A static VLAN is created when the administrator manually assigns switch ports to belong to a VLAN. Initially, the default is for all ports to be assigned to VLAN1. Static VLANs can be created in VLAN configuration mode. Creating our two VLANs involves only a few commands:
- We move from privileged EXEC mode to configuration mode:
Switch# configure terminal
- Next, we create the first VLAN (VLAN2, the DEVELOPERS VLAN):
Switch (config)# interface vlan 2
- Now, we can assign it a name:
Switch (config-vlan)# name DEVELOPERS
- Next, we want to apply the changes, increase the revision number, and return to the global configuration mode:
Switch (config-vlan)# exit
- We follow the same steps for the ENGINEERING VLAN, except for entering configuration mode, since we are already in that mode:
Switch (config)# interface vlan 3
Switch (config-vlan)# name ENGINEERING
Switch (config-vlan)# exit
- Next, we need to assign ports to the VLANs. We can set up non-trunking access ports with a few commands. First, we move to interface configuration mode:
Switch (config)# interface range FastEthernet 3-5
In this command, interface indicates that we are entering interface configuration mode. range indicates that we are configuring a range of ports, not a single port. FastEthernet is the interface type. Other possible values include ethernet, fddi (for fiber connections), token or tokenring (for token ring networks), or atm. 3-5 indicates that we are configuring ports 3 to 5. If you have a switch with more than one slot, you will have to specify the slot first, separated from the port range by the slash character (for example FastEthernet 1/3-5).
- Next, we configure ports 3 to 5 as access ports:
Switch (config-if-range)# switchport mode access
- Finally, we assign ports 3 to 5 to VLAN2 and return to the global configuration mode:
Switch (config-if-range)# switchport access vlan 2
Switch (config-if-range)# exit
- Next, we will enter interface configuration mode for ports 6 to 8 and set up these ports as access ports for VLAN 3:
Switch (config)# interface range FastEthernet 6-8
Switch (config-if-range)# switchport mode access
Switch (config-if-range)# switchport access vlan 3
Switch (config-if-range)# exit
- Next, we need to configure at least one port as a trunk port. First, we indicate the interface type, slot, and port:
Switch (config)# interface FastEthernet 1
- Then, we set the mode to trunk:
Switch (config-if)# switchport mode trunk
This sets port 1 as a trunk port. By default, the native VLAN for this trunk port is the default VLAN (VLAN1).
- We can change this with the following command:
Switch (config-if)# switchport trunk native vlan 2
This changes the native VLAN to VLAN2.
- By default, a trunk port will carry traffic for any VLAN, but if we want, we can restrict the allowed VLANs for this trunk port:
Switch (config-if)# switchport trunk allowed vlan add 2-3
This will restrict the trunk port to allow only VLANs 2 and 3, our DEVELOPERS and ENGINEERING VLANs. Other possible values for this command are all (to allow all VLANs), none (for no VLANs), a list of allowed VLANs, remove to remove a VLAN, or add to add a VLAN. For example, we could type:
Switch (config-if)# switchport trunk allowed vlan remove 2
This would remove access for VLAN 2 without affecting VLAN 3. We could add VLAN 2 back again as well:
Switch (config-if)# switchport trunk allowed vlan add 2
- To verify this configuration, we exit configuration mode and use the show command. For example, to verify the DEVELOPERS VLAN, we type:
Switch (config-if)# exit
Switch (config)# exit
Switch# show vlan name DEVELOPERS
- This command will display configuration information for VLAN 2. The following command will display all VLANs:
Switch# show vlans