-
Software Configuration Guide (4.5)
-
Index - Software Config Guide, Cat 5000,4000,2926G,2926 (4.5)
-
About This Guide
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Supervisor Engine Software
-
Configuring Ethernet & Fast Ethernet Switching
-
Configuring Gigabit Ethernet Switching
-
Configuring Fast EtherChannel and Gigabit EtherChannel
-
Configuring Spanning Tree
-
Configuring Spanning-Tree PortFast, UplinkFast,& BackboneFast
-
Configuring VTP
-
Configuring VLANs
-
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Port Status and Connectivity
-
Administering the Switch
-
Controlling Access to the Switch Using Authentication
-
Using Redundant Supervisor Engines
-
Modifying the Switch Boot Configuration
-
Working With the Flash File System
-
Working With System Software Images
-
Working With Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring NTP
-
Configuring Broadcast/Multicast Suppression
-
Configuring Protocol Filtering
-
Configuring IP Permit List
-
Configuring Secure Port Filtering
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN
-
Using Switch TopN Reports
-
Configuring the Network Analysis Module
-
Configuring Multicast Services
-
Configuring ATM LAN Emulation
-
Configuring ATM PVCs and PVCs with Traffic Shaping
-
Configuring Multiprotocol Over ATM
-
Configuring the ATM Fabric Integration Module
-
Configuring InterVLAN Routing
-
Maintaining and Administering the RSM
-
Configuring the Layer 3 Fabric Integration Module
-
Configuring Multilayer Switching
-
Configuring NetFlow Data Export
-
Configuring FDDI/CDDI Switching
-
Configuring FDDI 802.10 Trunks
-
Configuring Token Ring Switching
-
Configuring Token Ring Filters
-
Table Of Contents
Understanding VLANs in a VTP Domain
Understanding Token Ring VLANs
Creating or Modifying an Ethernet VLAN
Creating or Modifying an FDDI VLAN
Creating or Modifying a Token Ring TrBRF VLAN
Creating or Modifying a Token Ring TrCRF VLAN
Assigning Switch Ports to a VLAN
Configuring VLANs
This chapter describes how to configure virtual LANs (VLANs).
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference for your switch.
This chapter consists of these sections:
•
Understanding How VLANs Work
A VLAN is a group of end stations with a common set of requirements, independent of physical location. VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment.
The following sections describe how VLANs work:
•
•
Understanding VLANs in a VTP Domain
VLANs allow you to group ports on a switch to limit unicast, multicast, and broadcast traffic flooding. Flooded traffic originating from a particular VLAN is only flooded out other ports belonging to that VLAN.
Note
Figure 10-1 shows an example of VLANs segmented into logically defined networks.
Figure 10-1 VLANs as Logically Defined Networks
VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. Port VLAN membership on the switch is assigned manually on a port-by-port basis. When you assign switch ports to VLANs using this method, it is known as port-based, or static, VLAN membership.
Note
The in-band (sc0) interface of a switch can be assigned to any VLAN, so you can access another switch on the same VLAN directly without a router. Only one IP address at a time can be assigned to the in-band interface. If you change the IP address and assign the interface to a different VLAN, the previous IP address and VLAN assignment are overwritten.
You can set these parameters when you create a VLAN in the management domain:
•
•
•
•
•
•
•
•
•
•
•
Note
Understanding Token Ring VLANs
Two Token Ring VLAN types are supported on switches running VTP version 2:
Token Ring TrBRF VLANs
Token Ring Bridge Relay Function (TrBRF) VLANs interconnect multiple Token Ring Concentrator Relay Function (TrCRF) VLANs in a switched Token Ring network (see ). The TrBRF can be extended across a network of switches interconnected via trunk links. The connection between the TrCRF and the TrBRF is referred to as a logical port.
Figure 10-2 Interconnected Token Ring TrBRF and TrCRF VLANs
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or source-route transparent (SRT) bridge running either the IBM or IEEE STP. If SRB is used, you can define duplicate Media Access Control (MAC) addresses on different logical rings.
