Use the vlan database Global Configuration mode command to enter the VLAN Configuration mode. This mode is used to create VLAN(s) and define the default VLAN.

Use the exit command to return to Global Configuration mode.

Syntax

vlan database

Default Configuration

VLAN 1 exists by default.

Command Mode

Global Configuration mode

Example

The following example enters the VLAN Configuration mode, creates VLAN 1972 and exits VLAN Configuration mode.

switchxxxxxx(config)# vlan database
switchxxxxxx(config-vlan)# vlan 1972
switchxxxxxx(config-vlan)# exit

Use the vlan VLAN Configuration mode or Global Configuration mode command to create a VLAN and assign it a name (if only a single VLAN is being created). Use the no form of this command to delete the VLAN(s).

Syntax

vlan vlan-range | {vlan-id [name vlan-name]} [media ethernet] [state active]

no vlan vlan-range

Parameters

• vlan-range—Specifies a list of VLAN IDs. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs (range: 2-4094).

• vlan-id—Specifies a VLAN ID. (range: 2-4094).

• vlan-name—Specifies the VLAN name. (range: 1–32 characters).

• media—Specifies the media type of the VLAN. Valid values are ethernet.

• state—Specifies whether the state of the VLAN. Valid values are active.

Default Configuration

VLAN 1 exists by default.

Command Mode

Global Configuration mode

VLAN Database Configuration mode

User Guidelines

If the VLAN does not exist, it is created. If the VLAN cannot be created then the command is finished with error and the current context is not changed.

Example

The following example creates a few VLANs. VLAN 1972 is assigned the name Marketing.

switchxxxxxx(config)# vlan database
switchxxxxxx(config-vlan)# vlan 19-23
switchxxxxxx(config-vlan)# vlan 100
switchxxxxxx(config-vlan)# vlan 1972 name Marketing
switchxxxxxx(config-vlan)# exit

Use the show vlan Privileged EXEC mode command to display the following VLAN information.

Syntax

show vlan [tag vlan-id | name vlan-name]

Parameters

• tag vlan-id—Specifies a VLAN ID.

• name vlan-name—Specifies a VLAN name string (length: 1–32 characters)

Default Configuration

All VLANs are displayed.

Command Mode

Privileged EXEC mode

Use the interface vlan Global Configuration mode command to enter the Interface Configuration (VLAN) mode for a specific VLAN. After this command is entered, all commands configure this VLAN.

Syntax

interface vlan vlan-id

Parameters

• vlan-id—Specifies the VLAN to be configured.

Command Mode

Global Configuration mode

User Guidelines

If the VLAN does not exist, the VLAN is created. If the VLAN cannot be created, this command is finished with an error and the current context is not changed.

Example

The following example configures VLAN 1 with IP address 131.108.1.27 and subnet mask 255.255.255.0.

switchxxxxxx(config)# interface vlan 1
switchxxxxxx(config-if)# ip address 131.108.1.27 255.255.255.0

Use the interface range vlan Global Configuration mode command to configure multiple VLANs simultaneously.

Syntax

interface range vlan vlan-range

Parameters

• vlan-range—Specifies a list of VLANs. Separate nonconsecutive VLANs with a comma and no spaces. Use a hyphen to designate a range of VLANs.

Command Mode

Global Configuration mode

User Guidelines

Commands under the interface VLAN range context are executed independently on each VLAN in the range. If the command returns an error on one of the VLANs, an error message is displayed, and the system attempts to configure the remaining VLANs.

Example

The following example groups VLANs 221 through 228 and 889 to receive the same command(s).

switchxxxxxx(config)# interface range vlan 221-228, vlan 889

Use the name Interface Configuration (VLAN) mode command to name a VLAN. Use the no form of this command to remove the VLAN name.

Syntax

name string

no name

Parameters

• string—Specifies a unique name associated with this VLAN. (Length: 1–32 characters).

Default Configuration

No name is defined.

Command Mode

Interface (VLAN) Configuration mode

User Guidelines

The VLAN name must be unique.

