VLANs (Virtual LANs) - IOS

OS: 
CISCO:IOS-12.3
Function: 
VLAN
SPAN port
monitor port

VLANs (or Virtual-LANs) are used to partition a single layer-2 network into separate broadcast domains. They are usually created on network switches and do not require routers to divide these domains. They also make it so physical devices on the same subnet do not have to be in proximity to each other. However, routers are still needed in the case of inter-VLAN communication.   

GNS3 has been widely considered to not support switching and L2 capabilities, however many L2 functionalities can be simulated using the nm-16esw module. To set up the switching module: drag a 3600 router onto the screen, right click on the icon and select Configure. On the left hand side of the window click on the router name under the Routers c3600 tab. Then click on the Slots tab and select the NM-16ESW module under the slot0 pull-down menu. Click apply and OK. You should now have a simulated 16-port switch at your disposal. 

NOTE: There are a number of differences between using the switch module (NM-16ESW) used in the lab and actual Cisco switches:

  • You must include all VLANs besides 1 in the VLAN database.
  • You must explicitly configure ports you're going to use for switching using the switchport command shown below. Specifically, you will set it to either access or trunk mode (access mode indicates frames received on the interface are assumed to not have a VLAN tag and are assigned to the VLAN indicated by the command, and trunk mode indicates frames received on the interfaced are assumed to have VLAN tags). On the switch module this command is performing two functions... first it is putting the interface in Layer 2, "switch" mode, and second is putting the L2 port in either switch or trunk mode. On a standard switch this command only performs the single function of setting "access"/"trunk" mode.
  • The show vlan-switch command replaces the show vlan command on real switches.

 

Commands useful in setting up VLANs:

switchport mode [trunk | access]                          

      -Enables the specified switch port as a trunking port or an access port. Access ports are used primarily for hosts and can only carry traffic for a single VLAN. Trunk ports are for links between switches or other network devices and are capable of carrying traffic for multiple VLANs.

switchport access vlan [number]                            

     -Allows an access port to carry traffic for a VLAN other than the default VLAN.

switchport trunk encapsulation dot1q                    

     -Enables dot1q trunk encapsulation on the port

vlan database                                                    

     -Enters the vlan database of a network device, where VLANs can be created, modified, deleted

show vlan-switch                                                  

     -Shows the current VLAN configuration on the switch

show interfaces vlan [vlan-id]                                

     -Shows characteristics of the specified VLAN configured on the switch

show interfaces [interface]? trunk

     -Shows configuration of an interface as a Layer 2 trunk

show interfaces [int-id] switchport                          

     -Shows switchport characteristics configured on the given interface

show mac-address-table [dynamic]

     -Shows the MAC forwarding tables for a switch

clear mac-address-table [dynamic]

     -Clears the MAC forwarding table

monitor session [id] source interface [interface range] [rx|tx|both]

monitor session [id] destination interface [interface]

      -Setup a "Switch Port Analyzer" or SPAN port. A SPAN port allows you to monitor traffic on a given set of ports by forwarding incoming and outgoing traffic on the ports to another port in the same VLAN. The first command identifies the ports to monitor and assigns them a session ID (can only be 1 or 2 on the switch module), and the second command assigns the session to a port (the SPAN port).

 

Examples 

Add a VLAN for display in "show vlan-switch"

    Switch# vlan database

    Switch(vlan)# vlan 10

    Switch(vlan)# exit

 

Access port config

     Switch(config)#int range Fa0/0 - 15

     Switch(config-if)#switchport mode access

     Switch(config-if)#switchport access vlan 10

     Switch(config-if)#no shut

 

Trunk port config

     Switch(config)#int Fa0/0

     Switch(config-if)#switchport mode trunk

     Switch(config-if)#switchport trunk encapsulation dot1q

     Switch(config-if)#no shut

 

Enable Switching on Routers

     Router(config)#int range Fa0/0 - 15

     Router(config-if)#switchport mode access

     Router(config-if)#no shut

 

Router Subinterfaces

Here is an example VLAN configuration on a subinterface of a single router interface:

     Router(config)#int Fa0/0                                                 -specify which interface to configure

     Router(config-if)#no shut

     Router(config-if)#int Fa0/0.10                                         -specify subinterface

     Router(config-subif)#encapsulation dot1q 10                    -enables 802.1Q encapsulation format for VLAN 10

     Router(config-subif)#ip address 192.168.1.1 255.255.255.0   -configure an IP address for the subinterface

     Router(config-subif)#no shut

     Router(config-subif)#end

 

Configuring a SPAN port

     Router(config)# monitor session 1 source interface fa0/0 - 2 rx

     Router(config)# monitor session 1 destination interface fa0/3

  

 

Links

Cisco Ethernet Switch Module documentation (pdf)

PacketLife Cheat Sheets: VLAN, Spanning Tree