Configure VLAN in Cisco Catalyst Switch
The diagram below shows our scenario. There are two switches, Switch1 and Switch2. We will create VLAN 2 and VLAN 3 in both switches, assign ports into VLANs and configure TRUNK between the switches.
Let’s start with Switch1.
Switch1(config)#vlan 2 Switch1(config-vlan)#name Support Switch1(config-vlan)#exit Switch1(config)#vlan 3 Switch1(config-vlan)#name Marketing Switch1(config-vlan)#end
Above commands creates two VLANs named Support and Marketing with VLAN ID 2 and 3 respectively. Now, let’s assign ports to VLANs. Let’s assign port fa0/1 and fa0/5 to VLAN3 first. Note: – When you create a new VLAN, a spanning-tree instance and mac address table are also created by default.
Switch1(config)#int fa0/1 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan 3 Switch1(config-if)#exit Switch1(config)#int fa0/5 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan 3
To assign multiple interfaces at a time we use interface range command as shown below for VLAN 2.
Switch1(config)#interface range fastEthernet 0/3 - 4 Switch1(config-if-range)#switchport mode access Switch1(config-if-range)#switchport access vlan 2
To verify if VLANs have been created, use show vlan command as shown below.
Switch1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/2, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig0/1, Gig0/2 2 Support active Fa0/3, Fa0/4 3 Marketing active Fa0/1, Fa0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 3 enet 100003 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0
As you can see above, ports fa0/3 and fa0/4 are in VLAN2 and ports fa0/1 and fa0/5 are on VLAN3. You can repeat exact same steps on Switch2 as well. Now, let’s configure TRUNK ports starting with Switch1.
Switch1(config)#int fa0/6 Switch1(config-if)#switchport trunk encapsulation dot1q Switch1(config-if)#switchport mode trunk %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/6, changed state to up
The command above configured port fa0/6 as TRUNK port and the encapsulation protocol is dot1q. Repeat the same step on Switch2. To verify the trunk port you can use command show interfaces trunk.
Switch1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/6 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/6 1-1005 Port Vlans allowed and active in management domain Fa0/6 1,2,3 Port Vlans in spanning tree forwarding state and not pruned Fa0/6 1,2,3
As you can see above, interface fa0/6 status is trunking, native vlan is 1 and encapsulation is 802.1Q. Vlans allowed on trunk is 1 to 1005, this means 1 to 1005 VLAN IDs can pass through this trunk. Vlans allowed and active in management domain means, VLAN 1,2 and 3 have been created in this switch and are active. Vlans in spanning tree forwarding state and not pruned means, frames can be sent and received by all three (1,2 and 3) VLANs. You can also view more detail of the trunk interface using, show interface fa0/6 switchport command as shown below,
Switch1#show int fa0/6 switchport Name: Fa0/6 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: All Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
The above command shows lot of details of interface fa0/6. Switchport:enabled means the port is working as layer 2 port, not layer 3. Administrative mode:trunk means, we manually specified the port as trunk. Operational mode: trunk means the port is trunking. Administrative trunking encapsulation: dot1q means the encapsulation is set to dot1q. Operational trunking encapsulatioin: dot1q means the trunking protocol running is dot1q. Negotiation of trunking: on means the DTP (Dynamic Trunking Protocol) is on. Trunking Native Mode VLAN: 1 (default) means the native VLAN is 1 and it’s the default behavior.
Now, assign IP to the PCs of both VLANs. You can ping another PC within same VLAN but not to another VLAN. You need a router to make communication occur between two VLANs. Most popular form of VLAN routing is router on a stick. So, this is how you can configure VLAN in Cisco Catalyst Swtich.