You are on page 1of 31

Creating Ethernet VLANs on Catalyst Switches

Document ID: 10023
Introduction Prerequisites Requirements Components Used Related Products Conventions Difference Between CatOS and Cisco IOS System Software Configure the VLAN on Catalyst Switches That Run CatOS Create VLANs and Ports Remove Ports or VLANs Troubleshooting Tips Configure the VLAN on Catalyst 2900XL, 3500XL, 2950, 2970, and 2940 Series Switches Create VLANs and Ports Remove Ports or VLANs Configure a Multi−VLAN Port on Catalyst 2900XL/3500XL Configure the VLAN on Catalyst 3550, 3750, 4500/4000, and 6500/6000 Switches That Run Cisco IOS Software Create VLANs and Ports Assign Multiple Ports to a Single VLAN Remove VLANs Rename VLANs How to Isolate the Communiation Between Two VLANs How to Configure Extended Range VLANs in a Catalyst 6500 Series Switch Troubleshooting Tips Verify Troubleshoot Inconsistent TLB Value Error on IOS Switches Recover the vlan.dat File on IOS Switches Failed to Create VLANs in Extended Range Failed to Configure VLAN from Startup−Config Backup and Restore of vlan.dat on Cisco IOS Switches VLAN Creation Fails with VLAN 1003 parent VLAN missing Error Message Related Information

Introduction
This document provides basic information on how to create VLANs on Catalyst switches that run Catalyst OS (CatOS) and Cisco IOS® System Software. The sample commands for each section use one Catalyst switch from each configuration section.

Prerequisites
Requirements
Cisco recommends that you have knowledge of the information in this section.

VLANs are a mechanism to allow network administrators to create logical broadcast domains that can span across a single switch or multiple switches, regardless of physical proximity. This function is useful to reduce the size of broadcast domains or to allow groups or users to be logically grouped without the need to be physically located in the same place. In order to create VLANs, you must decide how to configure these items: • What VLAN Trunk Protocol (VTP) domain name and VTP mode to use on this switch • Which ports on the switch belong to which VLAN • If you need to have communication between VLANs, or if they are isolated If you require communication between VLANs, you must use a Layer 3 routing device, such as an external Cisco router or an internal router module. Here are examples: ♦ WS−X4232−Layer 3 card for Catalyst 4500/4000 Switches with Supervisor Engine I and Supervisor Engine II ♦ Route Switch Module (RSM) or Route Switch Feature Card (RSFC) for Catalyst 5500/5000 Switches ♦ Multilayer Switch Module (MSM) or Multilayer Switch Feature Card (MSFC) for Catalyst 6500/6000 Switches Some of the switches have built−in support in software and hardware to do inter−VLAN routing. With inter−VLAN routing, no external device, modules, or daughter cards are required. Here are examples of such switches: ♦ Catalyst 3550/3750/6500 with Supervisor Engine 720 ♦ Catalyst 4500/4000 with Supervisor Engine II+, Supervisor Engine III, and Supervisor Engine IV Refer to these documents for more information on inter−VLAN routing configuration on an MSFC, RSM, RSFC, or external router: • Configuring InterVLAN Routing with Catalyst 3750/3560/3550 Series Switches • Configuring InterVLAN Routing on the MSFC section of Configuring InterVLAN Routing • Configuring InterVLAN Routing on the RSM section of Configuring InterVLAN Routing • Configuring InterVLAN Routing on the RSFC • Configuring InterVLAN Routing on an External Cisco Router section of Configuring InterVLAN Routing • Configuring InterVLAN Routing Using an Internal Router (Layer 3 Card) on Catalyst 5500/5000 and 6500/6000 Switches That Run CatOS System Software • Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using An External Router Note: This document assumes that you have basic connectivity to the switch, either through the console or through Telnet access. Refer to these documents for more information on how to get basic connectivity to the switches: • Catalyst 6500/6000 Series SwitchesBasic Software Configuration • Catalyst 2900 Series XL SwitchesQuick Start Guide

Components Used
The information in this document is based on these hardware and software versions: • Catalyst 6009 Switch that runs CatOS 5.5(x) software

• Catalyst 3524XL Switch that runs Cisco IOS Software Release 12.0(5.x)XU • Catalyst 4507 Switch with Supervisor Engine IV (WS−X4515) that runs Cisco IOS Software Release 12.1(13)EW1 The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Related Products
The information in this document can also be used with these switches: • Catalyst 4500/4000/2948G/2980G/4912G Switches • Catalyst 5000/2926G Series Switches • Catalyst 6500/6000 Series Switches • Catalyst 2900XL/3500XL/2950/3550/3750 Switches

Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.

Difference Between CatOS and Cisco IOS System Software
CatOS on the Supervisor Engine and Cisco IOS Software on the MSFC (Hybrid): a CatOS image can be used as the system software to run the Supervisor Engine on Catalyst 6500/6000 Switches. If the optional MSFC is installed, a separate Cisco IOS Software image is used to run the MSFC. Cisco IOS Software on both the Supervisor Engine and MSFC (Native): a single Cisco IOS Software image can be used as the system software to run both the Supervisor Engine and MSFC on Catalyst 6500/6000 Switches. Note: Refer to Comparison of the Cisco Catalyst and Cisco IOS Operating Systems for the Cisco Catalyst 6500 Series Switch for more information.

Configure the VLAN on Catalyst Switches That Run CatOS
Create VLANs and Ports
Complete the steps in this section in order to create a VLAN. Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the switch is a VTP server, you must define a VTP domain name before you can add any VLANs. 1. Define a VTP domain name. You must define the VTP domain name regardless of: ♦ The number of switches in the network, whether one or many ♦ Whether you use VTP in order to propagate VLANs to other switches in the network This is the default VTP configuration on the switch:
CatosSwitch> (enable)show vtp domain

Domain Name Domain Index VTP Version Local Mode Password −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−− 1 2 server − Vlan−count Max−vlan−storage Config Revision Notifications −−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− 5 1023 0 disabled Last Updater V2 Mode Pruning PruneEligible on Vlans −−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−− 0. By default. You cannot rename or delete VLAN 1. Issue the show vtp domain command in order to verify the VTP configuration.0.0.0. 2.0. CatosSwitch> (enable)show vtp domain Domain Name Domain Index VTP Version Local Mode Password −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−− cisco 1 2 server − Vlan−count Max−vlan−storage Config Revision Notifications −−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− 5 1023 1 disabled Last Updater V2 Mode Pruning PruneEligible on Vlans −−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−− 0.0 disabled disabled 2−1000 Note: If you have the output of a show vtp domain command from your Cisco device.0 disabled disabled 2−1000 Issue the set vtp command in order to set the domain name and mode. 3. After you set and verify the VTP domain. begin to create VLANs on the switch. . This VLAN is called default. Issue the show vlan command in order to display the parameters for all configured VLANs in the administrative domain. there is only a single VLAN for all ports. CatosSwitch> (enable)set vtp domain ? <name> Domain name CatosSwitch> (enable)set vtp domain cisco ? mode passwd pruning v2 Set Set Set Set VTP VTP VTP VTP mode password pruning version 2 CatosSwitch> (enable)set vtp domain cisco mode ? client server transparent VTP client mode VTP server mode VTP transparent mode CatosSwitch> (enable)set vtp domain cisco mode server VTP domain cisco modified Note: Refer to Understanding VLAN Trunk Protocol (VTP) for more information on VTP. you can use Output Interpreter ( registered customers only) in order to display potential issues and fixes.

