VLANs

A Virtual Local Area Network (VLAN) is an L2 segment of the network which defines a broadcast domain and is identified by a tag added to all Ethernet frames running within the domain. This tag is called a VLAN ID (VID) and can be assigned a value of 1-4094.

Each port can have a switch mode of either:

Access – access port is a port connected to a host. It can accept only untagged frames, and assigns them a default configured VLAN (Port VLAN ID). On egress, traffic sent from the access port is untagged.
Access-dcb – receives ingress untagged traffic but sends egress priority tag (VLAN ID = 0)
Hybrid – hybrid port is a port connected to either switches or hosts. It can receive both tagged and untagged frames and assigns untagged frames a default configured VLAN (Port VLAN ID). It receives tagged frames with VLANs of which the port is a member (these VLANs’ names are allowed). On egress, traffic of allowed VLANs sent from the Hybrid port is sent tagged, while traffic sent with PVID is untagged.
Trunk – trunk port is a port connecting 2 switches. It accepts only tagged frames with VLANs of which the port is a member. On egress, traffic sent from the Trunk port is tagged. By default, a Trunk port is, automatically, a member on all current VLANs.

Configuring Access Mode and Assigning Port VLAN ID (PVID)

Create a VLAN.

Copy
Copied!

            
            switch (config) # vlan 6
switch (config vlan 6) #

Change back to config mode.

Copy
Copied!

            
            switch (config vlan 6) # exit
switch (config) #

Enter the interface configuration mode.

Copy
Copied!

            
            switch (config) # interface ethernet 1/22
switch (config interface ethernet 1/22) #

From within the interface context, configure the interface mode to Access.

Copy
Copied!

            
            switch (config interface ethernet 1/22) # switchport mode access

From within the interface context, configure the Access VLAN membership.

Copy
Copied!

            
            switch (config interface ethernet 1/22) # switchport access vlan 6

Configuring Hybrid Mode and Assigning Port VLAN ID (PVID)

Create a VLAN.

Copy
Copied!

            
            switch (config) # vlan 6
switch (config vlan 6) #

Change back to config mode.

Copy
Copied!

            
            switch (config vlan 6) # exit
switch (config) #

Enter the interface configuration mode.

Copy
Copied!

            
            switch (config) # interface ethernet 1/22
switch (config interface ethernet 1/22) #

From within the interface context, configure the interface mode to Access.

Copy
Copied!

            
            switch (config interface ethernet 1/22) # switchport mode hybrid
switch (config interface ethernet 1/22) #

From within the interface context, configure the Access VLAN membership.

Copy
Copied!

            
            switch (config interface ethernet 1/22) # switchport access vlan 6

Configuring Trunk Mode VLAN Membership

Create a VLAN.

Copy
Copied!

            
            switch (config) # vlan 10
switch (config vlan 10) #

Change back to config mode.

Copy
Copied!

            
            switch (config vlan 10) # exit
switch (config) #

Enter the interface configuration mode.

Copy
Copied!

            
            switch (config) # interface ethernet 1/35
switch (config interface ethernet 1/35) #

From within the interface context, configure the interface mode to Trunk.

Copy
Copied!

            
            switch (config interface ethernet 1/35) # switchport mode trunk

Configuring Hybrid Mode VLAN Membership

Create a VLAN.

Copy
Copied!

            
            switch (config) # vlan 10
switch (config vlan 10) #

Change back to config mode.

Copy
Copied!

            
            switch (config vlan 10) # exit
switch (config) #

Enter the interface configuration mode.

Copy
Copied!

            
            switch (config) # interface ethernet 1/35
switch (config interface ethernet 1/35) #

From within the interface context, configure the interface mode to Hybrid.

Copy
Copied!

            
            switch (config interface ethernet 1/35) # switchport mode hybrid
switch (config interface ethernet 1/35) #

From within the interface context, configure the allowed VLAN membership.

Copy
Copied!

