This post will deal with configuring Layer 2 VLANs on Cisco switches. Up to 4094 VLANs can be configured on Cisco catalyst switches. By default, only VLAN 1 is configured on the switch, so if you connect hosts on an out-of-the-box switch they all belong to the same Layer 2 broadcast domain.
The need to configure several Layer 2 VLANs on a switch arises from the need to segment an internal Local Area Network (LAN) into different IP subnetworks. If you want for example to separate the different departments of your enterprise into different IP subnetworks, then each department should belong to its own Layer 2 VLAN.
For example, let’s assume the following scenario:
- Accounting Department: IP Subnet 192.168.2.0/24 –> VLAN 2
- Management Department: IP Subnet 192.168.3.0/24 –> VLAN 3
- Engineering Department: IP Subnet 192.168.4.0/24 –> VLAN 4
By separating the internal LAN into different IP subnets (and thus different VLANs) allows the network administrators to enforce traffic restrictions if needed between departments and have better control of internal hosts.
VLAN assignment on a switch is configured on a per-interface basis. That is, each switch port interface is assigned individually into a Layer 2 VLAN. If you have more than one switch connected and you want the same VLANs to belong across all switches, then a "Trunk Port" must be configured between the switches. The Trunk Port passes all VLANs between the switches.
Let’s see the following network scenario to help us clarify some concepts.
On the LAN network above, we have three VLANs. VLAN 2,3, and 4. VLAN 4 belongs both to SWITCH 1 and SWITCH 2, therefore we need a Trunk Port between the two switches in order for hosts in VLAN4 in Switch 1 to be able to communicate with hosts in VLAN4 in Switch 2.
The ports of the two switches shall be configured as following:
SWITCH 1:
Fe0/1 – Fe0/2 –> VLAN 2 (Accounting)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port
Fe0/1 – Fe0/2 –> VLAN 2 (Accounting)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port
SWITCH 2:
Fe0/1 – Fe0/2 –> VLAN 3 (Management)
Fe0/10 – Fe0/11 –> VLAN 4 (Engineering)
Fe0/24 –> Trunk Port
***********************************************
Configuration:
***********************************************
Switch 1 Configuration:
! Create VLANs 2 and 4 in the switch database
Switch1# configure terminal
Switch1(config)# vlan 2
Switch1(config-vlan)# name Accounting
Switch1(config-vlan)# end
! Create VLANs 2 and 4 in the switch database
Switch1# configure terminal
Switch1(config)# vlan 2
Switch1(config-vlan)# name Accounting
Switch1(config-vlan)# end
Switch1(config)# vlan 4
Switch1(config-vlan)# name Engineering
Switch1(config-vlan)# end
Switch1(config-vlan)# name Engineering
Switch1(config-vlan)# end
! Assign Ports Fe0/1 and Fe0/2 in VLAN 2
Switch1(config)# interface fastethernet0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/2
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/2
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 2
Switch1(config-if)# end
! Assign Ports Fe0/10 and Fe0/11 in VLAN 4
Switch1(config)# interface fastethernet0/10
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/11
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/10
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/11
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 4
Switch1(config-if)# end
! Create Trunk Port Fe0/24
Switch1(config)# interface fastethernet0/24
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# end
Switch1(config)# interface fastethernet0/24
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# end
Switch 2 Configuration:
! Create VLANs 3 and 4 in the switch database
Switch2# configure terminal
Switch2(config)# vlan 3
Switch2(config-vlan)# name Management
Switch2(config-vlan)# end
! Create VLANs 3 and 4 in the switch database
Switch2# configure terminal
Switch2(config)# vlan 3
Switch2(config-vlan)# name Management
Switch2(config-vlan)# end
Switch2(config)# vlan 4
Switch2(config-vlan)# name Engineering
Switch2(config-vlan)# end
Switch2(config-vlan)# name Engineering
Switch2(config-vlan)# end
! Assign Ports Fe0/1 and Fe0/2 in VLAN 3
Switch2(config)# interface fastethernet0/1
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/2
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/1
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/2
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 3
Switch2(config-if)# end
! Assign Ports Fe0/10 and Fe0/11 in VLAN 4
Switch2(config)# interface fastethernet0/10
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/11
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/10
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end
Switch2(config)# interface fastethernet0/11
Switch2(config-if)# switchport mode access
Switch2(config-if)# switchport access vlan 4
Switch2(config-if)# end
! Create Trunk Port Fe0/24
Switch2(config)# interface fastethernet0/24
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk encapsulation dot1q
Switch2(config-if)# end
No comments:
Post a Comment