Objective
A Virtual Local Area Network (VLAN) is mainly used to form groups among the hosts regardless of where the hosts are physically located. Thus, a VLAN improves security with the help of group formation among the hosts. One of the most common reasons to set up a VLAN is to set up a VLAN for voice, and a separate VLAN for data. This directs the packets for both types of data despite using the same network.
This article defines various protocol groups and also helps to add a new protocol-based group. With these settings, protocol-based groups can be defined and bound to a port; therefore, every packet originating from the protocol groups is assigned to the configured VLAN on the page.
Applicable Devices | Software Version
Create a VLAN
Step 1
Log in to the web-based utility of the switch and choose Advanced from the Display Mode drop-down menu at the upper right corner.
Step 2
Click VLAN Management.
Step 3
Scroll down and select VLAN Groups > Protocol-Based Groups.
Step 4
Click the add icon in the Protocol-Based Group Table to create a protocol-based group.
Step 5
Choose a radio button in the Encapsulation area for the protocol type you want to use.
- Ethernet V2 — This parameter refers to the data packet on an Ethernet link.
- LLC-SNAP (rfc1042) — This parameter refers to Logical Link Control with Sub-Network Access Protocol (LLC-SNAP). These protocols work in combination to assure that data is transmitted effectively inside the network.
- LLC — This parameter refers to Logical Link Control (LLC). It is the sublayer of the data link layer, which acts as an interface between the media access control sublayer and the network layer.
If you have chosen Ethernet V2, continue with this step. If not, proceed to Step 6. From the Ethernet Type drop-down list, choose an ethernet type to indicate which protocol will be encapsulated in the payload of an Ethernet Frame. The options are:
- IP (0x0800) — An ethernet V2 frame that has an IPv4 packet.
- IPX (0x8137-0x8138) — An ethernet V2 frame with Internetwork Packet Exchange (IPX).
- IPv6 (0x86DD) — An ethernet V2 frame that has an IPv6 packet.
- ARP (0x0806) — An ethernet V2 frame with Address Resolution Protocol (ARP) packet.
- User Defined — An administrator can enter a Protocol Value and Group ID in the respective fields.
Step 6
If you have chosen LLC-SNAP (rfc1042) or LLC, proceed with this step. In the Protocol Value Field, enter the protocol value. The range is 0x0600-0xFFFF.
In the Group ID field, enter the group ID of the protocol. You may assign a number between 1-2147483647.
Step 7
Click Apply.
Step 8
Click the save icon in the top right corner of your screen. This will save the settings to the startup configuration file.
You have now successfully configured a Protocol-Based Group VLAN.
Looking for more information on VLANs for your Cisco Business Switches? Check out any of the following links for more information.
Article Skeleton w/ Content
Objective
This article provides instructions on how to define protocol groups and configure protocol-based groups to VLAN on a Cisco Business 350 series switch using the Command Line Interface.
Introduction
A Virtual Local Area Network (VLAN) allows you to logically segment a Local Area Network (LAN) into different broadcast domains. In scenarios where sensitive data may be broadcast on a network, VLANs can be created to enhance security by designating a broadcast to a specific VLAN. Only users that belong to a VLAN are able to access and manipulate the data on that VLAN. VLANs can also be used to enhance performance by reducing the need to send broadcasts and multicasts to unnecessary destinations.
To learn how to configure the VLAN settings on your switch through the web-based utility, click here. For CLI-based instructions, click here.
Networking devices on which multiple protocols are running cannot be grouped to a common VLAN. Non-standard devices are used to pass traffic between different VLANs in order to include the devices participating in a specific protocol. For this reason, you cannot take advantage of the many features of VLAN.
VLAN groups are used to load balance the traffic on a Layer 2 network. The packets are distributed with respect to different classifications and are assigned to VLANs. Many different classifications exist, and if more than one classification scheme is defined, the packets are assigned to the VLAN in this order:
- Tag - The VLAN number is recognized from the tag.
- MAC-based VLAN - The VLAN is recognized from the source Media Access Control (MAC)-to-VLAN mapping of the ingress interface.
- Subnet-based VLAN - The VLAN is recognized from the source Subnet-to-VLAN mapping of the ingress interface.
- Protocol-based VLAN - The VLAN is recognized from the Ethernet type Protocol-to-VLAN mapping of the ingress interface.
- PVID - VLAN is recognized from the port default VLAN ID.
To configure Protocol-based VLAN groups on your switch, follow these guidelines:
1. Create the VLANs. To learn how to configure the VLAN settings on your switch through the web-based utility, click here. For CLI-based instructions, click here.
2. Configure interfaces to VLANs. For instructions on how to assign interfaces to VLANs through the web-based utility of your switch, click here. For CLI-based instructions, click here.
If the interface does not belong to the VLAN, the subnet-based groups to VLAN configuration setting will not take effect.
3. Configure protocol-based VLAN groups. For instructions on how to configure protocol-based VLAN Groups through the web-based utility of your switch, click here.
4. (Optional) You can also configure the following:
- MAC-based VLAN Groups Overview — For instructions on how to configure MAC-based VLAN Groups through the web-based utility of your switch, click here. For CLI-based instructions, click here.
- Subnet-based VLAN Groups Overview — For instructions on how to configure subnet-based VLAN Groups through the web-based utility of your switch, click here. For CLI-based instructions, click here.
