Configuring VLANs

Information About VLANs

Understanding VLANs

A VLAN is a group of end stations in a switched network that is logically segmented by function or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment.

Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in that VLAN. Each VLAN is considered as a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router. The following figure shows VLANs as logical networks. The stations in the engineering department are assigned to one VLAN, the stations in the marketing department are assigned to another VLAN, and the stations in the accounting department are assigned to another VLAN.

VLANs are usually associated with IP subnetworks. For example, all the end stations in a particular IP subnet belong to the same VLAN. To communicate between VLANs, you must route the traffic.

By default, a newly created VLAN is operational; that is, the newly created VLAN is in the no shutdown condition. Additionally, you can configure VLANs to be in the active state, which is passing traffic, or the suspended state, in which the VLANs are not passing packets. By default, the VLANs are in the active state and pass traffic.

VLAN Ranges


Note

The extended system ID is always automatically enabled in Cisco NX-OS devices.

The device supports up to 4094 VLANs in accordance with the IEEE 802.1Q standard. The software organizes these VLANs into ranges, and you use each range slightly differently.

For information about configuration limits, see the documentation for your switch.

This table describes the VLAN ranges.

Table 1. VLAN Ranges

VLANs Numbers

Range

Usage

1

Normal

Cisco default. You can use this VLAN, but you cannot modify or delete it.

2 to 1005

Normal

You can create, use, modify, and delete these VLANs.

1006 to 3967 and 4048 to 4093

Extended

You can create, name, and use these VLANs. You cannot change the following parameters:

  • The state is always active.

  • The VLAN is always enabled. You cannot shut down these VLANs.

3968 to 4047 and 4094

Internally allocated

These 80 VLANs and VLAN 4094 are allocated for internal device use. You cannot create, delete, or modify any VLANs within the block reserved for internal use.

Note

 

Reserved VLAN range is 3864-4095 for Nexus 3132Q-V 31108PC-V and 31108TC-V switches.

The software allocates a group of VLAN numbers for features such as multicast and diagnostics that need to use internal VLANs for their operation. You cannot use, modify, or delete any of the VLANs in the reserved group. You can display the VLANs that are allocated internally and their associated use.

  • Reserved VLAN range for Cisco Nexus 3172PQ-XL switch is 3864-4095.

  • Reserved VLAN range for Cisco Nexus 3132C-Z switch is 3832-4095.

Creating, Deleting, and Modifying VLANs

VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values. You cannot create, delete, or suspend activity in the default VLAN.

You create a VLAN by assigning a number to it. You can delete VLANs as well as move them from the active operational state to the suspended operational state. If you attempt to create a VLAN with an existing VLAN ID, the switch goes into the VLAN submode but does not create the same VLAN again.

Newly created VLANs remain unused until ports are assigned to the specific VLAN. All the ports are assigned to VLAN1 by default.

Depending on the range of the VLAN, you can configure the following parameters for VLANs (except the default VLAN):

  • VLAN name

  • Shutdown or not shutdown

When you delete a specified VLAN, the ports associated to that VLAN are shut down and no traffic flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to that VLAN.


Note

Commands entered in the VLAN configuration submode are immediately executed.

VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used.

About the VLAN Trunking Protocol

VTP is a distributed VLAN database management protocol that synchronizes the VTP VLAN database across domains. A VTP domain includes one or more network switches that share the same VTP domain name and that are connected with trunk interfaces.

Guidelines and Limitations for VTP

VTP has the following configuration guidelines and limitations:

  • When a switch is configured as a VTP client, you cannot create VLANs on the switch in the range of 1 to 1005.

  • VLAN 1 is required on all trunk ports used for switch interconnects if VTP is supported in the network. Disabling VLAN 1 from any of these ports prevents VTP from functioning properly.

  • If you enable VTP, you must configure either version 1 or version 2.

  • The show running-configuration command does not show VLAN or VTP configuration information for VLANs 1 to 1000.

  • VTP pruning is not supported.

  • Private VLANs (PVLANs) are supported only when the switch is in transparent mode.

  • When a switch is configured in VTP client or server mode, VLANs 1002 to1005 are reserved VLANs.

  • You must enter the copy running-config startup-config command followed by a reload after changing a reserved VLAN range. For example: 

    switch(config)# system vlan 2000 reserve 
This will delete all configs on vlans 2000-2127. Continue anyway? (y/n) [no] y

    After the switch reload, VLANs 2000 to 2127 are reserved for internal use, which requires that you enter the copy running-config startup-config command before the switch reload. Creating VLANs within this range is not allowed.

