Lab 7 Goals
● Understand VLANs and broadcast domains
● Create VLANs
● Assign interfaces to the new VLANs
Lab Requirements
● Switch configured with Lab 2 configuration
● PC configured with
IP address 192.168.1.2 255.255.255.0
● Cisco rollover (console) cable
● Ethernet cable
For this lab, use the console port to manage the switch.
VLANs are a feature of Cisco® switches. VLANs (Virtual LANs) allow multiple broadcast domains to be configured on one or more switches, configuring a set of switch interfaces as a broadcast domain. This lab will create VLANs and assign interfaces to those new VLANs.
Broadcast Domain Review
● A broadcast is a data transmission to all devices that communicate at Layer 2, or the Datalink layer. Remember the example of the ARP request in the previous lab. A broadcast has a destination address of all binary 1’s, or hex address of ffff.ffff.ffff.
● All devices in a broadcast domain “hear” all data transmissions, broadcasts. (This explanation is very brief and incomplete. Insure that you fully understand broadcasts, broadcast domains, how bridges/switches process broadcasts.)
● A VLAN is a broadcast domain. It is a group of ports configured on one or more switches by a network administrator that can communicate at Layer 2. The ports in a VLAN will “hear” a broadcast from one of the devices in the same VLAN.
● Cisco switches initially have one VLAN: VLAN 1. All ports are in VLAN 1. VLAN 1 can be shut down, but it cannot be deleted.
(All future labs will show commands in enable mode. The commands to access enable mode will not be shown in future exercises.)
As noted above, a VLAN is a group of switch ports configured as a single broadcast domain. To display the VLAN port assignment, use the "show vlan" command. The example below shows all ports in the same VLAN, VLAN1. VLAN 1 is a default VLAN created on every Cisco switch. The default, or out-of-the-box, configuration assigns all interfaces on the switch to VLAN 1. By default, all interfaces are in the same broadcast domain, VLAN 1. (Note: The VLANs 1002 – 1005 are special purpose VLANs that have no function in these labs.)
1. labsw1# show vlan
VLAN Name Status Ports
---- ------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12
(lines deleted)
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
VLAN data, as well as other important configuration data, is not stored in the "running-config" or the "startup-config." It is stored in a file called "vlan.dat." The contents of the vlan.dat cannot be easily displayed, but the file can be verified with the command "show flash." Before starting this exercise, verify that no "vlan.dat" file exists.
Labsw1# show flash
The only file should be the IOS. If a vlan.dat file exists, remove it.
Labsw1# erase vlan.dat
Follow the prompts to delete. Verify that the file has been removed by using the "show vlan" command and/or the "show flash" command.
VLAN Creation and Naming
This lab will create additional VLANs and assign ports to those VLANs. The VLAN process has two parts:
● VLAN creation
● Interface VLAN assignment
VLANs are created by assigning a number between 2 – 4096. VLANs are also named, but the names have no function and serve only as documentation. Custom VLAN names are optional. If the VLANs are not named, the switch will create names: VLAN0200, VLAN0201, etc. This lab will create and name the following VLANs. Follow these commands to create the following VLANs:
200 – Acct
201 – Admin
202 – Backbone
2950 Switch Commands (native IOS commands)
2. labsw1# configuration terminal
3. labsw1 (config)# vlan 200
4. labsw1 (config-vlan)# name Acct
5. labsw1 (config-vlan)# vlan 201
6. labsw1 (config-vlan)# name Admin
7. labsw1 (config-vlan)# vlan 202
8. labsw1 (config-vlan)# name Backbone
9. labsw1 (config-vlan)# [Ctrl-Z] (exit configuration mode)
2912/2924 Switch Commands
This is the first area where the 2912/2924 switches differs from the native IOS switches. VLAN creation must be done in “vlan database” mode, not configuration mode. Vlan database mode is accessed by using the command "vlan database." To exit vlan database mode, use "exit" command. VLAN database mode is also available on the 2950/2960 switches, but configuration mode is the preferred method. Notice the (minor) differences in the commands 1a-5a.
2a. labsw1# vlan database
3a. labsw1 (vlan)# vlan 200 name Acct
4a. labsw1 (vlan)# vlan 201 name Admin
5a. labsw1 (vlan)# vlan 202 name Backbone
6a. labsw1 (vlan)# exit (exit vlan database mode)
Display the new VLANs:
10. labsw1 # show vlan
VLAN Name Status Ports
---- -------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12
200 Acct active
201 Admin active
202 Backbone active
.
