上一篇
下一篇
cisco 新建vlan(老交换机方式)
作者:Zero 日期:2008-07-30
Creating Ethernet VLANs on Catalyst Switches
--------------------------------------------------------------------------------
Contents
Introduction
Important Notes
Configuring the VLAN on Catalyst Switches Running CatOS
Troubleshooting Tips
Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches
Related Information
--------------------------------------------------------------------------------
Introduction
This document provides basic information on how to create VLANs on Catalyst switches running CatOS, as well as Catalyst 2900XL/3500XL, 2950, and 3550 switches; the results of each command are displayed as they are executed. Cisco Catalyst 4000, 5000, and 6000 family switches (running CatOS), and any Catalyst 2900XL , 3500XL, 2950, or 3550 can be used in the scenarios presented in this document to obtain the same results.
This document does not provide information on how to configure VLANs on Catalyst 6000 switches running Native IOS. For those details, please refer to the following document:
Configuring VLANs
Important Notes
Virtual LANs (VLANs) are a mechanism to allow network administrators to create logical broadcast domains that can span across a single switch or multiple switches, regardless of physical proximity. This is useful for reducing the size of broadcast domains, or allowing groups or users to be logically grouped without being physically located in the same place.
VLANs create logical Layer 3 (L3) broadcast domains. They can be thought of as TCP/IP subnets, or IPX Networks, or AppleTalk Cable-Ranges. In order to create VLANs, you must decide how to configure the following items:
What VLAN Trunking Protocol (VTP) domain name and VTP mode will be used on this switch?
What ports on the switch will belong to which VLAN?
Will you need to have communication between VLANs, or will they be isolated? If you require communication between VLANs, you will need to use a L3 routing device, such as an external Cisco router or an internal router module such as a Route Switch Module (RSM) or a Multilayer Switch Feature Card (MSFC).
Note: For details on configuring InterVLAN routing on the MSFC, RSM, Route Switch Feature Card (RSFC), or an external router, refer to the following documents:
For MSFCs, refer to Configuring InterVLAN Routing on the MSFC
For RSMs/RSFCs/external router, refer to Configuring InterVLAN Routing
To create the examples in this document, we used the following switches in a lab environment with cleared configurations:
Catalyst 6009 switch running Catalyst OS 5.5(x) software
Catalyst 3524XL switch running Cisco IOS 12.0(5.x)XU
The configurations in this document were implemented in an isolated lab environment. Ensure that you understand the potential impact of any configuration or command on your network before using it.
Note: This document assumes that you have basic connectivity to the switch, either through the console or through Telnet access. For details on how to get basic connectivity to the switches, refer to the following documents:
For Catalyst 6000 switches, refer to Basic Software Configuration
For XL Series Switches, refer to Quick Start Guide
Configuring the VLAN on Catalyst Switches Running CatOS
Step 1 Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the switch is a VTP server, you must define a VTP domain name before you can add any VLANs. This has to be defined regardless of the number of switches in the network (one or many), or whether or not you will be using VTP to propagate VLANs to other switches in the network. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
The default VTP configuration on the switch is as follows:
CatosSwitch> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
5 1023 0 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
0.0.0.0 disabled disabled 2-1000
Use the set vtp command to set the domain name and mode.
CatosSwitch> (enable) set vtp domain ?
<name> Domain name
CatosSwitch> (enable) set vtp domain cisco ?
mode Set VTP mode
passwd Set VTP password
pruning Set VTP pruning
v2 Set VTP version 2
<cr>
CatosSwitch> (enable) set vtp domain cisco mode ?
client VTP client mode
server VTP server mode
transparent VTP transparent mode
CatosSwitch> (enable) set vtp domain cisco mode server
VTP domain cisco modified
Step 2 Verify VTP configuration by using the show vtp domain command.
CatosSwitch> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
cisco 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
5 1023 1 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
0.0.0.0 disabled disabled 2-1000
Step 3 Once the VTP domain has been set and verified, you can begin to create VLANs on the switch. By default, there is only a single VLAN for all ports, and this VLAN is called the default. VLAN1 cannot be renamed or deleted.
