VLANs
A Virtual Local Area Network (VLAN) is an L2 segment of the network which defines a broadcast domain and is identified by a tag added to all Ethernet frames running within the domain. This tag is called a VLAN ID (VID) and can be assigned a value of 1-4094.
Each port can have a switch mode of either:
Access – access port is a port connected to a host. It can accept only untagged frames, and assigns them a default configured VLAN (Port VLAN ID). On egress, traffic sent from the access port is untagged.
Access-dcb – receives ingress untagged traffic but sends egress priority tag (VLAN ID = 0)
Hybrid – hybrid port is a port connected to either switches or hosts. It can receive both tagged and untagged frames and assigns untagged frames a default configured VLAN (Port VLAN ID). It receives tagged frames with VLANs of which the port is a member (these VLANs’ names are allowed). On egress, traffic of allowed VLANs sent from the Hybrid port is sent tagged, while traffic sent with PVID is untagged.
Trunk – trunk port is a port connecting 2 switches. It accepts only tagged frames with VLANs of which the port is a member. On egress, traffic sent from the Trunk port is tagged. By default, a Trunk port is, automatically, a member on all current VLANs.
Create a VLAN.
switch
(config) # vlan6
switch
(config vlan6
) #Change back to config mode.
switch
(config vlan6
) # exitswitch
(config) #Enter the interface configuration mode.
switch
(config) #interface
ethernet1
/22
switch
(configinterface
ethernet1
/22
) #From within the interface context, configure the interface mode to Access.
switch
(configinterface
ethernet1
/22
) # switchport mode accessFrom within the interface context, configure the Access VLAN membership.
switch
(configinterface
ethernet1
/22
) # switchport access vlan6
Create a VLAN.
switch
(config) # vlan6
switch
(config vlan6
) #Change back to config mode.
switch
(config vlan6
) # exitswitch
(config) #Enter the interface configuration mode.
switch
(config) #interface
ethernet1
/22
switch
(configinterface
ethernet1
/22
) #From within the interface context, configure the interface mode to Access.
switch
(configinterface
ethernet1
/22
) # switchport mode hybridswitch
(configinterface
ethernet1
/22
) #From within the interface context, configure the Access VLAN membership.
switch
(configinterface
ethernet1
/22
) # switchport access vlan6
Create a VLAN.
switch
(config) # vlan10
switch
(config vlan10
) #Change back to config mode.
switch
(config vlan10
) # exitswitch
(config) #Enter the interface configuration mode.
switch
(config) #interface
ethernet1
/35
switch
(configinterface
ethernet1
/35
) #From within the interface context, configure the interface mode to Trunk.
switch
(configinterface
ethernet1
/35
) # switchport mode trunk
Create a VLAN.
switch
(config) # vlan10
switch
(config vlan10
) #Change back to config mode.
switch
(config vlan10
) # exitswitch
(config) #Enter the interface configuration mode.
switch
(config) #interface
ethernet1
/35
switch
(configinterface
ethernet1
/35
) #From within the interface context, configure the interface mode to Hybrid.
switch
(configinterface
ethernet1
/35
) # switchport mode hybridswitch
(configinterface
ethernet1
/35
) #From within the interface context, configure the allowed VLAN membership.
switch
(configinterface
ethernet1
/35
) # switchport hybrid allowed-vlan add10
switch
(configinterface
ethernet1
/35
) #
For more information about this feature and its potential applications, please refer to the following community post:
vlan
vlan {<vlan-id> | <vlan-range>} no vlan {<vlan-id> | <vlan-range>} Creates a VLAN or range of VLANs, and enters a VLAN context. The no form of the command deletes the VLAN or VLAN range. |
||
Syntax Description |
vlan-id |
Range: 1-4094 |
vlan-range |
Any range of VLANs |
|
Default |
VLAN 1 is enabled by default |
|
Configuration Mode |
config |
|
History |
3.1.1400 |
|
Example |
switch (config) # vlan 10 |
|
Related Commands |
show vlan switchport mode switchport [trunk | hybrid] allowed-vlan |
|
Notes |
Interfaces are not added automatically to VLAN unless configured with trunk or hybrid mode with “all” option turned on. |
name
name <vlan-name> no name Adds VLAN name. The no form of the command deletes the VLAN name. |
||
Syntax Description |
vlan-name |
40-character long string |
Default |
No name available |
|
Configuration Mode |
config vlan |
|
History |
3.1.1400 |
|
Example |
switch (config vlan 10) # name my-vlan-name |
|
Related Commands |
show vlan switchport mode switchport [trunk | hybrid] allowed-vlan |
|
Notes |
Name can not be configured for a range of VLANs. |
show vlan
show vlan [id <vlan-id>] Displays the VLAN table. |
||
Syntax Description |
vlan-id |
1-4094 |
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.1.1400 |
|
Example |
switch (config vlan |
|
Related Commands |
show vlan switchport mode switchport [trunk | hybrid] allowed-vlan vlan |
|
Notes |
switchport mode
switchport mode {access | dot1q-tunnel | trunk | hybrid | access-dcb} no switchport mode Sets the switch port mode. The no form of the command sets the switch port mode to access. |
||
Syntax Description |
