Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches
For details on VTP, refer to Understanding and Configuring VLAN Trunk Protocol
You can check the VTP status on the XL Series Switches, by using the show vtp status command.
3524XL#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 254
Number of existing VLANs : 5
VTP Operating Mode : Server!-- This is the default mode
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Step 2 By default, there is only a single VLAN for all ports, and this VLAN is called the default. VLAN1 cannot be renamed or deleted. You can run show vlan command to check the VLAN information.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
3524XL#
Use the following set of commands in the privileged mode to create another VLAN:
3524XL#vlan database!-- You have to enter into vlan database, to configure any VLAN
3524XL(vlan)#vtp server
Device mode already VTP SERVER.
!-- You may skip the above command, if the switch is already in server mode,
and you want the switch to be in server mode
Note: A switch is only allowed to create VLANs if it is in VTP server or VTP transparent modes. For details on VTP, please refer to the Understanding and Configuring VLAN Trunk Protocol (VTP) document.
3524XL(vlan)#vlan ?
<1-1005> ISL VLAN index
3524XL(vlan)#vlan 2 ?
are Maximum number of All Route EXPlorer hops for this VLAN
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or zero
if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or zero
if none)
3524XL(vlan)#vlan 2 name ?
Word The ASCII name for the VLAN
3524XL(vlan)#vlan 2 name cisco_vlan_2
VLAN 2 added:
Name: cisco_vlan_2
3524XL(vlan)#exit!
-- You have to exit from the VLAN database, for the changes to be committed
APPLY completed.
Exiting....
3524XL#
Step 3 Make sure that the VLAN is created by running the show vlan command.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1, Gi0/2
2 cisco_vlan_2 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
Step 4 You may want to add the ports (interfaces) in the newly created VLAN. You have to go to interface configuration mode for each of the interfaces that you want to add into the new VLAN. Use the following set of commands in the privileged mode to add a particular interface in the VLAN.
3524XL#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3524XL(config)#interface fastEthernet 0/2
3524XL(config-if)#switchport Access ?
vlan Set VLAN when interface is in access mode
3524XL(config-if)#switchport access vlan ?
<1-1001> VLAN ID of the VLAN when this port is in access mode
dynamic When in access mode, this interfaces VLAN is controlled by VMPS
3524XL(config-if)#switchport access vlan 2!-- Assigning interface fa0/2 to vlan 2
3524XL(config-if)#exit
3524XL(config)#interface fastEthernet 0/3
3524XL(config-if)#switchport access vlan 2!-- Assigning interface fa0/3 to vlan 2
3524XL(config-if)#end
3524XL#
00:55:26: %SYS-5-CONFIG_I: Configured from console by console
3524XL#wr mem!-- Saving the configuration
Building configuration...
Step 5 Verify VLAN configuration by using show vlan command.
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6,
Fa0/7, Fa0/8, Fa0/9, Fa0/10,
Fa0/11, Fa0/12, Fa0/13, Fa0/14,
Fa0/15, Fa0/16, Fa0/17, Fa0/18,
Fa0/19, Fa0/20, Fa0/21, Fa0/22,
Fa0/23, Fa0/24, Gi0/1, Gi0/2
2 cisco_vlan_2 active Fa0/2, Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
To remove ports from the VLAN, use the no switchport access vlan
For example, if you want to remove interface Fa0/2 from cisco_vlan_2 (VLAN 2), use the following set of commands in the privileged mode:
3524XL#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
3524XL(config)#interface fastEthernet 0/2
3524XL(config-if)#no switchport access vlan 2!
-- Removing interface fa0/2 from vlan 2
3524XL(config-if)#end
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5,
!-- Note that Fa0/2 is added back,
to the default vlan
Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17,
Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24, Gi0/1,
Gi0/2
2 cisco_vlan_2 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 IBM - 0 0
1005 trnet 101005 1500 - - 1 IBM - 0 0
3524XL#
To delete the VLAN, use no vlan
For example, if you want to delete cisco_vlan_2 from the switch, use the following set of commands in the privileged mode:
3524XL#vlan database!-- Entering the vlan database mode
3524XL(vlan)#no vlan 2!-- Removing the VLAN from the database
Deleting VLAN 2...
3524XL(vlan)#exit
APPLY completed.
Exiting....
3524XL#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5,
Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17,
Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24, Gi0/1,
Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
(Output Suppressed...)
Notice that port Fa0/3 is not displayed in the above show vlan command, as it is deactivated by the removal of VLAN 2. Unless you add it back in any other VLAN, it will not be displayed noruseable.
3524XL#show interfaces fastEthernet 0/3
FastEthernet0/3 is down, line protocol is down
(Output Suppressed...)
