Basic Vlan Configure

Basic Vlan CLI Configure

Switch>en

Switch#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#vlan 10

Switch(config-vlan)#name hello

Switch(config-vlan)#exit

Switch(config)#int range fastethernet0/1-10

Switch(config-if-range)#switchport access vlan 10

Switch(config-if-range)#end

Switch#

%SYS-5-CONFIG_I: Configured from console by console

Switch#

Switch#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#int range fastethernet0/11-20

Switch(config-if-range)#switchport access vlan 3

% Access VLAN does not exist. Creating vlan 3

Switch(config-if-range)#end

Switch#

%SYS-5-CONFIG_I: Configured from console by console

Switch#show vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/21, Fa0/22, Fa0/23, Fa0/24

Gig1/1, Gig1/2

3    VLAN0003                         active    Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20

10   hello                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10

1002 fddi-default                     active

1003 token-ring-default               active

1004 fddinet-default                  active

1005 trnet-default                    active

Switch#

Vlan Trunking Configuration

DTP: consider the type of trunking. Cisco switches that support ISL and 802.1Q can negotiate which type to use, using the Dynamic Trunking Protocol (DTP). If both switches support both protocols, they use ISL; otherwise, they use the protocol that both support. Today, many Cisco switches do not support the older ISL trunking protocol.

DTP can also negotiate whether the two devices on the link agree to trunk at all, as guided by the local switch port’s administrative mode. The administrative mode refers to the configuration setting for whether trunking should be used. Each interface also has an operational mode, which refers to what is currently happening on the interface, and might have been chosen by DTP’s negotiation with the other device. Cisco switches use the switchport mode interface subcommand to define the

administrative trunking mode

Trunking Administrative Mode Options with the switchport mode Command

Expected Trunking Operational Mode Based on the Configured Administrative Modes

Cisco recommends disabling trunk negotiation on most ports for better security. The majority of switch ports on most switches will be used to connect to users. As a matter of habit, you can disable DTP negotiations altogether using the switchport nonegotiate interface subcommand.

Controlling Which VLANs Can Be Supported on a Trunk

The allowed VLAN list feature provides a mechanism for engineers to administratively disable a VLAN from a trunk. By default, switches include all possible VLANs (1–4094) in each trunk’s allowed VLAN list. However, the engineer can then limit the VLANs allowed on the trunk by using the following interface subcommand:

switchport trunk allowed vlan {add | all | except | remove} vlan-list

This command provides a way to easily add and remove VLANs from the list. For example, the add option permits the switch to add VLANs to the existing allowed VLAN list, and the remove option permits the switch to remove VLANs from the existing list. The all option means all VLANs, so you can use it to reset the switch to its original default setting (permitting VLANs 1–4094 on the trunk). The except option is rather tricky: It adds all VLANs to the list that are not part of the command. For example, the switchport trunk allowed vlan except 100-200 interface subcommand adds VLANs 1 through 99 and 201 through 4094 to the existing allowed VLAN list on that trunk.

switches do not forward frames in nonexistent VLANs or a shutdown VLAN over any of the switch’s trunks.

Mind Map

Practice

Switch 0:

Switch(config)#int gigabit1/1

Switch(config-if)#switchport mode trunk

Switch(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up

Switch#show interface gigabit1/1 switchport

Name: Gig1/1

Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Appliance trust: none

Switch#

Switch 1:

Switch#show interface gigabit1/2 switchport

Name: Gig1/2

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: trunk

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Appliance trust: none

Switch#