mode = (srt... IBM.isolated. Issue the show vlan command in order to verify the VLAN configuration.4/1−12) set vlan <vlan_num> [name <name>] [type <type>] [state <state>] [pvlan−type <pvlan_type>] [said <said>] [mtu <mtu>] [ring <hex_ring_number>] [decring <decimal_ring_number>] [bridge <bridge_number>] [parent <vlan_num>] [mode <bridge_mode>] [stp <stp_type>] [translation <vlan_num>] [backupcrf <off|on>] [aremaxhop <hopcount>] [stemaxhop <hopcount>] [rspan] (name = 1.2/1−12.none) hex_ring_number = 0x1..1005 hopcount = 1. parent = 2.. fddinet.4294967294.1005. srb) stp = (ieee.18190 pvlan−type = (primary. trbrf) said = 1. translation = 1..community. suspend) type = (ethernet..3/1−2.0xfff. fddi.32 characters. auto).13) Set vlan commands: −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− set vlan Set vlan information set vlan mapping Map an 802.4095 bridge_number = 0x1. decimal_ring_number = 1.CatosSwitch> (enable)show vlan VLAN Name Status IfIndex Mod/Ports. . CatosSwitch> (enable)set vlan Usage: set vlan <vlan> <mod/port> (An example of mod/port is 1/1.1q vlan to an Ethernet vlan CatosSwitch> (enable)set vlan 2 name cisco_vlan_2 Vlan 2 configuration successful b.. state = (active..0xf.. mtu = 576. Vlans −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−− 1 default active 5 1/1−2 3/1−48 4/1−16 1002 fddi−default active 6 1003 token−ring−default active 9 1004 fddinet−default active 7 1005 trnet−default active 8 VLAN −−−− 1 1002 1003 1004 1005 VLAN −−−− 1 1002 1003 1004 1005 Type −−−−− enet fddi trcrf fdnet trbrf SAID −−−−−−−−−− 100001 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 Parent −−−−−− − − − − − RingNo −−−−−− − − − − − BrdgNo −−−−−− − − − − − Stp −−−− − − − − ibm BrdgMode −−−−−−−− − − − − − Trans1 −−−−−− 0 0 0 0 0 Trans2 −−−−−− 0 0 0 0 0 DynCreated −−−−−−−−−− static static static static static RSPAN −−−−−−−− disabled disabled disabled disabled disabled VLAN AREHops STEHops Backup CRF 1q VLAN −−−− −−−−−−− −−−−−−− −−−−−−−−−− −−−−−−− 1003 7 7 off a. trcrf. Issue the set vlan command in order to create VLANs.

if you want to create the third VLAN and then assign ports 3/13 through 3/15 to that VLAN. Vlans −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−− 1 default active 5 1/1−2 3/16−48 4/1−16 2 cisco_vlan_2 active 75 3/1−12 3 VLAN0003 active 76 3/13−15 1002 fddi−default active 6 1003 token−ring−default active 9 . Vlans −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−− 1 default active 5 1/1−2 3/1−48 4/1−16 2 cisco_vlan_2 active 75 1002 fddi−default active 6 1003 token−ring−default active 9 1004 fddinet−default active 7 1005 trnet−default active 8 VLAN −−−− 1 2 1002 1003 1004 1005 Type −−−−− enet enet fddi trcrf fdnet trbrf SAID −−−−−−−−−− 100001 100002 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 1500 Parent −−−−−− − − − − − − RingNo −−−−−− − − − − − − BrdgNo −−−−−− − − − − − − Stp −−−− − − − − − IBM BrdgMode −−−−−−−− − − − − − − Trans1 −−−−−− 0 0 0 0 0 0 Trans2 −−−−−− 0 0 0 0 0 0 !−−− Output suppressed. Mod/Ports −−−−−−−−−−−−−−−−−−−−−−− 3/13−15 15/1 4. VLAN 1 modified. issue the set vlan vlan_number mod/ports command. issue this command: CatosSwitch> (enable)set vlan 3 3/13−15 Vlan VLAN VLAN VLAN −−−− 3 3 configuration successful 3 modified. For example. If you want to add ports to the VLAN. CatosSwitch> (enable)set vlan 2 3/1−12 VLAN 2 modified. Issue the show vlan command in order to verify the VLAN configuration. c. CatosSwitch> (enable)show vlan VLAN Name Status IfIndex Mod/Ports.CatosSwitch> (enable)show vlan VLAN Name Status IfIndex Mod/Ports. VLAN Mod/Ports −−−− −−−−−−−−−−−−−−−−−−−−−−− 2 3/1−12 15/1 Note: You can also create the VLAN and add the ports to that VLAN with all the information in a single command. 1 modified.

This removal is essentially what happens when you assign a port to any VLAN because all ports initially belong to VLAN 1. Issue the clear vlan command in order to delete a VLAN. The ports are not displayed until you add them back in another VLAN. Vlans −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−− 1 default active 5 1/1−2 3/16−48 4/1−16 2 cisco_vlan_2 active 75 3/1−12 1002 fddi−default active 6 1003 token−ring−default active 9 1004 fddinet−default active 7 1005 trnet−default active 8 VLAN −−−− 1 2 1002 1003 1004 1005 Type −−−−− enet enet fddi trcrf fdnet trbrf SAID −−−−−−−−−− 100001 100002 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 1500 Parent −−−−−− − − − − − − RingNo −−−−−− − − − − − − BrdgNo −−−−−− − − − − − − Stp −−−− − − − − − IBM BrdgMode −−−−−−−− − − − − − − Trans1 −−−−−− 0 0 0 0 0 0 Trans2 −−−−−− 0 0 0 0 0 0 !−−− Output suppressed. Do you want to continue(y/n) [n]? y Vlan 3 deleted CatosSwitch> (enable)show vlan VLAN Name Status IfIndex Mod/Ports. Note: Ports 3/13 through 3/15 are not displayed in the output of the show vlan command because the removal of VLAN 3 deactivates these ports. CatosSwitch> (enable)clear vlan 3 This command will deactivate all ports on vlan 3 in the entire management domain.1004 fddinet−default 1005 trnet−default VLAN −−−− 1 2 3 1002 1003 1004 1005 Type −−−−− enet enet enet fddi trcrf fdnet trbrf SAID −−−−−−−−−− 100001 100002 100003 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 1500 1500 Parent −−−−−− − − − − − − − active active RingNo −−−−−− − − − − − − − BrdgNo −−−−−− − − − − − − − 7 8 Stp −−−− − − − − − − IBM BrdgMode −−−−−−−− − − − − − − − Trans1 −−−−−− 0 0 0 0 0 0 0 Trans2 −−−−−− 0 0 0 0 0 0 0 !−−− Output suppressed. issue the set vlan vlan_number mod/ports command and place the ports in a different VLAN. Remove Ports or VLANs In order to remove ports from a VLAN. The switch displays a warning and gives you the opportunity to cancel the current request. The ports are deactivated because they remain a part of that VLAN. . and the VLAN no longer exists.

• If you create a VLAN on a switch that is in VTP client mode. you receive this error message: Cannot add/modify VLANs on a VTP client. create a VTP domain name on the switch. Vlans −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−− −−−−−−−−−−−−−−−−−−−−−−−− Unable to access VTP Vlan 2 information. The Create VLANs and Ports section provides the procedure. or MSFC) come up only when the corresponding VLAN is available in the switch. Refer to Understanding VLAN Trunk Protocol (VTP) for more information on VTP. CatosSwitch> (enable)show vlan 2 VLAN Name Status IfIndex Mod/Ports. In order to correct this. • Ports are in the inactive state in show port mod/port command output. AuxiliaryVlan AuxVlan−Status PowerAllocated mWatt mA @42V −−−−− −−−−−−−− − − If you have the output of a show−tech support command from your Cisco device. VLAN AREHops STEHops Backup CRF 1q VLAN −−−− −−−−−−− −−−−−−− −−−−−−−−−− −−−−−−− • The VLAN interfaces created in the routing modules (RSM. You can either recreate that VLAN or correct the VTP configuration so that the VLAN is reestablished in the VTP domain. you receive this error message: Cannot add/modify VLANs on a VTP server without a domain name. This state means that the VLAN to which the ports originally belonged was deleted. you can use Output Interpreter ( registered customers only) in order to display potential issues and fixes. Note: A switch can only create VLANs if it is in VTP server mode or VTP transparent mode. VLAN DynCreated RSPAN −−−− −−−−−−−−−− −−−−−−−− Unable to access VTP Vlan 2 information. In order for the VLAN interface to be fully . usually because of VTP.Troubleshooting Tips This section provides troubleshooting tips for common problems that you can encounter while you create VLANs on Catalyst switches that run CatOS: • If you create a VLAN when there is no VTP domain name defined. VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2 −−−− −−−−− −−−−−−−−−− −−−−− −−−−−− −−−−−− −−−−−− −−−− −−−−−−−− −−−−−− −−−−−− Unable to access VTP Vlan 2 information. This is sample show port mod/port command output: CatosSwitch> (enable)show port 3/1 Port Name Status Vlan Duplex Speed Type −−−−− −−−−−−−−−−−−−−−−−− −−−−−−−−−− −−−−−−−−−− −−−−−− −−−−− −−−−−−−−−−−− 3/1 inactive 2 auto auto 10/100BaseTX Port InlinePowered Admin Oper Detected −−−−− −−−−−−−−−−−−− −−−−−−−−−−−−−− −−−−− −−−−−− −−−−−−−− 3/1 none none − − − !−−− Output suppressed. MSM. RSFC.

