Configuring VLANs on a Cisco switch is a fundamental skill for the CCNA exam and for real-world networking. This post covers an objective for Cisco’s CCNA 200-301 certification. A VLAN is a virtual LAN, a separate broadcast domain on the switch allowing devices configured on the same VLAN to communicate with each other.

A VLAN is used to segment devices on their own layer 2 broadcast domain. Usually, a VLAN will be tied to a layer 3 network but we’ll leave that for a future discussion.

Devices on different VLANs cannot communicate with a device on another VLAN without some routing configuration. But we will focus on layer 2 switching here.

A VLAN is defined on the Cisco switch and then configured on a switch port. This is also considered tagging from other vendors.

Defining a VLAN

The first step to configuring a VLAN is to define it on the switch. We create a VLAN in configuration mode with the vlan statement followed by a VLAN number. In the VLAN configuration mode, we can name the VLAN to whatever we like.

To verify if the VLAN has been configured, we issue show vlan to see the output of the VLAN database which contains all our VLAN configuration.

netsw-01#config t
Enter configuration commands, one per line. End with CNTL/Z.
netsw-01(config)#vlan 100
netsw-01(config-vlan)#name MANAGEMENT
netsw-01(config-vlan)#end
netsw-01#show vlan

VLAN Name Status Ports
-- – – ---------------------------- – – ----- – – -----------------------------
1 default active Gi1/0/11, Gi1/0/13, Te1/0/1, Te1/0/2
100 MANAGEMENT active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup


VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
-- – – - – – ------ – – - – – -- – – -- – – ---- – –  – – ---- – – -- – – ----
1    enet  100001     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
-- – – - – – ------ – – - – – -- – – -- – – ---- – –  – – ---- – – -- – – ----
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
----- – – ----- – – ------------- – – ----------------------------------------

Configuring a Data VLAN On An Access Port

The next step is to add the VLAN to an access port.

netsw-01(config)#interface g1/0/1
netsw-01(config-if)#switchport access vlan 100
netsw-01(config-if)#switchport mode access

switchport access vlan <vlan-number> configures the access port on the corresponding VLAN.

Then we make the switch port configured for access mode with the interface command, switchport mode access. In this mode, the switch port will only be configured to use the VLAN that is assigned.

Configuring a Voice VLAN On An Access Port

Defining a voice VLAN just requires a small change in the command syntax. First, the voice VLAN must be defined as we have above. When a Cisco phone connects to this port, it will use the voice VLAN.

netsw-01#config t
Enter configuration commands, one per line.  End with CNTL/Z.
netsw-01(config)#vlan 101
netsw-01(config-vlan)#name VOIP_NET
netsw-01(config-vlan)#exit

netsw-01(config)#int g1/0/1
netsw-01(config-if)#switchport voice vlan 101
netsw-01(config-if)#end

Verifying VLAN Configuration

It’s always worth verifying the configuration is correct. After configuring a VLAN, a simple command will show the contents of the VLAN database, show vlan brief. You’ll also see which access ports have the VLAN assigned to it. Note that trunk ports will not be listed here.

netsw-01#show vlan brief

VLAN Name                             Status    Ports
-- – – ---------------------------- – – ----- – – -----------------------------
1    default                          active    Gi1/0/11, Gi1/0/13, Te1/0/1, Te1/0/2
100  MANAGEMENT                       active    Gi1/0/9
101  VOIP_NET                         active    Gi1/0/9

When it comes to individual access port configuration, we can show the running configuration for the interface with show run interface <interface>. Two things to remember, the switch port needs to have switchport mode access configured and the VLAN configuration with switchport access vlan <vlan-number>.

netsw-01#sh run interface g1/0/1
Building configuration...
!
interface GigabitEthernet1/0/1
 switchport access vlan 100
 switchport mode access
 switchport voice vlan 101
 spanning-tree portfast edge
end

Another method to verify if a device is on the correct VLAN is to issue show mac-address table interface g1/0/1.

The output will display the connected MAC address of the device on the switch port and to which VLAN it is seen on. 

netsw-01#show mac address-table interface g1/0/1
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    – ------- –       – ---- –    – ---
 100    5254.0000.0005    DYNAMIC     Gi1/0/1
Total Mac Addresses for this criterion: 1

Takeaway

As part of the Cisco CCNA 200-301 certification, an understanding of the VLAN configuration of a switch port is required. The above text is an overview of configuring a VLAN on a Cisco switch, configuring an access port to a single VLAN in access mode, and then verification of operation with different show commands.