Example

The following example assigns VLAN 19 the name Marketing.

switchxxxxxx(config)# interface vlan 19
switchxxxxxx(config-if)# name Marketing

Use the switchport Interface Configuration mode command to put an interface that is in Layer 3 mode into Layer 2 mode. Use the no form of this command to put an interface in Layer 3 mode.

Syntax

switchport

no switchport

Default Configuration

Layer 2 mode

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

Use the no switchport command to set the interface as a Layer 3 interface.

An interface cannot be set as a Layer 3 interface if 802x.1 is enabled on the interface and one of the following conditions is true:

• The host mode differs from multi-host.

• MAC-Based or WEB-Based authentication is enabled.

• Radius VLAN assignment is enabled.

Examples

Example 1 - The following example puts the port gi1/0/1 into Layer 2 mode.

switchxxxxxx(config)# interface gi1/0/1
switchxxxxxx(config-if)# switchport

Example 2 - The following example puts the port gi1/0/1 into Layer 3 mode.

switchxxxxxx(config)# interface gi1/0/1
switchxxxxxx(config-if)# no switchport

Use the switchport mode Interface Configuration mode command to configure the VLAN membership mode. Use the no form of this command to restore the default configuration.

Syntax

switchport mode access | trunk | general

no switchport mode

Parameters

• access—Specifies an untagged layer 2 VLAN port.

• trunk—Specifies a trunking layer 2 VLAN port.

• general—Specifies a full 802-1q-supported VLAN port.

• customer—Specifies that an edge port connected to customer equipment. Traffic received from this port will be tunneled with the additional 802.1q VLAN tag (Q-in-Q VLAN tunneling).

Default Configuration

Access mode.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

When the port’s mode is changed, it receives the configuration corresponding to the mode.

If the port mode is changed to access and the access VLAN does not exist, then the port does not belong to any VLAN.

The following features cannot be enabled if vlan-mapping is allowed:

• IPv4 routing

• IPv6 routing

• Auto Smart Port

• Voice VLAN

The switchport vlan-mapping commands cannot add a port to a S-VLAN.

IPv4 and IPv6 interfaces cannot be defined on VLANs containing edge interfaces.

The following Layer 2 features are not supported into VLANs containing edge interfaces:

• IGMP Snooping

• MLD Snooping

Example

Example 1 - The following example configures gi1/0/1 as an access port (untagged layer 2) VLAN port.

switchxxxxxx(config)# interface gi1/0/1
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2

A port in access mode can be an untagged member of at most a single VLAN. The switchport access vlan Interface Configuration command reassigns an interface to a different VLAN than it currently belongs or assigns it to none, in which case it is not a member of any VLAN.

The no form of this command to restore the default configuration.

Syntax

switchport access vlan {vlan-id | none}

no switchport access vlan

Parameters

• vlan-id—Specifies the VLAN to which the port is configured.

• none—Specifies that the access port cannot belong to any VLAN.

Default Configuration

The interface belongs to the Default VLAN.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

When the port is assigned to a different VLAN, it is automatically removed from its previous VLAN and added it to the new VLAN. If the port is assigned to none, it is removed from the previous VLAN and not assigned to any other VLAN.

Example

The following example assigns access port gi1/0/1 to VLAN 2 (and removes it from its previous VLAN).

switchxxxxxx(config)# interface gi1/0/2
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2

A trunk interface is an untagged member of a single VLAN, and, in addition, it may be an tagged member of one or more VLANs. Use the switchport trunk allowed vlan Interface Configuration mode command to add/remove VLAN(s) to/from a trunk port. Use the no form of the command to return to the default.

Syntax

switchport trunk allowed vlan {all | none | vlan-list | add vlan-list | remove vlan-list | except vlan-list}

no switchport trunk allowed vlan

Parameters

• all—Specifies all VLANs from 1 to 4094. At any time, the port belongs to all VLANs existing at the time. (range: 1–4094).

• none—Specifies an empty VLAN list The port does not belong to any VLAN.