and 2940 Series Switches Create VLANs and Ports Note: The output that you see can be different from some of the command output that this section displays. 3500XL. After you set and verify the VTP domain. Fa0/5. Gi0/1. Fa0/19. make sure to have at least one port as a member of that VLAN. you can make configuration changes centrally on a single switch.0. With VTP. Fa0/10. Complete these steps in order to create a VLAN. 2950.0.0 at 0−0−00 00:00:00 : : : : : 2 0 254 5 Server 2. Fa0/8. Issue the show vlan command in order to check the VLAN information. Decide whether to use VTP in your network. 2950. begin to create VLANs on the switch. and 2940 Switches is the server mode. 3524XL#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Fa0/1. Fa0/11. 1. 3524XL#show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode !−−− This is the default mode. Fa0/3. Fa0/15. Fa0/23. The default VTP mode on the Catalyst 2900XL. Fa0/7. 3500XL. Refer to Understanding VLAN Trunk Protocol (VTP) for more information on VTP. Fa0/12. with an active device connected to the port. See the Requirements section of this document for configuration guidelines. This VLAN is called default. Note: Issue the show vtp status command in order to check the VTP status on XL Series Switches. Fa0/24.active. Fa0/16. and you can automatically communicate those changes to all the other switches in the network. Fa0/17. Configure the VLAN on Catalyst 2900XL. Fa0/2. Gi0/2 1002 fddi−default active . 2970. Fa0/9. Fa0/20. VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xBF 0x86 0x94 0x45 0xFC 0xDF 0xB5 0x70 Configuration last modified by 0. Fa0/21. which means that it is administratively up and line protocol is up. Fa0/6. Fa0/22. there is only a single VLAN for all ports. Fa0/14. The difference depends on the model of your switch. Fa0/13. Fa0/4. You cannot rename or delete VLAN 1. Fa0/18. 2970. By default.

Refer to Understanding VLAN Trunk Protocol (VTP) for more information on VTP. 3524XL(vlan)#vtp server Device mode already VTP SERVER. !−−− You can skip this command if the switch is already in server mode and you !−−− want the switch to be in server mode. Note: A switch can only create VLANs if it is in VTP server mode or VTP transparent mode. 524XL(vlan)#vlan ? <1−1005> ISL VLAN index 3524XL(vlan)#vlan 2 ? are backupcrf bridge media mtu name parent ring said state ste stp tb−vlan1 tb−vlan2 Maximum number of All Route Explorer hops for this VLAN Backup CRF mode of the VLAN Bridging characteristics of the VLAN Media type of the VLAN VLAN Maximum Transmission Unit Ascii name of the VLAN ID number of the Parent VLAN of FDDI or Token Ring type VLANs Ring number of FDDI or Token Ring type VLANs IEEE 802.1003 token−ring−default 1004 fddinet−default 1005 trnet−default VLAN −−−− 1 1002 1003 1004 1005 Type −−−−− enet fddi tr fdnet trnet SAID −−−−−−−−−− 100001 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 Parent −−−−−− − − 1005 − − active active active RingNo −−−−−− − − 0 − − BridgeNo −−−−−−−− − − − 1 1 Stp −−−− − − − IBM IBM BrdgMode −−−−−−−− − − srb − − Trans1 −−−−−− 1002 1 1 0 0 Trans2 −−−−−− 1003 1003 1002 0 0 Issue this set of commands in privileged mode in order to create another VLAN: 3524XL#vlan database !−−− You must enter into VLAN database in order to configure any VLAN. .10 SAID Operational state of the VLAN Maximum number of Spanning Tree Explorer hops for this VLAN Spanning tree characteristics of the VLAN ID number of the first translational VLAN for this VLAN (or zero if none) ID number of the second translational VLAN for this VLAN (or zero if none) 3524XL(vlan)#vlan 2 name ? WORD The ASCII name for the VLAN 3524XL(vlan)#vlan 2 name cisco_vlan_2 VLAN 2 added: Name: cisco_vlan_2 3524XL(vlan)#exit !−−− You must exit from the VLAN database in order for the changes !−−− to be committed.

. Fa0/2. Always check that the switches that run in client mode support the same number of VLANs that the switches in server mode send. Fa0/16. Fa0/20. Fa0/10. Fa0/11. Exiting. Fa0/3. Fa0/5. Fa0/21.2 FastEthernet0/1 unassigned FastEthernet0/2 unassigned OK? YES YES YES YES Method manual manual unset unset Status up up up up Protocol down up up up . Fa0/4. Fa0/19. Gi0/2 2 cisco_vlan_2 active 1002 fddi−default active 1003 token−ring−default active 1004 fddinet−default active 1005 trnet−default active VLAN −−−− 1 2 1002 1003 1004 1005 Type −−−−− enet enet fddi tr fdnet trnet SAID −−−−−−−−−− 100001 100002 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 1500 Parent −−−−−− − − − 1005 − − RingNo −−−−−− − − − 0 − − BridgeNo −−−−−−−− − − − − 1 1 Stp −−−− − − − − IBM BrdgMode −−−−−−−− − − − srb − Trans1 −−−−−− 1002 0 1 1 0 Trans2 −−−−−− 1003 0 1003 1002 0 4. On a Layer 2 Catalyst Switch.0. Note: You can assign the ports of a Layer 2 Catalyst Switch to multiple VLANs.0. Fa0/24.0. 3524XL# Note: The VTP mode can change from client mode to transparent mode if the switch attempts to learn or pass a greater number of VLANs than it supports.. Fa0/18. Issue the show vlan command in order to ensure that the VLAN is created. the switch supports only one active management Layer 3 address. Fa0/17. 3524XL#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Fa0/1. Fa0/15. Gi0/1. Therefore. Fa0/12. Fa0/23. Fa0/6. Fa0/14.. Fa0/13. Fa0/22. You can add ports (interfaces) in the newly created VLAN. Switch#configure terminal Switch(config)#interface vlan 2 Switch(config−subif)#management Switch(config−subif)#^Z Switch#show ip interface brief Interface IP−Address VLAN1 10. You must go to interface configuration mode for each of the interfaces that you want to add into the new VLAN.APPLY completed. you can issue the optional management command under the new SVI in order to automatically shut down VLAN 1 and transfer the IP address to the new VLAN.2 VLAN2 20. 3.0. Fa0/9. Fa0/7. Fa0/8. but the switch only supports one active management VLAN interface at a time and other switched virtual interfaces (SVIs) do not up/up because of Layer 2 functionality.

