Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches Step 1 Before you create VLANs, you must decide whether to useVTP in your network. Using VTP, you can make configuration changes centrally on a single switch, and have those changes automatically communicated to all the other switches in the network. The default VTP mode on the switches mentioned in this section is the server mode. For details on VTP, refer to Understanding and Configuring VLAN Trunk PRotocol You can check the VTP status on the XL Series Switches, by using the show vtp status command. 3524XL#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 254 Number of existing VLANs : 5 VTP Operating Mode : Server!-- This is the default mode VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled md5 digest : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70 Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Step 2 By default, there is only a single VLAN for all ports, and this VLAN is called the default. VLAN1 cannot be renamed or deleted. You can run show vlan command to check the VLAN information.
3524XL#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
Use the following set of commands in the privileged mode to create another VLAN: 3524XL#vlan database!-- You have to enter into vlan database, to configure any VLAN 3524XL(vlan)#vtp server Device mode already VTP SERVER. !-- You may skip the above command, if the switch is already in server mode, and you want the switch to be in server mode Note: A switch is only allowed to create VLANs if it is in VTP server or VTP transparent modes. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document. 3524XL(vlan)#vlan ? <1-1005> ISL VLAN index
3524XL(vlan)#vlan 2 ? are Maximum number of All Route EXPlorer hops for this VLAN backupcrf Backup CRF mode of the VLAN bridge Bridging characteristics of the VLAN media Media type of the VLAN mtu VLAN Maximum Transmission Unit name Ascii name of the VLAN parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs ring Ring number of FDDI or Token Ring type VLANs said IEEE 802.10 SAID state Operational state of the VLAN ste Maximum number of Spanning Tree Explorer hops for this VLAN stp Spanning tree characteristics of the VLAN tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero if none) tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero if none)
3524XL(vlan)#vlan 2 name ? Word The ASCII name for the VLAN
3524XL(vlan)#vlan 2 name cisco_vlan_2 VLAN 2 added: Name: cisco_vlan_2 3524XL(vlan)#exit! -- You have to exit from the VLAN database, for the changes to be committed APPLY completed. Exiting.... 3524XL# Step 3 Make sure that the VLAN is created by running the show vlan command. 3524XL#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 cisco_vlan_2 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
Step 4 You may want to add the ports (interfaces) in the newly created VLAN. You have to go to interface configuration mode for each of the interfaces that you want to add into the new VLAN. Use the following set of commands in the privileged mode to add a particular interface in the VLAN.
3524XL#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 3524XL(config)#interface fastEthernet 0/2 3524XL(config-if)#switchport access ? vlan Set VLAN when interface is in access mode
3524XL(config-if)#switchport access vlan ? <1-1001> VLAN ID of the VLAN when this port is in access mode dynamic When in access mode, this interfaces VLAN is controlled by VMPS
3524XL(config-if)#switchport access vlan 2!-- Assigning interface fa0/2 to vlan 2 3524XL(config-if)#exit 3524XL(config)#interface fastEthernet 0/3 3524XL(config-if)#switchport access vlan 2!-- Assigning interface fa0/3 to vlan 2 3524XL(config-if)#end 3524XL# 00:55:26: %SYS-5-CONFIG_I: Configured from console by console 3524XL#wr mem!-- Saving the configuration Building configuration...
Step 5 Verify VLAN configuration by using show vlan command.
3524XL#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 cisco_vlan_2 active Fa0/2, Fa0/3 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
To remove ports from the VLAN, use the no switchport access vlan command in the interface configuration mode. Once the port is removed from the VLAN that is not VLAN 1 (the default VLAN), that port is automatically added back to the default VLAN.
For example, if you want to remove interface Fa0/2 from cisco_vlan_2 (VLAN 2), use the following set of commands in the privileged mode:
3524XL#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 3524XL(config)#interface fastEthernet 0/2 3524XL(config-if)#no switchport access vlan 2! -- Removing interface fa0/2 from vlan 2 3524XL(config-if)#end 3524XL#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, !-- Note that Fa0/2 is added back, to the default vlan Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 cisco_vlan_2 active Fa0/3 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
To delete the VLAN, use no vlan command from the vlan database mode. Interfaces that were in that VLAN, will remain a part of that VLAN and be deactivated since they no longer belong to any VLAN.
