Subscribe RSS 2.0 feed. Leave a response, or Trackback from your own site.

46 Responses to 'How to Configure VLANs on a Cisco Switch'

1. andrew makonyola - April 15th, 2009 at 4:24 am

   l would like to write online exams so l dont know where to pay the examination fee?am from malawi.

2. BlogAdmin - April 15th, 2009 at 9:47 am

   Hello,
   There should be a local Cisco certified examination center in your country where you can take the exam. Search Cisco about certified testing centers for your country.

3. philip - April 22nd, 2009 at 12:17 am

   how to connect to switches using vlan i.e on one switch we have vlan4 and on the other I want also vlan 4 but one switch is having different ips so how to connect 2 switches

4. BlogAdmin - April 22nd, 2009 at 1:31 am

   Hello Philip,

   Thanks for visiting. If you have Vlan4 on both switches, you configure them exactly as I show on the post above. You need to have a trunk port between the two switches. It does not matter if the IP addresses of the switches are different. The IP address is only for management purposes for a Layer 2 switch. The only thing you need to make sure is that your hosts in Vlan 4 must be in the same IP subnet range.

5. Ravi - May 15th, 2009 at 7:51 pm

   Thanks a lot for the article. It has almost helped me doing my project. But I am facing a problem.

   I wanna trunk two switches without using access mode, so that the switch would update its VLAN table dynamically.

   I have created trunk on Switch_A and gave its domain name. I did the same for the Switch_B. But when I am creating a VLAN on Switch_A, Switch_B doesn’t update its database. Can you help me?

   Thanks
   Ravi

6. BlogAdmin - May 16th, 2009 at 1:37 am

   Basically you are refering to VTP (Vlan Trunking Protocol). To configure VTP, you need to specify one switch as VTP SERVER and all other switches as VTP CLIENT. Then, you configure VLANs only on the VTP SERVER switch, and all these VLANs are propagated and appear also on the Client switches.

   Configure VTP SERVER:
   SWITCH-A(config)#vtp domain whatever
   SWITCH-A(config)#vtp mode server

   Configure VTP CLIENT:
   SWITCH-B(config)#vtp domain whatever
   SWITCH-B(config)#vtp mode client

   Thats is. You can configure also a password for the VTP domain which must be configured on ALL switches.

7. How to Configure Cisco VTP - VLAN Trunk Protocol | CiscoTips - May 16th, 2009 at 2:22 pm

   [...] a previous post I explained how to configure VLANs on Cisco Switches. That was a simple scenario with just two switches connected with a trunk port and having shared [...]

8. ma - June 30th, 2009 at 6:42 am

   really helpful! I like the way u put ur ideas. what should i do to assign 8 ports in one vlan at once. it is a little tiresome to do it one at a time.

9. BlogAdmin - June 30th, 2009 at 3:34 pm

   To configure multiple interfaces at one shot you can use the “interface range” command. See example below:

   Switch1(config)# interface range fastethernet0/1 – 8
   Switch1(config-if-range)# switchport mode access
   Switch1(config-if-range)# switchport access vlan 2

   The configuration above will put interfaces 1 to 8 into Vlan 2

   Cheers
   Harris

10. Suraj - July 8th, 2009 at 1:05 am

    Great! very happy to see such greate scenario and configuration, if I add Router-A with Switch one for IVR (Inter-vlan Routing) Kindly help in this regard.

11. BlogAdmin - July 8th, 2009 at 4:24 am

    If you want to create intervlan routing between all three VLANs 2,3,4 then you need to connect a router on one trunk port of ANY switch (either switch 1 or switch 2) and then configure DOT1Q subinterfaces on the router.

