Setting up Virtual Local Area Networks (VLANs)
To create a Virtual Local Area Network (VLAN) on your switch, you can type only one command in Global Configuration mode: set vlan VID, which puts the switch into VLAN Configuration mode. However, typically you type a second command, the name command, for clarity while in VLAN Configuration mode. That is all you need to do to create a new VLAN. The bigger part of the job includes ensuring that it is available on all the other switches and assigning ports on the switches to VLAN. The following code creates a test VLAN with an ID of 20:
Switch1>enable Switch1#configure terminal Switch1(config)#set vlan 20 Switch1(config-vlan)#name Test_VLAN Switch1(config-vlan)#end
Now that you have created this VLAN, you can use it as a management interface for this switch. To use it as a management interface, you assign an IP address to the network interface, as opposed to the VLAN interface. You do so with the interface command, which you will use to configure a router interface with an IP address.
Switch1>enable Switch1#configure terminal Switch1(config)#interface vlan 20 Switch1(config-if)#description Test VLAN Switch1(config-if)#ip address 192.168.20.1 255.255.255.0 Switch1(config-if)#end
Using a computer connected to a port on the switch and configured for the same VLAN, you can attempt to ping this address (192.168.20.1). You should find that you could not access the address because the VLAN interface is not enabled. Showing the running configuration sheds light on the issue. Here is the issue and the corrective action:
Switch1>enable Switch1#show running-config interface vlan 6 Building configuration... Current configuration : 113 bytes ! interface Vlan20 description Test VLAN ip address 192.168.20.1 255.255.255.0 no ip route-cache shutdown end Switch1#configure terminal Switch1(config)#int vlan 20 Switch1(config-if)#no shutdown Switch1(config-if)# 1w4d: %LINK-3-UPDOWN: Interface Vlan20, changed state to up 1w4d: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down 1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up 1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
This code brings up VLAN 20 as the management VLAN, but look what happened to VLAN 1, which was the previous management VLAN — it is now disabled. Unlike routing interfaces, which allow multiple interfaces to be up and running, in this case, you are looking at just the management VLAN, and there can only be one. So as you enable another VLAN as the management VLAN, the existing management interface and VLAN are disabled. If you really want to, or need to, use VLAN 1 for your management VLAN, you must issue the no shutdown command for interface vlan 1.
The last step in this exercise is to assign other ports to the VLAN. Here are two common ways:
Dynamic Assignment with RADIUS Server: A complicated process of storing MAC addresses in a RADIUS server and passing VLAN assignments back to a switch with a computer attached.
Port-based assignments: The most common method for VLAN assignments are port-based assignments. If you connect a device to a specific port on a switch, it will be associated with a specific VLAN. If you plug it into the incorrect port, it will be associated with an incorrect VLAN.