Configuring VLANs | CCNA Exam Cram[tm] 2 (Exams 640-821, 640-811, 640-801)

There are three methods that can be used to assign a switch port to a particular VLAN. They are port-centric, static, and dynamic. In a port-centric configuration , all nodes that are connected to ports within the same VLAN are given the same VLAN ID. In this type of configuration, the network administrator's job is much easier because of the ease of administering the VLAN.

In a static VLAN configuration the ports on a switch are hard coded and remain in effect until the administrator changes them. This type of configuration is typical of a network that is very well monitored , where changes are unlikely .

The third type of port configuration is dynamic . This type of configuration involves more overhead on setup for the administrator because of the database configuration. The ports on these switches automatically determine their assigned VLAN. The VLAN assignment is determined by the type of protocol (within a packet), MAC address, and logical addressing. A major benefit of this type of configuration is that the administrator will notice any unauthorized or new user is on the network. If a workstation happens to be connected to a port which is unassigned , the switch will record the MAC address of the computer and check its database to determine which VLAN to assign the workstation to.

In the rest of this chapter, we look at the Cisco commands used to configure, monitor, and maintain VLANs and trunk connections.

Before you begin creating VLANs, you must determine whether the switch will participate in a VTP domain that will synchronize VLAN configuration with the rest of the network. Also, if you want to use VLANs across multiple switches, a trunk connection must be made to interconnect the switches.

The steps required to configure VLANs are as follows :

Enable VTP (optional).
Enable trunking (optional).
Create VLANs.
Assign VLANs to ports.

Enabling VTP

When adding a new switch to an existing domain, it is good practice to add it in VTP client mode initially. This way, you can prevent the switch from propagating incorrect VLAN information to other switches. In the following example, however, we are setting up a new VTP domain and will place the switch into server mode. The commands to do so are as follows:

 1900#conf terminal Enter configuration commands, one per line. End with CNTL/Z 1900(config)#vtp server 1900(config)#vtp domain ccnalab

To verify VTP information, use the show vtp command from EXEC privileged mode:

 hostname#  show vtp  VTP version: 1    Configuration revision: 3    Maximum VLANs supported locally: 1005    Number of existing VLANs: 5    VTP domain name     : ccnalab    VTP password      : vtp_server    VTP operating mode   : Server    VTP pruning mode    : Enabled    VTP traps generation  : Enabled    Configuration last modified by: 0.0.0.0 at 00-00-0000 00:00:00

Enabling Trunking

The next step is to create a trunk connection to other switches that will be sharing VLAN information. In the following example, assume that we are connecting two Catalyst 1900 switches via their 100BASE-T ports using a crossover category 5 Ethernet cable. We are using the FastEthernet ports known in the IOS as f0/26.

The trunk command has five options: on, off, desirable, auto, and non-negotiate. Table 9.3 shows the function of each trunk mode.

Table 9.3. Trunk Command Options

Option	Function
On	Port goes into permanent ISL trunk mode. Negotiates with the connected device to convert the link to a trunk.
Off	Disables trunking on this port. Negotiates with the connected device to convert the link to non-trunk.
Desirable	Port will enter trunk mode if the connected device is set to on, desirable, or auto; otherwise , port is a non-trunk.
Auto	Port will enter trunk mode if the connected device is set to on or desirable; otherwise, port is a non-trunk.
Non-Negotiate	Port goes into permanent ISL trunk mode, but no negotiation takes place with the connected device.

To enable trunking on a port, enter interface configuration mode for the desired port first, and then use the trunk command with the appropriate option, as shown here:

 1900#conf terminal Enter configuration commands, one per line. End with CNTL/Z 1900(config)#interface f0/26 1900(config-if)#trunk on

The same configuration must be executed for the appropriate port on the connected device. Because we set the trunk to on mode in the previous example, the corresponding port must be set to on, auto, or desirable for the trunk connection to be established.

To verify the trunk operation, use the show trunk command. Its syntax is as follows:

 show trunk [a  b]

A Catalyst 1900 switch has two FastEthernet ports that can act as trunk connections. They are known as interfaces f0/26 and f0/27. When using the show trunk command, option A refers to the first trunk port (in this case, f0/26). Option B is for port f0/27. So, to see the trunking status for FastEthernet port A (f0/26), use the following command:

 1900#show trunk a DISL state: On, Trunking: On, Encapsulation type: ISL

Creating VLANs

To create a new VLAN, use the vlan command from global configuration mode. This command has several options that can be specified, but for our purposes, all we need to have is a four-digit number to identify the VLAN and a name for it. Each VLAN must have a unique numeric ID, which can be any number from 1 to 1005.

We will create a VLAN called Engineering and make it VLAN 2:

 hostname(config)# vlan 2 name Engineering

To verify the configuration of the VLAN, use the show vlan vlan# command:

 1900#show vlan 2 VLAN Name      Status     Ports ---------      ------     ----- 2 Engineering    Enabled -------------    ------- VLAN Type    SAID   MTU  Parent RingNo BridgeNo Stp  Trans1 Trans2 ---------    ----   ---  ------ ------ -------- ---  ------ ------ 2 Ethernet   100009 1500 0      1      1        Unkn 0      0

Assigning VLAN to Ports

Now that the VLAN has been created, you can statically assign which ports will be members of the VLAN. A port can belong to only one VLAN at a time. By default, all ports are members of VLAN 1.

To assign a VLAN to a port, enter interface configuration mode for the appropriate port, then use the vlan-membership command:

 1900#conf terminal Enter configuration commands, one per line. End with CNTL/Z 1900(config)#interface ethernet 0/8 1900(config-if)#vlan-membership static 2

To verify VLAN membership and to see which ports belong to what VLAN, use the show vlan-membership command:

 hostname# show vlan-membership Port  VLAN Membership Type  Port VLAN Membership Type ----  ---- ---------------  ---- ---- ---------------  1    1    Static           14   2    Static  2    1    Static           15   2    Static  3    1    Static           16   2    Static  4    1    Static           17   2    Static  5    1    Static           18   2    Static  6    1    Static           19   2    Static  7    1    Dynamic          20   2    Static  8    1    Dynamic          21   2    Static  9    1    Dynamic          22   2    Static  10   1    Dynamic          23   2    Static  11   1    Dynamic          24   2    Static  12   1    Dynamic          AUI  2    Static  13   1    Dynamic  A    1    Static  B    2    Static

Using the Web Interface

Catalyst 1900 and 2820 switches come with a built-in Web server that can be used for monitoring and configuring the switch. It is very visually oriented and allows you to change configuration options in a point-and-click environment. All you have to know is the IP address of the switch, and you can point your Web browser to the switch's IP address. If the switch has been configured with a password, you will have to enter it to use the Web interface.