Dark Developments Where Knowledge Meets Power

24Aug/110

CISCO – Static VLAN Configuration

Posted by Dark#Basics

Cisco - Static VLAN Configuration
As most of you know a VLAN or Virtual Local Area Network is a group of hosts with a common set of requirements that communicate as they are on the same broadcast domain, regardless of there location. It essentially allows machines to be grouped together even if they aren't attached on the same network switch.

VLANs are used to segment services that are normally provided by routers. VLANs address issues such as security and network management. By definition, switches do not bridge IP traffic between VLANs as it would violate the VLAN broadcast domain principle.

By using VLANs, one can control traffic patterns and react quickly to relocations. VLANs provide the flexibility to adapt to changes in network requirements and allow for simplified administration.

VLAN Memberships
There are two common approaches to assign VLAN membership namely using Static VLANs and Dynamic VLANs.

Static VLANs are also referred as post-based VLANs. As a device enters the network, the device automatically assumes the VLAN of the port. If the user changes ports and needs access to the same VLAN, the network administrator must manually make a port-to-VLAN assignment for the new connection.

Dynamic VLANs are created through the use of software. With a VLAN Management Policy Server (VMPS), an administrator can assign switch ports to VLANs dynamically based on information such as the source MAC address of the device connected to the port or the username used to log onto that device. As a device enters the network, the device queries a database for VLAN membership.

Adding a VLAN

Select All Code:
1
2
3
4
ExampleSwitch#config t
ExampleSwitch(config)#vlan 666
ExampleSwitch(config-vlan)#name Employees
ExampleSwitch(config-vlan)#end

Static VLAN Configuration

Select All Code:
1
2
3
4
ExampleSwitch(config)#interface fa 0/1
ExampleSwitch(config-if)#switchport mode access
ExampleSwitch(config-if)#switchport access vlan 666
ExampleSwitch(config-if)#end

Managing VLANs
After configuring a VLAN, you can validate the configuration by using different show commands.

Show VLAN brief gives an overview of the defined VLANs, there status and the ports.

Select All Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
ExampleSwitch#show vlan brief
 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
666  Employees                        active    Fa0/1
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

Show vlan id gives an overview of the status and ports for the specified vlan id.

Select All Code:
1
2
3
4
5
6
7
8
9
ExampleSwitch#show vlan id 666
 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
666  Employees                        active    Fa0/1
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
666  enet  100666     1500  -      -      -        -    -        0      0

Show vlan name gives an overview of the status and ports for the specified vlan name.

Select All Code:
1
2
3
4
5
6
7
8
9
ExampleSwitch#show vlan name Employees
 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
666  Employees                        active    Fa0/1
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
666  enet  100666     1500  -      -      -        -    -        0      0

Show interfaces switchport gives a detailed overview of the settings for the specified interface.

Select All Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ExampleSwitch#show interfaces fa 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 666 (Employees)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Filed under: Cisco, Networking No Comments