A Virtual Local Area Network (VLAN) is a private path that is built to segregate traffic on a port. A VLAN is not an object that can be physically touched, but rather is a virtual division of traffic. Drawling this line between traffic allows for multiple users or customer traffic to traverse the same switch port without ever risking security. One customer cannot see or access another customer's traffic when you create a different VLAN for each customer.
Create the VLAN
Enter your user name and password at the prompt. The prompt should display the name of the switch, followed by a pound (#) sign. If there is a carrot (>) sign, the switch is not configured to auto-enable your session. Enter enable mode by typing "enable," then hit "enter." You should be prompted for your password one more time before you are presented with the switch name, followed by the pound sign.
Enter configuration mode by typing "configuration terminal." This mode allows you to make changes to the device.
Create a new VLAN by typing "vlan x," where" x" is the number of the VLAN you are creating. Normal VLAN numbers range from 1 to 4,094. There are some that are already assigned by standard for other use. Steer clear of using these VLANs for customer assignments. VLAN 1 (management), VLAN 1,002 (fiber-distributed data interface), VLAN 1,003 (token ring), VLAN 1,004 (fiber-distributed data interface network) and VLAN 1,005 (additional token ring interface) are all reserved.
Add a name to the VLAN so that you know what each is used for without having to memorize all the numbers or keep a cheat sheet. Type "name Hotel." "Hotel" can be replaced by any name that you want to use, but it does not allow special characters, including spaces. The name field will appear exactly as you type it, and you can substitute an underscore as a space between a two-word name. This name is not mandatory and can be added at a later date if forgotten.
Exit configuration mode by typing "exit." Save your changes by typing "write memory."
Verify the VLAN
Verify that the VLAN was created by typing "show vlan." The switch will respond with a printout of all the VLANs on the switch.
Check the first column of the chart, which is the VLAN number. Make sure that the VLAN you created is listed in this column.
Check the second column, which is the VLAN name. This should be the exact syntax that you used to create the name.
Check the third column, which shows the current status. The status should show "active" or you will not be able to use the VLAN to pass traffic.
Check the last column, which is the ports column. It lists all of the ports that carry traffic on that VLAN. The port that the customer's equipment is plugged into must be added to the VLAN to allow access to the traffic. More than one port is allowed to receive traffic from a single VLAN, depending on what type of service you are providing to the customer.
Tips & Warnings
- Verify that the VLAN is not already in use before applying commands, or reusing the same VLAN could cause an outage.
- Save all changes, or the next time the switch reloads all the changes will be lost.
- "CCNA Self-Study: Interconnecting Cisco Network Devices (ICND) 640-811, 640-801, 2nd Edition;" Stephen McQuerry; 2003
- Cisco: Configuring VLANs, VTP, and VMPS
- "CCNA: Cisco Certified Network Associate Fast Pass, Third Edition"; Todd Lammle; 2008
- "Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit"; Dale Liu; 2009
- "Designing for Cisco Internetwork Solutions (DESGN) (Authorized CCDA Self-Study Guide) (Exam 640-863), Second Edition"; Diane Teare; 2008
- Photo Credit Dynamic Graphics Group/Dynamic Graphics Group/Getty Images