Switches do not understand broadcast messages. They forward them from all ports. VLAN is a switch feature. It allows us to create a group of devices that share broadcast messages.
We use the vlan command in global configuration mode to create a new VLAN or to update an existing VLAN. We use the switchport mode access vlan command in the interface configuration mode of a port to assign it to a VLAN.
Let's take an example to understand how to use these commands on Cisco switches.
Create a Packet Tracer lab as shown in the following image.
I explained the steps to create this practice lab in the following tutorial.
VLAN Practice Lab Setup in Packet Tracer
Packet Tracer is a network simulator software. You can download it from the following link.
In this lab, we have three switches and six PCs. Each switch has a connection to two PCs. All PCs have IP configurations. Three PCs have an IP configuration from the network 10.0.0.0/8, and the remaining three have an IP configuration from the network 20.0.0.0/8. The lab also has a router to provide connectivity between VLANs.
Configuring VLANs on switches
We will configure two VLANs in this network: VLAN-10 and VLAN-20. We will use VLAN-10 for the network 10.0.0.0/8. We will use VLAN-20 for the network 20.0.0.0/8. We will keep one PC from each switch in a VLAN.
Access the first switch's CLI prompt. Enter global configuration mode and use the vlan command to create a new VLAN. This command needs a VLAN number as an argument. It checks the specified VLAN number for an existing VLAN before creating a new VLAN. If it finds an existing VLAN having the specified number, it does not create a new VLAN. It enters VLAN configuration mode for the existing VLAN. If it does not find an existing VLAN having the specified number, it creates a new VLAN and enters VLAN configuration mode for the new VLAN.
VLAN configuration mode allows us to configure additional options such as name and RSPAN. In a basic configuration, we do not need to configure these options. Use the exit command to exit VLAN configuration mode.
The following commands create VLAN-10.
Switch>enable Switch#configure terminal Switch(config)#vlan 10 Switch(config-vlan)#exit Switch(config)#
The following commands create VLAN-20.
Switch(config)#vlan 20 Switch(config-vlan)#exit Switch(config)#
Since all three switches have PCs in these VLANs, you need to run the above commands on all switches.
After creating VLANs, we need to assign them to the switch ports. The switchport mode access vlan command assigns a VLAN to the switch port. It accepts a VLAN number as an argument. It runs in the interface configuration mode of the port. It assigns the specified VLAN number to the port. The device connected to the port becomes a member of the specified port.
The following commands make the device connected to port-1 a member of VLAN-10.
Switch(config)#interface fastethernet 0/1 Switch(config-if)#vlan 10 Switch(config-vlan)#exit
The following commands make the device connected to port-2 a member of VLAN-20.
Switch(config)#interface fastethernet 0/2 Switch(config-if)#vlan 20 Switch(config-vlan)#exit Switch(config)#
You need to run the above commands on all switches.
A switch port can work in two modes: access and trunk. In access mode, it works with a single VLAN. In trunk mode, it works with multiple VLANs.
Access mode is the default mode on all switch ports. If you connect an end device to a switch port, you do not need to change the default mode. But if you connect a switch port to another switch port, you need to change the default mode to trunk mode on both ports.
Change default mode to trunk mode on ports you used to connect switches. Use the switchport mode trunk command to change the default mode. Run this command in the interface configuration mode of the port.
The following commands change the default mode to trunk mode on GigabitEtherent 0/1.
Switch(config)#interface gigabitEthernet 0/1 Switch(config-if)#switchport mode trunk Switch(config-if)#exit
The following commands change the default mode to trunk mode on GigabitEtherent 0/2.
Switch(config)#interface gigabitEthernet 0/2 Switch(config-if)#switchport mode trunk Switch(config-if)#exit Switch(config)#
Run the above commands on all switches.
Testing and verifying VLANs
To test and verify VLAN configuration, you can check connectivity between PCs in the same VLAN.
Click the PC icon, click Desktop, and click Command prompt. Use the ping command to test connectivity.
PC0 is a member of VLAN-10. As we can see in the above image, it has connectivity with PC2 and PC4. PC2 and PC4 are other members of VLAN-10.
Similarly, you can also test connectivity between PC1, PC3, and PC5. These are members of VLAN-20.
PCs in the same VLAN have connectivity. It verifies VLAN configuration.
Connecting different VLANs
VLANs are logical subnets. PCs in different VLANs do not have connectivity. To provide connectivity between different VLANs, you need to configure a router. The last tutorial in this tutorial series explains how to configure a router to provide connectivity between different VLANs.
This tutorial is a part of the tutorial series on VLAN, VTP, and DTP Concepts and Configurations on Cisco Routers. Other parts of this series are the following.
Chapter 01 VLAN Basic Concepts Explained with Examples
Chapter 02 Advantages and Disadvantages of VLANs
Chapter 03 Static and Dynamic VLAN Membership Explained
Chapter 04 Access Link and Trunk Link Explained
Chapter 05 VLAN Tagging Explained with DTP Protocol
Chapter 06 DTP Modes and Protocol Explained
Chapter 07 802.1Q Native VLAN concept Explained
Chapter 08 Cisco Inter-Switch Link (ISL) Explained
Chapter 09 Trunk Tagging and Frame Tagging Explained
Chapter 10 VTP Modes and VTP Protocol Explained
Chapter 11 VTP Pruning on switches Explained
Chapter 12 VLAN Practice Lab Setup in Packet Tracer
Chapter 13 Configure VTP Server and Client in Switch
Chapter 14 VLAN Configuration Commands Step by Step Explained
Chapter 15 Router on Stick Configuration Explained
That's all for this tutorial. In this tutorial, we learned how to configure, test, and verify VLANs on switches.