. Fa0/19. Issue this set of commands in privileged mode in order to add a particular interface in the VLAN: 3524XL#configure terminal Enter configuration commands. Fa0/4. 5. Fa0/8. Fa0/23. one per line. 3524XL(config−if)#exit 3524XL(config)#interface fastethernet 0/3 3524XL(config−if)#switchport access vlan 2 !−−− These commands assign interface Fast Ethernet 0/3 to VLAN 2. Fa0/3 1002 fddi−default active 1003 token−ring−default active 1004 fddinet−default active 1005 trnet−default active VLAN −−−− 1 2 Type −−−−− enet enet SAID −−−−−−−−−− 100001 100002 MTU −−−−− 1500 1500 Parent −−−−−− − − RingNo −−−−−− − − BridgeNo −−−−−−−− − − Stp −−−− − − BrdgMode −−−−−−−− − − Trans1 −−−−−− 1002 0 Trans2 −−−−−− 1003 0 . Gi0/2 2 cisco_vlan_2 active Fa0/2. 3524XL(config−if)#switchport access vlan ? <1−1001> dynamic VLAN ID of the VLAN when this port is in access mode When in access mode. 3524XL(config)#interface fastethernet 0/2 3524XL(config−if)#switchport access ? vlan Set VLAN when interface is in access mode End with CNTL/Z. Fa0/21. Fa0/17. Fa0/6. Fa0/7. Fa0/24. this interfaces VLAN is controlled by VMPS 3524XL(config−if)#switchport access vlan 2 !−−− These commands assign interface Fast Ethernet 0/2 to VLAN 2.!−−− Output suppressed. Fa0/13. Fa0/11. Building configuration.. Gi0/1. 3524XL#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Fa0/1. Fa0/16. 3524XL(config−if)#end 3524XL# 00:55:26: %SYS−5−CONFIG_I: Configured from console by console 3524XL#write memory !−−− This saves the configuration. Fa0/20. Fa0/15. Fa0/5. Fa0/18. Fa0/12. Fa0/22. Fa0/9. Fa0/10. Issue the show vlan command in order to verify the VLAN configuration. Fa0/14.

Fa0/14. Fa0/16. if you want to delete cisco_vlan_2 from the switch. Fa0/18. Interfaces in that VLAN remain a part of that VLAN and are deactivated because they no longer belong to any VLAN. issue the no vlan vlan_number command in VLAN database mode. Fa0/6.1002 1003 1004 1005 fddi tr fdnet trnet 101002 101003 101004 101005 1500 1500 1500 1500 − 1005 − − − 0 − − − − 1 1 − − IBM IBM − srb − − 1 1 0 0 1003 1002 0 0 Remove Ports or VLANs In order to remove ports from the VLAN. Fa0/10. Fa0/23. Fa0/24. For example. Fa0/15. if you want to remove interface Fast Ethernet 0/2 from cisco_vlan_2 (VLAN 2). After the port is removed from a VLAN that is not VLAN 1 (the default VLAN). that port is automatically added back to the default VLAN. issue this set of commands in privileged mode: 3524XL#vlan database . Fa0/5. 3524XL(config−if)#end 3524XL#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Fa0/1. issue this set of commands in privileged mode: 3524XL#configure terminal Enter configuration commands. Fa0/20. !−−− Note: Fast Ethernet 0/2 is added back to the default VLAN. Fa0/13. Fa0/17. Fa0/21. Fa0/19. For example. one per line. Gi0/1. Fa0/7. Fa0/9. 2 1002 1003 1004 1005 VLAN −−−− 1 2 1002 1003 1004 1005 cisco_vlan_2 fddi−default token−ring−default fddinet−default trnet−default Type −−−−− enet enet fddi tr fdnet trnet SAID −−−−−−−−−− 100001 100002 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 1500 Parent −−−−−− − − − 1005 − − active active active active active RingNo −−−−−− − − − 0 − − BridgeNo −−−−−−−− − − − − 1 1 Stp −−−− − − − − IBM IBM BrdgMode −−−−−−−− − − − srb − − Trans1 −−−−−− 1002 0 1 1 0 0 Trans2 −−−−−− 1003 0 1003 1002 0 0 In order to delete the VLAN. Gi0/2 Fa0/3 End with CNTL/Z. Fa0/8. Fa0/11. Fa0/2. Fa0/4. Fa0/12. Fa0/22. issue the no switchport access vlan vlan_number command in interface configuration mode. 3524XL(config)#interface fastethernet 0/2 3524XL(config−if)#no switchport access vlan 2 !−−− These two commands remove interface Fast Ethernet 0/2 from VLAN 2.

3524XL#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Fa0/1.. Fa0/13. 3524XL(vlan)#exit APPLY completed. Fa0/21. 3524XL#show interfaces fastethernet 0/3 FastEthernet0/3 is down. you must ensure that it belongs to some VLAN. Fa0/18. Fa0/17. Fa0/24. If you have the output of a show−tech support command from your Cisco device. Configure a Multi−VLAN Port on Catalyst 2900XL/3500XL The multi−VLAN port feature on Catalyst 2900XL/3500XL Switches allows you to configure a single port in two or more VLANs. the port is neither displayed or usable. you must add interface Fast Ethernet 0/3 to the default VLAN (VLAN 1) in order to make this interface usable. Fa0/11.. Fa0/19. Deleting VLAN 2. Fa0/4. Fa0/10. Fa0/23.. Gi0/2 1002 fddi−default active 1003 token−ring−default active 1004 fddinet−default active 1005 trnet−default active !−−− Output suppressed. Fa0/12. Fa0/14. Fa0/6. However. Note: In the case of Catalyst 3550 Switches.. Notice that port Fast Ethernet 0/3 is not displayed in the show vlan command output. you can use Output Interpreter ( registered customers only) in order to display potential issues and fixes. In the case in this section of the document. Fa0/2.. Fa0/9. A multi−VLAN port performs normal switching functions . you need to make that interface a Layer 3 interface. Refer to the Configuring Layer 3 Interfaces section of Configuring Interface Characteristics for more information on Layer 3 interfaces on Catalyst 3550 Switches. Fa0/22. line protocol is down !−−− Output suppressed. Unless you add the port back in another VLAN. Fa0/16.!−−− This command enters you into the VLAN database mode. Gi0/1. Fa0/7. The removal of VLAN 2 deactivates this port. 3524XL(vlan)#no vlan 2 !−−− This command removes the VLAN from the database. Fa0/5. Fa0/20. Fa0/15. you can still use the interface without the addition of the interface to a VLAN. Exiting. In order to make the interface usable. This feature allows users from different VLANs to access a server or router without the implementation of inter−VLAN routing capability. Fa0/8.

and 3 to multi−VLAN port Fast Ethernet 0/1. 2970. Gi0/1. You can connect the multi−VLAN port only to a router or server. 6−3512xl(config−if)#switchport multi vlan ? LINE add remove VLAN IDs of VLANs to be used in multi−VLAN mode add VLANs to the current list remove VLANs from the current list End with CNTL/Z. Fa0/9. Note: These are the limitations to the implementation of multi−VLAN port features: • You cannot configure a multi−VLAN port when a trunk is configured on the switch. one per line. Gi0/2 Fa0/2. 2. see the Configure the VLAN on Catalyst 2900XL. 6−3512xl(config−if)#switchport multi vlan 1.3 !−−− This command assigns VLANs 1. 6−3512xl(config−if)#^Z 6−3512xl# . This feature is not supported on Catalyst 4500/4000. Configure the Fast Ethernet 0/1 port in multi−VLAN mode. Fa0/10. and 2940 Series Switches section of this document. Fa0/7. Fa0/8. 6−3512xl#show vlan VLAN Name Status −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− 1 default active Ports −−−−−−−−−−−−−−−−−−−−−−−−−−−−− Fa0/1.in all of its assigned VLANs. 2. This example configures the port that is connected to the router as a multi−VLAN port. which disables the VTP. Fa0/3. No VTP configuration is necessary. 2950. 3500XL. Fa0/11. Fa0/12. and add assigned VLANs to the multi−VLAN port. or 6500/6000 Series Switches or any other Catalyst switches. Here. VLAN traffic on the multi−VLAN port is not encapsulated as it is in trunking. and one port of the switch is connected to an external router. 5500/5000.2. Determine which port to configure as a multi−VLAN port. • The multi−VLAN port feature is supported only on Catalyst 2900XL/3500XL Series Switches. The switch automatically transitions to VTP transparent mode when the multi−VLAN port feature is enabled. 6−3512xl(config)#interface fastethernet 0/1 6−3512xl(config−if)#switchport mode multi !−−− This command changes the port Fast Ethernet 0/1 mode to multi. 1. port Fast Ethernet 0/1 is connected to an external router. 6−3512xl#configure terminal Enter configuration commands. Fa0/4 Fa0/5 2 3 4 5 6 VLAN0002 VLAN0003 VLAN0004 VLAN0005 VLAN0006 active active active active active In the example. Fa0/6. three VLANs are created on a Catalyst 3512XL Switch. For more information about how to create VLANs and assign ports to VLANs.