Configuring a VLAN

Creating and Deleting a VLAN

You can create or delete all VLANs except the default VLAN and those VLANs that are internally allocated for use by the switch. Once a VLAN is created, it is automatically in the active state.


Note

When you delete a VLAN, ports associated to that VLAN shut down. The traffic does not flow and the packets are dropped.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# vlan {vlan-id | vlan-range}
  3. switch(config-vlan)# no vlan {vlan-id | vlan-range}

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# vlan {vlan-id | vlan-range}

Creates a VLAN or a range of VLANs.

If you enter a number that is already assigned to a VLAN, the switch puts you into the VLAN configuration submode for that VLAN. If you enter a number that is assigned to an internally allocated VLAN, the system returns an error message. However, if you enter a range of VLANs and one or more of the specified VLANs is outside the range of internally allocated VLANs, the command takes effect on only those VLANs outside the range. The range is from 2 to 4094; VLAN1 is the default VLAN and cannot be created or deleted. You cannot create or delete those VLANs that are reserved for internal use.

Step 3

switch(config-vlan)# no vlan {vlan-id | vlan-range}

Deletes the specified VLAN or range of VLANs and removes you from the VLAN configuration submode. You cannot delete VLAN1 or the internally allocated VLANs.

Example

This example shows how to create a range of VLANs from 15 to 20:

switch# configure terminal

switch(config)# vlan 15-20

Note

You can also create and delete VLANs in the VLAN configuration submode.

Configuring a VLAN

To configure or modify the VLAN for the following parameters, you must be in the VLAN configuration submode:

  • Name

  • Shut down


Note

You cannot create, delete, or modify the default VLAN or the internally allocated VLANs. Additionally, some of these parameters cannot be modified on some VLANs.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# vlan {vlan-id | vlan-range}
  3. switch(config-vlan)# name vlan-name
  4. switch(config-vlan)# state {active | suspend}
  5. (Optional) switch(config-vlan)# no shutdown

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# vlan {vlan-id | vlan-range}

Enters VLAN configuration submode. If the VLAN does not exist, the system first creates the specified VLAN.

Step 3

switch(config-vlan)# name vlan-name

Names the VLAN. You can enter up to 32 alphanumeric characters to name the VLAN. You cannot change the name of VLAN1 or the internally allocated VLANs. The default value is VLANxxxx where xxxx represents four numeric digits (including leading zeroes) equal to the VLAN ID number.

Step 4

switch(config-vlan)# state {active | suspend}

Sets the state of the VLAN to active or suspend. While the VLAN state is suspended, the ports associated with this VLAN are shut down, and that VLAN does not pass any traffic. The default state is active. You cannot suspend the state for the default VLAN or VLANs 1006 to 4094.

Step 5

(Optional) switch(config-vlan)# no shutdown

(Optional)

Enables the VLAN. The default value is no shutdown (or enabled). You cannot shut down the default VLAN, VLAN1, or VLANs 1006 to 4094.

Example

This example shows how to configure optional parameters for VLAN 5: 

switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# name accounting
switch(config-vlan)# state active
switch(config-vlan)# no shutdown

Adding Ports to a VLAN

After you have completed the configuration of a VLAN, assign ports to it.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# interface {ethernet slot/port | port-channel number}
  3. switch(config-if)# switchport access vlan vlan-id

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# interface {ethernet slot/port | port-channel number}

Specifies the interface to configure, and enters the interface configuration mode. The interface can be a physical Ethernet port or an EtherChannel.

Step 3

switch(config-if)# switchport access vlan vlan-id

Sets the access mode of the interface to the specified VLAN.

Example

This example shows how to configure an Ethernet interface to join VLAN 5:

switch# configure terminal

switch(config)# interface ethernet 1/13

switch(config-if)# switchport access vlan 5

Configuring a VLAN as a Routed SVI

You can configure a VLAN to be a routed switch virtual interface (SVI).

Before you begin

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# feature interface-vlan
  3. switch(config)# interface-vlan vlan-id
  4. switch(config-if)# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# feature interface-vlan

Enables the creation of SVIs.

Step 3

switch(config)# interface-vlan vlan-id

Creates a VLAN interface (SVI) and enters interface configuration mode.

