11:17 PM
The vlan database Global
Configuration mode command enters the VLAN Configuration mode.
Syntax
vlan database
Parameters
This command has no arguments or keywords.
Default Configuration
This command has no default configuration.
Command Mode
Global Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
The following example enters the VLAN database mode.
console(config)#
vlan database
console(config-vlan)#
|
The vlan VLAN Configuration
mode command creates a VLAN. Use the no
form of this command to delete a VLAN.
Syntax
vlan vlan-range
no vlan vlan-range
Parameters
■ vlan-range
— Specifies a list of VLAN IDs to be added. Separate nonconsecutive
VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs.
Default Configuration
This command has no default configuration.
Command Mode
VLAN Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
The following example VLAN number 1972 is created.
console(config)#
vlan database
console(config-vlan)# vlan 1972
|
The interface vlan Global
Configuration mode command enters the Interface Configuration (VLAN)
mode.
Syntax
interface vlan vlan-id
Parameters
■ vlan-id
— Specifies an existing VLAN ID.
Default Configuration
This command has no default configuration.
Command Mode
Global Configuration mode
User Guidelines
In case the VLAN doesn't exist (‘ghost VLAN’),
only partial list of the commands are available under the interface VLAN
context.
The commands supported for non-existant VLANs are:
1) IGMP snooping control
2) Bridge Multicast configuration
Example
In the following example, for VLAN 1, the address is
131.108.1.27 and the subnet mask is 255.255.255.0:
console(config)#
interface vlan 1
console(config-if)# ip address 131.108.1.27
255.255.255.0
|
The interface range vlan Global
Configuration mode command enables simultaneously configuring multiple
VLANs.
Syntax
interface range vlan
{vlan-range |
all}
Parameters
■ vlan-range
— Specifies a list of VLAN IDs to be added. Separate nonconsecutive
VLAN IDs with a comma and no spaces; a hyphen designates a range of IDs.
■ all
— All existing static VLANs.
Default Configuration
This command has no default configuration.
Command Mode
Global Configuration mode
User Guidelines
Commands under the interface range context are executed
independently on each interface in the range. If the command returns
an error on one of the interfaces, an error message is displayed and
execution of the command continues on the other interfaces.
Example
The following example groups VLANs 221, 228 and 889 to
receive the same command.
console(config)#
interface range vlan 221-228,889
console(config-if)#
|
The name Interface Configuration
mode command adds a name to a VLAN. Use the no
form of this command to remove the VLAN name.
Syntax
name string
no name
Parameters
■ string
— Unique name to be associated with this VLAN. (Range: 1 - 32 characters)
Default Configuration
No name is defined.
Command Mode
Interface Configuration (VLAN) mode. Cannot be configured
for a range of interfaces (range context).
User Guidelines
There are no user guidelines for this command.
Example
The following example gives VLAN number 19 the name Marketing.
console(config)#
interface vlan 19
console(config-if)# name Marketing
|
The switchport protected Interface
Configuration mode command enables Private VLAN Edge, by overriding the
FDB decision, and sends all Unicast, Multicast and Broadcast traffic
to an uplink port. Use the no form of
this command to disable overriding the FDB decision.
Syntax
switchport protected
{ethernet port
| port-channel port-channel-number}
no switchport protected
Parameters
■ port—
Specifies the uplink Ethernet port.
■ port-channel-number
— Specifies the uplink port-channel.
Default Configuration
Switchport protected is disabled.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
Private VLAN Edge (PVE) supports private communication
by isolating PVE-defined ports and ensuring that all Unicast, Broadcast
and Multicast traffic from these ports is only forwarded to uplink port(s).
PVE requires only one VLAN on each device, but not on
every port; this reduces the number of VLANs required by the device.
Private VLANs and the default VLAN function simultaneously in the same
device.
The uplink must be a GE port.
Example
This example configures ethernet port 1/e8 as a protected
port, so that all traffic is sent to its uplink (ethernet port 1/e9).
console(config)#
interface ethernet 1/e8
console(config-if)# switchport forbidden vlan add 234-256
console(config-if)# exit
console(config)# interface ethernet 1/e9
console(config-if)# switchport protected ethernet 1/e1
|
The switchport mode Interface
Configuration mode command configures the VLAN membership mode of a port.
Use the no form of this command to return
to the default configuration.
Syntax
switchport mode {access | trunk | general}
no switchport mode
Parameters
■ access
— Indicates an untagged layer 2 VLAN port.
■ trunk
— Indicates a trunking layer 2 VLAN port.
■ general
— Indicates a full 802-1q supported VLAN port.
Default Configuration
All ports are in access mode, and belong to the default
VLAN (whose VID=1).
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
There are no user guidelines.
Example
The following example configures Ethernet port 1/e16
as an untagged layer 2 VLAN port.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport mode access
|
The switchport access vlan Interface
Configuration mode command configures the VLAN ID when the interface
is in access mode. Use the no form of
this command to return to the default configuration.
Syntax
switchport access vlan {vlan-id}
no switchport access vlan
Parameters
■ vlan-id
— Specifies the ID of the VLAN to which the port is configured.
Default Configuration
All ports belong to VLAN 1.
Command Mode
Interface configuration (Ethernet, port-channel) mode
User Guidelines
The command automatically removes the port from the previous
VLAN and adds it to the new VLAN.
Example
The following example configures a VLAN ID of 23 to the
untagged layer 2 VLAN Ethernet port 1/e16.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport access vlan
23
|
The switchport trunk allowed vlan
Interface Configuration mode command adds or removes VLANs
to or from a trunk port.
Syntax
switchport trunk allowed vlan {add vlan-list |
remove vlan-list}
Parameters
■ add
vlan-list — List of VLAN IDs
to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces.
A hyphen designates a range of IDs.
■ remove vlan-list — List of VLAN IDs
to be removed. Separate nonconsecutive VLAN IDs with a comma and no spaces.
A hyphen designates a range of IDs.
Default Configuration
This command has no default configuration.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
There are no user guidelines for this command.
Example
The following example adds VLANs 1, 2, 5 to 6 to the
allowed list of Ethernet port 1/e16.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport trunk allowed vlan add 1-2,5-6
|
The switchport trunk native vlan Interface
Configuration mode command defines the native VLAN when the interface
is in trunk mode. Use the no form of
this command to return to the default configuration.
Syntax
switchport trunk native vlan vlan-id
no switchport trunk native vlan
Parameters
■ vlan-id—
Specifies the ID of the native VLAN.
Default Configuration
VID=1.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
The command adds the port as a member in the VLAN. If
the port is already a member in the VLAN (not as a native), it should
be first removed from the VLAN.
Example
The following example configures VLAN number 123 as the
native VLAN when Ethernet port 1/e16 is in trunk mode.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport trunk native vlan 123
|
The switchport general allowed vlan
Interface Configuration mode command adds or removes VLANs
from a general port.
Syntax
switchport general allowed vlan
add vlan-list [tagged | untagged]
switchport general allowed vlan
remove vlan-list
Parameters
■ add
vlan-list — Specifies the list
of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma
and no spaces. A hyphen designates a range of IDs.
■ remove vlan-list — Specifies the
list of VLAN IDs to be removed. Separate nonconsecutive VLAN IDs with
a comma and no spaces. A hyphen designates a range of IDs.
■ tagged
— Indicates that the port transmits tagged packets for the VLANs.
■ untagged
— Indicates that the port transmits untagged packets for the VLANs.
Default Configuration
If the port is added to a VLAN without specifying tagged
or untagged, the default setting is tagged.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
This command enables changing the egress rule (e.g.,
from tagged to untagged) without first removing the VLAN from the list.
Example
The following example adds VLANs 2, 5, and 6 to the allowed
list of Ethernet port 1/e16.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport general allowed vlan add 2,5-6 tagged
|
The switchport general pvid Interface
Configuration mode command configures the PVID when the interface is
in general mode. Use the no form of
this command to return to the default configuration.
Syntax
switchport general pvid vlan-id
no switchport general pvid
Parameters
■ vlan-id
— Specifies the PVID (Port VLAN ID).
Default Configuration
If the default VLAN is enabled, PVID = 1. Otherwise,
PVID=4095.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
There are no user guidelines for this command.
Example
The following example configures the PVID for Ethernet
port 1/e16, when the interface is in general mode.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport general pvid 234
|
switchport general ingress-filtering disable
The switchport general ingress-filtering disable Interface
Configuration mode command disables the ingress filtering of a port.
Use the no form of this command to enable the ingress filtering of a
port.
Syntax
switchport general ingress-filtering
disable
no switchport general ingress-filtering
disable
Parameters
This command has no arguments or keywords.
Default Configuration
Ingress filtering is enabled.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
There are no user guidelines for this command.
Example
The following example disables the ingress filtering
of a port.
console(config)#
switchport general ingress-filtering
disable
|
The switchport general acceptable-frame-type
tagged-only Interface Configuration mode command discards
untagged frames at ingress. Use the no
form of this command to return to the default configuration.
Syntax
switchport general acceptable-frame-type
tagged-only
no switchport general acceptable-frame-type
tagged-only
Parameters
This command has no arguments or keywords.
Default Configuration
All frame types are accepted at ingress.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
There are no user guidelines for this command.
Example
The following example configures Ethernet port 1/e16
to discard untagged frames at ingress.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport general acceptable-frame-type tagged-only
|
The switchport general map macs-group vlan
interface configuration mode command sets a mac-based classification
rule. Use the no form of this command
to delete a classification.
Syntax
switchport general map macs-group group vlan vlan-id
no switchport general map macs-group group
Parameters
This command has no arguments or keywords.
Default Configuration
This command has no default configuration.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
MAC based VLAN rules cannot contain overlapping ranges
on the same interface.
The priority between VLAN classification rules is:
■ MAC based VLAN
(Best match between the rules)
■ PVID
The interface must be in General Mode to configure a
MAC-based classification rule.
Example
The following example sets a mac-based classification
rule.
console(config)# vlan database
console(config-vlan)# map mac 00:08:78:32:98:78 9 macs-group
1 interface ethernet e17
console(config-vlan)# exit
console(config)# interface ethernet 1/e17
console(config-if)# switchport mode general
console(config-if)# switchport general map macs-group
1 vlan 2
|
The map mac macs-group VLAN Configuration mode command maps
a MAC address or a range of MAC addresses to a group of MAC addresses.
Use the no form of this command to delete a map.
Syntax
map mac mac-address {prefix-mask | host} macs-group group
no map mac mac-address {prefix-mask | host}
■ mac-address — Specifies the MAC address
to be entered to the group.
■ prefix-mask — Specifies the Mask bits.
The format is the MAC address format.
■ host —
Specifies all 1’s mask.
■ group —
Specifies the group number. (Range: 1 - 2147483647)
Default Configuration
This command has no default configuration.
Command Mode
VLAN Configuration mode
User Guidelines
There are no user guidelines for this command.
Example
The following example maps a MAC address or a range of
MAC addresses to a group of MAC addresses.
console(config)# vlan database
console(config-vlan)# map mac 00:08:78:32:98:78 9 macs-group
1 interface ethernet e17
|
The show vlan macs-group privileged EXEC command displays
MAC group information.
Syntax
show vlan macs-group
Parameters
This command has no arguments or keywords.
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays macs-groups information
console# show vlan
macs-groups
MAC Address Mask Group
ID
-------------- -------------- --------
0060.704C.73FF FFFF.FFFF.0000 1
0060.704D.73FF FFFF.FFFF.0000 1
|
The switchport forbidden vlan Interface
Configuration mode command forbids adding specific VLANs to a port. Use
the no form of this command to return
to the default configuration.
Syntax
switchport forbidden vlan {add vlan-list |
remove vlan-list}
Parameters
■ add
vlan-list — Specifies the list
of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma
and no spaces. A hyphen designates a range of IDs.
■ remove vlan-list — Specifies the
list of VLAN IDs to be removed. Separate nonconsecutive VLAN IDs with
a comma and no spaces. A hyphen designates a range of IDs.
Default Configuration
All VLANs are allowed.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
This command can be used to prevent GVRP from automatically
making the specified VLANs active on the selected ports.
Example
The following example forbids adding VLAN IDs 234 to
256 to Ethernet port 1/e16.
console(config)#
interface ethernet 1/e16
console(config-if)# switchport forbidden vlan add 234-256
|
The ip internal-usage-vlan
Interface Configuration mode command reserves a VLAN as the internal
usage VLAN of an interface. Use the no
form of this command to return to the default configuration.
Syntax
ip internal-usage-vlan
vlan-id
no ip internal-usage-vlan
Parameters
■ vlan-id
— Specifies the ID of the internal usage VLAN.
Default Configuration
The software reserves a VLAN as the internal usage VLAN
of an interface.
Command Mode
Interface Configuration (Ethernet, port-channel) mode
User Guidelines
An internal usage VLAN is required when an IP interface
is configured on an Ethernet port or port-channel.
This command enables the user to configure the internal
usage VLAN of a port. If an internal usage VLAN is not configured and
the user wants to configure an IP interface, an unused VLAN is selected
by the software.
If the software selected a VLAN for internal use and
the user wants to use that VLAN as a static or dynamic VLAN, the user
should do one of the following:
■ Remove the IP
interface.
■ Create the VLAN
and recreate the IP interface.
■ Use this command
to explicitly configure a different VLAN as the internal usage VLAN.
Example
The following example reserves an unused VLAN as the
internal usage VLAN of ethernet port 1/e8.
console# config
console(config)# interface ethernet
1/e8
console(config-if)# ip internal-usage-vlan
|
The show vlan Privileged
EXEC mode command displays VLAN information.
Syntax
show vlan [tag vlan-id | name vlan-name]
Parameters
■ vlan-id
— specifies a VLAN ID
■ vlan-name
— Specifies a VLAN name string. (Range: 1 - 32 characters)
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays all VLAN information.
console#
show vlan
|
||||
VLAN
|
Name
|
Ports
|
Type
|
Authorization
|
----
|
-------
|
--------
|
----
|
-------------
|
1
|
default
|
1/e1-e2, 2/e1-e4
|
other
|
Required
|
10
|
VLAN0010
|
1/e3-e4
|
dynamic
|
Required
|
11
|
VLAN0011
|
1/e1-e2
|
static
|
Required
|
20
|
VLAN0020
|
1/e3-e4
|
static
|
Required
|
21
|
VLAN0021
|
static
|
Required
|
|
30
|
VLAN0030
|
static
|
Required
|
|
31
|
VLAN0031
|
static
|
Required
|
|
91
|
VLAN0011
|
1/e1-e2
|
static
|
Not Required
|
3978
|
Guest VLAN
|
1/e17
|
guest
|
-
|
The show vlan internal usage
Privileged EXEC mode command displays a list of VLANs used internally
by the device.
Syntax
show vlan internal usage
Parameters
This command has no arguments or keywords.
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays VLANs used internally
by the device.
console#
show vlan internal usage
|
|||
VLAN
|
Usage
|
IP address
|
Reserved
|
----
|
---------
|
----------
|
--------
|
1007
|
Eth 1/e21
|
Active
|
No
|
1008
|
Eth 1/e22
|
Inactive
|
Yes
|
1009
|
Eth 1/e23
|
Active
|
Yes
|
The show interfaces switchport Privileged
EXEC mode command displays the switchport configuration.
Syntax
show interfaces switchport {ethernet
interface | port-channel port-channel-number}
Parameters
■ interface
— A valid Ethernet port number.
■ port-channel-number
— A valid port-channel number.
Default Configuration
This command has no default configuration.
Command Mode
Privileged EXEC mode
User Guidelines
There are no user guidelines for this command.
Example
The following example displays the switchport configuration
for Ethernet port 1/e1.
console#
show interface switchport ethernet 1/e1
|
|||
Port
1/e1:
|
|||
VLAN
Membership mode: General
|
|||
Operating parameters:
|
|||
PVID: 1 (default)
|
|||
Ingress Filtering: Enabled
|
|||
Acceptable Frame Type: All
|
|||
GVRP status: Enabled
|
|||
Protected: Enabled, Uplink
is 1/e9
|
|||
Port 1/e1 is member in:
|
|||
Vlan
|
Name
|
Egress rule
|
Type
|
----
|
-------
|
-----------
|
-------
|
1
|
default
|
untagged
|
System
|
8
|
VLAN008
|
tagged
|
Dynamic
|
11
|
VLAN011
|
tagged
|
Static
|
19
|
IPv6 VLAN
|
untagged
|
Static
|
72
|
VLAN0072
|
untagged
|
Static
|
Static configuration:
|
|||
PVID: 1 (default)
|
|||
Ingress Filtering: Enabled
|
|||
Acceptable Frame Type: All
|
|||
Port 1/e1 is statically
configured to:
|
|||
Vlan
|
Name
|
Egress rule
|
|
----
|
-------
|
-----------
|
|
1
|
default
|
untagged
|
|
11
|
VLAN011
|
tagged
|
|
19
|
IPv6 VLAN
|
untagged
|
|
72
|
VLAN0072
|
untagged
|
|
Forbidden VLANS:
|
|||
VLAN
|
Name
|
||
----
|
----
|
||
73
|
out
|
||
console# show
interface switchport ethernet 1/e2
|
|||
Port 1/e2:
|
|||
VLAN Membership mode: General
|
|||
Operating parameters:
|
|||
PVID: 4095 (discard vlan)
|
|||
Ingress Filtering: Enabled
|
|||
Acceptable Frame Type: All
|
|||
Port 1/e1 is member in:
|
|||
Vlan
|
Name
|
Egress rule
|
Type
|
----
|
------------
|
-----------
|
------
|
91
|
IP Telephony
|
tagged
|
Static
|
Static configuration:
|
|||
PVID: 8
|
|||
Ingress Filtering: Disabled
|
|||
Acceptable Frame Type: All
|
|||
Port 1/e2 is statically
configured to:
|
|||
Vlan
|
Name
|
Egress rule
|
|
----
|
------------
|
-----------
|
|
8
|
VLAN0072
|
untagged
|
|
91
|
IP Telephony
|
tagged
|
|
Forbidden VLANS:
|
|||
VLAN
|
Name
|
||
----
|
----
|
||
73
|
out
|
||
Port 2/e19
|
|||
Static configuration:
|
|||
PVID: 2922
|
|||
Ingress Filtering: Enabled
|
|||
Acceptable Frame Type: Untagged
|
|||
GVRP status: Disabled
| |||
Posted in: Cisco
0 comments:
Post a Comment