how to configure vlans on a cisco switch - the bhc blog
DESCRIPTION
NetworkingTRANSCRIPT
The BHC Blog
"The Technical Blog of Blackhawk Consulting"
Home |About Us |Subscribe |Register For Free |Sign-In
Recent Posts
Blackberry Missing net_rim_cryptoFix for: “An error caused a change in the current set of domain controllers.”Fix for: LA Noire: The Launcher cannot query DirectX. Please update DirectX by installing the latestredistribution.Disable Windows 8 InterfaceHowto: Enable debugview for RMS 1.0How to add a server to an ADRMS cluster with no SCPSome useful ADRMS blogsBlack Screen of Death Server 2008 with ExchangeWhat? 40:0eh 40:13hOutlook wont connect to Exchange: Disconnected
Topics
HardwareHow ToIT SecurityLinuxMicrosoft RMSMicrosoft WindowsMiscUncategorizedWeb Design / SEO
Archives
November 2011October 2011September 2011August 2011July 2011
June 2011April 2011March 2011February 2011January 2011September 2010July 2010June 2010May 2010October 2009August 2009June 2009May 2009April 2009March 2009February 2009January 2009December 2008November 2008October 2008September 2008August 2008
Search
Enter Search Terms
Useful Information
About UsVisit Blackhawk ConsultingHire Blackhawk ConsultingNewsletter Sign-upContact UsBookmark with Del.icio.usDigg this site
Recent Articles
Coming Soon ...
HOWTO: Create VLANs on a Cisco Switch
If you do not wish to setup the switch yourself or are looking for expert help, consider hiring BlackhawkConsulting to assist you with your switch and network needs.
VLANs are Virtual LANs. They allow you to logically divide up your switched network to improve networkspeed, security, and reliability. If you have other Cisco equipment in your network, such as Cisco wirelessaccess points or Cisco PIX firewalls, setting up your switch correctly will give you a big return as all theCisco equipment is VLAN aware. What does this mean? it means you can have two networks shared out viawireless using one access point. It also means you can separate out sections of your network for servers,clients, VPN clients, etc.. which will greatly improve your network efficiency.
Before you begin defining VLANs on your network, first decide what the purpose is for each VLAN. Forexample, lets say in we have two offices… One in New York, and One in California. At each location we wantto separate out Servers and clients. This means we have 4 categories:
NY_Servers 10.100.0.0 / 255.255.0.01.NY_Clients 10.150.0.0 / 255.255.0.02.CA_Servers 10.200.0.0 / 255.255.0.03.CA_Clients. 10.250.0.0 / 255.255.0.04.
In our example, we will set up each VLAN with the above ip configuration. The ip configuration tells theswitch what network segments are where which will allow your switch to do routing between VLANs.
STEP 1: Login and Setup:
Login to enter Enable mode:1.
> enSwitch#
Enter Configure mode:2.
Switch# conf tSwitch (Config) #
Name each VLAN (The commands below name all 4 VLANs)3.
Switch (Config) # vlan 2Switch (Config-vlan) # name NY_ServersSwitch (Config-vlan) # exitSwitch (Config) # vlan 3Switch (Config-vlan) # name NY_ClientsSwitch (Config-vlan) # exitSwitch (Config) # vlan 4Switch (Config-vlan) # name CA_ServersSwitch (Config-vlan) # exitSwitch (Config) # vlan 5Switch (Config-vlan) # name CA_Clients
Switch (Config-vlan) # exitSwitch (Config) # exitSwitch #
You have now successfully set-up the 4 VLANs.. They’re not functional yet- but lets make sure our settingstook…
We are going to run a command that will show us what VLANs are currently configured:1.
Switch # show VLAN
Your output should look something like this:
1 default activeFa0/18, Fa0/20, Fa0/21, Fa0/22Fa0/24, Gi0/1, Gi0/2
2 NY Servers activeFa0/1, Fa0/2, Fa0/3, Fa0/4Fa0/5, Fa0/6, Fa0/7, Fa0/8
3 NY Clients active Fa0/13, Fa0/14, Fa0/15, Fa0/16
4 CA_Servers active Fa0/17
5 CA_Clients active
….