1. 6−3512xl(config)#interface vlan 1 6−3512xl(config−if)#ip address 192. one per line.3. Fa0/6.255. 2.168. 6−3512xl#configure terminal Enter configuration commands. Gi0/2 Fa0/1. Sending 5.1. Fa0/1 Fa0/12. Fa0/7. Gi0/1.255. Fa0/9.168. 6−3512xl(config−if)#^Z 6−3512xl# 23:56:54: %SYS−5−CONFIG_I: Configured from console by console 6−3512xl#ping 192. and 3. or 3. 100−byte ICMP Echos to 192. !−−− Now the port is assigned to multiple VLANs 1. 6−3512xl#show interface fastethernet 0/1 switchport Name: Fa0/1 Operational Mode: multi !−−− The port is in multi−VLAN mode. Issue the ping command from the switch to the router in order to verify the multi−VLAN operation. port Fast Ethernet 0/1 was only in VLAN 1.1. Fa0/3.1 Type escape sequence to abort. The ping command receives a reply from the router each time the management IP address is assigned to any of the VLANs 1. timeout is 2 seconds: End with CNTL/Z. 3 4 5 VLAN0003 VLAN0004 VLAN0005 active active active Fa0/1. Fa0/10. Fa0/4 2 VLAN0002 active !−−− Note: Previously. Fa0/5 4.0 !−−− The management IP address is assigned to VLAN 1. Fa0/8. Fa0/2. .1. 2. Issue the show interface interface_id switchport command and the show vlan command in order to verify the configuration. Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: NONE Pruning VLANs Enabled: NONE Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none 6−3512xl#show vlan brief VLAN Name Status −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− 1 default active Ports −−−−−−−−−−−−−−−−−−−−−−−−−−−− Fa0/1.168.1 255.

168. Type escape sequence to abort. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).2.1. 100−byte ICMP Echos to 192.2. 6−3512xl(config−subif)#exit 6−3512xl(config)#exit 6−3512xl#ping 192.168.!!!!! Success rate is 100 percent (5/5).168.1.2 !−−− You can ping the router from VLAN 1. one per line. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). Sending 5. Type escape sequence to abort. round−trip min/avg/max = 1/1/3 ms 6−3512xl#ping 192.168. round−trip min/avg/max = 1/2/3 ms 6−3512xl#ping 192. 6−3512xl(config)#interface vlan 2 6−3512xl(config−subif)#no ip address !−−− The management IP address is removed from VLAN 2.1. 100−byte ICMP Echos to 192.1.255. Sending 5.1 255. 6−3512xl(config−subif)#shutdown End with CNTL/Z. one per line.168. End with CNTL/Z. .168.1. Sending 5. 100−byte ICMP Echos to 192.2 !−−− You can ping the router from VLAN 2. 6−3512xl(config−if)#shutdown 6−3512xl(config−if)#exit 6−3512xl(config)#interface vlan 2 6−3512xl(config−subif)#ip address 192. 6−3512xl(config)#interface vlan 1 6−3512xl(config−if)#no ip address !−−− The management IP address is removed from VLAN 1. round−trip min/avg/max = 1/202/1004 ms 6−3512xl#configure terminal Enter configuration commands.1.1.168.0 6−3512xl(config−subif)#no shutdown !−−− The management IP address is assigned to VLAN 2. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).255. round−trip min/avg/max = 1/1/3 ms 6−3512xl#configure terminal Enter configuration commands.1 Type escape sequence to abort.1.

168. round−trip min/avg/max = 1/205/1004 ms Configure the VLAN on Catalyst 3550. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).1 Type escape sequence to abort. The default location of the VLAN . 4500/4000. If the switch is a VTP server. 100−byte ICMP Echos to 192. Switch#dir cat4000_flash: . 6−3512xl(config−subif)#exit 6−3512xl(config)#exit 6−3512xl#ping 192. Sending 5.255.168.1. and 6500 Series Switches that run Cisco IOS Software.1 255. You must create VLANs that are numbered higher than 1005 in global configuration mode. 3750.168. you must define a VTP domain name before you add any VLANs.1.2 !−−− You can ping the router from VLAN 3.dat file. whether one or many • Whether you use VTP in order to propagate VLANs to other switches in the network Refer to Understanding and Configuring VTP for more information on how to configure VTP on Catalyst 4500/4000 Cisco IOS Software−based Supervisor Engine modules. 3570. Before you can create a VLAN. The VTP mode must be set to transparent in order to create these VLANs.168. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5). Sending 5.0 6−3512xl(config−subif)#no shut !−−− The management IP address is assigned to VLAN 3.1.1. VLANs that are numbered higher than 1005 are stored in the switch configuration file and not in the VLAN . Refer to the Software Configuration Guide for the switch platform under consideration for VTP configuration information for other Catalyst switch platforms. These other switches include the Catalyst 3550.255. You must define a VTP domain name regardless of: • The number of switches in the network. but the configuration tasks also apply to other switches that run Layer 3 (or Cisco IOS Software). the switch must be in VTP server mode or VTP transparent mode. VLANs that are numbered higher than 1005 are not advertised by VTP. You can create VLANs in either VLAN database mode or global configuration mode. and 6500/6000 Switches That Run Cisco IOS Software Create VLANs and Ports This section uses the Catalyst 4500 Switch for sample configuration commands. 100−byte ICMP Echos to 192. round−trip min/avg/max = 1/1/3 ms 6−3512xl#ping 192.1. Refer to the LAN Product Support Pages in order to locate the Software Configuration Guide. Type escape sequence to abort.dat file in Catalyst 4000 Switches with Supervisor Engine IV is the cat4000_flash directory.168.2. Furthermore.1.6−3512xl(config−subif)#exit 6−3512xl(config)#interface vlan 3 6−3512xl(config−subif)#ip address 192.

Switch#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : cisco VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xA4 0x18 0x78 0x52 0x5A 0x1B 0x2E 0x14 Configuration last modified by 0. Gi1/2. Switch#vlan database . Switch#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Gi1/1.0. either database mode or global configuration mode. The show vtp status command shows the VTP information in the switch. Gi3/13. Enter the correct mode. Issue the vlan database command in privileged mode in order to enter VLAN database mode. Gi3/4.Directory of cat4000_flash:/ 1 −rw− 676 <no date> vlan. Gi3/17.dat 524260 bytes total (523584 bytes free) Note: A Catalyst 6500 Switch that runs Cisco IOS Software allows you to create VLANs in server mode without a VTP domain name.0.0 at 5−28−01 05:17:02 Local updater ID is 10. Gi3/5.10. Gi3/8. Issue the show vlan command in order to check the VLAN information. Gi3/18 !−−− Output suppressed.1 on interface Vl1 (lowest numbered VLAN interface) 1.10. Gi3/10 Gi3/11. Gi3/14 Gi3/15. Gi3/12. Gi3/1. Gi3/6 Gi3/7. Gi3/9. Gi3/2 Gi3/3. Gi3/16. VLAN −−−− 1002 1003 1004 1005 VLAN −−−− 1 1002 1003 1004 1005 Name −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− fddi−default token−ring−default fddinet−default trnet−default Type −−−−− enet fddi tr fdnet trnet SAID −−−−−−−−−− 100001 101002 101003 101004 101005 MTU −−−−− 1500 1500 1500 1500 1500 Parent −−−−−− − − − − − Status Ports −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− act/unsup act/unsup act/unsup act/unsup BridgeNo −−−−−−−− − − − − − Stp −−−− − − − ieee ibm BrdgMode −−−−−−−− − − − − − Trans1 −−−−−− 0 0 0 0 0 Trans2 −−−−−− 0 0 0 0 0 RingNo −−−−−− − − − − − Primary Secondary Type Ports −−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 2.

