Contents

• Configuring VLANs
• Information About VLANs
• Understanding VLANs
• VLAN Ranges
• Creating, Deleting, and Modifying VLANs
• About the VLAN Trunking Protocol
• Guidelines and Limitations for VTP
• Configuring a VLAN
• Creating and Deleting a VLAN
• Configuring a VLAN
• Adding Ports to a VLAN
• Configuring a VLAN as a Routed SVI
• Configuring a VLAN as a Management SVI
• Configuring VTP
• Verifying VLAN Configuration

Configuring VLANs

---

This chapter contains the following sections:

• Information About VLANs
• Configuring a VLAN

Information About VLANs

Understanding VLANs

A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.

Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered as a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router. The following figure shows VLANs as logical networks. The stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to another VLAN.

Figure 1. VLANs as Logically Defined Networks

VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.

By default, a newly created VLAN is operational; that is, the newly created VLAN is in the no shutdown condition. Additionally, you can configure VLANs to be in the active state, which is passing traffic, or the suspended state, in which the VLANs are not passing packets. By default, the VLANs are in the active state and pass traffic.

VLAN Ranges

Note	The extended system ID is always automatically enabled in Cisco NX-OS devices.

The device supports up to 4094 VLANs in accordance with the IEEE 802.1Q standard. The software organizes these VLANs into ranges, and you use each range slightly differently.

For information about configuration limits, see the configuration limits documentation for your switch.

This table describes the VLAN ranges.

Table 1 VLAN Ranges

VLANs Numbers	Range	Usage
1	Normal	Cisco default. You can use this VLAN, but you cannot modify or delete it.
2—1005	Normal	You can create, use, modify, and delete these VLANs.
1006—3967 and 4048—4093	Extended	You can create, name, and use these VLANs. You cannot change the following parameters: The state is always active. The VLAN is always enabled. You cannot shut down these VLANs.
3968-4047 and 4094	Internally allocated	These 80 VLANs and VLAN 4094 are allocated for internal device use. You cannot create, delete, or modify any VLANs within the block reserved for internal use.

The software allocates a group of VLAN numbers for features like multicast and diagnostics, that need to use internal VLANs for their operation. You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.

Creating, Deleting, and Modifying VLANs

VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values. You cannot create, delete, or suspend activity in the default VLAN.

You create a VLAN by assigning a number to it. You can delete VLANs as well as move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the switch goes into the VLAN submode but does not create the same VLAN again.

Newly created VLANs remain unused until ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.

Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):

• VLAN name
• Shutdown or not shutdown

When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to that VLAN.

Note	Commands entered in the VLAN configuration submode are immediately executed. VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.

About the VLAN Trunking Protocol

VTP is a distributed VLAN database management protocol that synchronizes the VTP VLAN database across domains. A VTP domain includes one or more network switches that share the same VTP domain name and that are connected with trunk interfaces. Each switch can be in one VTP domain, Layer 2 trunk interfacess, an Layer 2 port channels.

There are four VTP modes:

• Server mode–Allows users to perform configurations, it manages the VLAN database version #, and stores the VLAN database.
• Client mode–Does not allow user configurations and relies on other switches in the domain to provide configuration information.
• Off mode—Allows you to access the VLAN database (VTP is enabled) but not participate in VTP.
• Transparent mode–Does not participate in VTP, uses local configuration, and relays VTP packets to other forward ports. VLAN changes affect only the local switch. A VTP transparent network switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements.

• Guidelines and Limitations for VTP

Guidelines and Limitations for VTP

VTP has the following configuration guidelines and limitations:

• When a switch is configured as a VTP client, you cannot create VLANs on the switch in the range of 1 to 1005.
• VLAN 1 is required on all trunk ports used for switch interconnects if VTP is supported in the network. Disabling VLAN 1 from any of these ports prevents VTP from functioning properly.
• If you enable VTP, you must configure either version 1 or version 2.
• The show running-configuration command does not show VLAN or VTP configuration information for VLANs 1 to 1000.
• VTP pruning is not supported.
• PVLAN is only supported when the switch is in transparent mode.
• If you are using VTP in a Token Ring environment, you must use version 2.
• When a switch is configured in VTP client or server mode, VLANs 1002 to1005 are reserved VLANs.
• SNMP can perform the following GET and SET operations on the VTP MIB objects:

  • GET and SET operations are not supported for VTPv3 MIB objects.
  • SET operations are not supported on VTPv1 and VTPv2 MIB objects.
  • GET operations are supported on VTPv1 and VTPv2 MIB objects.

