VLAN Configuration Commands Step by Step Explained
This tutorial explains how to create and assign VLAN, VLAN Membership (Static and Dynamic), Router on Stick and Spanning Tree Protocol (STP) in detail with practical examples in packet tracer. Learn how to create and manage VLAN in Cisco switch step by step.
Create a practice lab in packet tracer as shown in following figure or download pre-created practice lab from second part of this tutorial.
This is the last part of our article "VLAN, VTP, DTP, STP and Router on Stick Explained with Examples". You can read other parts of this article here:-
This is the first part of this article. In this part we explained basic concepts of VLAN such as What VLAN is, Advantage of VLAN, VLAN membership Static and Dynamic, VLAN Connections; Access link and trunk links, trunk tagging and how VLAN add additional layer of security with examples.
This is the second part of this article. In this part we explained how to create a practice lab in Packet Tracer. You can create practice lab by following the instruction or alternatively download pre created lab. This lab will we used to demonstrate the configuration part of VLAN, VTP, DTP, STP and router on stick.
This the third part of this article. In this part we explained VTP mode with examples including VTP Server mode, VTP Client mode and VTP transparent mode. Later we configured VTP protocol in our practice lab.
This the fourth part of this article. In this part we explained access link, trunk link, VLAN tagging process, VLAN tagging protocol ISL and 802.1Q, Dynamic trunking protocol and DTP mode with examples. Later in this part we configured trunking in our practice lab.
In practice lab network Office1 Switch is configured as VTP Server. Office2 and Office3 switches are configured as VTP clients. We only need to create VLANs in VTP Server. VTP Server will propagate this information to all VTP clients automatically.
vlan vlan number command is used to create the VLAN.
Office 1 Switch
S1(config)#vlan 10 S1(config-vlan)#exit S1(config)#vlan 20 S1(config-vlan)#exit S1(config)#
Assigning VLAN Membership
VLAN can be assigned statically or dynamically. CCNA exam only includes static method; therefore we will also use static method to assign VLAN membership. switchport access vlan [vlan number ] command is used to assign VLAN to the interface. Following commands will assign VLANs to the interfaces.
Office 1 Switch
S1(config)#interface fastEthernet 0/1 S1(config-if)#switchport access vlan 10 S1(config-if)#interface fastEthernet 0/2 S1(config-if)#switchport access vlan 20
Office 2 Switch
S2(config)#interface fastEthernet 0/1 S2(config-if)#switchport access vlan 10 S2(config-if)#interface fastEthernet 0/2 S2(config-if)#switchport access vlan 20
Office 3 Switch
S3(config)#interface fastEthernet 0/1 S3(config-if)#switchport access vlan 10 S3(config-if)#interface fastEthernet 0/2 S3(config-if)#switchport access vlan 20
We have successfully assigned VLAN membership. It's time to test our configuration. To test this configuration, we will use ping command. ping command is used to test connectivity between two devices. As per our configuration, devices from same VLAN can communicate. Devices from different VLANs must not be able to communicate with each other without router.
Testing VLAN configuration
Access PC's command prompt to test VLAN configuration. Double click PC-PT and click Command Prompt
We have two VLAN configurations VLAN 10 and VLAN 20. Let's test VLAN 10 first. In VLAN 10 we have three PCs with IP addresses 10.0.0.2, 10.0.0.3 and 10.0.0.4. These PCs must be able to communicate with each other's. At this point PCs from VLAN 10 should not be allowed to access PCs from VLAN 20. VLAN 20 also has three PCs 22.214.171.124, 126.96.36.199 and 188.8.131.52.
We have successfully implemented VLAN 10 now test VLAN 20.
Same as VLAN 10, PCs from VLAN 20 must be able to communicate with other PCs of same VLAN while they should not be able to access VLAN 10.
Congratulations we have successfully achieved one more mile stones of this article.
Configure Router on Stick
Typically routers are configured to receive data on one physical interface and forward that data from another physical interface based on its configuration. Each VLAN has a layer 3 address that should be configured as default gateway address on all its devices. In our scenario we reserved IP address 10.0.0.1 for VLAN 10 and 184.108.40.206 for VLAN 20.
With default configuration we need two physical interfaces on router to make this intra VLAN communication. Due to price of router, it’s not a cost effective solution to use a physical interface of router for each VLAN. Usually a router has one or two Ethernet interface. For example if we have 50 VLANs, we would need nearly 25 routers in order to make intra VLANs communications. To deal with situation we use Router on Stick.
