Cisco CCNP SWITCH 642-813

VLANs: Configuration and Verification

by Jeremy Cioara

Start your 7-day free trial today.

This video is only available to subscribers.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.

Welcome to Cisco Switch: Watch Me First!

The Switches Domain: Core Concepts and Design

VLANs: Configuration and Verification

00:00:00 - VLANs, configuration and verification.
00:00:04 - Well, we've walked into the first of the major topics of the
00:00:08 - BCMSN video series and that is VLANs. These things define the
00:00:13 - fabric of just about every enterprise network that you can find
00:00:17 - in the world today. They are the separator that divides a network
00:00:22 - into multiple broadcast domains Before we get too deep into VLANs
00:00:26 - and trunking and all the different technologies I thought I'd
00:00:29 - start off with a simple video explaining the foundations of VLANs,
00:00:33 - what they are, why you would use them, and some design and focusing
00:00:37 - on Cisco's recommendation of using local VLANs. The last thing
00:00:41 - we'll talk about in here is VLAN configuration. We'll jump into
00:00:45 - a live interface, talk about set up on Cisco switches and assign
00:00:50 - ports to them.
00:00:53 - Just to make sure we're all on the same sheet of music, I'd like
00:00:56 - to do a little review of the VLAN foundations. What are VLANs?
00:01:02 - By default, a Cisco switch sends a broadcast everywhere, right?
00:01:06 - Every switch does. That's what switches do. But when we set up
00:01:10 - VLANs, the broadcast traffic is restrained to the VLAN that it
00:01:16 - was received in. So, for example, you can see on the screen I've
00:01:19 - got the blue VLAN and the red VLAN. If the computer sends a broadcast,
00:01:23 - it only comes out the blue ports. Computer sends a broadcast.
00:01:27 - It comes out the red ports. That's known as separate broadcast
00:01:30 - domains. We've completely divided those switches up. Now, with
00:01:35 - that being said, as a side note, we've got these blue computers
00:01:39 - and red computers sending broadcasts. If that's the case, then
00:01:41 - what VLAN port does that belong to? You probably guessed it.
00:01:47 - All VLANs. If the broadcast is going to go out all these ports
00:01:51 - then these ports, this white port, and this is a magic port that
00:01:55 - has two things connected to it, but you get the point. Those
00:01:59 - ports send all VLAN traffic and Cisco calls those a trunk port.
00:02:05 - Now, I will mention if you jump out of the Cisco world into any
00:02:09 - other vendor, whether it's 3Com or HP, they actually define those
00:02:13 - ports as tagged ports. So when you're thinking about tagged ports
00:02:18 - and trunk ports, they're kind of equivalent in those two words.
00:02:21 - So with that in mind, setting up VLAN helps you manage your network
00:02:27 - to really divide it into logical groups. We talked a little bit
00:02:31 - about this in the first video that opened this whole series.
00:02:34 - Now, these VLANs are correlated directly to a subnet. It is a
00:02:38 - one to one correlation. So every VLAN that you create needs its
00:02:43 - own subnet assigned to it. These VLANs can be used for access
00:02:48 - control to prevent the blue users from reaching the red users.
00:02:51 - They can be used for quality of service to say, well, the blue
00:02:55 - VLAN gets better treatment than the red VLAN and they get more
00:02:58 - priority of the bandwidth. And they can be just used for a great
00:03:02 - network design. You won't walk into any modern network that has
00:03:07 - a large campus environment that is not using VLANs. They are,
00:03:10 - how do you like that? You won't walk into any network with technology
00:03:15 - from this year and beyond and the routers and just about everybody.
00:03:19 - Let me put it that way uses VLANs. They are a great network design
00:03:24 - and make it very easy to manage large campus environments.
00:03:28 - When you are setting up VLANs in your network, Cisco recommends
00:03:33 - that you design them through a concept called local VLANs. All
00:03:37 - that means is that the VLANs are constrained to a specific switch
00:03:41 - block. Now, in the opening video to this whole series we talked
00:03:44 - about the enterprise composite network model, remember. And one
00:03:48 - of the things we talked about there was how we're supposed to
00:03:50 - design our network in these groups, this access layer, distribution
00:03:54 - layer, and up here is our core layer devices that really separate
00:03:59 - the major sections of our network. It could be done by buildings.
00:04:02 - It could be done by major departments. It could be done by technology.
00:04:05 - For example, over here I have the server block and the user blocks.
00:04:09 - Inside of the server block I have VLAN 10, 11 and 12 that maybe
00:04:14 - divide up my servers, and I've got the e mail servers in one
00:04:17 - VLAN, Web servers and so on. And then over on the right I've
00:04:20 - got user blocks, maybe the counting and sales department are
00:04:24 - VLAN 14 and 15. By keeping those VLANs constrained to the switch
00:04:31 - network, meaning their switch block, I've created local VLANs.
00:04:35 - And that's good, because now I can implement routing to get to
00:04:38 - the other destinations. If these guys want to reach the servers,
00:04:42 - no worries, I can just route them through the core using my routing
00:04:45 - table, but these all remain routed links. Because we don't want
00:04:52 - a broadcast traffic going through the core and hitting other
00:04:55 - areas of our network.
00:04:57 - These local VLANs should be created around the physical boundaries.
00:05:02 - And usually we don't think about things in physical terms anymore,
00:05:07 - because VLANs are completely logical. But they should really
00:05:10 - be created physically speaking with switches that are directly
00:05:14 - connected. You directly connect access layers to a distribution
00:05:18 - layer. Directly connect distribution layers to core layers. Those
00:05:21 - are your boundaries that should contain your local VLANs. The
00:05:26 - point is to put it simple, we shouldn't have VLANs that go through
00:05:30 - the core. They should remain at the distribution layer and stop
00:05:34 - there. Well, I'm ready. Let's get into the VLAN configuration.
00:05:39 - Just the base setup of VLANs on our switch. And logged into a
00:05:43 - Cisco switch right now, I'm going to type in show VLAN, and just
00:05:47 - take a look at what VLANs I have on the switch by default. Now,
00:05:50 - you can see VLAN 1 right there the default VLAN has all 20 well,
00:05:55 - 23 ports assigned to it. You can see one through 23. This is
00:05:59 - a 24 port switch and I'll talk about where port 24 is in just
00:06:03 - a moment. But below that I have 1,002, three, four, and five
00:06:08 - VLANs which are not something that we created. They're on there
00:06:11 - by default. Those are in order for Cisco to be an industry compliant
00:06:17 - vendor, they had to have those VLANs, just because the industry
