Virtual LANs In an Ethernet LAN, a set of devices that receive a broadcast sent by any one of the devices in the same set is called a broadcast domain. On switches that have no concept of virtual LANs (VLAN), a switch simply forwards all broadcasts out all interfaces, except the interface on which it received the frame. As a result, all the interfaces on an individual switch are in the same broadcast domain. Also, if the switch connects to other switches and hubs, the interfaces on those switches and hubs are also in the same broadcast domain.

A VLAN is simply an administratively deﬁned subset of switch ports that are in the same broadcast domain. Ports can be grouped into different VLANs on a single switch, and on multiple interconnected switches as well. By creating multiple VLANs, the switches create multiple broadcast domains. By doing so, a broadcast sent by a device in one VLAN is forwarded to the other devices in that same VLAN; however, the broadcast is not forwarded to devices in the other VLANs.

With VLANs and IP, best practices dictate a one-to-one relationship between VLANs and IP subnets. Simply put, the devices in a single VLAN are typically also in the same single IP subnet. Alternately, it is possible to put multiple subnets in one VLAN, and use secondary IP addresses on routers to route between the VLANs and subnets. Also, although not typically done, you can design a network to use one subnet on multiple VLANs, and use routers with proxy ARP enabled to forward trafﬁc between hosts in those VLANs.

Use the vlan global configuration command to create VLAN. Use the no form of this command to remove exist VLAN. You can verify your setting by entering the show vlan Privileged EXEC command.

Syntax	vlan No vlan
Default	VLAN 1 created by default
Mode	Global Configuration
Example	The following example creates and removes a VLAN entry (100). Switch#configure terminal Switch (config)# vlan 10 Switch# show vlan

Use the name vlan configuration command to set name of vlan. You can verify your setting by entering the show vlan Privileged EXEC command.

Syntax	name {NAME}
Parameter	NAME Specify the name of the VLAN (Max. 32 chars).
Default	Default name of new vlan is VLAN xxxx. Xxxx is 4-digit vlan number.
Mode	VLAN Configuration
Example	This example sets the VLAN name of VLAN 100 to be `VLAN- one-hundred`. Switch#configure terminal Switch(config)# vlan 10 Switch(config-vlan)# name VLAN-COMMANDO1 Switch# show vlan

The VLAN mode is used to configure the port for different port role. Access port: Accepts only untagged frames and join an untagged VLAN. Hybrid port: Support all functions as defined in IEEE 802.1Q specification. Trunk port: An untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. If it is an uplink port, it can recognize double tagging on this port. Tunnel port: Port-based Q-in-Q mode. Use the switch mode port configuration command to set mode of interface. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

Switch(config-if)# switchport mode ( access | hybrid | trunk [uplink] | tunnel )

Syntax	switchport mode ( access \| hybrid \| trunk [uplink] \| tunnel )
Parameter	access Specify the VLAN mode to Access port. hybrid Specify the VLAN mode to Hybrid port. trunk Specify the VLAN mode to Trunk port. uplink Specify the Uplink property on this Trunk port. tunnel Specify the VLAN mode to Dot1Q Tunnel port.
Default	Default is trunk mode of all interfaces
Mode	Port Configuration
Example	This example sets VLAN mode to Access port. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport mode access Switch# show interfaces switchportGigabitEthernet 2

Use the switch hybrid pivd port configuration command to set pvid of interface. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

Syntax	switchport hybrid pvid<1-4094>
Parameter	<1-4094>Specify the port-based VLAN ID on the Hybrid port.
Default	Default pivd is 1.
Mode	Port Configuration
Example	This example sets PVID to 100. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport mode hybrid Switch(config-if)# switchport hybrid pvid 100 Switch# show interfaces switchport gi2

Use the switchport hybrid ingress-filtering port configuration command to enable vlan ingress filter. Use the “no” form of this command to disable. You can verify your setting by entering the s show interfaces switchport Privileged EXEC command.

