Cisco Catalist 3850 Series Configuring Network Settings
Configuring VLANs
Finding Feature Information, page 1
•
Prerequisites for VLANs, page 1
•
Restrictions for VLANs, page 2
•
Information About VLANs, page 2
•
How to Configure VLANs, page 10
•
Monitoring VLANs, page 26
•
Troubleshooting VLANs, page 28
•
Where to Go Next, page 29
•
Additional References, page 30
•
Feature Information for VLANs, page 32
•
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.
Related Topics
Feature History and Information for Troubleshooting Software Configuration
Prerequisites for VLANs
The following are prerequisites and considerations for configuring VLANs:
Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain
•
global VLAN configuration for your network.
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
OL-29322-01 1
Restrictions for VLANs
If you plan to configure many VLANs on the switch and to not enable routing, you can set the Switch
•
Database Management (SDM) feature to the VLAN template, which configures system resources to
support the maximum number of unicast MAC addresses.
Switches running the LAN Base feature set support only static routing on SVIs.
•
A VLAN should be present in the switch to be able to add it to the VLAN group.
•
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128
•
spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports both Inter-Switch Link (ISL) and IEEE 802.1Q trunking methods for sending VLAN
•
traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already
•
has an MAC address assigned by default.
Configuring VLANs
The number of VLANs mapped to a VLAN group is not limited by IOS. But if the number of VLANs
•
in a VLAN group exceed the recommended value of 128, the mobility can be unexpected. So it is the
responsibility of the administrator to configure feasible number of VLANs in a VLAN group. When a
WLAN is mapped to a VLAN group which has more number of VLANs, an error is generated.
The static IP client behavior is not supported.
•
Private VLANs are not supported on the switch.
•
Information About VLANs
Logical Networks
A VLAN is a switched network that is logically segmented by function, project team, or application, without
regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can
group end stations even if they are not physically located on the same LAN segment. Any switch port can
belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end
stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do
not belong to the VLAN must be forwarded through a router or a switch supporting fallback bridging. In a
switch stack, VLANs can be formed with ports across the stack. Because a VLAN is considered a separate
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
2 OL-29322-01
Configuring VLANs
Supported VLANs
logical network, it contains its own bridge Management Information Base (MIB) information and can support
its own implementation of spanning tree.
Figure 1: VLANs as Logically Defined Networks
VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet
belong to the same VLAN. Interface VLAN membership on the switch is assigned manually on an
interface-by-interface basis. When you assign switch interfaces to VLANs by using this method, it is known
as interface-based, or static, VLAN membership.
Traffic between VLANs must be routed .
The switch can route traffic between VLANs by using switch virtual interfaces (SVIs). An SVI must be
explicitly configured and assigned an IP address to route traffic between VLANs.
Supported VLANs
The switch supports VLANs in VTP client, server, and transparent modes. VLANs are identified by a number
from 1 to 4094. VLAN 1 is the default VLAN and is created during system initialization. VLAN IDs 1002
through 1005 are reserved for Token Ring and FDDI VLANs. All of the VLANs except 1002 to 1005 are
available for user configuration.
There are 3 VTP versions. VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to
1005). In these versions, the switch must be in VTP transparent mode when you create VLAN IDs from 1006
to 4094. VTP version 3 supports the entire VLAN range (VLANs 1 to 4094). Extended range VLANs (VLANs
1006 to 4094) are supported only in VTP version 3. You cannot convert from VTP version 3 to VTP version
2 if extended VLANs are configured in the domain.
You can configure up to 4094 VLANs on the switch.
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
OL-29322-01 3
Supported VLANs
Configuring VLANs
Related Topics
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
4 OL-29322-01
Configuring VLANs
VLAN Port Membership Modes
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
VLAN Port Membership Modes
You configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic
the port carries and the number of VLANs to which it can belong.
When a port belongs to a VLAN, the switch learns and manages the addresses associated with the port on a
per-VLAN basis.
Table 1: Port Membership Modes and Characteristics
Static-access
Trunk (IEEE 802.1Q) :
• IEEE 802.1Q—
Industry-standard trunking
encapsulation.
A static-access port can belong to
one VLAN and is manually
assigned to that VLAN.
A trunk port is a member of all
VLANs by default, including
extended-range VLANs, but
membership can be limited by
configuring the allowed-VLAN
list. You can also modify the
pruning-eligible list to block
flooded traffic to VLANs on trunk
ports that are included in the list.
VTP CharacteristicsVLAN Membership CharacteristicsMembership Mode
VTP is not required. If you do not
want VTP to globally propagate
information, set the VTP mode to
transparent. To participate in VTP,
there must be at least one trunk port
on the switch or the switch stack
connected to a trunk port of a
second switch or switch stack.