Configuring Multi-VLAN Port on Catalyst 2900 XL/35
Step 1: In the lab, to show how the multi-VLAN port is configured, we have created three VLANs on a Catalyst 3512 XL switch, and one port of the switch is connected to an external router. The port connected to the router will be configured as a multi-VLAN port.
6-3512xl#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7,
Fa0/8, Fa0/9, Fa0/10, Fa0/11,
Fa0/12, Gi0/1, Gi0/2
2 VLAN0002 active Fa0/2, Fa0/4
3 VLAN0003 active Fa0/5
4 VLAN0004 active
5 VLAN0005 active
6 VLAN0006 active
Here, port Fa0/1 is connected to external router. For more information on learning how to create VLANs and assigning ports to VLANs, refer to the Configuring the VLAN on Catalyst 2900/3500 XL, 2950, and 3550 Series Switches section of this document.
Step 2: Configure the Fa0/1 port in multi-VLAN mode, and add assigned VLANs to the multi-VLAN port.
6-3512xl#configure t
Enter configuration commands, one per line. End with CNTL/Z.
6-3512xl(config)#int fa0/1
6-3512xl(config-if)#switchport mode multi
!
-- The port Fa0/1 mode is changed to multi.
6-3512xl(config-if)#switchport multi vlan ?
LINE VLAN IDs of VLANs to be used in multi-VLAN mode
add add VLANs to the current list
remove remove VLANs from the current list
6-3512xl(config-if)#switchport multi vlan 1,2,3
!-- VLANs 1, 2, and 3 are assigned to multi-VLAN port Fa0/1.
6-3512xl(config-if)#^Z
6-3512xl#
Step 3: Verify the configuration by issuing the show vlan and show interface
6-3512xl#show interface fa0/1 switchport
Name: Fa0/1
Operational Mode: multi
!-- The port is in multi-VLAN mode.
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
6-3512xl#
6-3512xl#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7,
Fa0/8, Fa0/9, Fa0/10, Fa0/1
Fa0/12, Gi0/1, Gi0/2
2 VLAN0002 active Fa0/1, Fa0/2, Fa0/4
!-- Note that previously, port Fa0/1 was only in VLAN 1, now it's assigned to multiple VLANs, 1, 2, and 3.
3 VLAN0003 active Fa0/1, Fa0/5
4 VLAN0004 active
5 VLAN0005 active
Step 4: You can verify the multi-VLAN operation by issuing the ping command from switch to router. The ping command should get a reply from the router every time the management IP address is assigned to any of the VLANs 1, 2, or 3.
6-3512xl#configure t
Enter configuration commands, one per line. End with CNTL/Z.
6-3512xl(config)#int vlan 1
6-3512xl(config-if)#ip address 192.168.1.1 255.255.255.0
!-- The management IP address is assigned to VLAN 1.
6-3512xl(config-if)#^Z
6-3512xl#
23:56:54: %SYS-5-CONFIG_I: Configured from console by console
6-3512xl#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
SUCcess rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
6-3512xl#ping 192.168.1.2
!-- You can ping the router from VLAN 1.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
6-3512xl#
6-3512xl#configure t
Enter configuration commands, one per line. End with CNTL/Z.
6-3512xl(config)#int vlan 1
6-3512xl(config-if)#no ip address
!
-- The management IP address is removed from VLAN 1.
6-3512xl(config-if)#shutdown
6-3512xl(config-if)#exit
6-3512xl(config)#int vlan 2
6-3512xl(config-subif)#ip address 192.168.1.1 255.255.255.0
6-3512xl(config-subif)#no shutdown
!-- The management IP address is assigned to VLAN 2.
6-3512xl(config-subif)#exit
6-3512xl(config)#exit
6-3512xl#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
6-3512xl#ping 192.168.1.2
!-- We can ping the router from VLAN 2.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1004 ms
6-3512xl#
6-3512xl#configure t
Enter configuration commands, one per line. End with CNTL/Z.
6-3512xl(config)#int vlan 2
6-3512xl(config-subif)#no ip address
!-- The management IP address is removed from VLAN 2.
6-3512xl(config-subif)#shutdown
6-3512xl(config-subif)#exit
6-3512xl(config)#int vlan 3
6-3512xl(config-subif)#ip address 192.168.1.1 255.255.255.0
6-3512xl(config-subif)#no shut
!-- The management IP address is assigned to VLAN 3.
6-3512xl(config-subif)#exit
6-3512xl(config)#exit
6-3512xl#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
6-3512xl#ping 192.168.1.2
!-- You can ping the router from VLAN 3.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/205/1004 ms
6-3512xl#