Syntax	switchport hybrid ingress-filtering no switchport hybrid ingress-filtering
Mode	Port Configuration
Example	This example sets ingress-filtering to disable. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport mode hybrid Switch(config-if)# no switchport hybrid ingress-filtering Switch# show interfaces switchport GigabitEthernet 2

Use the switchport hybrid accept-frame-type port configuration command to choose which type of frame can be accepted. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

Switch(config-if)# switchport hybrid acceptable-frame-type ( all | tagged-only | untagged- only )

Syntax	switchport hybrid acceptable-frame-type ( all \| tagged-only \| untagged- only )
Parameter	all Specify to accept all frames. tagged-only Specify to only accept tagged frames. untagged-only Specify to only accept untagged frames.
Default	Default is accept all frames
Mode	Port Configuration
Example	This example sets acceptable-frame-type to tagged-only. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport mode hybrid Switch(config-if)# switchport hybrid acceptable-frame-type tagged-only Switch# show interfaces switchport GigabitEthernet 2

Use the switchport hybrid allow vlan add port configuration command to allow vlan on interface. Use the switchport hybrid allows vlan remove port configuration command to remove vlan on interface. You can verify your setting by entering the s show interfaces switchport Privileged EXEC command.

Switch(config-if)#switchport hybrid allowed vlan remove { VLAN-LIST} [(tagged|untagged)]

Syntax	switchport hybrid allowed vlan add {VLAN-LIST} switchport hybrid allowed vlan remove { VLAN-LIST} [(tagged\|untagged)]
Parameter	VLAN-LIST Specifies the VLAN list to be added or remove. ( tagged \| untagged ) Specifies the member type is tagged or untagged.
Default	Only vlan 1 is untagged member by default. Default is tagged member when added.
Mode	Port Configuration
Example	This example sets port GigabitEthernet 2 VLAN to join the VLAN 100 as tagged member. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport hybrid allowed vlan add 100-105 Switch(config-if)# switchport hybrid allowed vlan remove 105 Switch# show interfaces switchport GigabitEthernet 2

Use the switchport access vlan port configuration command to set native vlan on interface. The vlan will be pvid on interface as well. Use the “no” form of this command to restore to default vlan. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

switchport access vlan <1-4094>

no switchport access vlan

Syntax
Parameter	<1-4094>Specifies the access VLAN ID.
Default	Default is vlan 1
Mode	Port Configuration
Example	This example sets Access port gi10 native VLAN ID to 100. Switch#configure terminal Switch(config)# interface gi2 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 4 Switch# show interfaces switchport GigabitEthernet 2

Use the switchport tunnel vlan port configuration command to set dot1q tunnel vlan on interface. The vlan will be pvid on interface as well. Use the “no” form of this command to remove vlan on interface. The tunnel vlan id will set to reserve vlan 4095. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

switchport tunnel vlan <1-4094>

no switchport tunnel vlan

Syntax
Parameter	<1-4094>Specifies the tunnel VLAN ID.
Default	Default is vlan 1
Mode	Port Configuration
Example	This example sets Tunnel port GigabitEthernet 2 native VLAN to 4. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport mode tunnel Switch(config-if)# switchport tunnel vlan 4 Switch# show interfaces switchport GigabitEthernet 2

Use the switchport trunk native vlan port configuration command to set native vlan on interface. Use the “no” form of this command to restore to default vlan. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

switchport trunk native vlan <1-4094>

no switchport trunk native vlan

Syntax
Parameter	<1-4094>Specifies the native VLAN ID.
Default	Default is vlan 1
Mode	Default is vlan 1
Example	This example sets Trunk port GigabitEthernet 2 native VLAN to 4. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk native vlan 4 Switch# show interfaces switchport GigabitEthernet 2

Use the switchport trunk allow vlan add port configuration command to allow vlan on interface. Use the switchport trunk allows vlan remove port configuration command to remove vlan on interface. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

Switch(config-if)# switchport trunk allowed vlan ( add | remove ) ( VLAN-LIST | all )

switchport trunk allowed vlan ( add | remove ) ( VLAN-LIST | all )