VTP is recommended but not
required. VTP maintains VLAN
configuration consistency by
managing the addition, deletion,
and renaming of VLANs on a
network-wide basis. VTP
exchanges VLAN configuration
messages with other switches over
trunk links.
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
OL-29322-01 5
VLAN Configuration Files
Configuring VLANs
VTP CharacteristicsVLAN Membership CharacteristicsMembership Mode
Dynamic access
Note
Dynamic-access ports and
VMPS is not supported on
the switch.
Voice VLAN
VLAN Configuration Files
A dynamic-access port can belong
to one VLAN (VLAN ID 1 to
4094) and is dynamically assigned
by a VLAN Member Policy Server
(VMPS).
You can have dynamic-access ports
and trunk ports on the same switch,
but you must connect the
dynamic-access port to an end
station or hub and not to another
switch.
A voice VLAN port is an access
port attached to a Cisco IP Phone,
configured to use one VLAN for
voice traffic and another VLAN for
data traffic from a device attached
to the phone.
VTP is required.
Configure the VMPS and the client
with the same VTP domain name.
To participate in VTP, at least one
trunk port on the switch or a switch
stack must be connected to a trunk
port of a second switch or switch
stack.
VTP is not required; it has no effect
on a voice VLAN.
Configurations for VLAN IDs 1 to 1005 are written to the vlan.dat file (VLAN database), and you can display
them by entering the show vlan privileged EXEC command. The vlan.dat file is stored in flash memory. If
the VTP mode is transparent, they are also saved in the switch running configuration file.
In a switch stack, the whole stack uses the same vlan.dat file and running configuration. On some switches,
the vlan.dat file is stored in flash memory on the active switch.
You use the interface configuration mode to define the port membership mode and to add and remove ports
from VLANs. The results of these commands are written to the running-configuration file, and you can display
the file by entering the show running-config privileged EXEC command.
When you save VLAN and VTP information (including extended-range VLAN configuration information)
in the startup configuration file and reboot the switch, the switch configuration is selected as follows:
If the VTP mode is transparent in the startup configuration, and the VLAN database and the VTP domain
•
name from the VLAN database matches that in the startup configuration file, the VLAN database is
ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The
VLAN database revision number remains unchanged in the VLAN database.
If the VTP mode or domain name in the startup configuration does not match the VLAN database, the
•
domain name and VTP mode and configuration for the VLAN IDs 1 to 1005 use the VLAN database
information.
In VTP versions 1 and 2, if VTP mode is server, the domain name and VLAN configuration for VLAN
•
IDs 1 to 1005 use the VLAN database information. VTP version 3 also supports VLANs 1006 to 4094.
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
6 OL-29322-01
Configuring VLANs
Normal-Range VLAN Configuration Guidelines
Normal-range VLANs are VLANs with IDs from 1 to 1005. VTP 1 and 2 only support normal-range VLANs.
Follow these guidelines when creating and modifying normal-range VLANs in your network:
Normal-range VLANs are identified with a number between 1 and 1001. VLAN numbers 1002 through
•
1005 are reserved for Token Ring and FDDI VLANs.
VLAN configuration for VLANs 1 to 1005 are always saved in the VLAN database. If the VTP mode
•
is transparent, VTP and VLAN configuration are also saved in the switch running configuration file.
If the switch is in VTP server or VTP transparent mode, you can add, modify or remove configurations
•
for VLANs 2 to 1001 in the VLAN database. (VLAN IDs 1 and 1002 to 1005 are automatically created
and cannot be removed.)
With VTP versions 1 and 2, the switch supports VLAN IDs 1006 through 4094 only in VTP transparent
•
mode (VTP disabled). These are extended-range VLANs and configuration options are limited.
Extended-range VLANs created in VTP transparent mode are not saved in the VLAN database and are
not propagated. VTP version 3 supports extended range VLAN (VLANs 1006 to 4094) database
propagation in VTP server and transparent mode. If extended VLANs are configured, you cannot convert
from VTP version 3 to version 1 or 2.
Normal-Range VLAN Configuration Guidelines
Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If
•
the switch is a VTP server, you must define a VTP domain or VTP will not function.
The switch does not support Token Ring or FDDI media. The switch does not forward FDDI, FDDI-Net,
•
TrCRF, or TrBRF traffic, but it does propagate the VLAN configuration through VTP.
The switch supports 128 spanning tree instances. If a switch has more active VLANs than supported
•
spanning-tree instances, spanning tree can be enabled on 128 VLANs and is disabled on the remaining
VLANs. If you have already used all available spanning-tree instances on a switch, adding another
VLAN anywhere in the VTP domain creates a VLAN on that switch that is not running spanning-tree.
