Configuring port vlan interface settings on a switch via the cli

Cisco has had this document machine translated and edited and corrected by a human translator to provide support content in their own language to our users around the world. Please note that even the best machine translation is not as accurate as one done by a professional translator. Cisco Systems, Inc. assumes no liability for the accuracy of these translations and recommends to always refer to the original English document (see provided link).

With a virtual local area network (VLAN), you can logically segment a local area network (LAN) into different broadcast domains. In scenarios where sensitive data may be transmitted on a network, VLANs can be created to increase security by designating a transmission to a specific VLAN. Only users who belong to a VLAN can access and edit the data in that VLAN.

You can configure ports and specify whether the port should be in access or trunk mode, and assign specific ports to VLANs. This article provides instructions for configuring an interface VLAN as an access or trunk port on the switch through the command line interface (CLI).

Introduction

VLAN is a network that is usually segmented by function or application. VLANs behave similarly to physical LANs, but you can group hosts even if they are not physically in the same location. A switch port can belong to a VLAN. Unicast, broadcast and multicast packets are forwarded and sent to ports in the same VLAN.

VLANs can also be used to improve performance by eliminating the need to send broadcasts and multicasts to unnecessary destinations. In addition, network configuration is simplified by logically connecting devices without physically relocating them.

Note: To learn how to configure VLAN settings on your switch using the web-based utility, click here. CLI-based instructions are available here.

The figure below shows an SG350X switch configured with the following VLANs:

  • VLAN1 – This is the default VLAN. The switch is connected to the router via this VLAN. This can be used, but cannot be changed or deleted.
  • VLAN10 – Virtual network for admin department. The network address is 192.168.10.1 with subnet mask 255.255.255.0 or /24.
  • VLAN20 – Virtual network for finance department. The network address is 192.168.20.1 with subnet mask 255.255.255.0 or /24.
  • VLAN30 – Virtual network for the operations department The network address is 192.168.30.1 with subnet mask 255.255.255.0 or /24.

In a larger network, the configured VLANs with interfaces assigned to the switches as access and trunk ports might look like the following:

Port modes are defined as follows:

  • Access Port – Frames received on the interface are considered not to have a VLAN tag and are assigned to the specified VLAN. Access ports are primarily used for hosts and can only carry traffic for a single VLAN.
  • Trunk port – Frames received on the interface are assumed to have VLAN tags. Trunk ports are for connections between switches or other network devices and can carry traffic for multiple VLANs.

Note: By default, all interfaces are in trunk mode, d. h. they can transmit traffic for all VLANs. To learn how to assign a VLAN for the user interface as an access or trunk port through the switch’s web-based utility, click here.

1. Create the VLANs. To learn how to configure the VLAN settings on your switch using the web-based utility, click here. CLI-based instructions are available here.

2. (Optional) Set the desired VLAN-related configuration for ports. For instructions on configuring VLAN interface settings on your switch through the web-based utility, see here. CLI-based instructions are available here.

3. Assign interfaces to VLANs. For instructions on assigning interfaces to VLANs through your switch’s web-based utility, see here.

4. (Optional) Configure VLAN groups on your switch. You can configure the following:

  • Overview of MAC-based VLAN groups: For instructions on configuring MAC-based VLAN groups through a switch’s web-based utility, see here. CLI-based instructions can be found here.
  • Overview of subnet-based VLAN groups: For instructions on configuring subnet-based VLAN groups using a switch’s web-based utility, click here. For CLI-based instructions, click here.
  • Overview of protocol-based VLAN groups: For instructions on configuring protocol-based VLAN groups through a switch’s web-based utility, click here. For CLI-based instructions, click here.

5. (Optional) Configure the TV VLAN settings on your switch. You can configure the following:

  • Access Port Multicast TV VLAN – For instructions on configuring the Access Port Multicast TV VLAN through your switch’s web-based utility, see here.
  • Customer Port Multicast TV VLAN – Instructions for configuring the customer port for multicast TV VLAN through your switch’s web-based utility can be found here.

Applicable devices | Software version

  • Sx300 series | 1.4.7.06 (latest download)
  • Sx350 series | 2.2.8.04 (download last)
  • SG350X series | 2.2.8.04 (download last)
  • Sx500 series | 1.4.7.06 (current download)
  • Sx550X Series | 2.2.8.04 (download last)

Configuring the VLAN interface settings on the switch through the CLI

Configure the interface as an access port and assign it to VLAN

Step 1: Log in to the switch console. The default username and password is cisco/cisco. If you have configured a new user name or password, enter the credentials instead.

Note: The commands may vary depending on the exact switch model. In this example, the SG350X switch is accessed through Telnet.

Step 2: To display the current VLAN on the switch, enter the following:

SG350X# Show-VLAN

Notice: In this example, VLANs 1, 10, 20 and 30 are available without manually assigned ports.

Step 3: In the privileged EXEC mode of the switch, enter the following to enter the global configuration mode:

SG350X# Terminal Configuration

Step 4: In global configuration mode, enter the interface configuration context by typing the following:

SG350X(config)# interface [interface ID | range vlan vlan range]

The following options are available:

  • interface-id – Specifies an interface ID to configure.
  • range vlan vlan-range – Specifies a list of VLANs. Separate non-consecutive VLANs with a comma without a space. Use a hyphen to specify a VLAN range.