            
            switch (config interface ethernet 1/35) # switchport hybrid allowed-vlan add 10
switch (config interface ethernet 1/35) #

Additional Reading and Use Cases

For more information about this feature and its potential applications, please refer to the following community post:

Native VLAN Configuration

VLAN Commands

vlan

	vlan {<vlan-id> \| <vlan-range>} no vlan {<vlan-id> \| <vlan-range>} Creates a VLAN or range of VLANs, and enters a VLAN context. The no form of the command deletes the VLAN or VLAN range.
Syntax Description	vlan-id	Range: 1-4094
Syntax Description	vlan-range	Any range of VLANs
Default	VLAN 1 is enabled by default
Configuration Mode	config
History	3.1.1400
Example	switch (config) # vlan 10 switch (config vlan 10) #
Related Commands	show vlan switchport mode switchport [trunk \| hybrid] allowed-vlan
Notes	Interfaces are not added automatically to VLAN unless configured with trunk or hybrid mode with “all” option turned on.

name

	name <vlan-name> no name Adds VLAN name. The no form of the command deletes the VLAN name.
Syntax Description	vlan-name	40-character long string
Default	No name available
Configuration Mode	config vlan
History	3.1.1400
Example	switch (config vlan 10) # name my-vlan-name
Related Commands	show vlan switchport mode switchport [trunk \| hybrid] allowed-vlan
Notes	Name can not be configured for a range of VLANs.

show vlan

	show vlan [id <vlan-id>] Displays the VLAN table.
Syntax Description	vlan-id	1-4094
Default	N/A
Configuration Mode	Any command mode
History	3.1.1400
Example	switch (config vlan
Related Commands	show vlan switchport mode switchport [trunk \| hybrid] allowed-vlan vlan
Notes

switchport mode

	switchport mode {access \| dot1q-tunnel \| trunk \| hybrid \| access-dcb} no switchport mode Sets the switch port mode. The no form of the command sets the switch port mode to access.
Syntax Description	access	Untagged port. 802.1q tagged traffic are filtered. Egress traffic is untagged.
	dot1q-tunnel	Allows both tagged and untagged ingress Ethernet packets. Egress packets are tagged with a second VLAN (802.1Q) header.
	trunk	802.1q tagged port, untagged traffic is filtered.
	hybrid	Both 802.1q tagged and untagged traffic is allowed on the port.
	access-dcb	Untagged port, egress traffic is priority tagged.
Default	access
Configuration Mode	config interface ethernet config interface port-channel config interface mlag-port-channel
History	3.1.1400
	3.3.4500	Added MPO configuration mode
	3.4.3000	Added dot1q-tunnel parameter
	3.6.6000	Added ability to switchport mode for a range of interfaces
Example	switch (config) # interface ethernet 1/7 switch (config interface ethernet 1/7) # switchport mode access
Related Commands	show vlan show interfaces switchport switchport access vlan switchport [trunk \| hybrid] allowed-vlan switchport dot1q-tunnel qos-mode vlan
Notes	Switchport mode may be configured for a range of interfaces (interface <inf-type> <id-range> switchport mode <type>)

switchport dot1q-tunnel qos-mode

	switchport dot1q-tunnel qos-mode {pipe \| uniform} no switchport dot1q-tunnel qos-mode Assigns QoS to the service provider’s traffic. The no form of the command resets the parameter value to its default.
Syntax Description	pipe	Gives the service provider’s traffic QoS 0
Syntax Description	uniform	Gives the service provider’s traffic the same QoS as the customer’s traffic
Default	pipe
Configuration Mode	config interface ethernet config interface port-channel config interface mlag-port-channel
History	3.4.3000
Role	admin
Example	switch (config interface ethernet 1/1) # switchport dot1q-tunnel qos-mode uniform
Related Commands	show vlan show interfaces switchport switchport access vlan switchport [trunk \| hybrid] allowed-vlan vlan
Notes