Syntax
Parameter	( add \| remove ) Specify the action to add or remove the allowed VLAN list. ( VLAN-LIST \| all ) Specify the VLAN list or all VLANs to be added or removed.
Mode	Port Configuration
Example	This example sets Trunk port GigabitEthernet 2 to add the allowed VLAN 4. Switch# configure Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport trunk allowed vlan add 4 Switch# show interfaces switchport GigabitEthernet 2

Use the switchport default vlan tagged port configuration command to become default vlan tagged member. Use the “no” switchport default vlan tagged port configuration command to restore to default. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

switchport default-vlan tagged

no switchport default-vlan tagged

Syntax
Default	Default is untagged
Mode	Port Configuration
Example	This example sets Trunk port GigabitEthernet 2 membership with the default VLAN to tag. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport default-vlan tagged Switch# show interfaces switchport GigabitEthernet 2

Use the switchport forbidden default-vlan port configuration command to forbid default-vlan on interface. Use the “no” switchport forbidden default-vlan port configuration command to restore to default. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

switchport forbidden default-vlan

no switchport forbidden default-vlan

Syntax
Default	Default is allowed
Mode	Port Configuration
Example	This example sets the membership of the default VLAN with port GigabitEthernet 2 to Forbidden. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport forbidden default-vlan Switch# show interfaces switchport GigabitEthernet 2

Uses the switchport forbidden vlan add port configuration command to forbid vlan on interface. Use the switchport forbidden vlan remove port configuration command to accept vlan on interface. You can verify your setting by entering the show interfaces switchport Privileged EXEC command.

switchport forbidden vlan ( add | remove ) VLAN-LIST

Syntax
Parameter	(add \| remove) Add or remove forbidden membership. VLAN-LIST Specify the VLAN list.
Mode	Port Configuration
Example	This example sets the membership of the VLAN 4 with port GigabitEthernet 2 to Forbidden. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport forbidden vlan add 4 Switch# show interfaces switchport GigabitEthernet 2

Use the switchport vlan tpid port configuration command to set TPID on interface. You can verify your setting by entering the show running-config Privileged EXEC command.

switchport vlan tpid (0x8100|0x88a8|0x9100|0x9200)

Syntax
Parameter	(0x8100\|0x88a8\|0x9100\|0x9200) Select TPID to set.
Default	Default TPID is 0x8100
Mode	Port Configuration
Example	This example sets the TPID to 0x9100 on interface GigabitEthernet 2. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport vlan tpid 0x9100

Use the management vlan Global Configuration mode command to set management vlan id. Vlan id must be created first. Use the “no” form of this command to restore to default setting. You can verify your setting by entering the show management-vlan Privileged EXEC command.

management-vlan vlan <1-4094>

no management-vlan

Syntax
Parameter	<1-4094> Specify the VLAN ID of management-vlan.
Default	Default management vlan is 1.
Mode	Global Configuration
Example	The following example specifies that management vlan 2 is created Switch#configure terminal Switch(config)# vlan 2 Switch(config)# management-vlan vlan 2 The following example specifies that management-vlan is restored to be default VLAN. Switch(config)# no management-vlan

show vlan [(VLAN-LIST|dynamic|static)]

Syntax
Parameter	(VLANLIST\|dynamic\|static)Specify vlan id to show information or show all static or dynamic vlan entries.
Mode	Privileged EXEC
Example	The following example specifies that show vlan Switch# show vlan

show vlan VLAN-LIST interfaces {IF_PORTS} membership

Syntax
Parameter	Specify vlan to show IF_PORTS Specify interface is to show
Mode	Privileged EXEC
Example	The following example specifies that show vlan interface membership Switch# show vlan 2 interfaces GigabitEthernet 2 membership

show interface switchport interfaces {IF_PORTS}

Syntax
Default	IF_PORTS Specify interfaces protocol vlan to display
Mode	Privileged EXEC
Example	The following example specifies that show interfacce switchport. Switch#configure terminal Switch(config)# interface GigabitEthernet 2 Switch(config-if)# switchport trunk allowed vlan add 2 Switch# show interfaces switchport GigabitEthernet 2

show management-vlan

Syntax
Mode	Privileged EXEC
Example	The following example specifies that show management vlan Switch# show management-vlan