You can use the show vlan command to display the parameters for all configured VLANs in the administrative domain, as shown below:
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/1-48
4/1-16
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - ibm - 0 0
VLAN DynCreated RSPAN
---- ---------- --------
1 static disabled
1002 static disabled
1003 static disabled
1004 static disabled
1005 static disabled
VLAN AREHops STEHops Backup CRF 1q VLAN
---- ------- ------- ---------- -------
1003 7 7 off
To create VLANs, use the set vlan command, as show below:
CatosSwitch> (enable) set vlan
Usage: set vlan <vlan> <mod/port>
(An example of mod/port is 1/1,2/1-12,3/1-2,4/1-12)
set vlan <vlan_num> [name <name>] [type <type>] [state <state>]
[pvlan-type <pvlan_type>]
[said <said>] [mtu <mtu>] [ring <hex_ring_number>]
[decring <decimal_ring_number>]
[bridge <bridge_number>] [parent <vlan_num>]
[mode <bridge_mode>] [stp <stp_type>]
[translation <vlan_num>] [backupcrf <off|on>]
[aremaxhop <hopcount>] [stemaxhop <hopcount>]
[rspan]
(name = 1..32 characters, state = (active, suspend)
type = (ethernet, fddi, fddinet, trcrf, trbrf)
said = 1..4294967294, mtu = 576..18190
pvlan-type = (primary,isolated,community,none)
hex_ring_number = 0x1..0xfff, decimal_ring_number = 1..4095
bridge_number = 0x1..0xf, parent = 2..1005, mode = (srt, srb)
stp = (ieee, IBM, auto), translation = 1..1005
hopcount = 1..13)
Set vlan commands:
----------------------------------------------------------------------------
set vlan Set vlan information
set vlan mapping Map an 802.1q vlan to an Ethernet vlan
CatosSwitch> (enable) set vlan 2 name cisco_vlan_2
Vlan 2 configuration successful
Note: You can verify the VLAN configuration by using the show vlan command, as shown below:
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/1-48
4/1-16
2 cisco_vlan_2 active 75
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - IBM - 0 0
(Output Suppressed...)
Step 4 If you want to add ports to the VLAN, use the set vlan<vlan#> <mod/ports> ... command.
CatosSwitch> (enable) set vlan 2 3/1-12
VLAN 2 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
2 3/1-12
15/1
Note: You can also create the VLAN and add the ports to that VLAN with all the information in a single command.
For example, if you want to create the third VLAN and then assign ports 3/13-3/15 to that VLAN, use the following command:
CatosSwitch> (enable) set vlan 3 3/13-15
Vlan 3 configuration successful
VLAN 3 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
3 3/13-15
15/1
Step 5 Verify VLAN configuration by using show vlan command.
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/16-48
4/1-16
2 cisco_vlan_2 active 75 3/1-12
3 VLAN0003 active 76 3/13-15
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - IBM - 0 0
(Output Suppressed...)
To remove ports from a VLAN, use the set vlan <vlan#> <mod/ports>... command and place the ports in a different VLAN. This is essentially what you are doing when you assign a port to any VLAN, because the ports initially belonged to VLAN 1.
To delete the VLAN, use the clear vlan command, but the ports will remain a part of that VLAN and be deactivated because they no longer belong to any VLAN. The switch will display a warning and give you the opportunity to cancel the current request.
CatosSwitch> (enable) clear vlan 3
This command will deactivate all ports on vlan 3
in the entire management domain.
Do you want to continue(y/n) [n]?y
Vlan 3 deleted
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/16-48
4/1-16
2 cisco_vlan_2 active 75 3/1-12
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - IBM - 0 0
(Output Suppressed...)
Note: Ports 3/13-3/15 are not displayed in the above show vlan command, as they are deactivated by the removal of VLAN 3. Unless you add them back in any other VLAN, they will not be displayed.
Troubleshooting Tips
Below are troubleshooting tips for common problems that you may encounter while creating VLANs on Catalyst switches running CatOS:
If you create a VLAN when there is no VTP domain name defined, you will receive the error message below:
CatosSwitch> (enable) set vlan 2
Cannot add/modify VLANs on a VTP server without a domain name.