switchport access

	switchport access vlan <vlan-id> no switchport access vlan switchport access none (hybrid mode only) Configures the port access VLAN. The no form of the command sets the port access VLAN to 1. The none clause of the command removes access VLAN membership from the port, thus disallowing untagged traffic on this port. This is commonly used for fast transition from hybrid switchport to trunk-like switchport and vice versa.
Syntax Description	vlan-id	1-4094
Default	1
Configuration Mode	config interface ethernet config interface port-channel config interface mlag-port-channel
History	3.1.1400
	3.2.0500	Format change (removed hybrid and access-dcb options). Previous command format was: “switchport {hybrid \| access-dcb \| access} vlan <vlan-id>”.
	3.3.4500	Added MPO configuration mode.
	3.6.6000	Added ability to configure VLAN ID for a range of interfaces.
	3.7.1100	Updated command syntax & notes.
Example	switch (config interface ethernet 1/7) # switchport access vlan 10
Related Commands	show vlan show interfaces switchport switchport mode switchport [trunk \| hybrid] allowed-vlan vlan
Note	This command is not applicable for interfaces with port mode trunk Only one option (“access”, “access-dcb” or “hybrid”) is possible to configure on the port, depending on the switchport mode of the port Access VLAN ID may be configured to a range of interfaces ( interface <inf-type> <id-range> switchport access vlan <vlan-ID>) This command is not applicable for interfaces with port mode trunk In hybrid mode, access vlan is optional. Alternatively, use “access none” in order to disable access vlan. In this case, all incoming untagged traffic will be dropped.

switchport {hybrid, trunk} allowed-vlan

	switchport {hybrid, trunk} allowed-vlan {<vlan> \| add <vlan> \| remove <vlan> all \| except <vlan> \| none} Sets the port allowed VLANs.
Syntax Description	vlan	VLAN ID (1-4094) or VLAN range
	add	Adds VLAN or range of VLANs
	remove	Removes VLANs or range of VLANs
	all	Adds all VLANs in available in the VLAN table" New VLANs added to the VLAN table are added automatically
	except	Adds all VLANs expect this VLAN or VLAN range
	none	Removes all VLANs
Default	N/A
Configuration Mode	config interface ethernet config interface port-channel config interface mlag-port-channel
History	3.1.1400
Example	switch (config interface ethernet 1/7) # switchport hybrid allowed-vlan all
Related Commands	show vlan show interfaces switchport switchport access vlan switchport mode vlan
Note	This command is not applicable for interfaces with port mode access or access-dcb In order for the parameter “hybrid” or “trunk” to be available, the switchport mode on the interface must be configured to either hybrid or trunk respectively

switchport voice

	switchport voice vlan <vlan-id> no switchport voice vlan Configures voice VLAN for the interface. The no form of the command disables voice VLAN.
Syntax Description	vlan-id	1-4094
Default	Disabled
Configuration Mode	config interface ethernet config interface port-channel config interface mlag-port-channel
History	3.6.1002
Example	switch (config interface ethernet 1/7) # switchport voice vlan 10
Related Commands	lldp med-tlv-select show vlan show interfaces switchport switchport mode switchport [trunk \| hybrid] allowed-vlan vlan
Note

show interfaces switchport

	show interfaces [<if>] switchport Displays all interface switch port configurations.
Syntax Description	if	Possible interface types: ethernet <slot/port> port-channel <lag-id> mlag-port-channel <id>
Default	N/A
Configuration Mode	Any command mode
History	3.1.1400
History	3.6.6102	Added ability to filter by specific interfaces and updated Example
Example
switch (config) # show interfaces switchport ------------------------------------------------------------------- Interface Mode Access vlan Allowed vlans ------------------------------------------------------------------- Eth1/1 access 1 Eth1/2 access 1 Eth1/6 access 1
Related Commands	show vlan switchport access vlan switchport mode vlan
Notes	This command can accept an explicit interface or interface range (displays information only for available interfaces)

On This Page