Router on Stick is router that supports trunk connection and has an ability to switch frames between the VLANs on this trunk connection. On this router, single physical interface is sufficient to make communication between our both VLANs.
Access command prompt of Router
To configure Router on Stick we have to access CLI prompt of Router. Click Router and Click CLI from menu items and Press Enter key to access the CLI
Run following commands in same sequence to configure Router on Stick
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 0/0 Router(config-if)#no ip address Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fastEthernet 0/0.10 Router(config-subif)#encapsulation dot1Q 10 Router(config-subif)#ip address 10.0.0.1 255.0.0.0 Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.20 Router(config-subif)#encapsulation dot1Q 20 Router(config-subif)#ip address 220.127.116.11 255.0.0.0 Router(config-subif)#exit
- In above configuration we broke up single physical interface [FastEthernet 0/0] into two logical interfaces, known as sub-interfaces. Router supports up to 1000 interfaces including both physical and logical.
- By default interface link works as access link. We need to change it into trunk link. encapsulation commands specify the trunk type and associate VLAN with sub-interface.
- In next step we assigned IP address to our sub-interface.
That's all configuration we need to switch VLANs. Now we can test different VLAN communications. To test intra VLANs communication open command prompt of PC and ping the PC of other VLAN.
PC [10.0.0.3] from VLAN 10 can now access PC [18.104.22.168] from VLAN 20.
Spanning Tree Protocol (STP)
STP is a layer 2 protocol, used for removing loops. For backup purpose we typically create backup links for important resources. In our scenario, all offices have backup links that create loops in topology. STP automatically removes layer 2 loops. STP multicasts frame that contain information about switch interfaces. These frames are called BPDU (Bridge Protocol Data Units). Switch use BPDUs to learn network topology. If it found any loop, it will automatically remove that. To remove loop, STP disables port or ports that are causing it.
How to configure VLAN VTP DTP cheat sheet
|Switch(config)#vtp mode server||Configure Switch as VTP Server|
|Switch(config)#vtp mode client||Configure Switch as VTP Client|
|Switch(config)#vtp mode transparent||Configure Switch as VTP Transparent|
|Switch(config)#no vtp mode Configure||Switch to default VTP Server Mode|
|Switch(config)#vtp domain domain-name||Set VTP Domain name.|
|Switch(config)#vtp password password||Set VTP password. Password is case sensitive|
|Switch#show vtp status||Display VTP status including general information|
|Switch#show vtp counters||Show VTP counters of switch|
|Switch(config-if) #switchport mode trunk||Change interface mode in Trunk|
|Switch(config)#vlan 10||Create VLAN and associate number ID 10 with it|
|Switch(config-vlan)#name Sales||Assign name to VLAN|
|Switch(config-vlan)#exit||Return in Global configuration mode from VLAN configuration mode|
|Switch(config)#interface fastethernet 0/1||Enter in interface configuration mode|
|Switch(config-if)#switchport mode access||Set interface link type to access link|
|Switch(config-if)#switchport access vlan 10||Assign this interface to VLAN 10|
|Switch#show vlan||Displays VLAN information|
|Switch#show vlan brief||Displays VLAN information in short|
|Switch#show vlan id 10||Displays information VLAN ID 10 only|
|Switch#show vlan name sales||Displays information about VLAN named sales only|
|Switch(config)#interface fastethernet 0/8||Enter in Interface configuration mode|
|Switch(config-if)#no switchport access vlan 10||Removes interface from VLAN 10 and reassigns it to the default VLAN - VLAN 1|
|Switch(config-if)#exit||Move back to Global configuration mode|
|Switch(config)#no vlan 10||Delete VLAN 10 from VLAN database|
|Switch#copy running-config startup-config||Saves the running configuration in NVRAM|
Use this configured topology for cross check if you are not getting the same output after following all steps.
That's all for this article. I hope you have enjoyed this tutorial.
By ComputerNetworkingNotes Updated on 2018-08-06 00:41:51 IST
- Access Control List Explained with Examples
- Configure Extended Access Control List Step by Step Guide
- Extended ACL Configuration Commands Explained
- Configure Standard Access Control List Step by Step Guide
- Standard ACL Configuration Commands Explained
- How to block ICMP Ping on Cisco Routers
- Definition, purposes, benefits, and functions of ACL
- Basic concepts and fundamentals of ACLs
- Types of Access Control Lists Explained