If you see extra vlans you do not want simply follow the step below:
Switch # conf tSwitch (Config) # no vlan XX where XX is the vlan number you want to remove.Switch (Config) # exit
Now run “show vlan” again and see if the vlan has been removed.
Step 2: Assign IP Address ranges to each VLAN
Now that we have the basic VLAN infrastructure in place we need to assign gateways for each VLAN. Thegateways will inform the switch what network segments each VLAN represents. In this case, we see that NYuses 10.100.x.x and 10.150.x.x for their network and CA uses 10.200.x.x and 10.250.x.x. In order to keepthings simple, we will assume that the gateways are 10.x.x.1.
To assign networks to each VLAN:1.
Switch # conf tSwitch (config) # int vlan 2Switch (config-if) # ip address 10.100.0.1 255.255.0.0Switch (config-if) # exitSwitch (config) # int vlan 3Switch (config-if) # ip address 10.150.0.1 255.255.0.0Switch (config-if) # exit
Switch (config) # int vlan 4Switch (config-if) # ip address 10.200.0.1 255.255.0.0Switch (config-if) # exitSwitch (config) # int vlan 5Switch (config-if) # ip address 10.250.0.1 255.255.0.0Switch (config-if) # exitSwitch (config) # exitSwitch #
We now have now told the switch what address range is used in each VLAN. At this point we have notcreated the VLANs and assigned address ranges to them. There are still three tasks left:
Assign ports to VLANs1.enable IP Routing (if it is off)2.and test.3.
Step 3: Assign ports to VLANs.
The next step is to assign the physical ports on your switch to specific VLANs. In our example we will onlyassign the first 4 ports on the device; one to each VLAN.
Switch # Conf tSwitch (config) # int Fe 0/1Switch (config-if) # switchport access vlan 2Switch (config-if) # switchport mode accessSwitch (config-if) # exitSwitch (config) # int Fe 0/2Switch (config-if) # switchport access vlan 3Switch (config-if) # switchport mode accessSwitch (config-if) # exitSwitch (config) # int Fe 0/3Switch (config-if) # switchport access vlan 4Switch (config-if) # switchport mode accessSwitch (config-if) # exitSwitch (config) # int Fe 0/4Switch (config-if) # switchport access vlan 5Switch (config-if) # switchport mode accessSwitch (config-if) # exitSwitch (config) # exitSwitch #
The result of the above commands is that each physical port on the switch has now been assigned to aspecific VLAN. To verify this run “show vlan” and you will now see that ports 1-4 are now assigned to vlans2-5.
The final step is to ensure VLAN routing is turned on. To do this run the commands below:
Switch # conf tSwitch (config) # ip routingSwitch (config) # exitSwitch #
Theoretically now, assuming you have hit no problems and got no errors when entering commands, you arefinished.
It is very very important to save your changes now or they will be lost on reboot:
Switch # copy run startSwitch #
Step 5: Testing
To test, simply plug a computer into each port, assign a valid ip on the subnet (ie if the subnet/vlan is10.100.0.0 255.255.0.0 .. your pc would need to be 10.100.x.x / 255.255.0.0.)
First test: See if you can ping your client from the switch using the ping command. You can run pingdirectly from the Cisco interface.Second test: See if you can ping the gateway from the client.. (ie client 10.100.x.x would ping10.100.0.1)Third test: See if you can ping a gateway on another segment.. (ie Client 10.100.x.x would ping10.200.x.1)Fourth test: See if you can ping a client on another segment.. (ie client on 10.100.x.x would ping a clienton 10.200.x.x)
If this works you are now finished. You now have successfully setup a basic Cisco Layer 3 Switch withVLANs and network routing. Be aware that this is just the very beginning of what your cisco device iscapable of.. The advanced features using ACL’s on the equipment can allow you to prevent traffic from oneVLAN accessing another, can allow your firewall / VPN to assign VPN clients to a specific VLAN, can allowyour Wireless access point to assign wireless clients to a specific VLAN, etc. etc. If you let me know ofspecific problems you have had or topics you would like more detail on, please just send a comment.
If you do not wish to setup the switch yourself or are looking for expert help, consider hiring BlackhawkConsulting to assist you with your switch and network needs.
_______________________________________PLEASE HELP BY BOOKMARKING OUR SITE...
Visit Blackhawk Consulting - IT Consulting at affordable rates