Configure and verify VLANs

Exam: 200-120 - CCNA Cisco Certified Network Associate CCNA (803)

VLANs divide a network in logical subunits, which have their own broadcast domains. In a VLAN only those unicast, broadcast, and multicast packets are forwarded, which are addressed to that VLAN. To allow communication between VLANs, the traffic must be routed using a router. VLANs are highly efficient as compared to the physical segmentation of a network. On top of it, VLANs are very easy to configure. The only complicated and difficult task in configuring VLANs is to finalize the users that would be the part of a VLAN.

Configuring VLAN

As per IEEE 802.1Q standard, Cisco Nexus 5000 Series switches support VLAN numbers between 1 and 4094. However, the VLAN number 1 and a few ranges of VLAN numbers are reserved category numbers. For example, VLAN number 1is reserved for administrative purposes and is also a Cisco default for VLAN that cannot be modified or deleted. VLAN numbers between 2 to 1005 can be used normally to create VLANs that can be modified and deleted.

The VLAN numbers between 1006 – 4094 are extended VLAN numbers that can be used to create VLANs. However, for these VLANs the state of VLAN is always active, the VLAN is always enabled for this range and you cannot such down these VLANs.

The VLAN numbers between 3968 – 4047 are internally allocated numbers that can be used for internal allocation of VLANs. The VLANs with these numbers cannot be created, modified or deleted by users. VLAN number 4094 is also reserved for internal use by the switch.

To create a VLAN, you need to use the following code:

Configure VLAN on Switch A by first entering into configuration mode.

// Entering into configuration mode

Switch A# configure terminal

// Create VLANs with number 5 - 7

// If you enter a number that is already assigned or a number that is for internal use, you will get an error.

Switch A (config)# vlan 5-7

The above given commands created the VLANs but the VLAN cannot be used unless ports are assigned to it. Remember by default all the ports are assigned to VLAN 1. You need to now configure the VLAN name and its shutdown/ not shutdown status.

// Configure VLAN name as Development

Switch A (config -vlan)# name development

//Configure VLAN 6 name as Accounting

Switch A (config)# vlan 6

Switch A (config -vlan)# nameAccounting

//Configure VLAN 7 name as HRD

Switch A (config)# vlan 7

Switch A (config -vlan)# nameHRD

Switch A (config-vlan)# state active

// The following command enables the VLAN. However, by default the VLAN is enabled and has no shutdown value. You cannot shut down the VLAN1, or VLANs with numbers between 1006 to 4094.

Switch A (config-vlan)# no shutdown

// Go back


//Add ports to VLAN

// configure slot type 1 on port 13. The port can be physical Ethernet port or a port channel.

Switch A# configure terminal

Switch A (config)# interface ethernet 1/13

S1(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access or

trunk mode

trunk Set trunking mode to TRUNK unconditionally

S1(config-if)#switchport mode access

The switchport mode access command allows you to specify that the port is layer 2 port. You can then assign a VLAN to the port with the switchport access command. This way you can configure multiple ports using the interface range command.

// Set the access mode of the interface to the specified VLAN.

switch A (config-if)# switchport access vlan 5

Verifying VLAN

To verify VLAN configuration on VLAN 5 use command

switch A# show running-config vlan5

To verify VLAN configuration on VLAN 5 – 7use command

switch# show running-config vlan 5-7

The command displays result as:

version 4.0(0)

vlan 1

vlan 5

The following example shows the VLANs created on the switch and their status:

switch# show vlan

VLAN Name Status Ports

---- -----------------------------------------------------------

1 default active Eth1/1, Eth1/5, Eth1/6, Eth1/7

Eth1/7, Eth1/8, Eth1/9

5 Development active

6 Accounting active

7 HRD active

[output cut]

The following example shows the details of VLAN 13 including its member ports:

switch# show vlan id 13

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

13 VLAN0005 active Eth1/13, Eth1/14


---- ----- -----

13 enet 576




Primary Secondary Type Ports


The following example shows the VLAN settings summary:

switch# show vlan summary

Number of existing VLANs : 3

Number of existing VTP VLANs: 3

Number of existing extended VLANs : 0

Troubleshooting VLAN

Any network troubleshooting should start by first checking the physical connectivity of your network. Similarly, for your VLAN connectivity try checking that your cables and switch ports are working well and are connected properly.

You can check the switch ports by checking the switch ports link LEDs.

After checking the physical connectivity between cables and switches, you should check the switch configurations by using the command show interface [interface name-number] command that allows you to check the CRC errors or late collisions on the interface. The CRC errors usually occur due to bad cables or bad network interface card. The collisions can be caused due to duplex mismatch with the attached device or congestion on the link.

If the physical connectivity between the switches and the cables for the VLAN is fine and there are no bad NIC or cables and still two hosts on the VLAN are not able to connect, then you need to check whether the hosts that are not able to connect are in the same VLAN or not.

If the two hosts that must connect to each other are a part of different VLAN then you need a router to establish connectivity between them. On the other hand if a host is not able to connect to a switch then you need to check that the host and the switch belong to the same subnet.

Example Question

While plugging in a new host VLAN 3, you realized that the membership of the host is different from what is needed for the host to reach the network services. Which of the following commands will you use to change the membership of the host?

  • Switch(config-if)#switchport access vlan 3
  • switch# show vlan3
  • switch A# show running-config vlan 3
  • switch# show running-config vlan 3

Answer: A

By default all switch ports are members of VLAN 1. In order to change the membership, you must change the port. You can change the port by using Switch(config-if)#switchport access vlan 3 command.

Related IT Guides

  1. Configure and verify ACLs in a network environment
  2. Configure and verify an ACLs to limit telnet and SSH access to the router
  3. Configure and verify DHCP (IOS Router)
  4. Configure and verify initial switch configuration including remote access management
  5. Configure and verify interVLAN routing (Router on a stick)
  6. Describe the types, features, and applications of ACLs
  7. Identify and correct common network problems
  8. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  9. Select the Components Required to Meet a Network Specification
  10. Verify network status and switch operation using basic utilities

Close 100% Pass Guarantee or Your Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.

Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.

The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired).
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name).
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to Admission Tests / Courses, CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as provides only the practice questions for these.
  11. Outdated Exam Products.
January sale! Get 25% Discount for All Exams!

This is a ONE TIME OFFER. You will never see this Again

Instant Discount
Braindumps Testing Engine

25% OFF

Enter Your Email Address to Receive Your 25% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Your 25% Discount on Your Purchase

Save 25%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 25% discount on all your purchases:


Start Shopping