The Token Ring software runs an instance of STP for each TrBRF VLAN and each TrCRF VLAN. For TrCRF VLANs, STP removes loops in the logical ring. For TrBRF VLANs, STP interacts with external bridges to remove loops from the bridge topology, similar to STP operation on Ethernet VLANs.
Caution
For source routing, the switch appears as a single bridge between the logical rings. The TrBRF can function as an SRB or SRT bridge running either the IBM or IEEE STP. If SRB is used, duplicate MAC addresses can be defined on different logical rings.
To accommodate IBM System Network Architecture (SNA) traffic, you can use a combination of SRT and SRB modes. In a mixed mode, the TrBRF considers some ports (logical ports connected to TrCRFs) to operate in SRB mode while others operate in SRT mode.
Token Ring TrCRF VLANs
Token Ring Concentrator Relay Function (TrCRF) VLANs define port groups with the same logical ring number. You can configure two types of TrCRFs in your network: undistributed and backup.
Typically, TrCRFs are undistributed, which means each TrCRF is limited to the ports on a single switch. Multiple undistributed TrCRFs on the same or separate switches can be associated with a single parent TrBRF (see ). The parent TrBRF acts as a multiport bridge, forwarding traffic between the undistributed TrCRFs.
Note
Figure 10-3 Undistributed TrCRFs
Note
Figure 10-4 Distributed TrCRF
Within a TrCRF, source-route switching forwards frames based on either MAC addresses or route descriptors. The entire VLAN can operate as a single ring, with frames switched between ports within a single TrCRF.
You can specify the maximum hop count for All-Routes and Spanning-Tree Explorer frames for each TrCRF. This limits the maximum number of hops an explorer is allowed to traverse. If a port determines that the explorer frame it is receiving has traversed more than the number of hops specified, it does not forward the frame. The TrCRF determines the number of hops an explorer has traversed based on the number of bridge hops in the route information field.
A backup TrCRF enables you to configure an alternate route for traffic between undistributed TrCRFs located on separate switches that are connected by a TrBRF, in the event that the ISL connection between the switches fails. Only one backup TrCRF for a TrBRF is allowed, and only one port per switch can belong to a backup TrCRF.
If the ISL connection between the switches fails, the port in the backup TrCRF on each affected switch automatically becomes active, rerouting traffic between the undistributed TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. illustrates the backup TrCRF.
Figure 10-5 Backup TrCRF
VLAN Default Configuration
shows the default VLAN configuration.
VLAN Configuration Guidelines
Follow these guidelines when creating and modifying VLANs in your network:
•
•
•
•
•
•
•
Configuring VLANs
Note
These sections describe how to configure VLANs:
•
•
•
•
•
Creating or Modifying an Ethernet VLAN
To create a new Ethernet VLAN, perform this task in privileged mode:
Step 1
set vlan vlan_num [name name] [said said] [mtu mtu] [translation vlan_num]
Step 2
show vlan [vlan_num]
Note
This example shows how to create an Ethernet VLAN and verify the configuration:
Console> (enable) set vlan 500 name EngineeringVlan 500 configuration successfulConsole> (enable) show vlan 500VLAN Name Status IfIndex Mod/Ports, Vlans---- -------------------------------- --------- ------- ------------------------500 Engineering active 344VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------500 enet 100500 1500 - - - - - 0 0VLAN AREHops STEHops Backup CRF---- ------- ------- ----------Console> (enable)To modify the VLAN parameters on an existing Ethernet VLAN, perform this task in privileged mode:
Creating or Modifying an FDDI VLAN
To create a new FDDI VLAN, perform this task in privileged mode:
Step 1
set vlan vlan_num [name name] type {fddi | fddinet} [said said] [mtu mtu]
Step 2
show vlan [vlan_num]
To modify the VLAN parameters on an existing FDDI VLAN, perform this task in privileged mode:
Creating or Modifying a Token Ring TrBRF VLAN
Note
To create a new Token Ring TrBRF VLAN, perform this task in privileged mode:
Note
