Setting up Virtual Local Area Networks (VLANs) - dummies

Setting up Virtual Local Area Networks (VLANs)

By Edward Tetz

To create a Virtual Local Area Network (VLAN) on your switch, you can type only one command in Global Configuration mode: set vlan VID, which puts the switch into VLAN Configuration mode. However, typically you type a second command, the name command, for clarity while in VLAN Configuration mode. That is all you need to do to create a new VLAN. The bigger part of the job includes ensuring that it is available on all the other switches and assigning ports on the switches to VLAN. The following code creates a test VLAN with an ID of 20:

Switch1#configure terminal
Switch1(config)#set vlan 20
Switch1(config-vlan)#name Test_VLAN

Now that you have created this VLAN, you can use it as a management interface for this switch. To use it as a management interface, you assign an IP address to the network interface, as opposed to the VLAN interface. You do so with the interface command, which you will use to configure a router interface with an IP address.

Switch1#configure terminal
Switch1(config)#interface vlan 20
Switch1(config-if)#description Test VLAN
Switch1(config-if)#ip address

Using a computer connected to a port on the switch and configured for the same VLAN, you can attempt to ping this address ( You should find that you could not access the address because the VLAN interface is not enabled. Showing the running configuration sheds light on the issue. Here is the issue and the corrective action:

Switch1#show running-config interface vlan 6
Building configuration...
Current configuration : 113 bytes
interface Vlan20
 description Test VLAN
 ip address
 no ip route-cache
Switch1#configure terminal
Switch1(config)#int vlan 20
Switch1(config-if)#no shutdown
1w4d: %LINK-3-UPDOWN: Interface Vlan20, changed state to up
1w4d: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down

This code brings up VLAN 20 as the management VLAN, but look what happened to VLAN 1, which was the previous management VLAN — it is now disabled. Unlike routing interfaces, which allow multiple interfaces to be up and running, in this case, you are looking at just the management VLAN, and there can only be one. So as you enable another VLAN as the management VLAN, the existing management interface and VLAN are disabled. If you really want to, or need to, use VLAN 1 for your management VLAN, you must issue the no shutdown command for interface vlan 1.

The last step in this exercise is to assign other ports to the VLAN. Here are two common ways:

  • Dynamic Assignment with RADIUS Server: A complicated process of storing MAC addresses in a RADIUS server and passing VLAN assignments back to a switch with a computer attached.

  • Port-based assignments: The most common method for VLAN assignments are port-based assignments. If you connect a device to a specific port on a switch, it will be associated with a specific VLAN. If you plug it into the incorrect port, it will be associated with an incorrect VLAN.