Scribd
Upload
15 views

Configuring 802 1q Vlan

Uploaded by

JESUS ROJAS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Configuring 802 1q Vlan

Uploaded by

JESUS ROJAS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Configuring 802.

1Q VLAN

CHAPTERS

1. Overview
2. 802.1Q VLAN Configuration
3. Configuration Example
4. Appendix: Default Parameters
Configuring 802.1Q VLAN Overview

This guide applies to:


T1500G-8T v2 or above, T1500G-10PS v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above,
T1600G-18TS v2 or above, T1600G-28TS v3 or above, T1600G-28PS v3 or above, T1600G-52TS v3 or above,
T1600G-52PS v3 or above, T1700X-16TS v3 or above, T1700G-28TQ v3 or above, T2500G-10TS v2 or above,
T2600G-18TS v2 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or
above, T2600G-52TS v3 or above.

1 Overview
VLAN (Virtual Local Area Network) is a network technique that solves broadcasting issues
in local area networks. It is usually applied in the following occasions:

 To restrict broadcast domain: VLAN technique divides a big local area network into
several VLANs, and all VLAN traffic remains within its VLAN. It reduces the influence of
broadcast traffic in Layer 2 network to the whole network.

 To enhance network security: Devices from different VLANs cannot achieve Layer 2
communication, and thus users can group and isolate devices to enhance network
security.

 For easier management: VLANs group devices logically instead of physically, so devices
in the same VLAN need not be located in the same place. It eases the management of
devices in the same work group but located in different places.

Configuration Guide 1
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

2 802.1Q VLAN Configuration


To complete 802.1Q VLAN configuration, follow these steps:
1) Configure the VLAN, including creating a VLAN and adding the desired ports to the
VLAN.
2) Configure port parameters for 802.1Q VLAN.

Configuration Guide 2
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

2.1 Using the GUI

2.1.1 Configuring the VLAN

Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click
to load the following page.
Figure 2-1 Configuring VLAN

Follow these steps to configure VLAN:


1) Enter a VLAN ID and a description for identification to create a VLAN.

VLAN ID Enter a VLAN ID for identification with the values between 2 and 4094.

VLAN Name Give a VLAN description for identification with up to 16 characters.

2) Select the untagged port(s) and the tagged port(s) respectively to add to the created
VLAN based on the network topology.

Configuration Guide 3
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

Untagged port The selected ports will forward untagged packets in the target VLAN.

Tagged port The selected ports will forward tagged packets in the target VLAN.

3) Click Apply.

2.1.2 Configuring Port Parameters for 802.1Q VLAN

Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > Port Config to load the
following page.
Figure 2-1 Configuring the Port

Select a port and configure the parameters. Click Apply.

PVID Set the default VLAN ID of the port. Valid values are from 1 to 4094. It is used
mainly in the following two ways:

When the port receives an untagged packet, the switch inserts a VLAN tag to the
packet based on the PVID.

Ingress Checking Enable or disable Ingress Checking. With this function enabled, the port will
accept the packet of which the VLAN ID is in the port’s VLAN list and discard
others. With this function disabled, the port will forward the packet directly.

Acceptable Frame Select the acceptable frame type for the port and the port will perform this
Types operation before Ingress Checking.

Admit All: The port will accept both the tagged packets and the untagged
packets.

Tagged Only: The port will accept the tagged packets only.

Configuration Guide 4
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

LAG Displays the LAG (Link Aggregation Group) which the port belongs to.

Details Click the Details button to view the VLANs to which the port belongs.

2.2 Using the CLI

2.2.1 Creating a VLAN

Follow these steps to create a VLAN:

Step 1 configure
Enter global configuration mode.

Step 2 vlan vlan-list


When you enter a new VLAN ID, the switch creates a new VLAN and enters VLAN
configuration mode; when you enter an existing VLAN ID, the switch directly enters VLAN
configuration mode.
vlan-list : Specify the ID or the ID list of the VLAN(s) for configuration. Valid values are from 2
to 4094, for example, 2-3,5.

Step 3 name descript


(Optional) Specify a VLAN description for identification.
descript : The length of the description should be 1 to 16 characters.

Step 4 show vlan [ id vlan-list ]


Show the global information of the specified VLAN(s). When no VLAN is specified, this
command shows global information of all 802.1Q VLANs.
vlan-list : Specify the ID or the ID list of the VLAN(s) to show information. Valid values are
from 1 to 4094.

Step 5 end
Return to privileged EXEC mode.

Step 6 copy running-config startup-config


Save the settings in the configuration file.

The following example shows how to create VLAN 2 and name it as RD :

Switch#configure

Switch(config)#vlan 2

Switch(config-vlan)#name RD

Switch(config-vlan)#show vlan id 2

Configuration Guide 5
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

VLAN Name Status Ports

------- -------- --------- ---------

2 RD active

Switch(config-vlan)#end

Switch#copy running-config startup-config

2.2.2 Adding the Port to the Specified VLAN

Follow these steps to add the port to the specified VLAN:

Step 1 configure
Enter global configuration mode.

