Mode

Configuring VLANs in VLAN Database Mode

Assigning a Layer 2 LAN Interface to a VLAN


Understanding and Configuring VLANs

This chapter describes VLANs on the Catalyst 4000 family switches. It also provides guidelines, procedures, and configuration examples.

This chapter includes the following major sections:

Overview of VLANs

VLAN Default Configuration

VLAN Configuration Guidelines and Restrictions

Configuring VLANs

Note For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference for the Catalyst 4006 Switch with Supervisor Engine III and the publications at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm

Overview of VLANs

In the technical definition set forth by the IEEE, VLANs define broadcast domains in a Layer 2 network. A broadcast domain is the extent that a frame propagates through a network. Legacy networks use routers to define broadcast domain boundaries. Layer 2 switches create broadcast domains based on the configuration of the switch. Switches are multi-port bridges that allow you to create multiple broadcast domains. Each broadcast domain is like a distinct virtual bridge within a switch.

You can define one or many virtual bridges within a switch. Each virtual bridge you create in the switch defines a new broadcast domain (VLAN). Traffic cannot pass directly to another VLAN (between broadcast domains) within the switch or between two switches. To interconnect two different VLANs, you must use routers or Layer 3 switches. See "Overview of Layer 3 Interfaces" section for information on inter-VLAN routing on the Catalyst 4000 family switches.

VLANs have the same attributes as a physical LAN, but VLANs allow you to group end stations even when they are not connected physically to the same LAN segment.

Figure 7-1 shows an example of three VLANs in logically defined networks.

Figure 7-1 VLANs in Logically Defined Networks

VLANs are often associated with IP subnetworks. For example, all of the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. LAN interface VLAN membership is assigned manually on an interface-by-interface basis. When you assign LAN interfaces to VLANs manually, it is known as interface-based or static VLAN membership.

You can set the following parameters when you create a VLAN in the management domain:

VLAN number

VLAN name

VLAN type (Ethernet, FDDI [Fiber Distributed Data Interface], FDDI network entity title [NET], Token Ring Bridge Relay Function [TrBRF], or Token Ring Concentrator Relay Function [TrCRF])

VLAN state (active or suspended)

Security Association Identifier (SAID)

Bridge identification number for TrBRF VLANs

Ring number for FDDI and TrCRF VLANs

Parent VLAN number for TrCRF VLANs

Spanning Tree Protocol (STP) type for TrCRF VLANs

VLAN number to use when translating from one VLAN type to another

Note When translating from one VLAN type to another, the software requires a different VLAN number for each media type.

VLAN Configuration Guidelines and Restrictions

Follow these guidelines and restrictions when creating and modifying VLANs in your network:

Before you can create a VLAN, the Catalyst 4000 family switch must be in VTP server mode or VTP transparent mode. If the Catalyst 4000 family switch is a VTP server, you must define a VTP domain. For information on configuring VTP, see "Understanding and Configuring VTP."

The Cisco IOS end command is not supported in VLAN database mode.

You cannot enter Ctrl-Z to exit VLAN database mode.

VLAN Default Configuration

Tables 7-1 through 7-5 show the default configurations for the different VLAN media types.

Table 7-1 Ethernet VLAN Defaults and Ranges 

Parameter
Default
Range

VLAN ID

1

1-1005

VLAN name

default

No range

802.10 SAID

100,001

1-4,294,967,294

MTU size

1500

No range

Translational bridge 1

1002

0-1005

Translational bridge 2

1003

0-1005

VLAN state

active

active; suspend; shutdown


Note Catalyst 4000 family switches do not support Token Ring or FDDI media. The switch does not forward FDDI, FDDI-Net, TrCRF, or TrBRF traffic, but it does propagate the VLAN configuration via VTP.

Table 7-2 FDDI VLAN Defaults and Ranges 

Parameter
Default
Range

VLAN ID

1002

1-1005

VLAN name

fddi-default

No range

802.10 SAID

101,002

1-4,294,967,294

MTU size

1500

No range

Ring number

0

1-4095

Parent VLAN

0

0-1005

Translational bridge 1

0

0-1005

Translational bridge 2

0

0-1005

VLAN state

active

active; suspend


Table 7-3 TrCRF VLAN Defaults and Ranges 

Parameter
Default
Range

VLAN ID

1003

1-1005

VLAN name

VTPv1 token-ring-default; VTPv2 trcrf-default

No range

Parent VLAN

VTPv1 0; VTPv2 1005

No range

802.10 SAID

101,003

1-4,294,967,294

Ring Number

VTPv1 0; VTPv2 3276

1-4095

MTU size

VTPv1 default 1500; VTPv2 default 4472

No range

Translational bridge 1

0

0-1005

Translational bridge 2

0

0-1005

VLAN state

active

active; suspend

Bridge mode

VTPv1 none; VTPv2 srb

srb, srt

ARE max hops

7

0-13

STE max hops

7

0-13

Backup CRF

disabled

disable; enable


Table 7-4 FDDI-Net VLAN Defaults and Ranges 

Parameter
Default
Range

VLAN ID

1004

1-1005

VLAN name

fddinet-default

No range

802.10 SAID

101,004

1-4,294,967,294

MTU size

1500

No range

Bridge number

0

0-15

STP type

ieee

auto; ibm; ieee

VLAN state

active

active; suspend


Table 7-5 TrBRF VLAN Defaults and Ranges 

Parameter
Default
Range

VLAN ID

1005

1-1005

VLAN name

VTPv1 trnet-default; VTPv2 trbrf-default

No range

802.10 SAID

101,005

1-4,294,967,294

MTU size

VTPv1 1500; VTPv2 4472

No range

Bridge number

VTPv1 0; VTPv2 15

0-15

STP type

ibm

auto; ibm; ieee

VLAN state

active

active; suspend


Configuring VLANs

Note Before you configure VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain global VLAN configuration information for your network. For complete information on VTP, see "Understanding and Configuring VTP."

