Lab 2.9.

1 Catalyst 2950T and 3550 Series Static VLANS

Objective
Create and maintain VLANs on a Cisco Catalyst 2950T or 3550 series Ethernet switch using the
command-line interface (CLI) mode.

Scenario
VLANs must logically segment a network by function, team, or application regardless of the physical
location of the users. All end stations in a particular IP subnet are often associated with a specific
VLAN. VLAN membership on a switch that is assigned manually for each interface is known as
interface-based or static VLAN membership.
The basic procedures for creating and maintaining VLANs on the 2950T and 3550 series of Ethernet
switches are essentially the same.

Step 1
Select a 2950T or 3550 switch. Both of these switches have 24 2-gigabit ports. If necessary, power
up the switch and use the standard process for establishing a HyperTerminal console connection

1 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 from a workstation. It does not matter if the switch configuration from the previous lab is running or if
students start with no configuration.
Issue a show vlan command from the privileged mode.
The following sample output is for a 2950T switch.
Switch#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

The following sample output is for a 3550 switch.

Switch#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gi0/1, Gi0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

2 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 ------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

Note the default VLAN numbers, names, associated types, and that all switch ports are automatically
assigned to VLAN 1.

Step 2
Issue the switchport mode ? command for interface FastEthernet 0/1.
The switch port mode of all ports is set to access by default. This means the port is intended to be a
single port to which a standard device such as a workstation will be attached or the port will be a
single VLAN to which standard devices will be attached.

The following command is for a 2950T switch.

Switch#config terminal
Switch(config)#interface FastEthernet 0/1
Switch#(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally

The following command is for a 3550 switch.

Switch#config terminal
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dot1q-tunnel Set trunking mode to DOT1Q TUNNEL unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk
mode
trunk Set trunking mode to TRUNK unconditionally

A port on the 2950T switch can operate in one of three modes while a port on the 3550 switch can
operate in one of four modes.
The command for setting a single port to the access mode is shown in the following example, which
uses the FastEthernet 0/1 port.

Switch#config terminal
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access

Use the show vlan command to determine the mode of a port. Ports configured for a particular
VLAN will be shown in that VLAN. Ports configured to a mode other than access will not appear in
any of the VLANs. For example, a port configured to trunk ports will not appear in any of the VLANs.
The show interfaces switchport command will list the configured mode of each port in detail.
The following partial sample output is for a 2950T switch.

Switch#show interfaces switchport

--output omitted--
Name: Fa0/24
Switchport: Enabled

3 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 Administrative Mode: dynamic desirable
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

Protected: false

Voice VLAN: none (Inactive)

Appliance trust: none
Name: Gi0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

Protected: false

Voice VLAN: none (Inactive)

Appliance trust: none

--output omitted—

The following partial sample output is for a 3550 switch.

Switch#show interfaces switchport

--output omitted--
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

Voice VLAN: none (Inactive)

Appliance trust: none

4 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 Name: Gi0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled

Voice VLAN: none (Inactive)

Appliance trust: none

--output omitted—

Ports configured as access ports will not be identified in the output of a show running-config
command. Ports configured otherwise will be specifically noted.
The following partial sample output is for a 2950T switch.

--output omitted--
!
interface FastEthernet0/1
switchport mode trunk
no ip address
!
interface FastEthernet0/2
switchport mode trunk
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
--output omitted—

The following partial sample output is for a 3550 switch.

--output omitted--
!
interface FastEthernet0/11
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface FastEthernet0/13
no ip address
!

5 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 interface FastEthernet0/14
no ip address
!
--output omitted—

Step 3
Create a VLAN in one of two ways. One way is to assign a port to a VLAN that does not exist. The
switch will automatically create the VLAN to which the port has been assigned. Another way is to
create VLANs without assigning port membership.
The 2950T and 3550 switches have a range command that can be used to designate multiple
individual ports or a continuous range of ports for an operation.
VLAN 1 is the Management VLAN by default. Therefore, all ports are automatically assigned to
VLAN 1 and all ports are in the access mode. There is no need to create a VLAN 1, assign ports to
it, or to set the mode of each port. VLANs 10 and 20 must be created and ports 5 through 8 and
ports 9 and 10 must be assigned to each VLAN respectively.
Use the range command to assign ports 5 to 8 to VLAN 10.

Switch#config terminal
Switch(config)#interface range FastEthernet 0/5 – 8
Switch(config-if-range)switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
Switch(config-if-range)#^z

VLAN 10 was created at the same time ports 5 to 8 were assigned to it.
Issue a show vlan command to verify that VLAN 10 has been created and ports 5 to 8 are
assigned to it. The output should be similar to the following sample output.

Switch#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010 active Fa0/5, Fa0/6, Fa0/7, Fa0/8
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

--output omitted—

Since VLAN 10 was not named, the switch automatically assigns a default name, which is
VLAN0010.