This example shows how to create a new Token Ring TrBRF VLAN and verify the configuration:
Console> (enable) set vlan 999 name TrBRF_999 type trbrf bridge aVlan 999 configuration successfulConsole> (enable) show vlan 999VLAN Name Status IfIndex Mod/Ports, Vlans---- -------------------------------- --------- ------- ------------------------999 TrBRF_999 activeVLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------999 trbrf 100999 4472 - - 0xa ibm - 0 0VLAN AREHops STEHops Backup CRF---- ------- ------- ----------Console> (enable)To modify the VLAN parameters on an existing Token Ring TrBRF VLAN, perform this task in privileged mode:
Creating or Modifying a Token Ring TrCRF VLAN
Note
To create a new Token Ring TrCRF VLAN, perform this task in privileged mode:
Note
This example shows how to create a Token Ring TrCRF VLAN and verify the configuration:
Console> (enable) set vlan 998 name TrCRF_998 type trcrf decring 10 parent 999Vlan 998 configuration successfulConsole> (enable) show vlan 998VLAN Name Status IfIndex Mod/Ports, Vlans---- -------------------------------- --------- ------- ------------------------998 TrCRF_998 active 352VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------998 trcrf 100998 4472 999 0xa - - srb 0 0VLAN AREHops STEHops Backup CRF---- ------- ------- ----------998 7 7 offConsole> (enable)To modify the VLAN parameters on an existing Token Ring TrCRF VLAN, perform this task in privileged mode:
To create a backup TrCRF, assign one port on each switch that the TrBRF traverses to the backup TrCRF.
To configure a TrCRF VLAN as a backup TrCRF, perform this task in privileged mode:
Step 1
set vlan vlan_num backupcrf on
Step 2
show vlan [vlan_num]
To specify the maximum number of hops for All-Routes Explorer frames or Spanning-Tree Explorer frames in the TrCRF, perform this task in privileged mode:
This example shows how to limit All-Routes Explorer frames and Spanning-Tree Explorer frames to ten hops, and how to verify the configuration:
Console> (enable) set vlan 998 aremaxhop 10 stemaxhop 10Vlan 998 configuration successfulConsole> (enable) show vlan 998VLAN Name Status IfIndex Mod/Ports, Vlans---- -------------------------------- --------- ------- ------------------------998 VLAN0998 active 357VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------998 trcrf 100998 4472 999 0xff - - srb 0 0VLAN AREHops STEHops Backup CRF---- ------- ------- ----------998 10 10 offConsole> (enable)Assigning Switch Ports to a VLAN
A VLAN created in a management domain remains unused until you assign one or more switch ports to the VLAN. If you specify a VLAN that does not exist, the VLAN is created and the specified ports are assigned to it.
Note
To assign one or more switch ports to a VLAN, perform this task in privileged mode:
Step 1
set vlan vlan_num mod_num/port_num
Step 2
show vlan [vlan_num]
show port [mod_num[/port_num]]
This example shows how to assign switch ports to a VLAN and verify the assignment:
Console> (enable) set vlan 560 4/10VLAN 560 modified.VLAN 1 modified.VLAN Mod/Ports---- -----------------------560 4/10Console> (enable) show vlan 560VLAN Name Status IfIndex Mod/Ports, Vlans---- -------------------------------- --------- ------- ------------------------560 Engineering active 348 4/10VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------560 enet 100560 1500 - - - - - 0 0VLAN AREHops STEHops Backup CRF---- ------- ------- ----------Console> (enable) show port 4/10Port Name Status Vlan Level Duplex Speed Type----- ------------------ ---------- ---------- ------ ------ ----- ------------4/10 notconnect 560 normal half 10 10BaseT<...output truncated...>Last-Time-Cleared--------------------------Wed Jun 24 1998, 12:16:41Console> (enable)Deleting a VLAN
When you delete a VLAN in VTP server mode, the VLAN is removed from all switches in the VTP domain. When you delete a VLAN in VTP transparent mode, the VLAN is deleted only on the current switch.
Caution
To delete a VLAN on the switch, perform this task in privileged mode:
Note
This example shows how to delete a VLAN (in this case, the switch is a VTP server):
Console> (enable) clear vlan 500This command will deactivate all ports on vlan 500in the entire management domainDo you want to continue(y/n) [n]?yVlan 500 deletedConsole> (enable)
