Configure and verify VLANs

Exam: Cisco 300-115 - CCNP Cisco IP Switched Networks (SWITCH v2.0)


In this particular chapter we will be discussing in details how to configure and verify the VLANs. Under the exam number 300-115 switch this is an important topic to cover. We hope that this will help you to prepare better for the CCNP exams and certifications. VLAN is basically a virtual LAN.

This can be used to divide the network into different logical areas. You can also consider the VLAN as a broadcast domain. You can also consider each VLAN as a logical network. The packets that are not meant for the station and do not belong to the VLAN must not be forwarded to the router either. The VLANs will always have the same features like a physical LAN has.

Even if the groups are not located physically in the same LAN segment the end stations can be grouped. The VLANs will have IP sub networks. To communicate between the VLANs you will have to route the traffic. A newly created VLAN will always be operational by default. This means that the VLANs are always in active state and they pass traffic. There is no shut down condition in a VLAN.

Access ports

We will now discuss access VLANs. Well if a port is configured in a access mode you can also specify which particular VLAN will carry the traffic for the interface. Suppose you do not configure a VLAN for a port that is in access mode then the interface will automatically carry traffic for the default VLAN.

The membership of the access port in the can be changed by specifically mentioning the new VLAN. The VLAN must be created even before it is an access VLAN in an access port. If there is a change in the access VLAN on a port to a VLAN that is not yet created then the system will automatically shut the access port. The steps that you must follow to configure an access VLAN are as follows:

  1. First enter the configuration mode.
  2. Now specify the interface that you need to configure and enter the interface configuration mode.
  3. You will now have to set the interface as a nontagged single VLAN Ethernet interface. You must know one thing that the access port can carry traffic in only one VLAN. Using the switch access vlan command you can specify the access port that must carry traffic for a different VLAN.
  4. As the last step you will have to specify the VLAN for which the access port will have to carry traffic. The command you use for it is switch (config-if)# switchport access vlanvlan -id.

VLAN database

It is known that the VTP is in a server mode and it must be configured with a domain name. This must be done before a VLAN is created. If you are using an IOS switch then you must enter the vlandatabase mode (vlan). This is the command that you must use. This will help you to enter the vlandatabase mode. It must be entered in the privileged level prompt.

This is mainly because the vtp domain command is not available on the IOS switches. You can create a VLAN on COS devices using the vlan command after you have entered the vlan database mode.

Normal and extended VLAN

The VLAN is organised in ranges. Each range can be used in a little different manner. The switch has a physical limitation and it can have access to only some VLANs. We will discuss some of the common VLAN ranges now:

Normal - it is represented by VLAN number 1. It is a normal range. It is a range that is used by default. The user can use this VLAN but he or she cannot delete it or modify it. There is another range of VLANs number from 2 to 1005. These on the other hand can be created and modified.

Extended- the next range of VLANs that we are about to discuss is the extended VLAN. The VLANs number in this case range from 1006 to 4094. These VLANs can be used, created and named. However, there are some things about these VLANs that you cannot change and these are the state. The state will always be active. The VLAN will always be enabled and you just cannot shut these VLANs down.

Internally allocated - this is another range of VLAN. The VLAN numbers that is used to represent this is 3968 to 4047 and 4094. These VLANs are basically used for internal use. You must know that any VLAN that is located under the block for internal use cannot be deleted, created or modified. Other than these and the default VLANs the other VLANs can be deleted as well as created.

Voice VLAN

The voice VLAN is an auxiliary VLAN that you will find in the catalyst 6000 family. The voice VLAN will allow access ports to transfer IP voice traffic from an IP phone. The switch uses QOS (quality of service) this helps to ensure that the quality of the voice message is not distorted as it travels. The IP phone can also connect to a PC. The IP phone contains three ports and these have specific function.

The port 1 will connect directly to the switch or to the VoIP (voice over IP) device. The port 2 is an internal interface that will carry IP phone traffic. The third port is the access port. It will connect the PC to the other devices. The Voice VLAN is actually disabled it will only be enabled if the untagged traffic is sent to the default COS priority of the port. The voice VLAN should be always is configured on the switch access port. You must remember that the port fast feature will not be disabled automatically when the voice VLAN is disabled.

The exams are closed book so in case you want to prepare well for this section do read the chapter well and prepare on these lines. We hope that this discussion on configuring and verifying the VLANs will help you to get a better score in the exam.