Port-Based VLANs
A VLAN is a switched network that is logically segmented by function, team, or application, without regard
to the physical location of the users. Packets received on a port are forwarded only to ports that belong to the
same VLAN as the receiving port. Network devices in different VLANs cannot communicate with one another
without a Layer 3 device to route traffic between the VLANs.
VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC address
table. A VLAN comes into existence when a local port is configured to be associated with the VLAN, when
the VLAN Trunking Protocol (VTP) learns of its existence from a neighbor on a trunk, or when a user creates
a VLAN. VLANs can be formed with ports across the stack.
To configure VLANs, use the
vlan vlan-id
global configuration command to enter VLAN configuration mode.
The VLAN configurations for normal-range VLANs (VLAN IDs 1 to 1005) are saved in the VLAN database.
If VTP is version 1 or 2, to configure extended-range VLANs (VLAN IDs 1006 to 4094), you must first set
VTP mode to transparent. Extended-range VLANs created in transparent mode are not added to the VLAN
database but are saved in the switch running configuration. With VTP version 3, you can create extended-range
VLANs in client or server mode. These VLANs are saved in the VLAN database.
In a switch stack, the VLAN database is downloaded to all switches in a stack, and all switches in the stack
build the same VLAN database. The running configuration and the saved configuration are the same for all
switches in a stack.
Add ports to a VLAN by using the
switchport
interface configuration commands:
•
Identify the interface.
•
For a trunk port, set trunk characteristics, and, if desired, define the VLANs to which it can belong.
•
For an access port, set and define the VLAN to which it belongs.
Switch Ports
Switch ports are Layer 2-only interfaces associated with a physical port. Switch ports belong to one or more
VLANs. A switch port can be an access port or a trunk port. You can configure a port as an access port or
trunk port or let the Dynamic Trunking Protocol (DTP) operate on a per-port basis to set the switchport mode
by negotiating with the port on the other end of the link. switch ports are used for managing the physical
interface and associated Layer 2 protocols and do not handle routing or bridging.
Configure switch ports by using the
switchport
interface configuration commands.
Access Ports
An access port belongs to and carries the traffic of only one VLAN (unless it is configured as a voice VLAN
port). Traffic is received and sent in native formats with no VLAN tagging. Traffic arriving on an access port
is assumed to belong to the VLAN assigned to the port. If an access port receives a tagged packet (Inter-Switch
Link [ISL] or IEEE 802.1Q tagged), the packet is dropped, and the source address is not learned.
The types of access ports supported are:
•
Static access ports are manually assigned to a VLAN (or through a RADIUS server for use with IEEE
802.1x.
•
VLAN membership of dynamic access ports is learned through incoming packets. By default, a dynamic
access port is not a member of any VLAN, and forwarding to and from the port is enabled only when
the VLAN membership of the port is discovered. Dynamic access ports on the switch are assigned to a
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
16
Information About Configuring Interface Characteristics
Summary of Contents for Catalyst 2960 Series
Page 96: ......
Page 196: ......
Page 250: ......
Page 292: ......
Page 488: ......
Page 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Page 590: ......
Page 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Page 620: ......
Page 750: ......
Page 1604: ......
Page 1740: ......
Page 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Page 2106: ......
Page 2118: ......
Page 2164: ......