How do I create a VLAN?

*** NOTE: this was written several years ago – but may still be useful ***


Increase security and ease administration and relocation.

Break up broadcast domains.

VLANS work at layer 2 and 3 of OSI model.

Communication between VLANs uses layer 3 routing.

3 ways of assigning a switched port to VLANs:

Port-Centric - All nodes connected to ports in the same VLAN are assigned to the same VLAN ID.

Static VLANs - Statically assign ports to a VLAN.

Dynamic VLANs - Ports that can automatically determine their VLAN assignments based on MAC addresses.

Trunk Links - Trunks can carry multiple VLANS. Supported on fast or gigabit links only.

Trunking is used to transport VLANS between devices.

NB: Switches segment LANs into individual collision domains, VLANs break up broadcast domains as well.

Spanning Tree Protocol

Spanning Tree Protocol (STP) is a Layer 2 (L2) protocol that runs on bridges and switches.

The specification for STP is IEEE 802.1D.

The main purpose of STP is to ensure that you do not create loops when you have redundant paths

in your network.

Loops are deadly to a network. (cause broadcast storms)

STP Concepts

STP runs on bridges and switches that are 802.1D-compliant. There are different flavors of STP,

but 802.1D is the most popular and widely implemented. You implement STP on bridges and switches

in order to prevent loops in the network. Use STP in situations where you want redundant links,

but not loops.

Redundant links are as important as backups in the case of a failover in a network.

A failure of your primary activates the backup links so that users can continue to use the network.

Without STP on the bridges and switches, such a failure can result in a loop.

Private Address Range - (10/8 prefix) - (172.16/12 prefix) (/12= - (192.168/16 prefix)

100Base-T Cabling Guidelines

The following cabling guidelines apply to a 100Base-T network:

The maximum length for an Unshielded Twisted Pair (UTP) cable segment is 100 meters.

Any cable segment longer than 100 meters must be fiber.

A 100Base-T repeater is equivalent to 95 meters of cable.

The maximum cable length between any two nodes on a repeated network is 305 meters.

To determine your cable budget, use the following formula:

400 - (R x 95) = Maximum cable length between any two nodes (in meters)

R represents the number of 100Base-T repeaters.

Table 3-2 lists the maximum cable length between two nodes in a 100Base-T network.

Table 3-2: Cabling Limits in a 100Base-T Network

Number of Repeaters Maximum Cable Length Between Two Nodes

0 400 meters

1 305 meters

2 210 meters

Note For switch-to-switch or switch-to-server (0 repeaters) and full duplex operation, the maximum

cable length between any two nodes extends to two kilometers using fiber.

FDDI Cabling Guidelines

The following cabling guidelines apply to an FDDI network:

The maximum length for an unshielded twisted pair (UTP) cable segment is 100 meters.

The maximum length for a fiber cable is 2 km.

Layer 2 Switching

Switching provides:

Hardware-based bridging

Wire speed

Low latency

Low cost

Layer 2 switching breaks up collision domains making a flatter network than an ordinary 10BaseT network.

Switching Methods:

Store and Forward - Entire frame is received before forwarding is commenced.

Error detection is high, latency low.

Cut through - Comes in 2 types (Fast Forward and Fragment Free).

Fast Forward - Forwards frame after receiving destination address, error prone.

Fragment Free - Filters out collision packets (If packet data > 64bytes ok)

Ethernet frame maximum size = 1518bytes (All of this is received before forwarding by Store and Forward)

Ethernet frame minimum size = 64 bytes (Only this much of packet read by Fragment Free)

Router commands:

Show ip protocol - routing update times, networks active on, neighbour routers, administrative distances, AS number.


Show mac-address-table

Show run

Show ip - like ipconfig

Show port system - shows switching method

Show vtp

Show trunk A allowed-vlans - shows which VLANS allowed on trunk link

Show vlan-membership

Show vlan 2

Show vlan - verify VLAN config

Show history - shows last 10 commands entered by default

Show terminal - shows terminal config + history buffer size


#config t

(Config)#enable password level 1 nikolas - usermode password

(Config)#enable password level 15 makris - enable password

(Config)#enable secret nik2 - precedes the enable p/w

(Config)#hostname nik

(Config)#vtp pruning enable - enables pruning on whole switch

(Config)#delete vtp - deletes VTP database

(Config)#vtp server (client/transparent)

(Config)#vtp domain nikolas

(Config)#vtp password cisco

(Config)#ip address

(Config)#ip default-gateway

(Config)#switching-mode store-and-forward (fragment-free)

(Config)#vlan 2 name sales

(Config)#vlan 3 name marketing

(Config)#int Ethernet 0/1 - slot 0/port 1

(Config-if)#vlan-membership static 2

(Config-if)#description Finance_VLAN

(Config-if)#port secure max-mac-count 1 - allows only one mac address per port


(Config)#int f0/26

(Config-if)#trunk on - enables trunking of all VLANS not just VLAN 1

(Config-if)#no trunk-vlan 3 - stops trunking vlan 3

(Config-if)#duplex full - sets to full duplex (auto sense default)


(Config)#copy tftp:// opcode - download into flash memory

(Config)#copy nvram tftp://

(Config)#copy tftp:// nvram

(Config)#delete nvram - deletes config

(Config)#delete vtp - deletes VTP database

(Config)#clear mac-address-table [dynamic]

admin has written 88 articles