6 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
Step 4
Create a VLAN without assigning ports to it at the same time. This involves a somewhat different
process than Step 3. Enter the following vlan database configuration mode from the privileged mode.

Switch#vlan database
Switch(vlan)#

Enter a question mark (?). The following output will appear.

Switch(vlan)#?
VLAN database editing buffer manipulation commands:
abort Exit mode without applying the changes
apply Apply current changes and bump revision number
exit Apply changes, bump revision number, and exit mode
no Negate a command or set its defaults
reset Abandon current changes and reread current database
show Show database information
vlan Add, delete, or modify values associated with a single VLAN
vtp Perform VTP administrative functions.

Notice the highlighted vlan configuration option.

Create VLAN 20.

Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#

The VLAN is created immediately with a default name. To remove a VLAN, the following command
in the vlan configuration mode would be used.

Switch(vlan)#no vlan 20

Ports still need to be assigned to VLAN 20. Port assignment to a VLAN is an interface configuration
operation. Exit vlan configuration mode and enter interface configuration mode.
Exit from the vlan configuration mode and use the range command to assign ports 9 and 10 to
VLAN 20.

Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#
Switch#config terminal
Switch(config)#interface range FastEthernet 0/9 , FastEthernet 0/10
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#^z

A comma (,) delimiter was used instead of the hyphen (-) that was used in Step 3. A space is
required before and after the comma.
Issue a show vlan command to verify the creation of VLAN 20 and with ports 9 and 10 assigned to
it. The output should be similar to the following sample output.

7 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 Switch#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10 VLAN0010 active Fa0/5, Fa0/6, Fa0/7, Fa0/8
20 VLAN0020 active Fa0/9, Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1005 trnet 101005 1500 - - - ibm - 0 0

--output omitted—-

Step 5
Re-enter the vlan configuration mode and issue a question mark (?).

Switch#vlan database
Switch(vlan)#?
VLAN database editing buffer manipulation commands:
abort Exit mode without applying the changes
apply Apply current changes and bump revision number
exit Apply changes, bump revision number, and exit mode
no Negate a command or set its defaults
reset Abandon current changes and reread current database
show Show database information
vlan Add, delete, or modify values associated with a single VLAN
vtp Perform VTP administrative functions.

Use the vlan option to name or rename a VLAN. For example, the following command would
rename VLAN 20 from its default name of VLAN0020 to Accounting.

Switch(vlan)#vlan 20 name Accounting

VLAN 20 modified:
Name: Accounting
Switch(vlan)#

The show option will allow users to view various settings before committing any changes with the
apply or exit options. Issue a show ? command and review the following output.

Switch(vlan)#show ?
changes Show the changes to the database since modification began (or
since 'reset')

8 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 current Show the database installed when modification began (or since
'reset')
proposed Show the database as it would be modified if applied
<cr>

Use the abort option to return to the privileged mode.

Switch(vlan)#abort
Aborting….
Switch#

Issue a show running-config command. The ports that were assigned to VLAN 10 and 20 will
indicate the VLAN to which the port has been assigned. The following is a partial sample output.

--output omitted--
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 10
!
interface FastEthernet0/6
switchport access vlan 10
!
interface FastEthernet0/7
switchport access vlan 10
!
interface FastEthernet0/8
switchport access vlan 10
!
interface FastEthernet0/9
switchport access vlan 20
!
interface FastEthernet0/10
switchport access vlan 20
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
--output omitted—

A port assignment to VLAN 1 will not be indicated since VLAN1 is the default.
Students have now created static VLANs two different ways and assigned ports statically with the
range command. They have also learned to remove, name, and rename VLANs.
Note: Traffic between VLANs must be routed. Inter-VLAN routing will be covered in a later
lab.

Step 6
Prepare for the next lab by removing all VLAN information and configurations. The VLAN database,
or vlan.dat, and startup configuration will need to be deleted.

9 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.
 If a switch is trunked with other switches and all cables are disconnected or the interfaces are shut
down, the VTP server and client switches will not be able to exchange VLAN information. This will be
covered in greater detail in the next lab. To avoid any difficulties, disconnect all cables.
The VLAN information is saved in a flash file called vlan.dat. This file needs to be deleted to remove
the VLAN information. This is done with the delete flash:vlan.dat or delete vlan.dat
command.

Switch#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch#

The erase startup-config command is used to remove the VLAN configuration.

Switch#erase startup-config

Erasing the nvram filesystem will remove all files! Continue? [confirm]
[OK]
Erase of nvram: complete
Switch#

After the startup configuration and VLAN information have been erased, the switch needs to be
reloaded.

Switch#reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]

After the switch reloads, it will have the default VLAN information and configuration.

10 - 10 CCNP 3: Multilayer Switching v 3.0 - Lab 2.9.1 Copyright  2003, Cisco Systems, Inc.