1 no service pad service timestamps debug uptime service timestamps log uptime no service password−encryption service compress−config ! hostname Switch ! ! ip subnet−zero ! spanning−tree extend system−id ! redundancy mode rpr main−cpu auto−sync standard ! ! vlan 2000 ! interface GigabitEthernet1/1 ! interface GigabitEthernet1/2 ! !−−− Output suppressed. . Switch#show running−config Building configuration. The end keyword and Ctrl−Z exit methods do not work in VLAN database mode. you can either issue the apply command or exit out of VLAN database mode. Issue these commands in order to perform the VLAN configuration in global configuration mode: Switch(config)#vlan 3 Switch(config−vlan)#exit Switch(config)# 4..Switch(vlan)# 3. Current configuration : 2975 bytes ! version 12.. Note: For the configuration to take effect. Issue the vlan vlan_number command in order to configure a VLAN. Issue the exit command in order to exit out of VLAN database mode. Switch(vlan)#vlan 2 VLAN 2 added: Name: VLAN0002 Switch(vlan)#apply APPLY completed. Issue the show run command in order to view VLANs that are numbered higher than 1005 in the running configuration.

VLAN 1 becomes the native VLAN by default. among other problems. the switchport trunk native vlan command can be useful. In CatOS. By default. and 4500 Series Switches. you cannot assign the interface to a VLAN. if the interface is in Layer 3 mode.1Q header is not added when data are sent on the native VLAN. Switch#show interface gigabitethernet 3/1 switchport Name: Gi3/1 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (VLAN0002) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Administrative private−vlan host−association: none Administrative private−vlan mapping: none Administrative private−vlan trunk native VLAN: none Administrative private−vlan trunk encapsulation: dot1q Administrative private−vlan trunk normal VLANs: none Administrative private−vlan trunk private VLANs: none Operational private−vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2−1001 Capture Mode Disabled Capture VLANs Allowed: ALL Voice VLAN: none (Inactive) Appliance trust: none If the port is set up as a trunk. A mismatch in native VLANs can cause inter−VLAN routing issues. Note: If the interface is configured as a Layer 3 interface. The native VLAN is the VLAN that is used if the interface is to become a Layer 2 interface. The interfaces are Layer 3 interfaces on Catalyst 6500/6000 Series Switches. 3750. In order to associate the ports to VLANs in Cisco IOS Software. the port becomes active if it senses the presence of a physical link. which means that the no switchport command is configured. unlike in CatOS−based switches. which is a port that can carry more than one VLAN. . If you do not explicitly define a native VLAN. You must issue this command before you assign an interface to a VLAN. You can configure the interface as a Layer 2 interface with the switchport command in interface configuration mode. Be aware that an IEEE 802. The command to assign an interface to a VLAN is switchport access vlan vlan_number . The command is useful if the native VLAN of the interface has been changed or needs to be changed from its defaults. this minimum configuration is required: Switch(config)#interface gigabitethernet 3/1 Switch(config−if)#switchport !−−− This command is required if the interface is in Layer 3 mode. Switch(config−if)#switchport access vlan 2 Switch(config−if)#no shutdown Issue the show interface gigabitethernet module/interface switchport command in order to check the Layer 2 interface status. Ensure that the trunk ports on both of the connected devices have the same native VLAN.In Cisco IOS Software. Cisco IOS Software interfaces are Layer 2 interfaces on Catalyst 3550. interfaces are in the shutdown state by default.

This message appears when the native VLAN is mismatched on the two Cisco switches: %CDP−4−NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEhernet1/1 (2).1q trunking 2 Port Vlans allowed on trunk Gi3/1 1−4094 Port Vlans allowed and active in management domain Gi3/1 1−4.3000 Port Vlans in spanning tree forwarding state and not pruned Gi3/1 none Assign Multiple Ports to a Single VLAN You can assign the multiple interfaces on a switch to a single VLAN. issue the switchport trunk native vlan vlan_number command. The interface range command is supported in Cisco IOS Software Release 12. 4.2000. issue the no vlan vlan_number command in either VLAN database mode or global configuration mode. Issue these commands: 1. This example uses the VLAN database mode to remove . but the neighboring switch has native VLAN 1. In order to change the native VLAN on the interface that is trunking. Issue the show interfaces module/interface trunk command in order to see the native VLAN. and trunking VLAN information. 2. Switch#show interfaces gigabitethernet 3/1 trunk Port Mode Encapsulation Status Native vlan Gi3/1 on 802. Remove VLANs In order to remove a VLAN from the VLAN database. Switch(config)#interface range fastethernet [mod/slot − mod/slot] Switch(config−if−range)#switchport access vlan vlan_number Switch(config−if−range)#switchport mode access Switch(config−if−range)#no shut Note: The interface range command is not supported in all software releases.1(13)EW and later. native VLAN is set to VLAN 1. the native VLAN is VLAN 2 on one of the switches. 3.2000.1q trunking 1 Port Vlans allowed on trunk Gi3/1 1−4094 Port Vlans allowed and active in management domain Gi3/1 1−4. Switch(config)#interface gigabitethernet 3/1 Switch(config−if)#switchport trunk native vlan 2 Issue this command in order to verify: Switch#show interfaces gigabitethernet 3/1 trunk Port Mode Encapsulation Status Native vlan Gi3/1 on 802. encapsulation. with D−R3550−9B GigabitEthernet0/1 (1) In this example message.3000 Port Vlans in spanning tree forwarding state and not pruned Gi3/1 none If you use the default configuration.

Switch#vlan database Switch(vlan)#no vlan 2 Deleting VLAN 2. you can issue the show vlan command in order to verify the deletion of the VLAN.VLAN 2. There are two scenarios for when you try to isolate two VLANs. However. This example uses VLAN database mode to rename VLAN 3: Switch#vlan database Switch(vlan)#vlan 3 Switch(vlan)#name CISCO Switch(vlan)#apply APPLY completed. . issue the show vlan brief or show vlan−switch brief command. Rename VLANs In order to rename a VLAN from the VLAN database. This example uses global configuration mode to rename the VLAN 3: Switch#conf t Enter configuration commands. The global configuration mode does not log any message on the console that indicates the deletion of the VLAN... How to Isolate the Communiation Between Two VLANs This section does not discuss private VLANs. Private VLANs provide Layer 2 isolation between ports within the same private VLAN (isolated VLAN) or between the private VLANs (community VLANs). switch#show vlan brief VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−− 3 CISCO active Fa0/3 Note: When you rename the VLAN. it is not necessary to remove the VLAN assigned to the port using the switchport access vlan vlan_number command. issue the name vlan_name command in either VLAN database mode or global configuration mode. Switch(vlan)#vlan 3 Switch(vlan)#name CISCO End with CNTL/Z. In order to verify. one per line. Switch(vlan)#apply APPLY completed.

ACLs are implemented to deny traffic so that VLAN 1 and VLAN 2 cannot communicate with VLAN 5 and so that VLAN 5 does not communicate either . In Layer 3 switches. This section shows an example of how to isolate the communication between a newly created Layer 3 VLAN and an older VLAN. Hosts in the different Layer 2 VLANs cannot communicate with each other. Make sure the VLAN is created in the vlan database. 2. You can use ACLs to deny communication between the VLANs. VLAN 2 and VLAN 5 are Layer 3 VLANs. Switch(config)#interface fastEthernet 2/1 Switch(config−if)#switchport mode access Switch(config−if)#switchport access vlan 5 Switch(config−if)#no shut witch(config)#interface fastEthernet 2/2 Switch(config−if)#switchport mode access Switch(config−if)#switchport access vlan 6 Switch(config−if)#no shut 5. Exiting.. Devices that belong to one VLAN do not reach anything else but devices within the same VLAN. Switch(vlan)#vlan 5 VLAN 5 added: Name: VLAN0005 Switch(vlan)#vlan 6 VLAN 6 added: Name: VLAN0006 Switch(vlan)#exit APPLY completed. the 3750 switch has two old VLANs (VLAN 1 and VLAN 2). Complete these steps in order to create a Layer 2 VLAN and isolate it from older VLANs: 1. VLAN 1. Switch#vlan database !−−− You must enter into VLAN database mode in order to !−−− configure any VLAN. The new VLAN must appear in the output of the show vlan command. the VLAN becomes a Layer 3 VLAN. This causes hosts on the ports fa 2/1 and 2/2 to not communicate with each other. 3. Isolation Between Two Layer 3 VLANs When you create a VLAN and assign an IP address with the interface vlan <vlan_number> command. Create the new VLAN in the database.• Layer 2 VLANs • Layer 3 VLANs Isolation Between Two Layer 2 VLANs A Layer 2 VLAN is the VLAN created in the switch and not configured with the interface vlan <vlan_number> command.. The newly created VLAN is VLAN 5. 4. the configuration changes are applied. Do not set an IP address to the newly created VLANs. In this example.. When you exit vlan database mode. the hosts between the two VLANs can communicate with each other (if the hosts are configured with the default gateway as the VLAN interface IP address). Assign to each host a static IP address. and do not set a default gateway. Configure physical interfaces that connect the clients to the corresponding VLAN. subnet mask.