00:06:21 - standards said you should. Notice it says active but unsupported,
00:06:24 - because this switch doesn't have FITI interfaces or token rings.
00:06:28 - Obviously this is an older standard but they're there by default.
00:06:32 - All other VLANs we can create. Now, there's two ways to create
00:06:37 - VLANs. An old way and a new way. I'll show you the old way first.
00:06:42 - We can do that by typing from privileged mode, and that's where
00:06:45 - it's kind of funny because we don't start from global config.
00:06:48 - You can type in VLAN database. Now, a little paragraph comes
00:06:51 - up that in short says Cisco's saying this is a mode we used to
00:06:54 - like but now we don't like it so we're making it go away in future
00:06:58 - versions of the software that's being deprecated. So this mode
00:07:03 - is eventually going away but this is the only mode that many
00:07:06 - people know. You go into VLAN database and underneath here you
00:07:10 - can just type in VLAN 100. Followed by name. We'll say IT.
00:07:17 - VLAN 200.
00:07:20 - We name it sales. Jump back here. VLAN 200. And so on. Now, this
00:07:25 - mode and I think one of the reasons why Cisco's trying to make
00:07:28 - it go away, it's very quirky, in the sense that
00:07:33 - how do you usually exit from modes? Control Z, right? Some of
00:07:38 - you are thinking: Type in exit. Most people hit control Z. If
00:07:42 - you hit control Z to jump out of this mode it actually undoes
00:07:46 - everything that you did. It's funny. So when I get out, I have
00:07:51 - to type in exit. And that's where you get this message Apply
00:07:55 - Completed. Now when I type in show VLAN I can see default VLAN,
00:07:59 - IT and sales. So I've created those two VLANs. With the old way
00:08:03 - out of the way, let me show you the Cisco preferred way. I go
00:08:07 - into global config mode and type in VLAN, say a number. We'll
00:08:11 - say 300.
00:08:13 - Name. Marketing.
00:08:17 - You actually go into this VLAN sub configuration mode and name
00:08:20 - it. You exit back out and do VLAN 400. Name, management.
00:08:28 - Management. Exit out. Show VLAN and you can see that sure enough
00:08:33 - we've added more VLANs to our switch that are available. But
00:08:37 - no ports have been assigned. So to assign ports I go into global
00:08:42 - config mode, and I'll just assign the first 10 port. I'll type
00:08:44 - in interface. Actually, first 10 ports, let's do interface range.
00:08:49 - Fast ethernet 0/1 through 10. And I'll do first command switch
00:08:54 - port mode access. Now, let me type the whole command. That command
00:09:00 - configures this to be hard coded as an access port. You don't
00:09:05 - have to do it, but it's very important that you do. Because otherwise
00:09:09 - it's in a mode known as dynamic, where it will be trying to negotiate
00:09:13 - a trunk port with the other side. That, by the way, is a horrible
00:09:17 - security vulnerability to leave your ports in dynamic mode. You
00:09:21 - want to either hard code them as access ports or trunk ports.
00:09:25 - We'll talk about that more in the upcoming video. Actually, it's
00:09:28 - coming up next where we discuss everything trunking. So we've
00:09:32 - set these to access ports, which means an end device attaches
00:09:35 - to them. Then I'll follow that up with switch port access VLAN
00:09:39 - and let's throw these guys in 100, they're the IT ports. Do interface
00:09:43 - range. Fast ethernet. We'll say 11 through 15. Switch port mode
00:09:48 - access and switch port access VLAN 200. When I jump out, I'll
00:09:52 - do a show VLAN and I can see that I have a status message splicing
00:09:57 - up my beautiful output. You can see the IT ports. Whoop.
00:10:02 - Right there. With a group of ports underneath it or the ITVLAN.
00:10:07 - Then I have the sales VLAN with a group of ports underneath it.
00:10:11 - At this point I have completely segmented my switch. The sales
00:10:15 - ports cannot reach the IT ports which cannot reach the default
00:10:19 - VLAN. They are totally separate, a broadcast in those VLAN stays
00:10:23 - in those VLANs. So that is how we create VLANs and assign ports
00:10:28 - to them. Now, the last thing I'll talk about, this is a short
00:10:32 - video, just on creating VLANs, is where these VLANs are stored.
00:10:37 - This is a little odd. But Cisco decided not to store the VLANs
00:10:42 - in the running config. I'll do a show run and do a little scrolling
00:10:46 - down. And I can see that there's my spanning tree. All my commands
00:10:51 - I typed under my interfaces.
00:10:53 - And interface VLAN one console port nothing. Nothing about VLANs
00:10:57 - is in the running config. It's all stored in a file in flash
00:11:03 - called VLAN.dat.
00:11:05 - You can see the file right there on the bottom. The VLAN database
00:11:09 - file holds all the VLANs that we created and their proper names.
00:11:13 - That is a little bit irksome I'll say. I'm trying to think of
00:11:19 - the right work. Irksome will do for now. Because you think you
00:11:23 - clear out your switch. Let's say you erase the config by doing
00:11:26 - a write erase, or erase startup config and you think you wipe
00:11:29 - out the config, but when you reboot you'll still see all those
00:11:32 - VLANs there. That can be an issue when we start getting into
00:11:38 - topics like VTP because it may accidently propagate those VLANs
00:11:42 - when you don't intend. However,
00:11:45 - when you are properly clearing a switch out, you're erasing its
00:11:49 - configuration, don't forget not only to do a write erase, which
00:11:54 - erases the start up config, but also do a delete/colon
00:11:59 - VLAN.dat. By doing that, that is the only way that you can erase
00:12:05 - your VLANs. I'll do a show VLAN.
00:12:08 - And you can see that they're still there. You might be thinking
00:12:11 - well Jeremy I thought you just deleted it. They are memory resident.
00:12:14 - They're sitting in RAM. So we have to reboot this switch. Just
00:12:18 - power it off and power it back on before those VLANs go away.
00:12:21 - So my point in telling you that, this is especially valuable
00:12:24 - when we get to VTP, when you're clearing a switch, don't forget
00:12:28 - to erase the VLANs or erase the VLAN database file.
00:12:33 - And that's about all I have to say about that. So let's wrap
00:12:36 - up VLANs. This has been the opening video on just creating VLANs.
00:12:41 - Modifying ports, assigning them to VLANs. We talked about first
00:12:45 - off VLAN foundations, what VLANs are. We then got into the VLAN
00:12:49 - design, which primarily deals with local VLANs. Cisco wants you
00:12:54 - to make sure that you keep your VLANs constrained to the switch
00:12:58 - block so they don't go through the core of your network. Last
00:13:02 - thing we got into was the VLAN configuration. Walking through
00:13:05 - first off creating the VLANs from either VLAN database or global
00:13:08 - config mode. Then assigning your access ports to them. I hope
00:13:13 - this has been informative for you and I'd like to thank you for viewing.