Configuring a VLAN

Creating and Deleting a VLAN

You can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the switch. Once a VLAN is created, it is automatically in the active state.

Note	When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and the packets are dropped.

Procedure

	Command or Action	Purpose
Step 1	switch# configure terminal	Enters configuration mode.
Step 2	switch(config)# vlan {vlan-id | vlan-range}	Creates a VLAN or a range of VLANs. If you enter a number that is already assigned to a VLAN, the switch puts you into the VLAN configuration submode for that VLAN. If you enter a number that is assigned to an internally allocated VLAN, the system returns an error message. However, if you enter a range of VLANs and one or more of the specified VLANs is outside the range of internally allocated VLANs, the command takes effect on only those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and cannot be created or deleted. You cannot create or delete those VLANs that are reserved for internal use.
Step 3	switch(config-vlan)# no vlan {vlan-id | vlan-range}	Deletes the specified VLAN or range of VLANs and removes you from the VLAN configuration submode. You cannot delete VLAN1 or the internally allocated VLANs.

This example shows how to create a range of VLANs from 15 to 20:

switch# configure terminal

switch(config)# vlan 15-20

Note	You can also create and delete VLANs in the VLAN configuration submode.

Configuring a VLAN

To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:

• Name
• Shut down

Note	You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs.

Procedure

	Command or Action	Purpose
Step 1	switch# configure terminal	Enters configuration mode.
Step 2	switch(config)# vlan {vlan-id | vlan-range}	Enters VLAN configuration submode. If the VLAN does not exist, the system first creates the specified VLAN.
Step 3	switch(config-vlan)# name vlan-name	Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs. The default value is VLANxxxx where xxxx represent four numeric digits (including leading zeroes) equal to the VLAN ID number.
Step 4	switch(config-vlan)# state {active | suspend}	Sets the state of the VLAN to active or suspend. While the VLAN state is suspended, the ports associated with this VLAN are shut down, and that VLAN does not pass any traffic. The default state is active. You cannot suspend the state for the default VLAN or VLANs 1006 to 4094.
Step 5	switch(config-vlan)# no shutdown	(Optional) Enables the VLAN. The default value is no shutdown (or enabled). You cannot shut down the default VLAN, VLAN1, or VLANs 1006 to 4094.

This example shows how to configure optional parameters for VLAN 5:

switch# configure terminal

switch(config)# vlan 5

switch(config-vlan)# name accounting

switch(config-vlan)# state active

switch(config-vlan)# no shutdown

Adding Ports to a VLAN

After you have completed the configuration of a VLAN, assign ports to it. To add ports, perform this task:

Procedure

	Command or Action	Purpose
Step 1	switch# configure terminal	Enters configuration mode.
Step 2	switch(config)# interface {ethernet slot/port | port-channel number}	Specifies the interface to configure, and enters the interface configuration mode. The interface can be a physical Ethernet port or an EtherChannel.
Step 3	switch(config-if)# switchport access vlan vlan-id	Sets the access mode of the interface to the specified VLAN.

This example shows how to configure an Ethernet interface to join VLAN 5:

switch# configure terminal

switch(config)# interface ethernet 1/13

switch(config-if)# switchport access vlan 5

Configuring a VLAN as a Routed SVI

You can configure a VLAN to be a routed switch virtual interface (SVI).

Before You Begin

• Install the Layer 3 license. For more information, see License and Copyright Information for Cisco NX-OS Software available at the following URL: http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_0/nx-os/license_agreement/nx-ossw_lisns.html.
• Make sure you understand the guidelines and limitations of this feature. For information, see Guidelines and Limitations for SVIs.

Procedure

	Command or Action	Purpose
Step 1	configure terminal	Enters global configuration mode.
Step 2	feature interface-vlan	Enables the creation of SVIs.
Step 3	interface-vlan vlan-id	Creates a VLAN interface (SVI) and enters interface configuration mode.
Step 4	copy running-config startup-config	Copies the running configuration to the startup configuration.