Step 2 interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range
gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list |
port-channel port-channel-id | range port-channel port-channel-list }
Enter interface configuration mode.

Step 3 switchport general allowed vlan vlan-list { tagged | untagged }


Add ports to the specified VLAN.
vlan-list: Specify the ID or ID list of the VLAN(s) that the port will be added to. The ID ranges
from 1 to 4094.
tagged | untagged: Select the egress rule for the port.

Step 4 show interface switchport [fastEthernet port | gigabitEthernet port | ten-gigabitEthernet


port | port-channel lag-id ]
Verify the information of the port.

Step 5 end
Return to privileged EXEC mode.

Step 6 copy running-config startup-config


Save the settings in the configuration file.

The following example shows how to add the port 1/0/5 to VLAN 2, and specify its egress
rule as tagged:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/5

Switch(config-if)#switchport general allowed vlan 2 tagged


Switch(config-if)#show interface switchport gigabitEthernet 1/0/5
Port Gi1/0/5:
PVID: 2

Configuration Guide 6
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

Acceptable frame type: All


Ingress Checking: Enable
Member in LAG: N/A
Link Type: General
Member in VLAN:
Vlan Name Egress-rule
---- ----------- -----------
1 System-VLAN Untagged
2 RD Tagged
Switch(config-if)#end
Switch#copy running-config startup-config

2.2.3 Configuring the Port

Follow these steps to configure the port:

Step 1 configure
Enter global configuration mode.

Step 2 interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range
gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list |
port-channel port-channel-id | range port-channel port-channel-list }
Enter interface configuration mode.

Step 3 switchport pvid vlan-id


Configure the PVID of the port(s). By default, it is 1.
vlan-id : The default VLAN ID of the port with the values between 1 and 4094.

Step 4 switchport check ingress


Enable or disable Ingress Checking. With this function enabled, the port will accept the
packet of which the VLAN ID is in the port’s VLAN list and discard others. With this function
disabled, the port will forward the packet directly.

Step 5 switchport acceptable frame {all | tagged}


Select the acceptable frame type for the port and the port will perform this operation before
Ingress Checking.
all: The port will accept both the tagged packets and the untagged packets.
tagged: The port will accept the tagged packets only.

Step 6 end
Return to privileged EXEC mode.

Step 7 copy running-config startup-config


Save the settings in the configuration file.

Configuration Guide 7
Configuring 802.1Q VLAN 802.1Q VLAN Configuration

The following example shows how to configure the PVID of port 1/0/5 as 2, enable the
ingress checking and set the acceptable frame type as all:

Switch#configure
Switch(config)#interface gigabitEthernet 1/0/5
Switch(config-if)#switchport pvid 2
Switch(config-if)#switchport check ingress
Switch(config-if)#switchport acceptable frame all
Switch(config-if)#show interface switchport gigabitEthernet 1/0/5
Port Gi1/0/5:
PVID: 2
Acceptable frame type: All
Ingress Checking: Enable
Member in LAG: N/A
Link Type: General
Member in VLAN:
Vlan Name Egress-rule
---- ----------- -----------
1 System-VLAN Untagged

Switch(config-if)#end

Switch#copy running-config startup-config

Configuration Guide 8
Configuring 802.1Q VLAN Configuration Example

3 Configuration Example

3.1 Network Requirements

 Offices of Department A and Department B in the company are located in different


places, and some computers in different offices connect to the same switch.

 It is required that computers can communicate with each other in the same department
but not with computers in the other department.

3.2 Configuration Scheme

 Divide computers in Department A and Department B into two VLANs respectively so


that computers can communicate with each other in the same department but not with
computers in the other department.

 Terminal devices like computers usually do not support VLAN tags. Add untagged ports
to the corresponding VLANs and specify the PVID.

 The intermediate link between two switches carries traffic from two VLANs
simultaneously. Add the tagged ports to both VLANs.

Configuration Guide 9
Configuring 802.1Q VLAN Configuration Example

3.3 Network Topology

The figure below shows the network topology. Host A1 and Host A2 are in Department A,
while Host B1 and Host B2 are in Department B. Switch 1 and Switch 2 are located in two
different places. Host A1 and Host B1 are connected to port 1/0/2 and port 1/0/3 on Switch
1 respectively, while Host A2 and Host B2 are connected to port 1/0/6 and port 1/0/7 on
Switch 2 respectively. Port 1/0/4 on Switch 1 is connected to port 1/0/8 on Switch 2.
Figure 3-1 Network Topology

VLAN 10

Host A1 Host A2

Gi1/0/2 Gi1/0/6
Gi1/0/8
Switch 1 Switch 2
Gi1/0/4

Gi1/0/3 Gi1/0/7

VLAN 20

Host B1 Host B2

Demonstrated with T1600G-28TS, the following sections provide configuration procedure


in two ways: using the GUI and using the CLI.

