CCNA 200-301 Thread 3. VLANs and CLI Configuration
Hello friends and networking pros. I am currently preparing for the CCNA 200-301 exam. In this article, we'll be working with Virtual Local Area Networks (VLANs) and how to configure them using the Cisco IOS Command Line Interface (CLI).
Introduction to VLANs
VLANs are a powerful tool that allow us to logically segment a switched network into separate broadcast domains. This provides several key benefits:
- Improved security: VLANs isolate traffic between different groups of devices
- Better performance: Segmenting reduces unnecessary broadcast traffic
- Simplified management: VLANs allow logical grouping of devices based on department, function, etc.
By default, Cisco switches place all ports into VLAN 1. To take advantage of VLANs, we need to reassign ports to VLANs that match our network's logical structure. A good analogy is to think of VLANs as separate "containers" or "bubbles" that Ethernet frames are confined to.
Planning a VLAN Scheme
Before configuring any VLANs, it's important to plan out your VLAN scheme. Here are some best practices:
- Use a consistent VLAN numbering convention. A common approach is to match VLAN IDs to the IP network. For example, use VLAN 10 for the
10.0.10.0/24
network, VLAN 11 for10.0.11.0/24
, and so on. Valid VLAN IDs range from1
-4094
. - Have a 1-to-1 mapping between VLANs and IP subnets. This constrains broadcast traffic to only the devices that need to see it. For instance, create separate VLANs for your data, voice, management, and server networks.
- Configure all switches with the full set of VLANs used in your environment. Switches will drop traffic for VLANs they aren't configured for.
- Give VLANs descriptive names that identify their purpose. This makes troubleshooting much easier!
Configuring VLANs via CLI
Now let's look at how to actually configure VLANs on a Cisco switch using the CLI.
CLI Basics
First, a quick primer on Cisco IOS CLI:
- User EXEC mode (>): Limited functionality, basic monitoring only
- Privileged EXEC mode (#): Access to all commands, entered via
enable
- Global configuration mode (config #): Where configuration changes are made, entered via
configure terminal
Some handy commands to know:
show ?
- Lists available commandsshow vlan
- Displays VLAN infoshow mac address-table
- Shows MAC addresses the switch has learnedcopy running-config startup-config
- Saves config changes
Adding VLANs
To add a new VLAN, go into global configuration mode and use the vlan
command followed by the VLAN ID. For example:
Switch# configure terminal
Switch(config)# vlan 10
Switch(config-vlan)# name Data
Switch(config-vlan)# end
Switch# show vlan brief
This creates VLAN 10 and gives it a name of "Data". The show vlan brief
command lets you verify the VLAN was created.
Assigning Ports to VLANs
With the above, we created the VLANs but they aren't assigned to any ports!
To place a port into a VLAN, use the switchport access vlan
command in interface configuration mode:
Switch# configure terminal
Switch(config)# interface FastEthernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
This assigns interface Fa0/1 to VLAN 10. Repeat this for all ports you want to assign to each VLAN.
Save Configuration Changes
Remember to save your configuration changes so they persist through a reboot:
Switch# copy running-config startup-config
Wrapping Up
VLANs and proper use of the CLI are essential skills for any network engineer. With practice, you'll be configuring VLANs with confidence! Stay tuned for more topics in networking related to CCNA 200-301 certification.
Note that we configured an access port for vlan 10
above, we'll discuss more about the differences of an access port and trunk port in a later article.