VLAN Configuration Guide
Essential VLAN commands and concepts for network engineers
Basic VLAN Configuration
vlan [vlan-id]Create or enter VLAN configuration mode
Example:
vlan 10name [vlan-name]Assign a name to the VLAN
Example:
name SALESswitchport mode accessSet port to access mode
Example:
switchport mode accessswitchport access vlan [vlan-id]Assign port to specific VLAN
Example:
switchport access vlan 10Trunk Port Configuration
switchport mode trunkSet port to trunk mode
Example:
switchport mode trunkswitchport trunk allowed vlan [vlan-list]Specify allowed VLANs on trunk
Example:
switchport trunk allowed vlan 10,20,30switchport trunk native vlan [vlan-id]Set native VLAN for trunk
Example:
switchport trunk native vlan 1switchport trunk encapsulation dot1qSet trunk encapsulation to 802.1Q
Example:
switchport trunk encapsulation dot1qVLAN Verification Commands
show vlan briefDisplay VLAN summary information
Example:
show vlan briefshow interfaces trunkDisplay trunk port information
Example:
show interfaces trunkshow interfaces switchportDisplay switchport configuration
Example:
show interfaces fa0/1 switchportshow vlan id [vlan-id]Display specific VLAN information
Example:
show vlan id 10VLAN ID Ranges
VLAN 1
SystemDefault VLAN (cannot be deleted)
VLAN 2-1001
NormalNormal range VLANs
VLAN 1002-1005
SystemDefault VLANs for FDDI and Token Ring
VLAN 1006-4094
ExtendedExtended range VLANs
VLAN Best Practices
Design Guidelines
- • Plan VLAN numbering scheme
- • Use descriptive VLAN names
- • Document VLAN assignments
- • Implement VLAN security policies
- • Consider VLAN scalability
Security Considerations
- • Change default VLAN 1 usage
- • Disable unused ports
- • Implement port security
- • Use private VLANs when needed
- • Monitor VLAN hopping attacks