VLANs: In-Depth Trunking

VLANs: VLAN Trunking Protocol

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 1

STP: Foundation Per-VLAN Spanning Tree Concepts, Part 2

STP: Rapid Spanning Tree Concepts and Configuration

EtherChannel: Aggregating Redundant Links

L3 Switching: InterVLAN Routing Extraordinaire

L3 Switching: Understanding CEF Optimization

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 1

Redundancy in the Campus: HSRP, VRRP, and GLBP Part 2

Campus Security: Basic Port Security and 802.1x

Campus Security: VLAN and Spoofing Attacks

Campus Security: STP Attacks and Other Security Considerations

Campus VoIP: Overview, Considerations, and AutoQoS

Wireless LAN: Foundation Concepts and Design Part 1

Wireless LAN: Foundation Concepts and Design Part 2

Wireless LAN: Frequencies and 802.11 Standards

Wireless LAN: Understanding the Hardware

The Switches Domain: Additional Life-Saving Technology

Monitoring: Your Pulse on the Network

Campus Security: VACLs

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus

Course Features

Speed Control

Play videos at a faster or slower pace.

Bookmarks

Pick up where you left off watching a video.

Notes

Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

Premium Features

Transcender® Practice Exams

These practice tests help you review your knowledge and prepare you for exams.

Offline Training

Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching

Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Certifications:
Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.


Stay Connected

Get the latest updates on the subjects you choose.


  © 2014 CBT Nuggets. All rights reserved. Licensing Agreement | Billing Agreement | Privacy Policy | RSS