Virtual Lans (VLans)

In my last article VLAN’s the basics I discussed what a VLAN is and why we would use them. In this article I will look at actually configuring a VLAN on the CLI.

Packet Tracer

Ok lets start by opening Cisco Packet Tracer, selecting a network Switch and opening the CLI

Open the Switch CLI on Packet Tracer

Vlan Range

Vlans range from 1 to 4094 and are broken down into sub categories;

  • Vlan 1 contains all the interfaces of the switch by default and is sometimes refereed to as the native Vlan
  • Standard range 1 to 1005
  • Extended range 1006 to 4094
  • Legacy range 1002 to 1005

Some protocols behave differently depending on the range of the Vlan. Legacy Vlans were used for older technologies and probably wont feature much in the CCNA exam.

Use the show vlan command to see all the configured vlans. As you will see Vlan 1 and Vlan 1002 to 1005 are configured by default.

Show Vlan

Enter Global Configuration mode by first going to Enable mode then Global Configuration mode

Enter Global Config mode

Create the Vlan

There are two ways to create a Vlan; Globally or At time of assignment.

Globally

To create a VLAN globally type the vlan [number]. This will create the vlan and enter the vlan configuration. In this case we will create a Vlan 10 and name it sales by using the command name sales. Now exit from vlan configuration

Create and name the VLAN

Create VLAN interfaces

Define the interfaces that we will be assigning to the vlan shortly. In our case the sales department will be using the first 10 interfaces, or ports, on the switch.

The range command is used to assign a number of interfaces at once.

Assign interfaces using range command

Assigning the interfaces to the VLAN

So far we have created and named the vlan. We have also defined the interfaces we want to use on the Vlan. Now we need to associate them with each other. We achieve this using the command;

switchport access vlan [number]. This tells the switch to use the interfaces for vlan 10.

We also need to tell the switch what type of interfaces these are; whether they are to be used as access or trunk interfaces. To do this we use the command:

switchport mode [access/trunk/dynamic auto/dynamic desirable].

I will discuss Dynamic Trunk Protocol (DTP) later in this article. For now we will use the command; switchport mode access because each interface will be a single access between the switch and an end device.


Complete Command

Now lets put it all toghether

Vlan – At time of assignment.

There is a quicker way to create a Vlan; At time of assignment. You will need to know both ways if taking the CCNA exam.

In this shorter way we skip the initial creation of the Vlan. Instead we just define the interface range and then assign them to our Vlan to the interfaces with the switchport access vlan [number] command.

In this case we create Vlan 20. Note that the switch realizes that Vlan 20 was not already created. It then creates it for us, highlighted in blue.

Shorter way to create Vlan

Verifying the Vlan

Lets look at the show vlan command; we will see that vlan 10 has been created and interfaces Fa0/1 to Fa0/10 have been assigned to it. You will notice that these interfaces are no longer in the default Vlan 1

Alternatively you can use the show vlan brief command


Trunking Protocols

Everything so far has concerned working with individual Vlans. Now we will look at setting up connections between multiple switches using Trunking protocols. If you are unsure of the difference between access interfaces and trunk interfaces, have a look at my last post here.


VLan Trunking Protocol (VTP)

VTP is a Cisco protocol used to advertises Vlan information between switches on the LAN. You can setup your Vlans on just one Switch and VTP will propagate that information to the other switches on the LAN. These switches will automatically setup corresponding Vlans using the information provided for by VTP.

Vlan Trunking Protocol is not used much these days as changes on one switch could cause unexpected changes on other switches throughout the LAN. You can disabled VTP with either of these commands;

  • vtp mode transparent
  • vtp mode off global

Dynamic Trunking Protocol (DTP)

DTP is a Cisco protocol that negotiates whether an interface becomes a trunk or not and if it becomes a Trunk; what type of encapsulation to use. DTP will only work on Cisco switches, so if you are using switches from different vendors you will need to switch DPT off.


Types of trunking;

If the Switches are to trunk; what type of trunking encapsulation should they use, there are two options;

  • Inter-Switch Link (ISL) which is Cisco proprietary and rarely used these days.
  • 802.1Q (IEEE open source)

If the switch allows both ISL and 802.Q then you can set the encapsulation statically to dot1q or isl depending on what you prefer. Alternatively you can let the switches negotiate which type to use. (Nowadays dot1q is the preferred option and newer switches may not support ISL)

Use the following command to choose the encapsulation type;

switchport trunk encapsulation {dot1q | isl | negotiate}

In the following example I created Vlan 30, assigned it the FA0/1 interface and then I statically assigned it the encapsulation 802.1q. (This particular switch doesn’t support ISL and therefore the negotiate command wont work either.)


Administrative mode;

Administrative mode is what you the user actually configures on the Command Line Interface (CLI).

We have configured the encapsulation to be used in the event the interface is a trunk. DTP now gives us the option of statically setting whether to always Trunk never Trunk or let the switches negotiate whether or not to trunk.


Static Set

One option is statically setting the interface to either be an access or trunk, using the following commands;

Switchport mode access switchport mode trunk

Access: set the interface as access; used between the switch and end devices such as PC’s or servers Trunk: set the interface as trunk; used between the switch to carry the traffic of many Vlans.


Negotiate

The second option is to let the switches negotiate whether to be an access interface or a trunk;


Swithport mode dynamic desirable switchport mode dynamic auto

  • Dynamic desirable: initiates negotiation messages and responds to negotiation messages on whether to start trunking.
  • Dynamic auto; waits for trunking negotiation messages. Does not instigate any negotiation messages. whether to use access or trunk interfaces. This is achieved by using Dynamic Trunking Protocol (DTP).

switchport mode dynamic desirable

Note that in the screenshot above the encapsulation stays the same (802.1q) but the mode changed from switchport mode trunk to dynamic desirable.


Verifying the trunking protocols

We can verify our Dynamic Trunking Protocol (DTP) setting on the switch using the command;

show interfaces fastethernet 0/1 switchport

Note that administrative mode is set to trunk as per our first example. This would be dynamic desirable for our second. The encapsulation is set to dot1q as always, remember this is the only encapsulation setting this particular switch is capable of.

Summary

This is my second article in my Virtual Lan series. My first article Vlans the basics looked at what Vlans are and why they are used. This article covered creating Vlans on a Cisco Switch.

Vlan 10 was created the long way by first creating the Vlan, defining the interface range and then associating the two with each other.

Vlan 20 was created the shorter way by defining the interface range and then associating those interfaces with Vlan 20. Knowledge of both methods are required if sitting the CCNA exam.

We then looked at trunking protocols. Vlan Trunking Protocol (VTP) should not be confused with Dynamic Trunking Protocol (DTP). VTP merely advertises Vlans on one switch to all other switches on the LAN. VTP is not used very often due to it causing unforeseen problems.

Dynamic Trunking Protocol (DTP) on the other hand is used to statically set the interface as a trunk or access interface. Alternatively DTP allows the switches negotiate between each other as to whether the interface should be a trunk or not.

DTP allows you to either choose the encapsulation type used in the trunking (ISL or 802.1q) or let the switches negotiate this between themselves. Nowadays the only protocol used is 802.1q.