(lines omitted)
VLANs 200, 201 and 202 have been created and named: however, no interfaces have been assigned to the new VLANs. All interfaces are still in VLAN 1, the default VLAN. Interface VLAN assignment requires interface-specific commands. Assigning an interface to a VLAN will also configure the interface as an access port, preventing it from becoming a trunk port dynamically. (See discussion of access ports vs. trunk ports below). To assign a port to a VLAN use the interface specific command "switchport access vlan [vlan-number]."
(Note: An interface can be configured as an access port by the command: "switchport mode access." This command will configure the port as an access port, and the port will remain in VLAN 1.)
Use the commands below to configure labsw1 with the following VLAN port assignments. Notice that VLAN 203 is used, but VLAN 203 has not been created and named. Notice how the switch responds when an interface is assigned to VLAN 203.
Fa0/1 - VLAN 200
Fa0/2 - VLAN 201
Fa0/3 – VLAN 202
Fa0/4 – VLAN 203
Fa0/5 – VLAN 200
Fa0/6 – VLAN 201
Fa0/7 – VLAN 202
Fa0/8 – VLAN 203
11. labsw1# configuration terminal
12. labsw1 (config)# interface fa0/1
13. labsw1 (config-if)# switchport access vlan 200
14. labsw1 (config-if# switchport mode access
15. labsw1 (config-if) # interface fa0/2
16. labsw1 (config-if) # switchport access vlan 201
17. labsw1 (config-if# switchport mode access
18. labsw1 (config-if) # interface fa0/3
19. labsw1 (config-if) # switchport access vlan 202
20. labsw1 (config-if# switchport mode access
21. labsw1 (config-if) # interface fa0/4
22. labsw1 (config-if) # switchport access vlan 203
23. labsw1 (config-if# switchport mode access
Note: The switch will automatically create a VLAN when a port is assigned to undefined VLAN, in this case, 203. Note the response from the switch:
% Access VLAN does not exist. Creating vlan 203
24. labsw1 (config-if) # interface fa0/5
25. labsw1 (config-if) # switchport access vlan 200
26. labsw1 (config-if# switchport mode access
27. labsw1 (config-if) # interface fa0/6
28. labsw1 (config-if) # switchport access vlan 201
29. labsw1 (config-if# switchport mode access
30. labsw1 (config-if) # interface fa0/7
31. labsw1 (config-if) # switchport access vlan 202
32. labsw1 (config-if# switchport mode access
33. labsw1 (config-if) # interface fa0/8
34. labsw1 (config-if) # switchport access vlan 203
35. labsw1 (config-if# switchport mode access
36. labsw1 (config-if) # [Crtl-Z]
Display the VLAN information to see the VLAN port assignments:
37. labsw1 # show vlan
VLAN Name Status Ports
---- --------------- --------- -------------------------------
1 default active Fa0/9, Fa0/10, Fa0/11, Fa0/12
200 Acct active Fa0/1, Fa0/5
201 Admin active Fa0/2, Fa0/6
202 Backbone active Fa0/3, Fa0/7
203 VLAN0203 active Fa0/4, Fa0/8
.(lines omitted)
VLAN 203 has been created and named: VLAN0203.
Before saving the changes, use the "show flash" command again.
38. labsw1#show flash
Directory of flash:/
1 -rw- 4414921
2 -rw- 796
64016384 bytes total (59600667 bytes free)
Note that the "vlan.dat" file was created automatically when the VLANs were created. Use the show running-config command to see the VLAN assignments on each interface, but also notice that there are no entries in the running configuration for the individual VLANs. As noted earlier, the file cannot be viewed, but its existence can be verified by the command "show flash." (Note: Your switch may include other files as well.)
Save the configuration.
39. labsw1 # copy running-config startup-config
Access ports and trunk ports
Switch interfaces can be configured as access ports or they can be configured as trunk ports. Access ports connect devices that are not switches: computers, routers, printers, etc.
Trunk ports are used to connect switches, creating a “switch fabric.” A switch fabric is a set of switches that allow multiple switches to function as a single switch. Trunk ports between switches carry data for multiple VLANs, and will be covered in more detail in future labs.
The most important difference between an access port and a trunk port:
Access ports carry data within a single VLAN
Trunk ports carry data for multiple VLANs