168.255 any ♦ This access list denies traffic that comes from VLAN 2 to get to VLAN 5.255 172.0.255 Switch(config)#access−list 101 permit ip 10.0 /24 1.0 0.168.255 192.1.0 0. Switch#configure terminal Switch(config)#access−list 105 deny ip 192.10.168.255 192. Switch#configure terminal Switch(config)#interface vlan 1 .0.168.0.1.1.255 any And once they are configured.with VLAN 1 or VLAN 2..0. Configure physical interfaces that connect the clients to the corresponding VLAN.10.0.0 0. interface VLAN 2 and interface VLAN 5. • VLAN 1 − 10.0 /24 • VLAN 5 − 192.0 Switch(config)#access−list 102 permit ip 172.0 /24 • VLAN 2 − 172.0.0.255 10. Switch(config)#interface vlan 5 Switch(config−if)#ip address 192.0 Switch(config)#access−list 105 permit ip 192.1. Switch#configure terminal Switch(config)#access−list 102 deny ip 172. Make sure the VLAN is created in the vlan database. Switch#configure terminal Switch(config)#access−list 101 deny ip 10.168.0.16.10.0. Set an IP address for the newly created VLAN.0 0.1 255.0 0.0 0.1.0.0. 2.1.0 Switch(config)#access−list 105 deny ip 192. Switch(vlan)#vlan 5 VLAN 5 added: Name: VLAN0005 Switch(vlan)#exit APPLY completed. ♦ This access list denies traffic that comes from VLAN 1 to get to VLAN 5.168.0 0...0.10.0.10. 3.255 any ♦ This access list denies traffic that comes from VLAN 5 to get to VLAN 1 and VLAN 2. Check the output of the show vlan command.1.0.0 0. one for each VLAN.1.1. Switch(config)#interface fastEthernet 2/1 Switch(config−if)#switchport mode access Switch(config−if)#switchport access vlan 5 Switch(config−if)#no shut You need to configure three access−lists.1.10.16. the configuration changes are applied.10.0.168.0. Exiting.1.0 Switch(config)#no shut 4. apply the access lists to interface VLAN 1.10.255. !−−− Some of the commands in this output are wrapped !−−− to a second line due to spatial reasons. When you exit vlan database mode. Switch#vlan database !−−− You must enter into VLAN database mode !−−− in order to configure any VLAN.16.0 0.0. Create the new VLAN in the database.255.0 0. In this case the new VLAN is VLAN 5.0 0.0.0.16.

Create the VLAN in configuration mode: Switch(config)#vlan 1311 Notice Switch(config−vlan)#exit 6. Issue the show vlan command in order to check the VLAN information. 3. Enter the vtp mode transparent command in configuration mode: Switch(config)#vtp mode transparent 5. Enter the spanning−tree extend system−id command in configuration mode: Switch(config)#spanning−tree extended system−id 4. Enter configuration mode: Switch#configure terminal Enter configuration commands. you need to enter the spanning−tree extend system−id command. Then the extended VLAN must be created in the configuration mode and not from the vlan database mode. Exit configuration mode: Switch(config)#exit 7.Switch(config−if)#ip access−group 101 in Switch(config−if)#exit Switch#configure terminal Switch(config)#interface vlan 2 Switch(config−if)#ip access−group 102 in Switch(config−if)#exit Switch#configure terminal Switch(config)#interface vlan 5 Switch(config−if)#ip access−group 105 in Switch(config−if)#end How to Configure Extended Range VLANs in a Catalyst 6500 Series Switch In order to configure extended VLANs on the Catalyst 6500 Series Switches running Cisco IOS. Gi4/10 act/unsup act/unsup act/unsup act/unsup active BrdgMode Trans1 Trans2 Parent RingNo BridgeNo Stp . Switch(config)# End with CNTL/Z. Console into the switch: Switch>enable Switch# 2. Complete these steps in order to create extended VLANs on the Catalyst 6500 Series Switches that run Cisco IOS: 1. one per line. Switch#show vlan VLAN Name −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default 101 VLAN0101 1002 fddi−default 1003 token−ring−default 1004 fddinet−default 1005 trnet−default 1311 VLAN1311 VLAN Type SAID MTU Status Ports −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− active active Gi4/8.

When an SVI is created. In order for the SVI to be fully active. the VLAN database is not copied.−−−− 1 101 1002 1003 1004 1005 1311 −−−−− enet enet fddi tr fdnet trnet enet −−−−−−−−−− 100001 100101 101002 101003 101004 101005 101311 −−−−− 1500 1500 1500 1500 1500 1500 1500 −−−−−− − − − − − − − −−−−−− − − − − − − − −−−−−−−− − − − − − − − −−−− − − − − ieee ibm − −−−−−−−− − − − − − − − −−−−−− 0 0 0 0 0 0 0 −−−−−− 0 0 0 0 0 0 0 Troubleshooting Tips This section provides troubleshooting tips for common problems that you can encounter during the creation of VLANs on Catalyst switches that run Cisco IOS Software. instead of an external router. a VLAN must be created in VLAN database mode or (in later Cisco IOS Software releases) in global configuration mode. This is because CatOS and Cisco IOS have some different default values for translation bridge VLAN. When you try to create any VLAN after this. you can use the switch itself for interVLAN routing. SVI interfaces show as UP/DOWN in the show ip interface brief command output when the configuration is applied to the switch. On switches that run Cisco IOS Software. Troubleshoot Inconsistent TLB Value Error on IOS Switches The inconsistent translational bridging (TLB) value error occurs when you create a VLAN on a Cisco IOS switch that recently received a VTP update from a CatOS switch or which was converted from CatOS. it does not automatically create a VLAN in the Layer 2 database. If you copy the configuration from another switch.dat). as the procedure in the Create VLANs and Ports section of this document shows. or you must recreate the VLANs. it generates this error message: . with an active device connected to the port. Ensure that all previous VLANs that were created in VLAN database mode or global configuration mode still exist after the configuration is copied to the switch. which means that it is administratively up and line protocol is up. You must also replace the VLAN database file (vlan. make sure to have at least one port as a member of that VLAN. The factory default translation bridge VLANs in Cisco IOS switches are: Vlan ID −−−−−−−− 1 1002 1003 tb1 −−−−− 1002 1 1 tb2 −−−−− 1003 1003 1002 A Cisco IOS switch that recently received a VTP update from a CatOS switch or which was converted from CatOS overwrites the default tb values. The translation bridge (tb) VLANs for VLAN 1. Verify There is currently no verification procedure available for this configuration. This same issue applies when you copy configurations from a different switch or restore configurations with VLANs that were created in VLAN database mode. 1002 and 1003 are different in CatOS and are 0 by default . If the Layer 2 VLAN is not created on the switch. In order for an SVI to come up. Translational VLANs translate Fiber Distributed Data Interface (FDDI) or Token Ring to Ethernet.