CatosSwitch> (enable)
To correct this, create a VTP domain name on the switch, as shown in the configuration section
If you create a VLAN on a switch that is in VTP client mode, you will receive the following error message:
CatosSwitch> (enable) set vlan 2
Cannot add/modify VLANs on a VTP client.
CatosSwitch> (enable)
Note: A switch is only allowed to create VLANs if it is in VTP server or VTP transparent modes. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
Ports are in "inactive" state when the show port <mod/port> command is issued. This means that the VLAN to which the ports originally belonged was deleted, usually because of VTP. You can either re-create that VLAN or correct the VTP configuration so that the VLAN is re-established in the VTP Domain. Sample show port <mod/port> command output is shown below:
CatosSwitch> (enable) show port 3/1
Port Name Status Vlan Duplex Speed Type
----- ------------------ ---------- ---------- ------ ----- ------------
3/1 inactive 2 auto auto 10/100BaseTX
Port AuxiliaryVlan AuxVlan-Status InlinePowered PowerAllocated
Admin Oper Detected mWatt mA @42V
----- ------------- -------------- ----- ------ -------- ----- --------
3/1 none none - - - - -
(Output Suppressed...)
CatosSwitch> (enable) show vlan 2
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
Unable to access VTP Vlan 2 information.
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
Unable to access VTP Vlan 2 information.
VLAN DynCreated RSPAN
---- ---------- --------
Unable to access VTP Vlan 2 information.
VLAN AREHops STEHops Backup CRF 1q VLAN
---- ------- ------- ---------- -------
Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches
Note: Depending on the model of the switch that you have, you may see different out put of certain commands displayed in this section.
Step 1 Before you create VLANs, you must decide whether to useVTP in your network. Using VTP, you can make configuration changes centrally on a single switch, and have those changes automatically communicated to all the other switches in the network. The default VTP mode on the switches mentioned in this section is the server mode.
For details on VTP, refer to Understanding and Configuring VLAN Trunk Protocol
You can check the VTP status on the XL Series Switches, by using the show vtp status command.
3524XL#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 254
Number of existing VLANs : 5
VTP Operating Mode : Server!-- This is the default mode
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Step 2 By default, there is only a single VLAN for all ports, and this VLAN is called the default. VLAN1 cannot be renamed or deleted. You can run show vlan command to check the VLAN information.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
3524XL#
Use the following set of commands in the privileged mode to create another VLAN:
3524XL#vlan database!-- You have to enter into vlan database, to configure any VLAN
3524XL(vlan)#vtp server
Device mode already VTP SERVER.
!-- You may skip the above command, if the switch is already in server mode,
and you want the switch to be in server mode
Note: A switch is only allowed to create VLANs if it is in VTP server or VTP transparent modes. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
3524XL(vlan)#vlan ?
<1-1005> ISL VLAN index
3524XL(vlan)#vlan 2 ?
are Maximum number of All Route Explorer hops for this VLAN
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero
if none)
<cr>
3524XL(vlan)#vlan 2 name ?
WORD The ASCII name for the VLAN
3524XL(vlan)#vlan 2 name cisco_vlan_2
VLAN 2 added:
Name: cisco_vlan_2
3524XL(vlan)#exit!-- You have to exit from the VLAN database, for the changes to be committed
APPLY completed.
Exiting....
3524XL#
Step 3 Make sure that the VLAN is created by running the show vlan command.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
2 cisco_vlan_2 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
Step 4 You may want to add the ports (interfaces) in the newly created VLAN. You have to go to interface configuration mode for each of the interfaces that you want to add into the new VLAN. Use the following set of commands in the privileged mode to add a particular interface in the VLAN.
3524XL#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3524XL(config)#interface fastEthernet 0/2
3524XL(config-if)#switchport access ?
vlan Set VLAN when interface is in access mode
3524XL(config-if)#switchport access vlan ?