    Assume that we will use port 0/23 of SWITCH 1 to connect the router. This switch port must be TRUNK port:
    SWITCH1:
    ————
    interface FastEthernet0/23
    switchport trunk encapsulation dot1q
    switchport mode trunk

    ROUTER:
    ————-
    interface FastEthernet0
    no ip address

    interface FastEthernet0.2
    encapsulation dot1Q 2
    no shutdown
    ip address 192.168.2.1 255.255.255.0

    interface FastEthernet0.3
    encapsulation dot1Q 3
    no shutdown
    ip address 192.168.3.1 255.255.255.0

    interface FastEthernet0.4
    encapsulation dot1Q 4
    no shutdown
    ip address 192.168.4.1 255.255.255.0

    Now, all hosts in VLAN2 for example must have as default gateway the router address 192.168.2.1. Similarly with other hosts in the other VLANs must have as default gateway the corresponding router subinterface address.

12. deeps - July 14th, 2009 at 7:00 am

    if I add interface in first switch (server mode)to Example -fe 0/10 to vlan 100, the same interface fe0/10 gets added in second switch also, what if i need to add fe0/10 of second switch to different vlan–pls give ur suggestion

13. BlogAdmin - July 14th, 2009 at 11:49 am

    Hello deeps,

    If the first switch is a VTP server and you add fe0/10 to vlan 100, then the same interface fe0/10 in second switch will NOT be added to vlan 100 as you assume in your comment. What will happen is that vlan 100 will be created to the second switch on which you can add interfaces accordingly. The function of VTP is to create vlans on vtp server and have those vlans created automatically to the other switches. Then you add interfaces to vlans manually according to your network design.

14. patice - October 17th, 2009 at 5:27 pm

    Great idears, clear explanation. Thanks for your labs.

    Dear Sir, i have a problem with one of my switches dropping one a day and the internet gone within the whole building. To get the internet Back up i have to turn the Cisco switch, Catalyst 3550, off and back on. this causes serious disruption on my network.
    The network has about 600 users on 1 VLAN only, but the Catalyst 3550 has only one port F0/22 connected to the internet.
    Please I need help…

15. BlogAdmin - October 18th, 2009 at 3:27 pm

    I would suspect a broadcast storm situation. 600 users on the same Vlan are a lot. Sometimes, a broken ethernet card on one host might cause broadcasts which could bring the whole network down. I would suggest to divide your network to smaller vlans and subnets.

16. Patice - October 19th, 2009 at 1:36 am

    Thanks Sir,
    I would like to explain more. We have about 13 spread accross the building, they are from different vendors such as 3Com – HP – Cisco.

    They did not think about VLANs when they were build, maybe there were only few user. but as the compny grew up, no body thought about it as there were no cisco enginneer on site.

    So they all on VLAN 1. The problem we have is not the whole network that goes down, but the internet. every day it goes down at lest once.
    When it does we have to turn the Cisco catalyst 3550 off and on, wait for a little while- 3min – and the internet is back.

    This Cisco catalyst 3550 has one port connected to the internet F0/1, and F0/24 to a distribution switch for network users.

    I appreciate we have to divide into many smaller VLANs, but how can broadcast storm affects the 3550 switch as its main purpose is only the internet connestion with two ports only in use.

    Thank you for your time

17. BlogAdmin - October 19th, 2009 at 2:44 am

    I would suggest to manually fix the speed and duplex settings on the 3550 switch for both F0/1 and F0/24. You can do this under interface configuration mode using:
    switch(config-if)# speed 100
    switch(config-if)# duplex full

    Other than that I can not help you much. Unfortunately is very difficult to troubleshoot a Layer 2 network just from a blog post communication.

    Good luck

18. Beginner - October 21st, 2009 at 3:01 am

    Thanks it was very helpful.I have one scenario:
    Cisco 3550 has VLAN5 with 16 ports (FE0/33-0/48)with ip 192.168.x.x/24 ,because 3550 doesn’t do NAT, on one of the ports of that VLAN is connect simple router just for NAT, and that router is connect to cisco 3750 too, and with 3750 i’m on internet. How do a configure the 3550 to be able with my computer with Public IP 77.x.x.x and connected to 3750 be on the same VLAN5 and ip of the range 192.168.x.x/24.Thanks

19. BlogAdmin - October 21st, 2009 at 3:14 am

    Hello Beginner!!