For example, if you want to delete cisco_vlan_2 from the switch, use the following set of commands in the privileged mode:
3524XL#vlan database!-- Entering the vlan database mode 3524XL(vlan)#no vlan 2!-- Removing the VLAN from the database Deleting VLAN 2... 3524XL(vlan)#exit APPLY completed. Exiting.... 3524XL#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active (Output Suppressed...) Notice that port Fa0/3 is not displayed in the above show vlan command, as it is deactivated by the removal of VLAN 2. Unless you add it back in any other VLAN, it will not be displayed noruseable. 3524XL#show interfaces fastEthernet 0/3 FastEthernet0/3 is down, line protocol is down (Output Suppressed...) Configuring Multi-VLAN Port on Catalyst 2900 XL/35 Step 1: In the lab, to show how the multi-VLAN port is configured, we have created three VLANs on a Catalyst 3512 XL switch, and one port of the switch is connected to an external router. The port connected to the router will be configured as a multi-VLAN port.
6-3512xl#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Gi0/1, Gi0/2 2 VLAN0002 active Fa0/2, Fa0/4 3 VLAN0003 active Fa0/5 4 VLAN0004 active 5 VLAN0005 active 6 VLAN0006 active Here, port Fa0/1 is connected to external router. For more information on learning how to create VLANs and assigning ports to VLANs, refer to the Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches section of this document.
Step 2: Configure the Fa0/1 port in multi-VLAN mode, and add assigned VLANs to the multi-VLAN port.
6-3512xl#configure t Enter configuration commands, one per line. End with CNTL/Z. 6-3512xl(config)#int fa0/1 6-3512xl(config-if)#switchport mode multi ! -- The port Fa0/1 mode is changed to multi. 6-3512xl(config-if)#switchport multi vlan ? LINE VLAN IDs of VLANs to be used in multi-VLAN mode add add VLANs to the current list remove remove VLANs from the current list
6-3512xl(config-if)#switchport multi vlan 1,2,3 !-- VLANs 1, 2, and 3 are assigned to multi-VLAN port Fa0/1.
6-3512xl(config-if)#^Z
6-3512xl# Step 3: Verify the configuration by issuing the show vlan and show interface switchport commands.
6-3512xl#show interface fa0/1 switchport Name: Fa0/1 Operational Mode: multi !-- The port is in multi-VLAN mode. Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: NONE Pruning VLANs Enabled: NONE
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
6-3512xl#
6-3512xl#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/1 Fa0/12, Gi0/1, Gi0/2 2 VLAN0002 active Fa0/1, Fa0/2, Fa0/4 !-- Note that previously, port Fa0/1 was only in VLAN 1, now it's assigned to multiple VLANs, 1, 2, and 3. 3 VLAN0003 active Fa0/1, Fa0/5 4 VLAN0004 active 5 VLAN0005 active Step 4: You can verify the multi-VLAN operation by issuing the ping command from switch to router. The ping command should get a reply from the router every time the management IP address is assigned to any of the VLANs 1, 2, or 3.
6-3512xl#configure t Enter configuration commands, one per line. End with CNTL/Z. 6-3512xl(config)#int vlan 1 6-3512xl(config-if)#ip address 192.168.1.1 255.255.255.0 !-- The management IP address is assigned to VLAN 1. 6-3512xl(config-if)#^Z 6-3512xl# 23:56:54: %SYS-5-CONFIG_I: Configured from console by console 6-3512xl#ping 192.168.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! SUCcess rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms 6-3512xl#ping 192.168.1.2 !-- You can ping the router from VLAN 1.
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms 6-3512xl#
6-3512xl#configure t Enter configuration commands, one per line. End with CNTL/Z. 6-3512xl(config)#int vlan 1 6-3512xl(config-if)#no ip address ! -- The management IP address is removed from VLAN 1. 6-3512xl(config-if)#shutdown
6-3512xl(config-if)#exit 6-3512xl(config)#int vlan 2 6-3512xl(config-subif)#ip address 192.168.1.1 255.255.255.0 6-3512xl(config-subif)#no shutdown !-- The management IP address is assigned to VLAN 2. 6-3512xl(config-subif)#exit 6-3512xl(config)#exit 6-3512xl#ping 192.168.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms 6-3512xl#ping 192.168.1.2 !-- We can ping the router from VLAN 2.
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1004 ms 6-3512xl#
6-3512xl#configure t Enter configuration commands, one per line. End with CNTL/Z. 6-3512xl(config)#int vlan 2 6-3512xl(config-subif)#no ip address !-- The management IP address is removed from VLAN 2. 6-3512xl(config-subif)#shutdown 6-3512xl(config-subif)#exit 6-3512xl(config)#int vlan 3 6-3512xl(config-subif)#ip address 192.168.1.1 255.255.255.0 6-3512xl(config-subif)#no shut !-- The management IP address is assigned to VLAN 3. 6-3512xl(config-subif)#exit 6-3512xl(config)#exit
6-3512xl#ping 192.168.1.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms 6-3512xl#ping 192.168.1.2 !-- You can ping the router from VLAN 3.
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/205/1004 ms 6-3512xl#