<1-1001> &nb
--------------------------------------------------------------------------------
Contents
Introduction
Important Notes
Configuring the VLAN on Catalyst Switches Running CatOS
Troubleshooting Tips
Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches
Related Information
--------------------------------------------------------------------------------
Introduction
This document provides basic information on how to create VLANs on Catalyst switches running CatOS, as well as Catalyst 2900XL/3500XL, 2950, and 3550 switches; the results of each command are displayed as they are executed. Cisco Catalyst 4000, 5000, and 6000 family switches (running CatOS), and any Catalyst 2900XL , 3500XL, 2950, or 3550 can be used in the scenarios presented in this document to obtain the same results.
This document does not provide information on how to configure VLANs on Catalyst 6000 switches running Native IOS. For those details, please refer to the following document:
Configuring VLANs
Important Notes
Virtual LANs (VLANs) are a mechanism to allow network administrators to create logical broadcast domains that can span across a single switch or multiple switches, regardless of physical proximity. This is useful for reducing the size of broadcast domains, or allowing groups or users to be logically grouped without being physically located in the same place.
VLANs create logical Layer 3 (L3) broadcast domains. They can be thought of as TCP/IP subnets, or IPX Networks, or AppleTalk Cable-Ranges. In order to create VLANs, you must decide how to configure the following items:
What VLAN Trunking Protocol (VTP) domain name and VTP mode will be used on this switch?
What ports on the switch will belong to which VLAN?
Will you need to have communication between VLANs, or will they be isolated? If you require communication between VLANs, you will need to use a L3 routing device, such as an external Cisco router or an internal router module such as a Route Switch Module (RSM) or a Multilayer Switch Feature Card (MSFC).
Note: For details on configuring InterVLAN routing on the MSFC, RSM, Route Switch Feature Card (RSFC), or an external router, refer to the following documents:
For MSFCs, refer to Configuring InterVLAN Routing on the MSFC
For RSMs/RSFCs/external router, refer to Configuring InterVLAN Routing
To create the examples in this document, we used the following switches in a lab environment with cleared configurations:
Catalyst 6009 switch running Catalyst OS 5.5(x) software
Catalyst 3524XL switch running Cisco IOS 12.0(5.x)XU
The configurations in this document were implemented in an isolated lab environment. Ensure that you understand the potential impact of any configuration or command on your network before using it.
Note: This document assumes that you have basic connectivity to the switch, either through the console or through Telnet access. For details on how to get basic connectivity to the switches, refer to the following documents:
For Catalyst 6000 switches, refer to Basic Software Configuration
For XL Series Switches, refer to Quick Start Guide
Configuring the VLAN on Catalyst Switches Running CatOS
Step 1 Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the switch is a VTP server, you must define a VTP domain name before you can add any VLANs. This has to be defined regardless of the number of switches in the network (one or many), or whether or not you will be using VTP to propagate VLANs to other switches in the network. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
The default VTP configuration on the switch is as follows:
CatosSwitch> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
5 1023 0 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
0.0.0.0 disabled disabled 2-1000
Use the set vtp command to set the domain name and mode.
CatosSwitch> (enable) set vtp domain ?
<name> Domain name
CatosSwitch> (enable) set vtp domain cisco ?
mode Set VTP mode
passwd Set VTP password
pruning Set VTP pruning
v2 Set VTP version 2
<cr>
CatosSwitch> (enable) set vtp domain cisco mode ?
client VTP client mode
server VTP server mode
transparent VTP transparent mode
CatosSwitch> (enable) set vtp domain cisco mode server
VTP domain cisco modified
Step 2 Verify VTP configuration by using the show vtp domain command.
CatosSwitch> (enable) show vtp domain
Domain Name Domain Index VTP Version Local Mode Password
-------------------------------- ------------ ----------- ----------- ----------
cisco 1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications
---------- ---------------- --------------- -------------
5 1023 1 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans
--------------- -------- -------- -------------------------
0.0.0.0 disabled disabled 2-1000
Step 3 Once the VTP domain has been set and verified, you can begin to create VLANs on the switch. By default, there is only a single VLAN for all ports, and this VLAN is called the default. VLAN1 cannot be renamed or deleted.