Step 4

switch(config-if)# copy running-config startup-config

Copies the running configuration to the startup configuration.

Example

This example shows how to configure a VLAN as a routed SVI: 
switch# configure terminal
switch(config)# feature interface-vlan
switch(config)# interface vlan 5
switch(config-if)# copy running-config startup-config
switch(config-if)#

This example shows how to remove the routed SVI function from a VLAN: 

switch# configure terminal
switch(config)# no interface vlan 5
switch(config-if)# copy running-config startup-config
switch(config-if)#

What to do next

You can configure routing protocols on this interface.

Configuring a VLAN as a Management SVI

You can configure a VLAN to be a management switch virtual interface (SVI).

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# feature interface-vlan
  3. switch(config)# interface-vlan vlan-id management
  4. switch(config-if)# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# feature interface-vlan

Enables the creation of SVIs.

Step 3

switch(config)# interface-vlan vlan-id management

Creates a VLAN interface (SVI) and configures the SVI to be used for in-band management.

Step 4

switch(config-if)# copy running-config startup-config

Copies the running configuration to the startup configuration.

Example

This example shows how to configure a VLAN as a management SVI: 
switch# configure terminal
switch(config)# feature interface-vlan
switch(config)# interface vlan 5
switch(config-if)# management
switch(config-if)# copy running-config startup-config
switch(config-if)#

This example shows how to remove the management function from an SVI: 

switch# configure terminal
switch(config)# interface vlan 5
switch(config-if)# no management
switch(config-if)# copy running-config startup-config
switch(config-if)#

Configuring VTP

You can enable VTP and then configure the VTP mode (server [default], client, transparent, or off). If you enable VTP, you must configure either version 1 or version 2. If you are using VTP in a Token Ring environment, you must use version 2.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# feature vtp
  3. switch(config)# vtp domain domain-name
  4. switch(config)# vtp version {1 | 2}
  5. switch(config)# vtp file file-name
  6. switch(config)# vtp password password-value
  7. switch(config)# exit
  8. (Optional) switch# show vtp status
  9. (Optional) switch# show vtp counters
  10. (Optional) switch# show vtp interface
  11. (Optional) switch# show vtp password
  12. (Optional) switch# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# feature vtp

Enables VTP on the device. The default is disabled.

Step 3

switch(config)# vtp domain domain-name

Specifies the name of the VTP domain that you want this device to join. The default is blank.

Step 4

switch(config)# vtp version {1 | 2}

Sets the VTP version that you want to use. The default is version 1.

Step 5

switch(config)# vtp file file-name

Specifies the ASCII filename of the IFS file system file where the VTP configuration is stored.

Step 6

switch(config)# vtp password password-value

Specifies the password for the VTP administrative domain.

Step 7

switch(config)# exit

Exits the configuration submode.

Step 8

(Optional) switch# show vtp status

(Optional)

Displays information about the VTP configuration on the device, such as the version, mode, and revision number.

Step 9

(Optional) switch# show vtp counters

(Optional)

Displays information about VTP advertisement statistics on the device.

Step 10

(Optional) switch# show vtp interface

(Optional)

Displays the list of VTP-enabled interfaces.

Step 11

(Optional) switch# show vtp password

(Optional)

Displays the password for the management VTP domain.

Step 12

(Optional) switch# copy running-config startup-config

(Optional)

Copies the running configuration to the startup configuration.

Example

This example shows the VTP status and that the switch is capable of supporting Version 2 and that the switch is running Version 1: 

switch(config)# show vtp status
VTP Status Information
----------------------
VTP Version                     : 2 (capable)
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 502
VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                : Disabled (Operationally Disabled)
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 Digest                      : 0xF5 0xF1 0xEC 0xE7 0x29 0x0C 0x2D 0x01
Configuration last modified by 60.10.10.1 at 0-0-00 00:00:00
VTP version running             : 1

Verifying the VLAN Configuration

Use one of the following commands to verify the configuration:

Command

Purpose

switch# show running-config vlan [vlan_id | vlan_range]

Displays VLAN information.

Note

 

Starting with Release 7.0(3)I2(1), the output of show running-config vlan displays the VLAN output multiple times. There is no functional impact of this behavior change.

switch# show vlan [brief | id [vlan_id | vlan_range] | name name | summary ]

Displays selected configuration information for the defined VLAN(s).