• vlan-list— Specifies the list of VLAN IDs the interface is member of. The VLAN(s) specified in this command are the only VLAN(s) the port will be member of (all previous settings related to trunk VLAN membership are discarded). Use a hyphen to designate a range of IDs. Separate nonconsecutive VLAN IDs with a comma and no spaces (range: 1-4094).

• add vlan-list—List of VLAN IDs to add to the port. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.

• remove vlan-list—List of VLAN IDs to remove from a port. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.

• except vlan-list—List of VLAN IDs including all VLANs from range 1-4094 except VLANs belonging to vlan-list.

Default Configuration

By default, trunk ports belongs to all created VLANs.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

Use the switchport trunk allowed vlan command to specify which VLANs the port belongs to when its mode is configured as trunk.

Non-existed VLANs can be configured. When a non-existed VLAN is created the port will add to it automatically.

Forbidden VLANs can be configured.

Example

To add VLANs 2,3 and 100 to trunk ports 1 to 13

switchxxxxxx(config)# interface range gi1/0/1-3
switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport trunk allowed vlan add 2-3,100
switchxxxxxx(config-if)

If an untagged packet arrives on a trunk port, it is directed to the port’s native VLAN. Use the switchport trunk native vlan Interface Configuration mode command to define the native VLAN for a trunk interface. Use the no form of this command to restore the default native VLAN.

Syntax

switchport trunk native vlan {vlan-id | none}

no switchport trunk native vlan

Parameters

• vlan-id—Specifies the native VLAN ID.

• none—Specifies the access port cannot belong to any VLAN.

Default Configuration

The default native VLAN is the Default VLAN.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

A value of the interface PVID is set to this VLAN ID.When the interface belongs to the Native VLAN it is set as VLAN untagged egress interface.

The configuration is applied only when the port mode is trunk.

Examples

The following example defines VLAN 2 as native VLAN for port gi1/0/1:

switchxxxxxx(config)# interface gi1/0/1
switchxxxxxx(config-if)# switchport trunk native vlan 2
switchxxxxxx(config-if)# exit

General ports can receive tagged or untagged packets. Use the switchport general allowed vlan Interface Configuration mode command to add/remove VLANs to/from a general port and configure whether packets on the egress are tagged or untagged. Use the no form of this command to reset to the default.

Syntax

switchport general allowed vlan add vlan-list [tagged | untagged]

switchport general allowed vlan remove vlan-list

no switchport general allowed vlan

Parameters

• add vlan-list—List of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. (range: 1–4094)

• remove vlan-list—List of VLAN IDs to remove. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.

• tagged—Specify that packets are transmitted tagged for the configured VLANs

• untagged—Specify that packets are transmitted untagged for the configured VLANs (this is the default)

Default Configuration

The port is not a member of any VLAN.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

If the interface is a forbidden member of an added VLAN, the interface does not become a member of this specific VLAN. There will be an error message in this case ("An interface cannot become a a member of a forbidden VLAN. This message will only be displayed once.") and the command continues to execute in case if there are more VLANs in the vlan-list.

A non-existed VLAN cannot be configured. When a VLAN is removed it is deleted from the vlan-list.

The configuration is applied only when the port mode is general.

Example

The example adds gi1/0/1 and to VLAN 2 and 3. Packets are tagged on the egress:

switchxxxxxx(config)# interface gi1/0/1
switchxxxxxx(config-if)# switchport general allowed vlan add 2-3 tagged

Use the switchport general pvid Interface Configuration mode command to configure the Port VLAN ID (PVID) of an interface when it is in general mode. Use the no form of this command to restore the default configuration.

Syntax

switchport general pvid vlan-id

no switchport general pvid

Parameters

• vlan-id—Specifies the Port VLAN ID (PVID).

