Creating VLANs

April 1, 2011·

Today this tutorial is going to be talking about creating VLANs (Virtual Local Area Networks) with a Cisco Catalyst switch. By creating a VLAN you are separating the network, why would you do this? There are some several reasons, like separating your production network from a guest network, and separating a test environment from a production network. This all adds security to your network. You can separate core critical network components from the rest of the production network for added security, easier troubleshooting along with separating or segmenting your network. This is breaking up the broadcast domains into smaller chucks, which will improve your network performance. Let’s get started!

By default if no configuration is applied to a switch, you just turned it on and plugged in networking devices, all of them are in a VLAN already, called VLAN 1. This is great if you know nothing about switch configuration and want something that works out of the box. But this also provides a security risk and if enough devices are connected this will slow down your network performance. VLANs separate the network so in order for VLANs to communicate a layer three device (router) is needed in order for VLAN communication. When you dive into VLANs there is a lot of information! For this tutorial we are just going to be creating a VLAN and that’s it. So let’s create a VLAN on a single switch.

For this tutorial we are going to put the ports fa0/1 – 10 into an access mode
Then apply a VLAN 2 on ports fa0/1 – 10.

(Sample Output)

Switch>enable
Switch#configure terminal
Switch(config)#interface range fastEthernet 0/1 - 10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 2
%LINK-5-CHANGED: Interface Vlan2, changed state to up % Access VLAN does not exist. Creating vlan 2
Switch(config-if-range)#exit

If we issue the command show vlan in privilege EXEC mode we can see that VLAN 2 has been created and the interfaces VLAN 2 is configured to (Sample Output)

Switch#show vlan

VLAN Name                 Status    Ports
---- -------------------- --------- -----------------------------
2    VLAN0002             active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                    Fa0/9, Fa0/10

VLAN  Type   SAID       MTU   Parent RingNo  BridgeNo  Stp  BrdgMode  Trans1  Trans2
----  -----  ---------- ----- ------ ------ -------- ---- --------- ------- -------
2     enet   100002     1500  -      -      -        -    -         0       0

Although numbers are ok, let’s create a named VLAN. A named VLAN helps us remember what the purpose of that VLAN does. The steps are almost the same here is the following, you could also change VLAN 2 into a named VLAN as well by doing lines 3 and 6.

For this tutorial we are going to put ports fa0/11 -20 into access mode.
Then apply a name VLAN called Support on ports fa0/11 – 20.

(Sample Output)

Switch(config)#interface vlan 3
Switch(config-if)#exit
Switch(config)#vlan 3
%LINK-5-CHANGED: Interface Vlan3, changed state to up 
witch(config-vlan)#name Support
Switch(config-vlan)#exit
Switch(config)#interface range fa0/11 - 20
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit
Switch(config)#exit

If we issue the command show vlan in privilege EXEC mode we can see that VLAN 3 (Support) has been created and the interfaces VLAN 3 (Support) is configured to (Sample Output)

Switch#show vlan

VLAN Name                 Status    Ports
---- -------------------- --------- -----------------------------
1    default              active    Fa0/21, Fa0/22, Fa0/23, Fa0/24
2    VLAN0002             active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                    Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                    Fa0/9, Fa0/10
3    Support              active    Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                    Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                    Fa0/19, Fa0/20
1002 fddi-default         act/unsup
1003 token-ring-default   act/unsup
1004 fddinet-default      act/unsup
1005 trnet-default        act/unsup

VLAN  Type   SAID       MTU   Parent RingNo  BridgeNo  Stp  BrdgMode  Trans1  Trans2
----  -----  ---------- ----- ------ ------ -------- ---- --------- ------- -------
1     enet   100001     1500  -      -      -        -    -         0       0
2     enet   100002     1500  -      -      -        -    -         0       0
3     enet   100003     1500  -      -      -        -    -         0       0
1002  fddi   101002     1500  -      -      -        -    -         0       0
1003  tr     101003     1500  -      -      -        -    -         0       0
1004  fdnet  101004     1500  -      -      -        ieee -         0       0
1005  trnet  101005     1500  -      -      -        ibm  -         0       0

Remote SPAN VLANs
-------------------------------------------------------------------
Primary Secondary Type            Ports
------- --------- ---------------- ---------------------------------

So in the end we have three VLANs on this switch, VLAN 1, VLAN 2, VLAN 3 (Support). If we connected PCs to these three different VLANs none of them would be able to communicate, because each VLAN is like a different network. So you would need to configure a router in order for inter-vlan commutation to work also called router on a stick. I hope this tutorial was helpful if you have questions, comment below.

Configuring Port Security Basic Wireless Concepts