If you have the default allowed list on the trunk ports of that switch (which is to allow all VLANs), the
new VLAN is carried on all trunk ports. Depending on the topology of the network, this could create a
loop in the new VLAN that would not be broken, particularly if there are several adjacent switches that
all have run out of spanning-tree instances. You can prevent this possibility by setting allowed lists on
the trunk ports of switches that have used up their allocation of spanning-tree instances.
If the number of VLANs on the switch exceeds the number of supported spanning-tree instances, we
recommend that you configure the IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple
VLANs to a single spanning-tree instance.
When a switch in a stack learns a new VLAN or deletes or modifies an existing VLAN (either through
•
VTP over network ports or through the CLI), the VLAN information is communicated to all stack
members.
When a switch joins a stack or when stacks merge, VTP information (the vlan.dat file) on the new
•
switches will be consistent with the active switch.
Related Topics
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
OL-29322-01 7
Extended-Range VLAN Configuration Guidelines
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Creating or Modifying an Ethernet VLAN, on page 11
Deleting a VLAN, on page 14
Assigning Static-Access Ports to a VLAN, on page 17
Monitoring VLANs, on page 26
Configuring VLANs
Extended-Range VLAN Configuration Guidelines
VTP 3 only supports extended-range VLANs. Extended-range VLANs are VLANs with IDs from 1006 to
4094.
Follow these guidelines when creating extended-range VLANs:
VLAN IDs in the extended range are not saved in the VLAN database and are not recognized by VTP
•
unless the switch is running VTP version 3.
You cannot include extended-range VLANs in the pruning eligible range.
•
In VTP version 1 and 2, a switch must be in VTP transparent mode when you create extended-range
•
VLANs. If VTP mode is server or client, an error message is generated, and the extended-range VLAN
is rejected. VTP version 3 supports extended VLANs in server and transparent modes.
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
8 OL-29322-01
Configuring VLANs
Extended-Range VLAN Configuration Guidelines
For VTP version 1 or 2, you can set the VTP mode to transparent in global configuration mode. You
•
should save this configuration to the startup configuration so that the switch boots up in VTP transparent
mode. Otherwise, you lose the extended-range VLAN configuration if the switch resets. If you create
extended-range VLANs in VTP version 3, you cannot convert to VTP version 1 or 2.
STP is enabled by default on extended-range VLANs, but you can disable it by using the no spanning-tree
•
vlan vlan-id global configuration command. When the maximum number of spanning-tree instances
are on the switch, spanning tree is disabled on any newly created VLANs. If the number of VLANs on
the switch exceeds the maximum number of spanning-tree instances, we recommend that you configure
the IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single spanning-tree
instance.
The number of routed ports, SVIs, and other configured features affects the use of the switch hardware.
•
If you try to create an extended-range VLAN and there are not enough hardware resources available,
an error message is generated, and the extended-range VLAN is rejected.
In a switch stack, the whole stack uses the same running configuration and saved configuration, and
•
extended-range VLAN information is shared across the stack.
Related Topics
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Creating an Extended-Range VLAN, on page 20
Creating an Extended-Range VLAN with an Internal VLAN ID, on page 23
Monitoring VLANs, on page 26
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
OL-29322-01 9
Information About VLAN Group
Information About VLAN Group
Whenever a wireless client connects to a wireless network (WLAN), the client is placed in a VLAN that is
associated with the WLAN. In a large venue such as an auditorium, a stadium, or a conference where there
are numerous wireless clients, having only a single WLAN to accommodate many clients might be a challenge.
The VLAN group feature enables in using a single WLAN that can support multiple VLANs. The clients can
get assigned to one of the configured VLANs. This feature enables to map a WLAN to a single VLAN or
multiple VLANs using the VLAN groups. When a wireless client associates to the WLAN, the VLAN is
derived by an algorithm based on the MAC address of the wireless client. A VLAN is assigned to the client
and the client gets the IP address from the assigned VLAN. This feature also extends the current AP group
architecture and AAA override architecture, where the AP groups and AAA override can override a VLAN
or a VLAN group to which the WLAN is mapped.
Related Topics
Creating VLAN groups (CLI), on page 16
Configuring VLANs
How to Configure VLANs
How to Configure Normal-Range VLANs
You can set these parameters when you create a new normal-range VLAN or modify an existing VLAN in
the VLAN database:
VLAN ID
•
VLAN name
•
VLAN type
•
Ethernet
◦
Fiber Distributed Data Interface [FDDI]
◦
FDDI network entity title [NET]
◦
TrBRF or TrCRF
◦
Token Ring
◦
Token Ring-Net
◦
VLAN state (active or suspended)
•
Maximum transmission unit (MTU) for the VLAN
•
Security Association Identifier (SAID)
•
Bridge identification number for TrBRF VLANs
•
Ring number for FDDI and TrCRF VLANs
•
Parent VLAN number for TrCRF VLANs
•
Consolidated Platform Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
10 OL-29322-01
Loading...