Default Configuration

The PVID is the Default VLAN PVID.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

Examples

Example 1 - The following example sets the gi1/0/2 PVID to 234.

switchxxxxxx(config)# interface gi1/0/2
switchxxxxxx(config-if)# switchport general pvid 234

Example 2 - The following example performs the following:

• Adds VLANs 2&3 as tagged, and VLAN 100 as untagged to gi1/0/4

• Defines VID 100 as the PVID

  switchxxxxxx(config)# interface gi1/0/4
  switchxxxxxx(config-if)# switchport mode general
  switchxxxxxx(config-if)#  switchport general allowed vlan add 2-3 tagged
  switchxxxxxx(config-if)# switchport general allowed vlan add 100 untagged
  switchxxxxxx(config-if)# switchport general pvid 100
  switchxxxxxx(config-if)# exit
  

Use the switchport general ingress-filtering disable Interface Configuration mode command to disable port ingress filtering (no packets are discarded at the ingress) on a general port. Use the no form of this command to restore the default configuration.

Syntax

switchport general ingress-filtering disable

no switchport general ingress-filtering disable

Default Configuration

Ingress filtering is enabled.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

Example

The following example disables port ingress filtering on gi1/0/1.

switchxxxxxx(config)# interface gi1/0/1
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general ingress-filtering disable

The switchport general acceptable-frame-type Interface Configuration mode command configures the types of packets (tagged/untagged) that are filtered (discarded) on the interface. Use the no form of this command to return ingress filtering to the default.

Syntax

switchport general acceptable-frame-type {tagged-only | untagged-only | all}

no switchport general acceptable-frame-type

Parameters

• tagged-only—Ignore (discard) untagged packets and priority-tagged packets.

• untagged-only—Ignore (discard) VLAN-tagged packets (not including priority-tagged packets)

• all—Do not discard packets untagged or priority-tagged packets.

Default Configuration

All frame types are accepted at ingress (all).

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

Example

The following example configures port gi1/0/3 to be in general mode and to discard untagged frames at ingress.

switchxxxxxx(config)# interface gi1/0/3
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general acceptable-frame-type tagged-only

Use the switchport general forbidden vlan Interface Configuration mode command to forbid adding/removing specific VLANs to/from a port. Use the no form of this command to restore the default configuration.

Syntax

switchport general forbidden vlan {add vlan-list | remove vlan-list}

no switchport general forbidden vlan

Parameters

• add vlan-list—Specifies a list of VLAN IDs to add to interface. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.

• remove vlan-list—Specifies a list of VLAN IDs to remove from interface. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen designate a range of IDs.

Default Configuration

All VLANs are allowed.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

The forbidden VLAN cannot be one that does not exist on the system, or one that is already defined on the port.

Example

The following example define s gi1/0/4 as a forbidden membership in VLANs 5-7:

switchxxxxxx(config)# interface gi1/0/4
switchxxxxxx(config-if)# switchport general forbidden vlan add 5-7
switchxxxxxx(config-if)# exit

Use the switchport customer vlan Interface Configuration mode command to set the port's VLAN when the interface is in customer mode (set by the switchport mode command). Use the no form of this command to restore the default configuration.

Syntax

switchport customer vlan vlan-id

no switchport customer vlan

Parameters

• vlan-id—Specifies the customer VLAN.

Default Configuration

No VLAN is configured as customer.

Command Mode

Interface (Ethernet, Port Channel) Configuration mode

User Guidelines

When a port is in customer mode it is in QinQ mode. This enables the user to use their own VLAN arrangements (PVID) across a provider network. The switch is in QinQ mode when it has one or more customer ports.

Example

The following example defines gi1/0/4 as a member of customer VLAN 5.

switchxxxxxx(config)# interface gi1/0/4
switchxxxxxx(config-if)# switchport mode customer
switchxxxxxx(config-if)# switchport customer vlan 5

Use the show interfaces switchport Privileged EXEC command to display the administrative and operational status of all interfaces or a specific interface.

Syntax

show interfaces switchport [interface-id]

Parameters

• Interface-id—Specifies an interface ID. The interface ID can be one of the following types: Ethernet port or port-channel.

Command Mode

Privileged EXEC mode

Default

Displays the status of all interfaces.

User Guidelines

Each port mode has its own private configuration. The show interfaces switchport command displays all these configurations, but only the port mode configuration that corresponds to the current port mode displayed in "Administrative Mode" is active.