    Sorry but I didn’t understand much from what you are saying. If I understand your question correctly, you will need to connect a router with two interfaces. The internal interface of the router should be on the 3550 switch and have IP address in the range 192.168.x.x, and the outside interface of the router should have the public IP address 77.x.x.x. Then, you can configure the router to perform NAT.

20. Beginner - October 21st, 2009 at 4:31 am

    Sorry. I have cisco 3550 and 3750.On cisco 3750 there is no VLAN created, every FE0/ port has Public IP and goes to internet. On 3550 i create VLAN5 with private IP and assign to that VLAN 16 FE ports.What is the best way to communicate:One host from VLAN5 from 3550 (IP address:192.168.3.x) and another host from 3750. Sorry and thanks anyway. (For communication between 3550 and 3750 i use simple router just for NAT)

21. Bertino - October 30th, 2009 at 10:22 am

    Hi Beginner, I am new as well.
    You don’t have to use a Router to allow host to communicate between the 3550 and 3750 catalyst switches.
    1/ You could, if you want, create the same VLANs on both switches and add FastEthernet ports to them. Please not that the ports, on the switches do not have to match but the VLANs do.
    2/ The ports linking the switches, on both sides, should be configures as TRUNK ports to tag the packets travelling accross.

    Another possibility would be to allow the PCs on different VLANs to talk. This could be done with your router (Routing on a stick), but you switches are LAYER 3 and can handle this job. All you shall have to do will be to issue the “ip routing” command in global configuration mode. then the VLANs ip addresses will be the default gateway of the clients PCs.

    The blogAdmin has a clear explanation on his web site, please have a look it is very good and easy.

    Thanks

22. BlogAdmin - October 30th, 2009 at 10:30 am

    Thanks Bertino for the clarification. You don’t sound a “Beginner” to me by the way

    You can visit my post about Layer 3 Switch Routing for more information about intervlan routing on the same switch.

    Thanks guys for reading my blog.

    Cheers

    Harris

23. Beginner - November 10th, 2009 at 4:49 am

    Thank you very much for the help.
    I have another question:Is there another way to communicate two PCs that are in two different L3 switches but on the same VLAN.In this scenario I don’t want to use trunks between L3 switches , and they are communicate between them with L3 interfaces (OSPF between this switches).Is this possible.Thx again.

24. BlogAdmin - November 10th, 2009 at 7:06 am

    Sure you can do this. On a Layer3 switch you can configure an interface to work as a routed port (just like a normal router interface). Use the command “no switchport” for that interface and then configure an IP address as you would for a regular router interface. Configure two routed ports on the switches (one for the first switch and one for the second) and then connect those two routed ports together (back-to-back with a cross over cable). The IP addresses of the two routed ports must be in the same subnet (e.g 192.168.1.1/24 on the first switch and 192.168.1.2/24 on the second switch). Then configure an SVI interface on both switches (e.g interface Vlan 1) and assign IP address (e.g 10.10.10.1/24 on first switch and 10.20.20.1/24 on second switch). The two PCs must be in the respective subnet (one of them in 10.10.10.0/24 subnet and the other one in 10.20.20.0/24 subnet).

    Is this confusing or you got the idea?

25. Beginner - November 10th, 2009 at 8:42 am

    It works, Thx a lot. BlogAdmin rules

26. Patice - November 10th, 2009 at 7:37 pm

    Thanks BlogAdmin

27. Cristina - November 11th, 2009 at 4:20 am

    Thx for the post. But what if I want the VLAN to mirror from one L3 switch to the other? For example, if i attach host on Vlan5, no matter if I attach it on the first L3 switch or on the second, that host to belong on the same VLAN.
    Is it possible the SVI interfaces on both switches (e.g interface Vlan 5) to have IP address from the same subnet(e.g 10.10.10.0/24)?

    Thx in advance.