1002 and 1003 to match the CatOS values.. switch#vlan data switch(vlan)#no vlan 1002 tb−vlan1 tb−vlan2 switch(vlan)#no vlan 1003 tb−vlan1 tb−vlan2 switch(vlan)#apply APPLY completed. Fa0/3. the VLAN information is on a separate file named vlan. switch(vlan)#exit APPLY completed.dat file is deleted accidently and the switch gets reloaded. Recover the vlan. If the switch is in VTP Client mode.dat File on IOS Switches For Cisco Catalyst Switches that run Cisco IOS software. Fa0/6.dat. all the VLANs that were available on the switch are lost. Issue the show vlan command in order to confirm the availability of VLAN information. Fa0/4 Fa0/5. Fa0/11. .. Complete these steps in order to recover the vlan. make any modifications to the VLAN database. Fa0/7.Exiting. Fa0/8 Fa0/10. Switch#show vlan VLAN Name Status Ports −−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1 default active Fa0/1. If the vlan. Fa0/12. Until the switch is reloaded.dat file: 1.VLAN 1002 TLB 1 VLAN 1 has inconsistent TLB values (0 / 0) As a workaround for this issue. Switch#configure terminal Enter configuration commands. Gi0/1 Gi0/2 10 VLAN0010 active 11 VLAN0011 active 20 VLAN0020 active 21 VLAN0021 active 30 VLAN0030 active 31 VLAN0031 active 40 VLAN0040 active 41 VLAN0041 active 50 Vlan50 active 100 100thVLAN active 2. Switch(config)#vlan 50 Switch(config−vlan)#name 50thVLAN Switch(config−vlan)#end Switch# End with CNTL/Z. ♦ Modify the properties of any existing VLAN. change the Cisco IOS switch tb default values for VLAN 1.. the VLAN information is present in the switch. If the switch is in VTP Server or Transparent mode. ♦ Delete any VLAN. Fa0/2. Modifications to the VLAN database can be any of these: ♦ Create any VLAN. one per line. make modifications to the VLAN database at any VTP Server of the same domain.

bin vlan. On trunk ports. The internal VLAN allocation policy is applied only after a reload.dat file. In order to display the VLANs used internally.121−19. use internal VLANs in the extended range. If you configure VLANs 1006−1024.Once any change has been done to the VLAN database.text html c2950−i6q4l2−mz. You can configure ascending internal VLAN allocation (from 1006 and up) or descending internal VLAN allocation (from 4094 and down). issue the show vlan internal usage command. If a device reload is not an option. Error 2 %Failed to commit extended VLAN(s) changes . 3. you can translate one VLAN number to another VLAN number.text c2950−i6q4l2−mz. Refer to the Configuring VLAN Translation section of Configuring VLANs for more information. Note: Switches that run Catalyst product family software do not support the configuration of VLANs 1006−1024. Layer 3 LAN ports.121−22. Issue the show flash: command in order to verify the creation of the vlan. which transfers all traffic received in one VLAN to the other VLAN.dat file. Switch#show flash: Directory of flash:/ 2 3 4 16 6 7 −rwx −rwx −rwx −rwx drwx −rwx 5 2980487 1156 1014 4096 3121383 Mar Mar Mar Mar Mar Mar 01 02 01 01 02 02 1993 1993 1993 1993 1993 1993 00:04:47 06:08:14 01:51:27 00:04:47 03:49:26 03:47:52 private−config. Switch(config)#end Switch#reload Caution: You do not need to issue the reload command immediately. ensure that the VLANs do not extend to any switches that run Catalyst product family software.bin 7741440 bytes total (65536 bytes free) Failed to Create VLANs in Extended Range Error 1 % Failed to create VLANs [dec] VLAN(s) not available in Port Manager. WAN interfaces and subinterfaces.dat config. you can use VLAN Translation. such as RSPAN. Switch(config)#vlan internal allocation policy {ascending | descending} !−−− Enter the ascending keyword to allocate internal VLANs from 1006 and up. the switch automatically creates the vlan. You cannot use an extended range VLAN that is allocated for internal use. !−−− Enter the descending keyword to allocate internal VLAN from 4094 and down.EA1a. and some software features. Issue the reload command during a planned maintenance window. as a workaround.EA9.

vlan. Switch(config)#end Switch# End with CNTL/Z.dat file.dat file into the device's NVRAM from a TFTP server or an external PCMCIA card. complete this step: Copy the vlan. In order to perform a complete backup of your configuration. In Cisco Catalyst 6500/6000 Series Switches. Copy the vlan.dat is empty (0). Similarily for Catalyst 4500/4000 Switches.dat file from the device's NVRAM to a TFTP server or an external PCMCIA card.dat file resides in non−volatile memory. as vlan.dat is read only during the booting process. The VLAN configuration is stored in the vlan. If the values do not match. copy const_nvram:vlan. Backup and Restore of vlan. Reload the switch. it is cat4000_flash:.dat file. complete these steps: 1. VLAN Creation Fails with VLAN 1003 parent VLAN missing Error Message Switch#conf t Enter configuration commands.dat tftp: Note: The memory location where the vlan. the problem is that the new VLAN created in the VTP server switch does not propagate to the VTP client . Refer to the respective product documentation before issuing the copy command.dat file and the configuration file in order to restore the complete configuration. On bootup.dat file is stored varies from device to device. When the Supervisor module is replaced. Make sure that the device (Switch or Router) is in Transparent mode when you create extended range VLANs. The network administrator must upload both the vlan.dat on Cisco IOS Switches In order to backup the vlan. Failed to Configure VLAN from Startup−Config SW−VLAN−4−BAD−STARTUP−VLAN−CONFIG−FILE: Failed to configure VLAN from startup−config. The vlan. the vlan. it is const_nvram:. Fallback to use VLAN configuration file from non−volatile memory This message indicates that the VLAN software failed to use the VLAN configuration from the startup configuration file. A misconfiguration on a switch can cause the configuration updates of the VTP to fail. one per line.dat file must be included in the backup with the configuration.dat file.You might receive this message when you are trying to create Extended VLANs in Server or Client mode of VTP. the switch uses the configuration in the vlan. In order to restore the vlan. Switch(config)#vlan 102 Switch(config−vlan)#name marketing Switch(config−vlan)#exit VLAN 1003 parent VLAN missing APPLY VLAN changes failed. the switch compares the VTP domain name and VTP mode in the startup configuration file and the vlan. In most cases. Refer to the VLAN Trunking Protocol Guidelines section of Extended VLAN ID for more information.dat file. copy tftp: const_nvram: 2.dat.

• Verify that the VTP password is exactly the same on all the switches in the domain. All rights reserved. it must be configured on all switches in the domain and the password must be the same. • Verify that the VTP domain name is exactly the same on the appropriate switches. Verify the VTP version that runs on a switch. the workaround is to force a VTP convergence by the creation. Inc. Release 12.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router • Cisco IOS Desktop Switching Command Reference. then the removal of a dummy VLAN on the VTP server. In case of a VTP convergence issue. A VTP version 2 capable network device can operate with a network device that runs VTP version 1. The VTP updates are only exchanged between switches in the same VTP domain.5 • Understanding VLAN Trunk Protocol (VTP) • LAN Product Support • LAN Switching Technology Support • Technical Support & Documentation − Cisco Systems Contacts & Feedback | Help | Site Map © 2008 − 2009 Cisco Systems.0(5)XU • Index − Catalyst 6500 Series Command Reference. where a VTP client does not update the VLAN information. Updated: Jul 09. because VTP updates are only exchanged over trunk links. VTP version 1 and VTP version 2 are not interoperable on the network devices in the same VTP domain. A common cause for this issue is a VTP version mismatch between the switches in a VTP domain. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco Systems. 2007 Document ID: 10023 .switches. provided that VTP version 2 is disabled on the VTP version 2 capable network device. VTP version 2 is disabled by default. which creates host connectivity issues. Every network device in the VTP domain must use the same VTP version. If VTP version 2 is enabled. disable it in order to resolve this issue. Verify if the switch is configured properly for other VTP parameters: • Verify that the switches are connected through trunk links. Inc. Related Information • Configuring InterVLAN Routing Using an Internal Router (Layer 3 Card) on Catalyst 5500/5000 and 6500/6000 Switches That Run CatOS System Software • Configuring InterVLAN Routing and ISL/802. This increments the revision number and forces all VTP clients to update their VLAN database. The password is case sensitive. If a password is configured. The name is case sensitive. 5.