By J in Cisco — 23 Dec 2024

Master Cisco VLAN Configuration: Step-by-Step Guide

Introduction

In this lesson, I will explain how to configure, manage, and troubleshoot VLANs (Virtual Local Area Networks) on Cisco switches. VLANs are fundamental to network segmentation and security, allowing you to create logical network boundaries within a physical switch infrastructure.

Lesson Objectives

After completing this lesson, you will be able to:

Create and manage VLANs on Cisco switches
Configure access and trunk ports
Verify VLAN configurations
Troubleshoot common VLAN issues
Implement VLAN best practices

Prerequisites

Basic understanding of switching concepts
Access to a Cisco switch (physical or virtual)
Knowledge of basic Cisco IOS commands
Familiarity with Ethernet networking concepts

Core Lesson Content

Part 1: VLAN Basics and Creation

Explanation

VLANs allow you to segment your network logically without requiring separate physical switches. Each VLAN represents a broadcast domain, and devices in different VLANs cannot communicate directly without routing.

Creating VLANs

Switch> enable
Switch# configure terminal
Switch(config)# vlan 10
Switch(config-vlan)# name SALES
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name ENGINEERING
Switch(config-vlan)# exit

Understanding the Output

The vlan command creates a new VLAN with the specified ID
Valid VLAN IDs range from 1-4094 (1, 1002-1005 are reserved)
The name command is optional but recommended for management

Key Points to Check

VLAN status (active/suspended)
VLAN name configuration
Available VLAN IDs
VLAN database consistency

Part 2: Port Configuration

Access Ports

Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# no shutdown

Trunk Ports

Switch(config)# interface gigabitethernet 0/2
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# no shutdown

Understanding Port Configuration

Access ports belong to a single VLAN
Trunk ports carry traffic for multiple VLANs
Native VLAN is untagged on trunk ports
Use allowed vlan to restrict VLAN traffic on trunks

Part 3: VLAN Verification

Show Commands

Switch# show vlan brief
Switch# show interfaces trunk
Switch# show interfaces status
Switch# show running-config interface gigabitethernet 0/1

Example Output

VLAN Name                             Status    Ports
---- -------------------------------- --------- ------------------------
1    default                          active    Gi0/3, Gi0/4
10   SALES                            active    Gi0/1
20   ENGINEERING                      active

What to Look For

VLAN status should be “active.”
Ports should appear under the correct VLANs
Trunk ports should show the correct encapsulation
Allowed VLANs on trunks should match the design

Common Issues and Solutions

Problem 1: Port in Wrong VLAN

Symptoms:

Devices cannot communicate
The Port shows up in the wrong VLAN

Solution:

Switch# show interfaces gigabitethernet 0/1 switchport
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# switchport access vlan 10

Problem 2: Trunk Negotiation Issues