You can use the show vlan command to display the parameters for all configured VLANs in the administrative domain, as shown below:
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/1-48
4/1-16
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - ibm - 0 0
VLAN DynCreated RSPAN
---- ---------- --------
1 static disabled
1002 static disabled
1003 static disabled
1004 static disabled
1005 static disabled
VLAN AREHops STEHops Backup CRF 1q VLAN
---- ------- ------- ---------- -------
1003 7 7 off
To create VLANs, use the set vlan command, as show below:
CatosSwitch> (enable) set vlan
Usage: set vlan <vlan> <mod/port>
(An example of mod/port is 1/1,2/1-12,3/1-2,4/1-12)
set vlan <vlan_num> [name <name>] [type <type>] [state <state>]
[pvlan-type <pvlan_type>]
[said <said>] [mtu <mtu>] [ring <hex_ring_number>]
[decring <decimal_ring_number>]
[bridge <bridge_number>] [parent <vlan_num>]
[mode <bridge_mode>] [stp <stp_type>]
[translation <vlan_num>] [backupcrf <off|on>]
[aremaxhop <hopcount>] [stemaxhop <hopcount>]
[rspan]
(name = 1..32 characters, state = (active, suspend)
type = (ethernet, fddi, fddinet, trcrf, trbrf)
said = 1..4294967294, mtu = 576..18190
pvlan-type = (primary,isolated,community,none)
hex_ring_number = 0x1..0xfff, decimal_ring_number = 1..4095
bridge_number = 0x1..0xf, parent = 2..1005, mode = (srt, srb)
stp = (ieee, IBM, auto), translation = 1..1005
hopcount = 1..13)
Set vlan commands:
----------------------------------------------------------------------------
set vlan Set vlan information
set vlan mapping Map an 802.1q vlan to an Ethernet vlan
CatosSwitch> (enable) set vlan 2 name cisco_vlan_2
Vlan 2 configuration successful
Note: You can verify the VLAN configuration by using the show vlan command, as shown below:
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/1-48
4/1-16
2 cisco_vlan_2 active 75
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - IBM - 0 0
(Output Suppressed...)
Step 4 If you want to add ports to the VLAN, use the set vlan<vlan#> <mod/ports> ... command.
CatosSwitch> (enable) set vlan 2 3/1-12
VLAN 2 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
2 3/1-12
15/1
Note: You can also create the VLAN and add the ports to that VLAN with all the information in a single command.
For example, if you want to create the third VLAN and then assign ports 3/13-3/15 to that VLAN, use the following command:
CatosSwitch> (enable) set vlan 3 3/13-15
Vlan 3 configuration successful
VLAN 3 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
3 3/13-15
15/1
Step 5 Verify VLAN configuration by using show vlan command.
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/16-48
4/1-16
2 cisco_vlan_2 active 75 3/1-12
3 VLAN0003 active 76 3/13-15
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - IBM - 0 0
(Output Suppressed...)
To remove ports from a VLAN, use the set vlan <vlan#> <mod/ports>... command and place the ports in a different VLAN. This is essentially what you are doing when you assign a port to any VLAN, because the ports initially belonged to VLAN 1.
To delete the VLAN, use the clear vlan command, but the ports will remain a part of that VLAN and be deactivated because they no longer belong to any VLAN. The switch will display a warning and give you the opportunity to cancel the current request.
CatosSwitch> (enable) clear vlan 3
This command will deactivate all ports on vlan 3
in the entire management domain.
Do you want to continue(y/n) [n]?y
Vlan 3 deleted
CatosSwitch> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/1-2
3/16-48
4/1-16
2 cisco_vlan_2 active 75 3/1-12
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - IBM - 0 0
(Output Suppressed...)
Note: Ports 3/13-3/15 are not displayed in the above show vlan command, as they are deactivated by the removal of VLAN 3. Unless you add them back in any other VLAN, they will not be displayed.