access |
Untagged port. 802.1q tagged traffic are filtered. Egress traffic is untagged. |
dot1q-tunnel |
Allows both tagged and untagged ingress Ethernet packets. Egress packets are tagged with a second VLAN (802.1Q) header. |
|
trunk |
802.1q tagged port, untagged traffic is filtered. |
|
hybrid |
Both 802.1q tagged and untagged traffic is allowed on the port. |
|
access-dcb |
Untagged port, egress traffic is priority tagged. |
|
Default |
access |
|
Configuration Mode |
config interface ethernet config interface port-channel config interface mlag-port-channel |
|
History |
3.1.1400 |
|
3.3.4500 |
Added MPO configuration mode |
|
3.4.3000 |
Added dot1q-tunnel parameter |
|
3.6.6000 |
Added ability to switchport mode for a range of interfaces |
|
Example |
switch (config) # interface ethernet 1/7 |
|
Related Commands |
show vlan show interfaces switchport switchport access vlan switchport [trunk | hybrid] allowed-vlan switchport dot1q-tunnel qos-mode vlan |
|
Notes |
Switchport mode may be configured for a range of interfaces (interface <inf-type> <id-range> switchport mode <type>) |
switchport dot1q-tunnel qos-mode
switchport dot1q-tunnel qos-mode {pipe | uniform} no switchport dot1q-tunnel qos-mode Assigns QoS to the service provider’s traffic. The no form of the command resets the parameter value to its default. |
||
Syntax Description |
pipe |
Gives the service provider’s traffic QoS 0 |
uniform |
Gives the service provider’s traffic the same QoS as the customer’s traffic |
|
Default |
pipe |
|
Configuration Mode |
config interface ethernet config interface port-channel config interface mlag-port-channel |
|
History |
3.4.3000 |
|
Role |
admin |
|
Example |
switch (config interface ethernet 1/1) # switchport dot1q-tunnel qos-mode uniform |
|
Related Commands |
show vlan show interfaces switchport switchport access vlan switchport [trunk | hybrid] allowed-vlan vlan |
|
Notes |
switchport access
switchport access vlan <vlan-id> no switchport access vlan switchport access none (hybrid mode only) Configures the port access VLAN. The no form of the command sets the port access VLAN to 1. The none clause of the command removes access VLAN membership from the port, thus disallowing untagged traffic on this port. This is commonly used for fast transition from hybrid switchport to trunk-like switchport and vice versa. |
||
Syntax Description |
vlan-id |
1-4094 |
Default |
1 |
|
Configuration Mode |
config interface ethernet config interface port-channel config interface mlag-port-channel |
|
History |
3.1.1400 |
|
3.2.0500 |
Format change (removed hybrid and access-dcb options). Previous command format was: “switchport {hybrid | access-dcb | access} vlan <vlan-id>”. |
|
3.3.4500 |
Added MPO configuration mode. |
|
3.6.6000 |
Added ability to configure VLAN ID for a range of interfaces. |
|
3.7.1100 |
Updated command syntax & notes. |
|
Example |
switch (config interface ethernet 1/7) # switchport access vlan 10 |
|
Related Commands |
show vlan show interfaces switchport switchport mode switchport [trunk | hybrid] allowed-vlan vlan |
|
Note |
|
switchport {hybrid, trunk} allowed-vlan
switchport {hybrid, trunk} allowed-vlan {<vlan> | add <vlan> | remove <vlan> all | except <vlan> | none} Sets the port allowed VLANs. |
||
Syntax Description |
vlan |
VLAN ID (1-4094) or VLAN range |
add |
Adds VLAN or range of VLANs |
|
remove |
Removes VLANs or range of VLANs |
|
all |
Adds all VLANs in available in the VLAN table" New VLANs added to the VLAN table are added automatically |
|
except |
Adds all VLANs expect this VLAN or VLAN range |
|
none |
Removes all VLANs |
|
Default |
N/A |
|
Configuration Mode |
config interface ethernet config interface port-channel config interface mlag-port-channel |
|
History |
3.1.1400 |
|
Example |
switch (config interface ethernet 1/7) # switchport hybrid allowed-vlan all |
|
Related Commands |
show vlan show interfaces switchport switchport access vlan switchport mode vlan |
|
Note |
|
switchport voice
switchport voice vlan <vlan-id> no switchport voice vlan Configures voice VLAN for the interface. The no form of the command disables voice VLAN. |
||
Syntax Description |
vlan-id |
1-4094 |
Default |
Disabled |
|
Configuration Mode |
config interface ethernet config interface port-channel config interface mlag-port-channel |
|
History |
3.6.1002 |
|
Example |
switch (config interface ethernet 1/7) # switchport voice vlan 10 |
|
Related Commands |
lldp med-tlv-select show vlan show interfaces switchport switchport mode switchport [trunk | hybrid] allowed-vlan vlan |
|
Note |
show interfaces switchport
show interfaces [<if>] switchport Displays all interface switch port configurations. |
||
Syntax Description |
if |
Possible interface types:
|
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.1.1400 |
|
3.6.6102 |
Added ability to filter by specific interfaces and updated Example |
|
Example |
||
switch (config) # show interfaces switchport
|
||
Related Commands |
show vlan switchport access vlan switchport mode vlan |
|
Notes |
This command can accept an explicit interface or interface range (displays information only for available interfaces) |