Today I want to show you:
- How to configure VLANs
- How to add interface to a VLAN
- How to establish 802.1q trunk between two Ethernet switches and filter VLANs
- How to configure VLANIF (VLAN interface or simply SVI).
Look at the following topology:
Let’s assume that we want to configure two switches, which are connected via Ethernet link. Both switches have PCs connected to them. We want to allow PC101 to be able to reach PC102 and PC201 to be able to reach PC202.To do so, we need to add two different VLANs, configure Ethernet Trunk between switches and add PCs to the correct VLAN.
Let’s start with SW1 switch configuration.
First I have to add two VLANs 100 and 200, and describe these VLANs labnario100 and labnario200 respectively (description is optional). Both switches should be configured at exactly the same way, so SW2 configuration is omitted.
<labnariosw1>system-view [labnariosw1]vlan 100 [labnariosw1-vlan100]description labnario100 [labnariosw1-vlan100]vlan 200 [labnariosw1-vlan200]description labnario200
Let’s verify VLAN configuration:
[labnariosw1]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(D) GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(U) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) 100 common 200 common VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 100 enable default enable disable labnario100 200 enable default enable disable labnario200
As the second step, I want to configure 802.1q trunk between SW1 and SW2 and filter VLANs, which can pass through this trunk (VLAN filtering is optional):
[labnariosw1-GigabitEthernet0/0/10]port link-type trunk [labnariosw1-GigabitEthernet0/0/10]port trunk allow-pass vlan 100 200
Let’s verify, if our trunk interface is configured correctly:
[labnariosw1]display port vlan Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/1 hybrid 1 - GigabitEthernet0/0/2 hybrid 1 - GigabitEthernet0/0/3 hybrid 1 - GigabitEthernet0/0/4 hybrid 1 - GigabitEthernet0/0/5 hybrid 1 - GigabitEthernet0/0/6 hybrid 1 - GigabitEthernet0/0/7 hybrid 1 - GigabitEthernet0/0/8 hybrid 1 - GigabitEthernet0/0/9 hybrid 1 - GigabitEthernet0/0/10 trunk 1 1 100 200 GigabitEthernet0/0/11 hybrid 1 - GigabitEthernet0/0/12 hybrid 1 - GigabitEthernet0/0/13 hybrid 1 - GigabitEthernet0/0/14 hybrid 1 - GigabitEthernet0/0/15 hybrid 1 - GigabitEthernet0/0/16 hybrid 1 - GigabitEthernet0/0/17 hybrid 1 - GigabitEthernet0/0/18 hybrid 1 - GigabitEthernet0/0/19 hybrid 1 - GigabitEthernet0/0/20 hybrid 1 - GigabitEthernet0/0/21 hybrid 1 - GigabitEthernet0/0/22 hybrid 1 - GigabitEthernet0/0/23 hybrid 1 - GigabitEthernet0/0/24 hybrid 1 -
There is also more specific command:
[labnariosw1]display port vlan GigabitEthernet 0/0/10 Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/10 trunk 1 1 100 200
You can also filter VLANs which can pass through the trunk:
[labnariosw1-GigabitEthernet0/0/10]undo port trunk allow-pass vlan 1 [labnariosw1]display port vlan GigabitEthernet 0/0/10 Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/10 trunk 1 100 200
As you see, Ge0/0/10 interface is working as a 802.1q trunk. Only VLANs 100 and 200 can pass through this trunk link.
Now we can configure access ports which are connected to PCs:
[labnariosw1]interface GigabitEthernet 0/0/1 [labnariosw1-GigabitEthernet0/0/1]port link-type access [labnariosw1-GigabitEthernet0/0/1]port default vlan 100 [labnariosw1-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2 [labnariosw1-GigabitEthernet0/0/2]port link-type access [labnariosw1-GigabitEthernet0/0/2]port default vlan 200
Let’s verify our VLANs and ports configuration again:
[labnariosw1]display port vlan Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/1 access 100 - GigabitEthernet0/0/2 access 200 - GigabitEthernet0/0/3 hybrid 1 - GigabitEthernet0/0/4 hybrid 1 - GigabitEthernet0/0/5 hybrid 1 - GigabitEthernet0/0/6 hybrid 1 - GigabitEthernet0/0/7 hybrid 1 - GigabitEthernet0/0/8 hybrid 1 - GigabitEthernet0/0/9 hybrid 1 - GigabitEthernet0/0/10 trunk 1 100 200 GigabitEthernet0/0/11 hybrid 1 - GigabitEthernet0/0/12 hybrid 1 - GigabitEthernet0/0/13 hybrid 1 - GigabitEthernet0/0/14 hybrid 1 - GigabitEthernet0/0/15 hybrid 1 - GigabitEthernet0/0/16 hybrid 1 - GigabitEthernet0/0/17 hybrid 1 - GigabitEthernet0/0/18 hybrid 1 - GigabitEthernet0/0/19 hybrid 1 - GigabitEthernet0/0/20 hybrid 1 - GigabitEthernet0/0/21 hybrid 1 - GigabitEthernet0/0/22 hybrid 1 - GigabitEthernet0/0/23 hybrid 1 - GigabitEthernet0/0/24 hybrid 1 - [labnariosw1]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/3(D) GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(U) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) 100 common UT:GE0/0/1(U) TG:GE0/0/10(U) 200 common UT:GE0/0/2(U) TG:GE0/0/10(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 100 enable default enable disable labnario100 200 enable default enable disable labnario200
