Cisco IOS based switches

Configuring and using VLANs on Cisco switches with IOS is a fairly simple process, taking only a few commands to create and use VLANs, trunk ports, and assigning ports to VLANs. Many switches from other vendors behave similarly to IOS, and will use nearly the same if not identical syntax for configuration.

Create VLANs

VLANs can be created in a standalone fashion, or using VLAN Trunk Protocol (VTP). Using VTP may be more convenient, as it will automatically propagate the VLAN configuration to all switches on a VTP domain, though it also can create its own security problems and open up possibilities for inadvertently wiping out the VLAN configuration.

With VTP, to add another VLAN it only needs to be configured on a single switch, and then all other trunked switches in the group can assign ports to that VLAN. If VLANs are configured independently, they must be added to each switch by hand. Refer to Cisco’s documentation on VTP to ensure a secure configuration use used, and that it is not prone to accidental destruction.

In a network with only a few switches where VLANs do not change frequently, VTP may be overkill and avoiding it will also avoid its potential downfalls.

Standalone VLANs

To create standalone VLANs:

sw# vlan database
sw(vlan)# vlan 10 name “DMZ Servers” sw(vlan)# vlan 20 name “Phones” sw(vlan)# exit

VTP VLANs

To setup a switch for VTP and VLANs, create a VTP database on the master switch and then create two VLANs:

sw# vlan database sw(vlan)# vtp server
sw(vlan)# vtp domain example.com sw(vlan)# vtp password SuperSecret sw(vlan)# vlan 10 name “DMZ Servers” sw(vlan)# vlan 20 name “Phones” sw(vlan)# exit

Configure Trunk Port

For AZTCO-FW, a switch port not only has to be in trunk mode, but also must be using 802.1q tagging. This can be done like so:

sw# configure terminal
sw(config)# interface FastEthernet 0/24 sw(config-if)# switchport mode trunk
sw(config-if)# switchport trunk encapsulation dot1q

Note: On some newer Cisco IOS switches, the Cisco-proprietary ISL VLAN encapsulation method is deprecated and no longer supported. If a switch does not allow the encapsulation dot1q configuration option, it only supports 802.1Q and the encapsulation does not need to be specified.

Add Ports to the VLAN

To add ports to these VLANs, assign them as follows:

sw# configure terminal
sw(config)# interface FastEthernet 0/12 sw(config-if)# switchport mode access sw(config-if)# switchport access vlan 10
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.