The following example shows how to configure a VLAN as a routed SVI:

switch# configure terminal
switch(config)# feature interface-vlan
switch(config)# interface vlan 5
switch(config-if)# copy running-config startup-config
switch(config-if)#

The following example shows how to remove the routed SVI function from a VLAN:

switch# configure terminal
switch(config)# no interface vlan 5
switch(config-if)# copy running-config startup-config
switch(config-if)#

What to Do Next

You can configure routing protocols on this interface.

Configuring a VLAN as a Management SVI

You can configure a VLAN to be a management switch virtual interface (SVI).

Procedure

	Command or Action	Purpose
Step 1	configure terminal	Enters global configuration mode.
Step 2	feature interface-vlan	Enables the creation of SVIs.
Step 3	interface-vlan vlan-id management	Creates a VLAN interface (SVI) and configures the SVI to be used for in-band management.
Step 4	copy running-config startup-config	Copies the running configuration to the startup configuration.

The following example shows how to configure a VLAN as a management SVI:

switch# configure terminal
switch(config)# feature interface-vlan
switch(config)# interface vlan 5
switch(config-if)# management
switch(config-if)# copy running-config startup-config
switch(config-if)#

The following example shows how to remove the management function from an SVI:

switch# configure terminal
switch(config)# interface vlan 5
switch(config-if)# no management
switch(config-if)# copy running-config startup-config
switch(config-if)#

Configuring VTP

You can enable VTP and then configure the VTP mode (server [default], client, transparent, or off). If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.

Procedure

	Command or Action	Purpose
Step 1	config t Example: switch# config t switch(config)#	Enters configuration mode.
Step 2	feature vtp Example: switch(config)# feature vtp switch(config)#	Enables VTP on the device. The default is disabled.
Step 3	vtp domain domain-name Example: switch(config)# vtp domain accounting	Specifies the name of the VTP domain that you want this device to join. The default is blank.
Step 4	vtp version {1 | 2} Example: switch(config)# vtp version 2	Sets the VTP version that you want to use. The default is version 1.
Step 5	vtp mode {client | server| transparent| off} Example: switch(config)# vtp mode transparent	Sets the VTP mode to client, server, transparent, or off.
Step 6	vtp file file-name Example: switch(config)# vtp file vtp.dat	Specifies the ASCII filename of the IFS file system file where the VTP configuration is stored.
Step 7	vtp password password-value Example: switch(config)# vtp password cisco	Specifies the password for the VTP administrative domain.
Step 8	exit Example: switch(config)# exit switch#	Exits the configuration submode.
Step 9	show vtp status Example: switch# show vtp status	(Optional) Displays information about the VTP configuration on the device, such as the version, mode, and revision number.
Step 10	show vtp counters Example: switch# show vtp counters	(Optional) Displays information about VTP advertisement statistics on the device.
Step 11	show vtp interface Example: switch# show vtp interface	(Optional) Displays the list of VTP enabled interfaces.
Step 12	show vtp password Example: switch# show vtp password	(Optional) Displays the password for the management VTP domain.
Step 13	copy running-config startup-config Example: switch(config)# copy running-config startup-config	(Optional) Copies the running configuration to the startup configuration.

This example shows how to configure VTP in transparent mode for the device:

switch# config t
switch(config)# feature vtp 
switch(config)# vtp domain accounting 
switch(config)# vtp version 2 
switch(config)# vtp mode transparent
switch(config)# exit 
switch#

This example shows the VTP status and that the switch is capable of supporting Version 2 and that the switch is running Version 1.

switch(config)# show vtp status
VTP Status Information
----------------------
VTP Version : 2 (capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 502
VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                : Disabled (Operationally Disabled)
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 Digest                      : 0xF5 0xF1 0xEC 0xE7 0x29 0x0C 0x2D 0x01
Configuration last modified by 60.10.10.1 at 0-0-00 00:00:00
VTP version running : 1 

Verifying VLAN Configuration

Use one of the following commands to verify the configuration:

Command	Purpose
switch# show running-config vlan [vlan_id | vlan_range]	Displays VLAN information.
switch# show vlan [brief | id [vlan_id | vlan_range] | name name | summary ]	Displays selected configuration information for the defined VLAN(s).