Note: In this example, an interface range is entered that covers ports 14 through 24.

Step 5: In the interface configuration context, use the command switchport mode, to configure the VLAN membership mode.

SG350X(config-if-range)# Switchport mode-access

Step 6: Use the command switchport access vlan, to assign the port or port range access ports. On a port in access mode, only one VLAN can be configured for the interface, which can only carry traffic for one VLAN.

SG350X(config-if-range)# switchport access vlan [vlan-id] | [none]

The following options are available:

  • vlan-id: Specifies the VLAN for which the port is configured.
  • none: Specifies that the access port cannot belong to any VLAN.

Note: In this example, the port range is assigned to VLAN 30.

Step 7: (Optional) Enter the following to return the port or port range to the default VLAN:

SG350X(config-if-range)# no switch port access VLAN

Step 8: To exit the interface configuration context, enter the following:

SG350X(config-if-range)# exit

Step 9: (Optional) Repeat steps 4 through 6 to configure additional access ports and assign them to the appropriate VLANs.

Notice: In this example, interface range 26 to 36 is assigned to VLAN 10, while interface range 38 to 48 is assigned to VLAN 20.

SG350X(config-if)# end

Step 10: Enter the command end to return to privileged EXEC mode:

Step 11: (Optional) Enter the following to display the configured ports on the VLANs:

SG350X# Show-VLAN

Note: The configured ports should be displayed according to the assigned VLANs. In this example, interface range 26 to 36 are assigned to VLAN 10, 38 to 48 belong to VLAN 20, and 14 to 24 are configured for VLAN 30.

Step 12: (Optional) In the switch’s privileged EXEC mode, save the configured settings in the startup configuration file by entering the following:

SG350X# copy running-config startup-config

Step 13: (Optional) Press Y for Yes or N For No on your keyboard when the Overwrite file [startup-config] prompt appears. is displayed.

You should now have configured the interfaces on your switch as access ports and assigned them to their associated VLANs.

Configure the interface as a trunk port and assign the interface to the VLAN

Step 1: In the privileged EXEC mode of the switch, enter the following to enter global configuration mode:

SG350X# Terminal Configuration

Step 2: In global configuration mode, enter the interface configuration context by typing the following:

SG350X# Interface [Interface ID | range vlan vlan range]

The following options are available:

  • interface-id – Specifies an interface ID to configure.
  • range vlan vlan-range – Specifies a list of VLANs. Separate non-consecutive VLANs with a comma without a space. Use a hyphen to specify a VLAN range.

Note: In this example, the interface ge1/0/13 is used.

Step 3: In the interface configuration context, use the command switchport mode, To configure the VLAN membership mode.

SG350X(config-if)# switchport mode trunk

Step 4: (Optional) Enter the following to return the port to the default VLAN:

SG350X(config-if)# no switch port mode trunk

Step 5: Use the switchport trunk allowed vlan you can specify which VLANs the port belongs to when its mode is configured as trunk.

SG350X(config-if)#switchport trunk allowed vlan [all] | none | add VLAN list | remove VLAN list | except VLAN list]

The following options are available:

  • all – Specifies all VLANs between 1 and 4094. At any time, the port belongs to all VLANs present at that time.
  • none: Specifies an empty VLAN list. The port does not belong to any VLAN.
  • add vlan list: A list of VLAN IDs to add to the port. Separate non-consecutive VLAN IDs with a comma without a space. Use a hyphen to specify a range of IDs.
  • remove VLAN-list – A list of VLAN IDs to be removed from a port. Separate non-consecutive VLAN IDs with a comma without a space. Use a hyphen to specify a range of IDs.
  • exception vlan-list – List of VLAN IDs with all VLANs from range 1-4094

Notice: In this example, port ge1/0/13 belongs to all VLANs except VLAN 10.

Step 6: To exit the interface configuration context, enter the following:

SG350X(config-if)# exit

Step 7: (Optional) Enter the following to return the port or port range to the default VLAN:

SG350X(config-if)# No switch port trunk allowed VLAN

Step 8: (Optional) Repeat steps 2 through 6 to configure additional trunk ports and assign them to the appropriate VLANs.

Notice: In this example, interface ge1/0/25 belongs to VLAN 10 and not VLAN 20, while interface ge1/0/27 belongs to all VLANs except VLAN 10.

Step 9: Enter the command end to return to privileged EXEC mode:

SG350X(config-if)# end

Step 10: (Optional) Enter the following to display the configured ports on the VLANs:

SG350X# Show-VLAN

Hint: The configured ports should be displayed according to the assigned VLANs. In this example, trunk port gi1/0/25 belongs to VLAN 10, and VLAN 30, gi1/0/13 and gi1/0/37 both belong to VLAN 20 and VLAN 30, respectively.

Step 11: (Optional) In the privileged EXEC mode of the switch, save the configured settings in the startup configuration file by entering the following:

SG350X# copy running-config startup-config

Step 12: (Optional) Press Y for Yes or N for No on your keyboard once the Overwrite file [startup-config] prompt appears. is displayed.

You should now have configured the interfaces on your switch as trunk ports and assigned them to the associated VLANs.

Important: To proceed with configuring the VLAN group settings on your switch, follow the guidelines listed above.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: