Creating VLANs and Assigning Ports

Nerd Cafe

Creating VLANs and assigning ports is a foundational skill in networking, especially when configuring switches for efficient network segmentation. Here's a step-by-step guide with a practical scenario and topology:

Scenario:

You are tasked with configuring a Cisco switch for a small company. The company has three departments:

  1. HR Department

  2. Engineering Department

  3. Sales Department

You need to create three VLANs, one for each department, and assign specific switch ports to each VLAN. We will use a Cisco switch for this example and assume you are connected to it via the console port.

Topology:

  • Switch (e.g., Cisco 2960)

  • HR Department: Ports 1-10

  • Engineering Department: Ports 11-20

  • Sales Department: Ports 21-30

We'll also use two devices connected to each port to simulate the network clients.

Topology

Step-by-Step Guide:

Step 1: Access the Switch

  • First, you need to access the switch via console. Use a terminal emulator like PuTTY or Tera Term and connect to the switch.

Sw1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Sw1(config)#

Step 2: Create VLANs

  • Use the vlan command to create VLANs for each department. The VLAN IDs are assigned as follows:

    • HR = VLAN 10

    • Engineering = VLAN 20

    • Sales = VLAN 30

Sw1(config)#vlan 10
Sw1(config-vlan)#name HR
Sw1(config-vlan)#exit
Sw1(config)#vlan 20
Sw1(config-vlan)#name Engineering
Sw1(config-vlan)#exit
Sw1(config)#vlan 30
Sw1(config-vlan)#name Sales
Sw1(config-vlan)#exit
Sw1(config)#

Step 3: Assign Ports to VLANs

  • Now, assign the ports to their respective VLANs. For example:

    • Ports Ethernet0/1-3 go to VLAN 10 (HR)

    • Ports Ethernet1/1-3 go to VLAN 20 (Engineering)

    • Ports Ethernet2/1-3 go to VLAN 30 (Sales)

Sw1(config)#interface range ethernet 0/0-3
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 10
Sw1(config-if-range)#exit
Sw1(config)#interface range ethernet 1/0-3
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 20
Sw1(config-if-range)#exit
Sw1(config)#interface range ethernet 2/0-3
Sw1(config-if-range)#switchport mode access
Sw1(config-if-range)#switchport access vlan 30
Sw1(config-if-range)#exit

Step 4: Verify VLANs and Port Assignments

  • To verify the VLANs that have been created, use the show vlan brief command. This will display all VLANs and the ports associated with them.

Sw1#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- ------------------------------                                    -
1    default                          active    Et3/0, Et3/1, Et3/2, Et3/3
10   HR                               active    Et0/0, Et0/1, Et0/2, Et0/3
20   Engineering                      active    Et1/0, Et1/1, Et1/2, Et1/3
30   Sales                            active    Et2/0, Et2/1, Et2/2, Et2/3
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Sw1#

Step 5: Test the VLAN Configuration

  • Testing Connectivity: To verify that the devices in different VLANs cannot communicate, connect a computer to port e0/0 (HR) and another to port e1/0 (Engineering). They should not be able to communicate unless you configure routing (which we'll cover later).

PC1> ping 192.168.1.2

host (192.168.1.2) not reachable

PC1>

Keywords

VLAN, switch, Cisco, ports, VLAN IDs, network segmentation, access mode, interface range, HR department, Engineering department, Sales department, configuration, broadcast domain, VLAN 10, VLAN 20, VLAN 30, VLAN assignment, switchport, Layer 3, routing, security, سیسکو

PreviousSetting up a DHCP Server on a Cisco RouterNextBlackhole VLAN

Last updated