Example

switchxxxxxx# show interfaces switchport gi1/0/1
Gathering information...
S-VLAN Ethernet Type: 0x88a8 (802.1ad)
VLAN Mapping Tunnel L2 protocols Global CoS: 6
Name: gi1/0/1
Switchport: enable
Administrative Mode: access
Operational Mode: down
Access Mode VLAN: 1
Access Multicast TV VLAN: none
Trunking Native Mode VLAN: 1
Trunking VLANs: 1
                2-4094 (Inactive)
General PVID: 1
General VLANs: none
General Egress Tagged VLANs: none
General Forbidden VLANs: none
General Ingress Filtering: enabled
General Acceptable Frame Type: all
General GVRP status: Enabled
General GVRP VLANs: none
Customer Mode VLAN: none
VLAN Mapping Tunnel:
S-VLAN Ethernet Type: 0x8100 (802.1q)
C-VLANs                 Outer S-VLAN
--------------------    ------------
2                       12
12,16-18                100
default                 1100
VLAN Mapping Tunnel L2 protocols S-VLAN: 100
VLAN Mapping Tunnel L2 protocols Interface CoS: 6 (global)
VLAN Mapping Tunnel L2 protocols forward enabled: cdp,stp
Drop Threshold: 4 kbps (default)
VLAN Mapping One-to-one:
C-VLANs                 Translated S-VLAN
--------------------    ----------------------
2                       102
12                      112
100                     10
Private-vlan promiscuous-association primary VLAN: none
Private-vlan promiscuous-association Secondary VLANs: none
Private-vlan host-association primary VLAN: none
Private-vlan host-association Secondary VLAN: none
Protected: Enabled, Uplink is gi1/0/1
Classification rules:
Classification Type   Group ID   VLAN ID
-------------------   --------   -------
Protocol                   1        19
Protocol                   1        20
Protocol                   2        72
Subnet                     1        15
MAC                        1        77

Use the vlan prohibit-internal-usage command in Global configuration mode to specify VLANs that cannot be used by the switch as internal VLANs.

Syntax

vlan prohibit-internal-usage none | {add | except | remove} vlan-list

Parameters

• none—The Prohibit Internal Usage VLAN list is empty: any VLAN can be used by the switch as internal.

• except—The Prohibit Internal Usage VLAN list includes all VLANs except the VLANs specified by the vlan-list argument: only the VLANs specified by the vlan-list argument can be used by the switch as internal.

• add—Add the given VLANs to the Prohibit Internal Usage VLAN list.

• remove—Remove the given VLANs from the Prohibit Internal Usage VLAN list.

• vlan-list—List of VLAN. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. The VLAN ID that can be used is from 1 through 4094.

Default Configuration

The Prohibit Internal usage VLAN list is empty.

Command Mode

Global Configuration mode

User Guidelines

The switch requires an internal VLAN in the following cases:

• One VLAN for each IP interface is defined directly on an Ethernet port or on a Port channel.

• One VLAN for each IPv6 tunnel.

• One VLAN for 802.1x.

When a switch needs an internal VLAN it takes a free VLAN with the highest VLAN ID.

Use the vlan prohibit-internal-usage command to define a list of VLANs that cannot be used as internal VLANs after reload.

If a VLAN was chosen by the software for internal usage, but you want to use that VLAN for a static or dynamic VLAN, do one of the following

• Add the VLAN to the Prohibited User Reserved VLAN list.

• Copy the Running Configuration file to the Startup Configuration file

• Reload the switch

• Create the VLAN

Use the show vlan internal usage Privileged EXEC mode command to display a list of VLANs used internally by the device (defined by the user).

Syntax

show vlan internal usage

Command Mode

Privileged EXEC mode

Example

The following example displays VLANs used internally by the switch:

show vlan internal usage

User Reserved VLAN list after reset: 4010,4012,4080-4094
Current User Reserved VLAN list: 4010,4012,4090-4094
VLAN   Usage
----   --------
4089   gi1/0/2
4088   gi1/0/3
4087   tunnel 1
4086   802.1x