Configuring VLAN

Information About Configuring VLAN

A Virtual Local Area Network (VLAN) is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of users. VLANs have the same attributes as physical LANs. In VLANs, you can group end stations even if they are not physically located on the same LAN segment. Using a VLAN, you can logically segment a physical LAN into different broadcast domains. The broadcast and unicast traffic within a VLAN is not forwarded to other VLANs.

Figure 1. VLAN Interface Configuration

Compared to traditional Ethernet, VLANs enjoy the following advantages:

  • A traditional Ethernet network sends mass broadcast data to all the network devices directly, regardless of necessity, leading to network jitter. With VLAN, you can configure the necessary communication device in each VLAN to reduce broadcast traffic and improve network efficiency.

  • Only devices that are a part of the same VLAN can communicate with each other, which helps improve the security of a network.

  • A VLAN helps reduce network configuration workload. When the physical position of a host changes within the range of a VLAN, there is no need to change its network configuration.

Management VLAN

A management VLAN manages a device from a remote location, and uses protocols such as Telnet, SSH, SNMP, and syslog. A management VLAN should be configured on a Layer 2 switch. You can log in to a device from a remote location only by using a management VLAN. A management VLAN need not be configured on a Layer 3 switch. On a Layer 3 switch, the interface VLAN is the management VLAN.

How to Configure VLAN

The following topics provide information about the procedures you should perform to configure a VLAN.

Configuring a VLAN

To configure a VLAN, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. vlan vlan list
  4. switchport ethernet port-number
  5. description string

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

vlan vlan list

Example:

Device(config)# vlan 11

Creates a VLAN for a single port or a list of ports.
Step 4

switchport ethernet port-number

Example:

Device(config-if-vlan)# switchport ethernet 1/4

Adds a VLAN interface to the designated port.

Step 5

description string

Example:

Device(config-if-vlan)# description vlan1

Adds a description to the VLAN.

Configuring an Interface Default VLAN ID

To configure an interface default VLAN ID, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. switchport default vlan vlan-id
  5. no swithport default vlan

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface ethernet port-number

Example:

Device(config)# interface ethernet1/4

Enters interface configuration mode.
Step 4

switchport default vlan vlan-id

Example:

Device(config-if-ethernet-1/4)# swicthport default vlan 3

Configures an interface as a default interface.
Step 5

no swithport default vlan

Example:

Device(config-if-ethernet-1/4)# no switchport default vlan

Restores the default VLAN ID to port 1.

Types of VLAN Interfaces

A VLAN interface can be divided into three different types based on the process an interface performs on a VLA- tagged packet.

  • Access: This interface belongs to a single VLAN and is used to connect to a terminal device. When this interface receives an untagged VLAN packet, it adds the Default VLAN tag to it. When the interface receives a tagged VLAN packet, it checks the VLAN ID of the packet. If it is a VLAN that the corresponding port allows to pass through, the interface accepts the packet. Otherwise, the interface drops the packet.

    When forwarding a VLAN packet, the interface checks the VLAN ID carried in the packet. If it is a VLAN ID that the corresponding port allows to pass through, then the interface strips the VLAN tag and forwards the packet.

  • Hybrid: This interface is able to receive and forward packets to multiple VLANs. When this interface receives an untagged VLAN packet, it adds the tag of the default VLAN to it. When the interface receives a tagged VLAN packet, it checks the VLAN ID of the packet. If it is a VLAN that the corresponding port allows to pass through, the interface accepts the packet. Otherwise, the interface drops the packet.

    When forwarding a VLAN packet, the interface checks the VLAN ID carried in the packet. If it is an untagged VLAN ID, the interface strips the VLAN tag and forwards the packet. If the VLAN ID that is carried in the packet is a tagged VLAN ID, the interface retains the VLAN tag and forwards the packet.

  • Trunk: This interface can receive and forward packets to multiple VLANs. When the interface forwards a VLAN, the default VLAN packet does not carry a tag whereas, other packets carry the tag. When the interface recieves an untagged VLAN packet, it adds the tag of the default VLAN to it. When the interface receives a tagged VLAN packet, it checks the VLAN ID of the packet. If it is a VLAN that the corresponding port allows to pass through, the interface accepts the packet. Otherwise, the interface drops the packet.

    When forwarding a VLAN packet, the interface checks the VLAN ID carried in the packet. If it is an untagged VLAN ID, the interface strips the VLAN tag and forwards the packet. If the VLAN ID that is carried in the packet is a tagged VLAN ID, the interface retains the VLAN tag and forwards the packet.

Configuring Interface VLAN Mode

To configure VLAN mode, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. switchport mode { access | hybrid | trunk}

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.
Step 3

interface ethernet port-number

Example:

Device(config)# interface ethernet1/4

Enters the interface configuration mode.
Step 4

switchport mode { access | hybrid | trunk}

Example:

Device(config-if)# switchport mode hybrid

Configures the VLAN mode for the interface.

Configuring VLAN Attributes on a Hybrid Interface

To configure VLAN attributes on a hybrid interface, perform this procedure:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. switchport mode hybrid
  5. switchport hybrid { untagged | tagged} vlan { vlan-list | all}

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface ethernet port-number

Example:

Device(config)# interface ethernet1/4

Enters the interface configuration mode.
Step 4

switchport mode hybrid

Example:

Device(config-if-ethernet-1/4)# switchport mode hybrid

Configures the hybrid mode for the interface VLAN.
Step 5

switchport hybrid { untagged | tagged} vlan { vlan-list | all}

Example:

Device(config-if-ethernet-1/4)# switchport hybrid tagged 2-4

Allows the packets from the specified VLANs to pass through the hybrid port. (To prevent the packets from the specified VLANs passing through the hybrid port, use the no form of the command.