Groups of protocols can be defined and then bound to a port. After the protocol group is bound to a port, every packet originating from a protocol in the group is assigned a VLAN that is configured in the protocol-based groups.
Forwarding of packets based on their protocol requires setting up groups of protocols and then mapping these groups to VLANs.
Applicable Devices | Software Version
Configure Protocol-based VLAN Groups on the Switch through the CLI
Create Protocol-based VLAN Group
Step 1. Log in to the switch console. The default username and password is cisco/cisco. If you have configured a new username or password, enter the credentials instead.
The commands may vary depending on the exact model of your switch.
Step 2. From the Privileged EXEC mode of the switch, enter the Global Configuration mode by entering the following:
CBS350#configure
Step 3. In the Global Configuration mode, configure a protocol-based classification rule by entering the following:
CBS350(config)#vlan database
Step 4. To map a protocol to a group of protocols, enter the following:
CBS350(config-vlan)#map protocol [protocol[ [encapsulation-value] protocols-group [group-id]
The options are:
- protocol - Specifies a 16-bit protocol number or one of the reserved names. The range is from 0x0600 to 0xFFFF. The value 0x8100 is not valid as the protocol number for Ethernet encapsulation. The following protocol names are reserved for Ethernet Encapsulation:
- IP - An Ethernet V2 frame that has an IPv4 packet. The protocol number is 0x0800.
- IPX - An Ethernet V2 frame with Internetwork Packet Exchange (IPX). The protocol numbers range from 0x8137 to 0x8138.
- IPv6 - An Ethernet V2 frame that has an IPv6 packet. The protocol number is 0x86DD.
- ARP - An Ethernet V2 frame with Address Resolution Protocol (ARP) packet. The protocol number is 0x0806.
- User Defined - You can enter a protocol value in hex with length of four digits.
- encapsulation-value - (Optional) Specifies one of the following values:
- ethernet - This parameter refers to the data packet on an Ethernet link. This is the default encapsulation. If the encapsulation value is not defined, Ethernet will be used as the encapsulation type.
- rfc1042 - This parameter refers to Logical Link Control with Sub-Network Access Protocol (LLC-SNAP). These protocols work in combination to assure that data is transmitted effectively inside the network.
- llcother — This parameter refers to Logical Link Control (LLC). It is the sublayer of the data link layer, which acts as an interface between the media access control sublayer and the network layer.
- group-id - Specifies the group number to be created. Group ID can range from one up to 2147483647.
Step 5. To exit the Interface Configuration context, enter the following:
CBS350(config-vlan)#exit
You have now configured the protocol-based VLAN groups on your switch through the CLI.
Map Protocol-based VLAN Group to VLAN
Step 1. In the Global Configuration mode, enter the Interface Configuration context by entering the following:
CBS350#interface [interface-id | range interface-range]
The options are:
- interface-id - Specifies an interface ID to be configured.
- range interface-range - Specifies a list of VLANs. Separate nonconsecutive VLANs with a comma and no spaces. Use a hyphen to designate a range of VLANs.
Step 2. In the Interface Configuration context, use the switchport mode command to configure the VLAN membership mode:
CBS350(config-if)#switchport mode general
- general - The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
Step 3. (Optional) To return the port to the default VLAN, enter the following:
CBS350(config-if)#no switchport mode general
Step 4. To configure a protocol-based classification rule, enter the following:
CBS350(config-if)#switchport general map protocols-group [group-id] vlan [vlan-id]
The options are:
- group-id - Specifies the protocol-based group ID to filter the traffic through the port. The range is from one up to 2147483647.
- vlan-id - Specifies the VLAN ID to which the traffic from the VLAN group is forwarded. The range is from one to 4094.
Step 5. To exit the Interface Configuration context, enter the following:
CBS350(config-if)#exit
Step 6. (Optional) To remove the classification rule from the port or range of ports, enter the following:
CBS350(config-if)#no switchport general map protocols-groups group
Step 7. (Optional) Repeat steps 1 to 6 to configure more general ports and assign to the corresponding protocol-based VLAN groups.
Step 8. Enter the end command to go back to the Privileged EXEC mode:
CBS350(config-if-range)#end
You have now mapped protocol-based VLAN groups to the VLANs on your switch through the CLI.
Show Protocol-based VLAN Groups
Step 1. To display the protocols that belong to the defined protocol-based classification rules, enter the following in the Privileged EXEC mode:
CBS350#show vlan protocols-groups
Step 2. (Optional) To display the classification rules of a specific port on the VLAN, enter the following:
CBS350#show interfaces switchport [interface-id]
- interface-id - Specifies an interface ID.
Each port mode has its own private configuration. The show interfaces switchport command displays all these configurations, but only the port mode configuration that corresponds to the current port mode displayed in Administrative Mode area is active.
Step 3. (Optional) In the Privileged EXEC mode of the switch, save the configured settings to the startup configuration file, by entering the following:
CBS350#copy running-config startup-config
Step 4. (Optional) Press Y for Yes or N for No on your keyboard once the Overwrite file [startup-config]… prompt appears.
You have now displayed the protocol-based VLAN group and port configuration settings on your switch.
To proceed with configuring the VLAN group settings on your switch, follow the guidelines above.
Looking for more information on VLANs for your Cisco Business Switches? Check out any of the following links for more information.