When both switches are configured, we can check if our PCs can ping each other. Remember that PC101 and PC102 are both in a VLAN 100 and PC201 with PC202 are both in a VLAN 200. So let’s start with PC101:
PC101>ping 192.168.100.2 Ping 192.168.100.2: 32 data bytes, Press Ctrl_C to break From 192.168.100.2: bytes=32 seq=1 ttl=128 time=15 ms From 192.168.100.2: bytes=32 seq=2 ttl=128 time=32 ms From 192.168.100.2: bytes=32 seq=3 ttl=128 time=47 ms From 192.168.100.2: bytes=32 seq=4 ttl=128 time=46 ms From 192.168.100.2: bytes=32 seq=5 ttl=128 time=16 ms --- 192.168.100.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/31/47 ms PC101>ping 192.168.200.1 Ping 192.168.200.1: 32 data bytes, Press Ctrl_C to break From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable PC101>ping 192.168.200.2 Ping 192.168.200.2: 32 data bytes, Press Ctrl_C to break From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable From 192.168.100.1: Destination host unreachable
PC101 can successfully ping PC102 as both are in a VLAN 100. It can not ping PCs 201 and 202 which are configured in VLAN 200. Let’s check connectivity in VLAN 200:
PC201>ping 192.168.200.2 Ping 192.168.200.2: 32 data bytes, Press Ctrl_C to break From 192.168.200.2: bytes=32 seq=1 ttl=128 time=46 ms From 192.168.200.2: bytes=32 seq=2 ttl=128 time=16 ms From 192.168.200.2: bytes=32 seq=3 ttl=128 time=63 ms From 192.168.200.2: bytes=32 seq=4 ttl=128 time=46 ms From 192.168.200.2: bytes=32 seq=5 ttl=128 time=47 ms --- 192.168.200.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/43/63 ms
PC201 can successfully ping PC202. It means that our VLANs, trunk and access ports are configured correctly.
As the last step I want to show you, how to configure VLAN interface.
VLAN interface is a Layer3 virtual interface configured on a switch, which belongs to a specific VLAN. It is sometimes called a “SVI” (Switched Virtual Interface). If there is no VLANIF configured, it is not possible to ping any device connected to that VLAN. This is because IP packets must have source IP address to be able to reach remote device and come back to our switch.
I will configure VLANIF 100 on both SW1 and SW2:
[labnariosw1]interface Vlanif 100 [labnariosw1-Vlanif100]ip add 192.168.100.101 255.255.255.0 [labnariosw2]interface Vlanif 100 [labnariosw2-Vlanif100]ip add 192.168.100.102 255.255.255.0
Now I should have full IP connectivity between all my devices configured in VLAN 100. This means that PC101, PC102, SW1 and SW2 can ping each other:
[labnariosw1]ping 192.168.100.1 PING 192.168.100.1: 56 data bytes, press CTRL_C to break Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=128 time=50 ms Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=128 time=1 ms Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=128 time=20 ms Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=128 time=20 ms Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=128 time=1 ms --- 192.168.100.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/18/50 ms [labnariosw1]ping 192.168.100.2 PING 192.168.100.2: 56 data bytes, press CTRL_C to break Reply from 192.168.100.2: bytes=56 Sequence=1 ttl=128 time=60 ms Reply from 192.168.100.2: bytes=56 Sequence=2 ttl=128 time=10 ms Reply from 192.168.100.2: bytes=56 Sequence=3 ttl=128 time=40 ms Reply from 192.168.100.2: bytes=56 Sequence=4 ttl=128 time=40 ms Reply from 192.168.100.2: bytes=56 Sequence=5 ttl=128 time=30 ms --- 192.168.100.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/36/60 ms [labnariosw1]ping 192.168.100.102 PING 192.168.100.102: 56 data bytes, press CTRL_C to break Reply from 192.168.100.102: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 192.168.100.102: bytes=56 Sequence=2 ttl=255 time=50 ms Reply from 192.168.100.102: bytes=56 Sequence=3 ttl=255 time=40 ms Reply from 192.168.100.102: bytes=56 Sequence=4 ttl=255 time=50 ms Reply from 192.168.100.102: bytes=56 Sequence=5 ttl=255 time=40 ms --- 192.168.100.102 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/42/50 ms