28. BlogAdmin - November 11th, 2009 at 4:30 am

    Cristina,

    What you describe above can NOT be done. Once you configure your switches as Layer3 switches, it is like having routers connecting your network subnets, which means that the networks must have different IP subnets across the interfaces of the layer3 device. What you want can be achieved only if you have plain Layer2 switches and you don’t configure layer3 functionality (see my original post at the beginning of this page).

29. Douglas - November 13th, 2009 at 8:07 am

    HI Cristina, I am a beginner
    Your Scenario has to be done through TRUNKING for INTER VLAN communication. But as far as the Beginner’s question is consern, as the BlogAdmin says it cannot be done.

    First the Uplinks msut be L3, by typing the command “no switchport”. This means at this level the switch acts as a Router, and consequently the other VLAN on your second L3 must be on a different subnet.

    Please note that the Uplinks between the two L3 switches must be on the same subnet.

    please have a look at this site for a sample configuration http://www.ccna-ccnp-journey.co.nr

    credits to BlogAdmin

    Good luck!

30. Patrice - November 26th, 2009 at 1:19 am

    Dear blogAdmin, Thanks for the good work.
    I have a question that maybe out of this topic. I have to set up a VLAN for a small building, and i know how to design it.
    They have a PRINT Server and want every boby, from any vlan, to be able to print to any printer if they wish to.
    I am confused as i do not know ho to redirect traffic to the print server, or how it is going to work.
    Here is the design: 6 VLANs – a Server farm.

    My plan is to add all servers into one vlan, configure inter VLAN communication and then use Access-list, on the core switch, to deny what ever traffic i want to. I have no idear if it is a good way, or how the printing is going to work.

    Dear sir this job is voluntary, and i earn no money from it but i would like to get it done. It is my ever first network design, and i have no previous experience. The network has to go live on the 5th December, and i am nervous. Please i need your help.

    Thanks

31. BlogAdmin - November 26th, 2009 at 2:01 am

    Patrice,

    As I understand you already have a Layer3 switch (maybe the core switch?) in your network. Is that correct? If that is the case, then you will need to configure intervlan routing on your Layer3 switch. Check out my other post about configuring switch Layer3 routing for an example.

    As you already suggest, put all Server farm into one Vlan and segment also the rest users into other vlans, and use Access lists to control traffic flow. Regarding the PRINT server, you can put it into one of the “user” Vlans and since you will have intervlan routing configured on the Layer3 switch, all users from any Vlan will be able to find it by routing.

32. Patrice - November 26th, 2009 at 7:03 am

    Thanks BlogAdmin,
    Just been told we are not doing Acees-lists, but only inter VLAN routing as some staffs use to logon regardeless of the machine. I told them that the security part does not exist, without access list, but they said it will be done gradually.

    As you said, i have a 3Com layer 3 switch as core switch for the routing.
    I am going to put all servers in on VLAN, and the inter VLAN routing will take care of the access! is that right?
    About the Print server, i still do not understand why i should put it on the USER VLAN. The idear here is, not only 2 VLANs, but more than 4: ADMIN, HUMANRes, GUESTS, IT.

    If i understand well, if i put the print server into “ADMIN” VLAN for example, all users will be able to see it as inter VLAN will be configured.! Is that right?
    But what will happen if i put it with other servers, in the same VLAN?

    Dear Admin, i know i am taking your time, but this is my up-to-now life time networking project.

    Thanks for your promt response.

33. BlogAdmin - November 26th, 2009 at 8:01 am

    If you properly configure intervlan routing, and the hosts in each Vlan have the proper gateway address (which is going to be the IP you configured on the Layer3 switch), then all vlans will communicate with no problems. Regarding the Print server, I said ” any User” vlan meaning any appropriate vlan except the servers vlan. You can put it for example in the IT Vlan. The intervlan routing will take care of the rest.

34. Patrice - November 26th, 2009 at 8:16 am

    Thanks a lot,
    As an expert, how do you find my approach? Do you have any suggestions about what i said and how i am going to configure the network?