Configuring VLAN Attributes on a Trunk Interface

To configure VLAN attributes on a trunk interface, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. switchport mode trunk
  5. switchport trunk allowed vlan { vlan-list | all}

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device#configure terminal

Enters global configuration mode.

Step 3

interface ethernet port-number

Example:

Device(config)# interface ethernet1/4

Enters interface configuration mode.
Step 4

switchport mode trunk

Example:

Device(config-if-ethernet-1/4)# switchport mode trunk

Configures the trunk mode for the interface VLAN.
Step 5

switchport trunk allowed vlan { vlan-list | all}

Example:

Device(config-if-ethernet-1/4)# switchport trunk allowed vlan 2-4

Allows the packets from the specified VLANs to pass through the trunk port. (To prevent the packets from the specified VLANs passing through the trunk port, use the no form of this command.)

Configuring Port Priority

To add a priority value to a port, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. priority port-priority
  5. show interface ethernet port-number
  6. end
  7. show interface brief ethernet port-number

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface ethernet port-number

Example:

Device(config)# interface ethernet1/4

Enters interface configuration mode.
Step 4

priority port-priority

Example:

Device(config-if-ethernet-1/4)# priority 2

Configures a priority value for the port. The priority range is from 0 to 7. (To restore the default priority value for the port, use the no form of the command.)

Step 5

show interface ethernet port-number

Example:

Device# show interface ethernet 2

Displays the detailed configurations for a port.
Step 6

end

Example:

Device(config-if-ethernet-1/4)# end

Exits to privileged EXEC mode.
Step 7

show interface brief ethernet port-number

Example:

Device# show interface brief ethernet 2

Displays the configurations on the port, in brief.

Disabling Ingress Filtering

Ingress filtering is enabled by default. The interface checks the received packets. If the packets belong to the VLAN, the interface forwards them. If the packets do not belong to the VLAN, it drops the packets. To disable ingress filtering, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. ingress filtering
  5. end
  6. show ingress interface { ethernet port-number| gpon port-number}

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface ethernet port-number

Example:

Device(config)# interface ethernet1/4

Enters interface configuration mode.
Step 4

ingress filtering

Example:

Device(config-if-ethernet-1/4)# ingress filtering

Enables ingress filtering. (To disable ingress filtering use the no form of this command.)

Step 5

end

Example:

Device(config-if-ethernet-1/4)# end

Exits to privileged EXEC mode.
Step 6

show ingress interface { ethernet port-number| gpon port-number}

Example:

Device# show ingress interface ethernet 1/4

Displays the status of filtering on the ingress port.

Configuring an Acceptable Frame Type for a Port

To configure an acceptable frame type that is acceptable on a port, perform this procedure.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface ethernet port-number
  4. ingress acceptable-frame { all| tagged}
  5. end
  6. show ingress interface { ethernet port-number| gpon port-number}

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:

Device#configure terminal

Enters global configuration mode.

Step 3

interface ethernet port-number

Example:

Device(config)#interface ethernet1/4

Enters interface configuration mode.
Step 4

ingress acceptable-frame { all| tagged}

Example:

Device(config-if-ethernet-1/4)# ingress acceptable-frame tagged

Configures the type of frames acceptable on the port.

  • all: the port can receive tagged and untagged VLAN packets.

  • tagged: the port can receive only tagged VLAN packets.

Step 5

end

Example:

Device(config-if-ethernet-1/4)# end

Exits to privileged EXEC mode.
Step 6

show ingress interface { ethernet port-number| gpon port-number}

Example:

Device# show ingress interface ethernet 1/4

Displays the status of filtering on the ingress port.

Configuration Examples for VLAN

The following sections provide examples of VLAN configurations.

Example: Creating a VLAN and Assigning a Default VLAN

The following example shows how to create a VLAN:
Device> enable
Device# configure terminal
Device(config)#vlan 100
Device(config-if-vlan)#switchport ethernet 1/1 ethernet 1/2

The following example shows how to configure a default VLAN and change the VLAN mode of an interface: 

Device> enable
Device# configure terminal
Device(config)#interface ethernet 1/1
Device(config-if-ethernet-1/1)#switchport mode access 
Device(config-if-ethernet-1/1)#switchport default vlan 100
Device(config-if-ethernet-1/1)#interface ethernet 1/2
Device(config-if-ethernet-1/2)#switchport mode trunk
Device(config-if-ethernet-1/2)#switchport default vlan 100
Device(config-if-ethernet-1/2)#exit

The following example shows how to display the VLAN configuration on Port1 and Port2: 

Device> enable
Device# configure terminal
Device(config)#show interface brief ethernet 1/1 ethernet 1/2
Port    Desc   Link shutdn Speed        Pri PVID Mode TagVlan    UtVlan
e1/1         up   false  auto-f100     0   100  acc             100
e1/2         up   false  auto-f100     0   100  trk              100
Total entries: 2 .

Example: Configuring the VLAN Mode for an interface

The following example shows how to configure an access port:

Device> enable
Device# configure terminal
Device(config)#vlan 100
Device(config)#interface ethernet 1/1
Device(config-if-ethernet-1/1)#switchport mode access

The following example shows how to configure a trunk port:

Device> enable
Device# configure terminal
Device(config)#vlan 100
Device(config)#interface ethernet 1/2
Device(config-if-ethernet-1/1)#switchport mode trunk

The following example shows how to display the VLAN configuration on Port1 and Port2: 

Device(config)# show interface brief ethernet 1/1 ethernet 1/2
Port  Desc  Linkshutdn  Speed  Pri  PVID  ModeTagVlan  UtVlan
e1/1  up  false        auto-f100  0  1    acc            1
e1/2  up  false        auto-f100  0  1    trk             1
Total entries: 2 .