Troubleshooting Tips
Below are troubleshooting tips for common problems that you may encounter while creating VLANs on Catalyst switches running CatOS:
If you create a VLAN when there is no VTP domain name defined, you will receive the error message below:
CatosSwitch> (enable) set vlan 2
Cannot add/modify VLANs on a VTP server without a domain name.
CatosSwitch> (enable)
To correct this, create a VTP domain name on the switch, as shown in the configuration section
If you create a VLAN on a switch that is in VTP client mode, you will receive the following error message:
CatosSwitch> (enable) set vlan 2
Cannot add/modify VLANs on a VTP client.
CatosSwitch> (enable)
Note: A switch is only allowed to create VLANs if it is in VTP server or VTP transparent modes. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
Ports are in "inactive" state when the show port <mod/port> command is issued. This means that the VLAN to which the ports originally belonged was deleted, usually because of VTP. You can either re-create that VLAN or correct the VTP configuration so that the VLAN is re-established in the VTP Domain. Sample show port <mod/port> command output is shown below:
CatosSwitch> (enable) show port 3/1
Port Name Status Vlan Duplex Speed Type
----- ------------------ ---------- ---------- ------ ----- ------------
3/1 inactive 2 auto auto 10/100BaseTX
Port AuxiliaryVlan AuxVlan-Status InlinePowered PowerAllocated
Admin Oper Detected mWatt mA @42V
----- ------------- -------------- ----- ------ -------- ----- --------
3/1 none none - - - - -
(Output Suppressed...)
CatosSwitch> (enable) show vlan 2
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
Unable to access VTP Vlan 2 information.
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
Unable to access VTP Vlan 2 information.
VLAN DynCreated RSPAN
---- ---------- --------
Unable to access VTP Vlan 2 information.
VLAN AREHops STEHops Backup CRF 1q VLAN
---- ------- ------- ---------- -------
Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches
Note: Depending on the model of the switch that you have, you may see different out put of certain commands displayed in this section.
Step 1 Before you create VLANs, you must decide whether to useVTP in your network. Using VTP, you can make configuration changes centrally on a single switch, and have those changes automatically communicated to all the other switches in the network. The default VTP mode on the switches mentioned in this section is the server mode.
For details on VTP, refer to Understanding and Configuring VLAN Trunk Protocol
You can check the VTP status on the XL Series Switches, by using the show vtp status command.
3524XL#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 254
Number of existing VLANs : 5
VTP Operating Mode : Server!-- This is the default mode
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Step 2 By default, there is only a single VLAN for all ports, and this VLAN is called the default. VLAN1 cannot be renamed or deleted. You can run show vlan command to check the VLAN information.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
3524XL#
Use the following set of commands in the privileged mode to create another VLAN:
3524XL#vlan database!-- You have to enter into vlan database, to configure any VLAN
3524XL(vlan)#vtp server
Device mode already VTP SERVER.
!-- You may skip the above command, if the switch is already in server mode,
and you want the switch to be in server mode
Note: A switch is only allowed to create VLANs if it is in VTP server or VTP transparent modes. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
3524XL(vlan)#vlan ?
<1-1005> ISL VLAN index
3524XL(vlan)#vlan 2 ?
are Maximum number of All Route Explorer hops for this VLAN
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero
if none)
<cr>
3524XL(vlan)#vlan 2 name ?
WORD The ASCII name for the VLAN
3524XL(vlan)#vlan 2 name cisco_vlan_2
VLAN 2 added:
Name: cisco_vlan_2
3524XL(vlan)#exit!-- You have to exit from the VLAN database, for the changes to be committed
APPLY completed.
Exiting....
3524XL#
Step 3 Make sure that the VLAN is created by running the show vlan command.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
2 cisco_vlan_2 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
Step 4 You may want to add the ports (interfaces) in the newly created VLAN. You have to go to interface configuration mode for each of the interfaces that you want to add into the new VLAN. Use the following set of commands in the privileged mode to add a particular interface in the VLAN.
3524XL#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3524XL(config)#interface fastEthernet 0/2
3524XL(config-if)#switchport access ?
vlan Set VLAN when interface is in access mode
3524XL(config-if)#switchport access vlan ?
<1-1001> &nb