    Dear sir, anything you think could make it better is welcomed.
    This is my first experience, and i am always ready to learn.

    the other consrn is I found, on the switch that connects the building to the internet, that the port on our side turns amber and green, amber and green continously. but the internet works and stops a least 4 times every week.

    The internet switch is no managed by us, and so we have port F0/3 from that switch to another switch on our network.

    What i tought, without touching it is that there maybe a speed oer duplex mismatch between our switch port, and the internet switch port.
    What do you think as Expert?

    Thanks for your time…

35. Most Popular Blog Posts for 2009 | CiscoTips - December 31st, 2009 at 11:00 am

    [...] post describes how to configure vlan in cisco switch. The example network diagram shows two Layer 2 switches connected with a trunk port and three Vlans [...]

36. raoul - January 15th, 2010 at 5:57 am

    Thanks a lot. but still got a question:
    we got 2 domain’s, each on their own vlan: students and personnel. from student vlan you cannot go to Personnel, the other way around is possible.
    I need to install new printers where both students and personnel can print on.
    How to do this without changing the setup above.
    a 3rd vlan with printers and printserver and own ip adresses?

37. BlogAdmin - January 15th, 2010 at 10:54 am

    Why don’t you install the printers in Student’s Vlans? With that, both students and personnel will be able to access the printers (since you said that personnel vlan can access the student vlan). You don’t have to create a new vlan just for the printers. This is my opinion.

    Regards

38. Dila Ram Gurung - January 18th, 2010 at 12:25 pm

    Is’nt there any software available using which i can learn to configure the switch or router. What about Packet tracer software

39. BlogAdmin - January 18th, 2010 at 1:27 pm

    Yes, you can use Packet Tracer (available only for Cisco Networking Academy students) to learn the basics of routing and switching. Packet Tracer is good up to CCNA level though. For more advanced topics (CCNP, CCIE level) is not enough.

40. Tomislav - January 26th, 2010 at 6:25 pm

    Hello everybody!
    I’m doing something i packet tracer. I have 3 switches and 1 is server and others are clients. When I create new VLAN on SERVER, that VLAN is automaticly created on other SWITCHES, but when I assign interfaces to that new VLAN, those interfaces won’t assign automaticly to that new VLAN on client switches. Can I do something to automaticly assign interfaces to VLAN from SERVER?

41. BlogAdmin - January 27th, 2010 at 3:51 am

    As I understand you are using Vlan Trunking Protocol (VTP) with a VTP server and VTP clients. The purpose of VTP is to create a vlan on the Server switch and have that vlan created automatically to all other switches. VTP however can NOT assign interfaces to those vlans. You must assign the interfaces manually.

42. saihnaa - March 2nd, 2010 at 6:46 am

    Hi this is very need. Thanks

43. BONEZ - March 3rd, 2010 at 5:00 am

    Hi Everybody i have a problem in my lab test may be some of you here know how to solve this problem..i have 2 layer 3 switch and in every switch it has 2 VLAN’s in every VLAN i assign an IP address the same IP to the other VLAN of other switch.

    SW1 @ VLAN1 = 10.10.10.0
    VLAN2 = 10.10.11.0

    SW2 @ VLAN1 = 10.10.10.0
    VLAN2 = 10.10.11.0

    VLAN1 in SW1 and VLAN2 in SW2 is ok but in VLAN1 in SW1
    and VLAN1 in SW2 cant communicate each other as well as in VLAN2 in SW1 and VLAN2 in SW2.

    i create a routing on it but it still not working.

    any idea is appreciated..

44. BlogAdmin - March 3rd, 2010 at 8:22 am

    Hello,

    How are the two switches connected together? You need to configure a trunk port between the two switches

45. BONEZ - March 4th, 2010 at 1:16 am

    YES Sir i did it but it still can’t communicate the two VLAN in different switch and the same subnetwork but in different subnetwork in different switch is OK.

46. BlogAdmin - March 4th, 2010 at 10:18 am

    It means that you have a Layer3 boundary between the Vlans, that is why you can communicate with the vlan having a different subnetwork

Leave a Reply

Name

Email (will not be published)

Website