Note VLANs support a number of parameters that are not discussed in detail in this section. For complete information, refer to the Command Reference for the Catalyst 4006 Switch with Supervisor Engine III.

These sections describe how to configure VLANs:

VLAN Configuration Options

Configuring VLANs in Global Mode

Assigning a Layer 2 LAN Interface to a VLAN

VLAN Configuration Options

These sections describe the VLAN configuration options:

VLAN Configuration in Global Configuration Mode

VLAN Configuration in VLAN Database Mode

Note The VLAN configuration is stored in the vlan.dat file, which is stored in nonvolatile memory. You can cause inconsistency in the VLAN database if you manually delete the vlan.dat file. If you want to modify the VLAN configuration or VTP, use the commands described in the following sections and in the Command Reference for the Catalyst 4006 Switch with Supervisor Engine III.

VLAN Configuration in Global Configuration Mode

If the switch is in VTP server or transparent mode (see the "Configuring VTP" section), you can configure VLANs in global and config-vlan configuration modes. When you configure VLANs in global and config-vlan configuration modes, the VLAN configuration is saved in the vlan.dat files. To display the VLAN configuration, enter the show vlan command.

If the switch is in VLAN transparent mode, the copy running-config startup-config command saves the VLAN configuration to the startup-config file. After you save the running configuration as the startup configuration, the show running-config and show startup-config commands display the VLAN configuration.

Note When the switch boots, if the VTP domain name and VTP mode in the startup-config and vlan.dat files do not match, the switch uses the configuration in the vlan.dat file.

VLAN Configuration in VLAN Database Mode

If the switch is in VTP server or transparent mode, you can configure VLANs in the VLAN database mode. When you configure VLANs in VLAN database mode, the VLAN configuration is saved in the vlan.dat files. To display the VLAN configuration, enter the show vlan command.

You use the interface configuration command mode to define the port membership mode and add and remove ports from a VLAN. The results of these commands are written to the running-config file, and you can display the contents of the file by entering the show running-config command.

Configuring VLANs in Global Mode

User-configured VLANs have unique IDs from 1 to 1001. To create a VLAN, enter the vlan command with an unused ID. To modify a VLAN, enter the vlan command for an existing VLAN.

See the "VLAN Default Configuration" section for the list of default parameters that are assigned when you create a VLAN. If you do not use the media keyword when specifying the VLAN type, the VLAN is an Ethernet VLAN.

To create a VLAN, perform this task:

 
Task
Command

Step 1 

Enter VLAN configuration mode. 

Switch# configure terminal

Step 2 

Add an Ethernet VLAN.

Note You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.
When you delete a VLAN, any LAN interfaces configured as access ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN.

Use the no keyword to delete a VLAN. 

Switch(config)# [no] vlan vlan_ID 

Switch(config-vlan)#

Step 3 

Return to privileged EXEC mode. 

Switch(config-vlan)# end

Step 4 

Verify the VLAN configuration. 

Switch# show vlan [id | name] 
vlan_name

This example shows how to create an Ethernet VLAN in global configuration mode and verify the configuration: 

Switch# configure terminal

Switch(config)# vlan 3 

Switch(config-vlan)# end 

Switch# show vlan id 3 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

3    VLAN0003                         active 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

3    enet  100003     1500  -      -      -        -    -        0      0 

Primary Secondary Type              Interfaces

------- --------- ----------------- -------------------------------------------

Switch#

Configuring VLANs in VLAN Database Mode

User-configured VLANs have unique IDs from 1 to 1001. To create a VLAN, enter the vlan command with an unused ID. To modify a VLAN, enter the vlan command for an existing VLAN.

See the "VLAN Default Configuration" section for a listing of the default parameters that are assigned when you create a VLAN. If you do not use the media keyword when specifying the VLAN type, the VLAN is an Ethernet VLAN.

To create a VLAN, perform this procedure:

 
Task
Command

Step 1 

Enter VLAN configuration mode. 

Switch# vlan database

Step 2 

Add an Ethernet VLAN.

Note You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.
When you delete a VLAN, any LAN interfaces configured as access ports assigned to that VLAN become inactive. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN.

Use the no keyword to delete a VLAN. 

Switch(vlan)# vlan vlan_ID

Step 3 

Return to privileged EXEC mode. 

Switch(vlan)# exit

Step 4 

Verify the VLAN configuration. 

Switch# show vlan [id | name] vlan_name

This example shows how to create an Ethernet VLAN in VLAN database mode and verify the configuration: 

Switch# vlan database 

Switch(vlan)# vlan 3 

VLAN 3 added:

    Name: VLAN0003

Switch(vlan)# exit 

APPLY completed.

Exiting....

Switch# show vlan name VLAN0003 

VLAN Name                             Status    Ports

---- -------------------------------- --------- ---------------------

3    VLAN0003                         active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- ------ ------

3    enet  100003     1500  -      -      -        -    0      0

Switch#

Assigning a Layer 2 LAN Interface to a VLAN

A VLAN created in a management domain remains unused until you assign one or more LAN interfaces to the VLAN.

Note Ensure you assign LAN interfaces to a VLAN of the proper type. Assign Fast Ethernet and Gigabit Ethernet interfaces to Ethernet-type VLANs.

To assign one or more LAN interfaces to a VLAN, complete the procedures in the "Configuring Ethernet Interfaces for Layer 2 Switching" section.