3.4 Using the GUI

The configurations of Switch 1 and Switch 2 are similar. The following introductions take
Switch 1 as an example.
1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and
click to load the following page. Create VLAN 10 with the description of
Department_A. Add port 1/0/2 as an untagged port and port 1/0/4 as a tagged port to
VLAN 10. Click Create.

Configuration Guide 10
Configuring 802.1Q VLAN Configuration Example

Figure 3-2 Creating VLAN 10 for Department A

2) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and
click to load the following page. Create VLAN 20 with the description of
Department_B. Add port 1/0/3 as an untagged port and port 1/0/4 as a tagged port to
VLAN 20. Click Create.

Configuration Guide 11
Configuring 802.1Q VLAN Configuration Example

Figure 3-3 Creating VLAN 20 for Department B

3) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > Port Config to load the
following page. Set the PVID of port 1/0/2 as 10 and click Apply. Set the PVID of port
1/0/3 as 20 and click Apply.

Configuration Guide 12
Configuring 802.1Q VLAN Configuration Example

Figure 3-4 Specifying the PVID for the ports

4) Click to save the settings.

3.5 Using the CLI

The configurations of Switch 1 and Switch 2 are similar. The following introductions take
Switch 1 as an example.
1) Create VLAN 10 for Department A, and configure the description as Department-A.
Similarly, create VLAN 20 for Department B, and configure the description as
Department-B.

Switch_1#configure

Switch_1(config)#vlan 10

Switch_1(config-vlan)#name Department-A

Switch_1(config-vlan)#exit

Switch_1(config)#vlan 20

Switch_1(config-vlan)#name Department-B

Switch_1(config-vlan)#exit
2) Add untagged port 1/0/2 and tagged port 1/0/4 to VLAN 10. Add untagged port 1/0/3
and tagged port 1/0/4 to VLAN 20.

Switch_1(config)#interface gigabitEthernet 1/0/2

Switch_1(config-if)#switchport general allowed vlan 10 untagged

Switch_1(config-if)#exit

Configuration Guide 13
Configuring 802.1Q VLAN Configuration Example

Switch_1(config)#interface gigabitEthernet 1/0/3

Switch_1(config-if)#switchport general allowed vlan 20 untagged

Switch_1(config-if)#exit

Switch_1(config)#interface gigabitEthernet 1/0/4

Switch_1(config-if)#switchport general allowed vlan 10 tagged

Switch_1(config-if)#switchport general allowed vlan 20 tagged

Switch_1(config-if)#exit
3) Set the PVID of port 1/0/2 as 10, and set the PVID of port 1/0/3 as 20.

Switch_1(config)#interface gigabitEthernet 1/0/2

Switch_1(config-if)#switchport pvid 10

Switch_1(config-if)#exit

Switch_1(config)#interface gigabitEthernet 1/0/3

Switch_1(config-if)#switchport pvid 20

Switch_1(config-if)#end

Switch_1#copy running-config startup-config

Verify the Configurations


Verify the VLAN configuration:

Switch_1#show vlan

VLAN Name Status Ports

----- -------------------- --------- ----------------------------------------

1 System-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4,

Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8,

Gi1/0/9, Gi1/0/10, Gi1/0/11, Gi1/0/12,

Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16,

Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20,

Gi1/0/21, Gi1/0/22, Gi1/0/23, Gi1/0/24,

Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28

10 Department-A active Gi1/0/2, Gi1/0/4

20 Department-B active Gi1/0/3, Gi1/0/4

Primary Secondary Type Ports

Configuration Guide 14
Configuring 802.1Q VLAN Configuration Example

------- --------- ---------- ---------------------

Verify the VLAN configuration:

Switch_1(config)#show interface switchport

Port LAG Type PVID Acceptable frame type Ingress Checking

------- --- ---- ---- --------------------- ----------------

Gi1/0/1 N/A General 1 All Enable

Gi1/0/2 N/A General 10 All Enable

Gi1/0/3 N/A General 20 All Enable

Gi1/0/4 N/A General 1 All Enable

Gi1/0/5 N/A General 1 All Enable

.....

Configuration Guide 15
Configuring 802.1Q VLAN Appendix: Default Parameters

4 Appendix: Default Parameters


Default settings of 802.1Q VLAN are listed in the following table.
Table 4-1 Default Settings of 802.1Q VLAN

Parameter Default Setting

VLAN ID 1

PVID 1

Ingress Checking Enabled

Acceptable Frame Types Admit All

Configuration Guide 16

You might also like