How to configure VLANs on Cisco Catalyst Switch

In this lesson I will show you how to configure VLANs on Cisco Catalyst Switches and how to assign interfaces to certain VLANs. Let’s start with a simple network topology:

two computers cisco 2950 switch

Let’s start with a simple example. H1 and H2 are connected to SW1.

First we will look at the default VLAN configuration on SW1:

SW1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/22
                                                Fa0/23, Fa0/24, Gi0/1, Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Interesting…VLAN 1 is the default LAN and you can see that all active interfaces are assigned to VLAN 1.

VLAN information is not saved in the running-config or startup-config but in a separate file called vlan.dat on your flash memory. If you want to delete the VLAN information you should delete this file by typing delete flash:vlan.dat. I configured an IP address on H1 and H2 so they are in the same subnet.

Let’s see if H1 and H2 can reach each other:

C:\Documents and Settings\H1>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Even with the default switch configuration H1 is able to reach H2. Let’s see if I can create a new VLAN for H1 and H2:

SW1(config)#vlan 50
SW1(config-vlan)#name Computers
SW1(config-vlan)#exit

This is how you create a new VLAN. If you want you can give it a name but this is optional. I’m calling my VLAN “Computers”.

SW1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15,
                                                Fa0/23, Fa0/24, Gi0/1, Gi0/2
50   Computers                        active

VLAN 50 was created on SW1 and you can see that it’s active. However no ports are currently in VLAN 50. Let’s see if we can change this…

SW1(config)interface fa0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 50

SW1(config)interface fa0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 50

First I will configure the switchport in access mode with the switchport mode access command. By using the switchport access vlan command we can move our interfaces to another VLAN.

SW1#show vlan 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10,, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15,
                                                Fa0/23, Fa0/24, Gi0/2

50   Computers                        active    Fa0/1, Fa0/2

 

Excellent! Both computers are now in VLAN 50. Let’s verify our configuration by checking if they can ping each other:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 655 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

535 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Jeffery,

    Those commands are all you need to put two interfaces in VLAN 50. What’s the output of the following commands?

    • show vlan (to verify that the VLAN exists)
    • show ip interface brief (to check the interface statuses
    • show run int fa0/1 and show run int fa0/2 (to make sure no other commands are applied

    The configuration of VLANs is the same on any of the Catalyst switches…the 2950, 2960, 3550, 3560, 3750 and 4500/6500 series use the same commands. The same thing applies to most of the routers.

    Also, make sure your windows firewall is not blocking ICMP

    ... Continue reading in our forum

  2. Hi Muhammad,

    On 802.1Q trunk links, we can send tagged and untagged Ethernet frames. Frames that are untagged are considered to belong to the native VLAN. It is possible to configure your switches to tag the native VLAN btw.

    On the native VLAN, you’ll find frames from protocols like CDP, DTP, etc.

    On 802.1Q trunk links, we can send tagged and untagged Ethernet frames. Frames that are untagged are considered to belong to the native VLAN. It is possible to configure your switches to tag the native VLAN btw.

    On the native VLAN, you’ll find frames from protocols li

    ... Continue reading in our forum

  3. Hello Abhishek.

    There are advantages and disadvantages to creating a trunk between the Router and the Cisco 3850 switch. It all depends on what you want to achieve.

    You would want to do this if:

    1. you want all of the routing of your network to take place at the Router
      a) advantages of this include: to be able to apply security, access lists and other policies at a single location
      b) disadvantages include single point of failure for routing
    2. if you want to allow VLANs to span multiple areas of your network (if the Router is a layer 3 switch)

    You would avoid doin

    ... Continue reading in our forum

  4. Hello Vitaly

    There are essentially three ways to configure a gateway of last resort on an L3 switch or on a router. These differ in their implementation and their functionality.

    The ip default-gateway command should only be used when routing is disabled. It essentially tells the device what its default gateway is much like a PC has the default gateway configured. It is used only for the purposes of connectivity with subnets other than its own.

    The ip default-network command can be used only when routing is enabled. When you configure ip default-network the

    ... Continue reading in our forum

  5. Hello Salvatore

    First of all, we must define the difference between a VLAN and a VLAN Interface.

    A VLAN is a virtual LAN found within the switch. It’s definition simply states that a subdivision of the switch exists within which a single subnet will function. A VLAN is created using the vlan command such as vlan 40. Such a command just defines the new VLAN with a VLAN ID.

    A VLAN Interface, more correctly known as a Switched Virtual Interface (SVI) is a virtual interface that functions in the same way as a layer 3 physical interface. It is an interface that

    ... Continue reading in our forum

32 more replies! Ask a question or join the discussion by visiting our Community Forum