Menu
VLAN Configuration

VLAN Configuration in Cisco Switches

Contents show

In the previous article, we have discussed the normal and extended-range VLANs. Normal range VLAN configuration is stored in vlan.dat file, which is located in flash memory on the switch.  Flash memory does not need the copy running-config startup-config or write command.

But, other details are usually configured on a Cisco switch at the same time when VLANs are created; it is best to save running configuration changes to the startup configuration. The figure below illustrates the Cisco IOS command syntax used to add a VLAN to a Cisco switch and give it a name. Naming each VLAN is the best practice in VLAN configuration.

Vlan <vlan ID>

Name <Name of the VLAN

The figure below illustrates the topology where Sw-1 has already been configured with VLAN 10 and 20. We can check using the Syntax Checker show vlan brief command in user exec mode to display the contents of the vlan.dat file. Now we should create some VLANs including VLAN-10 and VLAN-20 on Sw-2.

vlan configuration

So, we can create VLANs one by one, using a series of VLAN IDs and using a range.  The IDs can be entered separated by commas and the range of VLAN IDs can be separated by hyphens for example “vlan vlan-id”. Use the following command to create VLANs 10, 20, 30, 40, and VLANs 50-60.

Sw-2(config)# vlan 10, 20, 30, 40

Sw-2(config)# vlan 50-60

Assigning Ports to VLAN

Once VLAN configuration is done, then the next step is assigning ports to the VLAN. Port in access mod can belong to only one VLAN at a time. Only in one case when the access port is connected to an IP phone, there are two VLAN associated with this port, one for voice and one for data. Following is the syntax for defining a port to be an access port and assigning it to a VLAN.

The command switch port mode access is optional, although this command is strongly recommended for security. This command changes the switch interface permanently to access mode. To execute the command for more than one interface we can use the interface range command.

In the Figure below, VLAN 10 is assigned to port Fa0/1 on switch1 as a result, the PC4 became a member of VLAN 10 and VLAN-20 are assigned port fa 0/2 and fa0/3, so PC5 and PC6 is the part of VLAN 20. We can use the Syntax Checker “show vlan brief” command to display the contents of the vlan.dat file.

VLAN Configuration in Cisco Switches 1

If VLAN does not exist the switchport access vlan command forces the creation of a VLAN on the switch. For example, VLAN 100 does not exist in the output of the show vlan brief command. If the switchport access vlan 30 commands entered on an interface without any prior configuration, then the will display the following:

% Access VLAN does not exist. Creating VLAN 100

Now we can show the vlan.dat file using show vlan brief command.

Changing VLAN Port Membership

There are several ways to change the VLAN port association. The table below shows the syntax for changing a switch port membership to VLAN 1 with the no switchport access vlan interface configuration mode command.

VLAN 10 has assigned interface Fa0/1. The no switchport access vlan command is entered for interface Fa0/1 in interface configuration mode, now check the output in the show vlan brief command that instantly follows as shown in Figure below.

The show vlan brief command displays the VLAN association and type for all switch ports. The show vlan brief command shows one line for every VLAN. The output for every VLAN includes the name, status, and switch ports.

VLAN Configuration in Cisco Switches 2

VLAN 10 is still active, but there are no ports in the VLAN. The command show interfaces f0/1 switchport verify that the access VLAN for Fa0/1 interface has been reset to VLAN 1. It is not required to first remove a port from a VLAN for changing its membership. Now we can again assign these ports to any VLAN.

Verifying VLAN Information  

After a VLAN configuration or some changes in the VLAN configuration, we must validate the configuration using the Cisco IOS show commands. The command syntax is the following:-

  • Show vlan [ brief | id vlan-id | name vlan-name | summary]
    • Brief – it displays one line for every VLAN with the name of VLAN, status, and ports.
    • Id vlan-id This parameter displays the information about a specific VLAN with VLAN ID number.
    • name vlan-name – Display the information of a specific VLAN with the name of VLAN.
  • Show interfaces [interface-id | vlan vlan-name | switchport]
    • Interface-id – this is a valid interface id included a module, port numbers, and port channel. The port-channel range is between 1 to 6.
    • Id vlan-id This parameter displays the information about a specific VLAN with VLAN ID number. The range of VLAN id is 1 to 4096.
    • switchport – This parameter displays the operational and administrative status of a switch port, including blocking of the port and port protection settings.

Now we are going to use the show VLAN command with a different parameter. The “show vlan name IT” command output is not easy to understand. The figure below illustrates the output of this command. The output parameter will be discussed in the coming articles.

VLAN Configuration in Cisco Switches 3

The recommended command for VLAN verification is “show vlan brief” and also “show vlan summary” These commands display the count of all configured VLANs. We can also use the “show interfaces” command with different parameters. For examples “show interfaces fastEthernet 0/1 switchport“.

This will display all information about the switchport fastethernet 0/1. If we enter command “show interfaces switchport” It will display all existing switchport information. We can also use “show interfaces vlan <vlan ID>” command to display the vlan interface informations.  This command will show the IP address information of this VLAN.

Deleting VLAN

We can delete VLAN with “no vlan vlan-id” command in global configuration mode. For example, “ no vlan 10 “ in global configuration mode will delete VLAN 10 from switch Sw-2 database. The ports of VLAN 10 is not the member of any VLAN now. You can verify it with “show vlan brief” command that VLAN 10 is no longer present in the vlan.dat file after using the no vlan 10 commands.

Best practice before deleting VLAN is reassigning to all member ports to a different VLAN because any port that is not moved to an active VLAN are unable to communicate with other hosts after the deleting VLAN and until they are assigned to an active VLAN.

We can delete the entire vlan.dat file using the “delete flash:vlan.dat” command in privileged EXEC. The abbreviated command is “delete vlan.dat”. We can also use this to delete a vlan.dat file if the file is stored in its default location.

After executing this command and restarting the switch, the formerly configured VLANs are no longer present. This places the switch into its factory default condition for VLAN configurations.

Asad Ijaz

My Name is Asad Ijaz Khattak and I am the writer and blogger, known for my website "networkustad.com". I have writes about various topics related to technology, networking, and cybersecurity. I am also a Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associate (CCNA). I have written several articles and tutorials on the website which can be used as a learning resource for people interested in networking and cybersecurity. I am the member and Editor of Proudly Team NetworkUstad

→ Asad Ijaz

Related Posts

1 Comment

  1. Trunk Links Common Problem and Troubleshooting » Networkustad
    August 18, 2019 @ 11:55 am

    […] occurs, the connectivity issues start in the network. So, data traffic for other VLAN except native VLAN will successfully propagate across the network. Native VLAN mismatch doesn’t keep trunk […]

    Reply

Leave a Reply

%d bloggers like this: