Creating VLANs

Apr 1, 2011 · 5 min read · Catalyst switch CCENT CCNA Cisco cisco Cisco IOS ICND1 ICND2 Local Area Network Network performance networking router technology tutorial Tutorials Virtual LAN ·

Share on:

Today this tutorial is going to be talking about creating VLANs (Virtual Local Area Networks) with a Cisco Catalyst switch. By creating a VLAN you are separating the network, why would you do this? There are some several reasons, like separating your production network from a guest network, and separating a test environment from a production network. This all adds security to your network. You can separate core critical network components from the rest of the production network for added security, easier troubleshooting along with separating or segmenting your network. This is breaking up the broadcast domains into smaller chucks, which will improve your network performance. Let's get started! By default if no configuration is applied to a switch, you just turned it on and plugged in networking devices, all of them are in a VLAN already, called VLAN 1. This is great if you know nothing about switch configuration and want something that works out of the box. But this also provides a security risk and if enough devices are connected this will slow down your network performance. VLANs separate the network so in order for VLANs to communicate a layer three device (router) is needed in order for VLAN communication. When you dive into VLANs there is a lot of information! For this tutorial we are just going to be creating a VLAN and that's it. So let's create a VLAN on a single switch.

For this tutorial we are going to put the ports fa0/1 – 10 into an access mode
Then apply a VLAN 2 on ports fa0/1 – 10.

(Sample Output) [code] Switch>enable Switch#configure terminal Switch(config)#interface range fastEthernet 0/1 - 10 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 2 %LINK-5-CHANGED: Interface Vlan2, changed state to up % Access VLAN does not exist. Creating vlan 2 Switch(config-if-range)#exit[/code] If we issue the command show vlan in privilege EXEC mode we can see that VLAN 2 has been created and the interfaces VLAN 2 is configured to (Sample Output) [code] Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24 2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Switch#[/code] Although numbers are ok, let's create a named VLAN. A named VLAN helps us remember what the purpose of that VLAN does. The steps are almost the same here is the following, you could also change VLAN 2 into a named VLAN as well by doing lines 3 and 6.

For this tutorial we are going to put ports fa0/11 -20 into access mode.
Then apply a name VLAN called Support on ports fa0/11 – 20.

(Sample Output) [code] Switch(config)#interface vlan 3 Switch(config-if)#exit Switch(config)#vlan 3 %LINK-5-CHANGED: Interface Vlan3, changed state to up Switch(config-vlan)#name Support Switch(config-vlan)#exit Switch(config)#interface range fa0/11 - 20 Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan 3 Switch(config-if-range)#exit Switch(config)#exit[/code] If we issue the command show vlan in privilege EXEC mode we can see that VLAN 3 (Support) has been created and the interfaces VLAN 3 (Support) is configured to. (Sample Output) [code] Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/21, Fa0/22, Fa0/23, Fa0/24 2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10 3 Support active Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 3 enet 100003 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ Switch#[/code] So in the end we have three VLANs on this switch, VLAN 1, VLAN 2, VLAN 3 (Support). If we connected PCs to these three different VLANs none of them would be able to communicate, because each VLAN is like a different network. So you would need to configure a router in order for inter-vlan commutation to work also called router on a stick. I hope this tutorial was helpful if you have questions, comment below.