VLAN Configuration
1. VLAN Configuration 🗺️ – Separate Teams Logically
Imagine you’re the network administrator of a mid-sized company.
Your task: separate the HR and Sales teams logically, even though their devices are connected to the same physical switch.
Network Setup
| VLAN | Department | Ports Assigned |
|---|---|---|
| 10 | HR | G0/0, G0/1, G0/2 |
| 20 | Sales | G0/3, G0/4, G0/5 |
2. Creating VLANs on Cisco Switch
Let’s connect to the switch and begin.
- Enter Global Configuration Mode
SW1# configure terminal
2. Create VLAN 10 (HR)
SW1(config)# vlan 10 SW1(config-vlan)# name HR SW1(config-vlan)# exit
3. Create VLAN 20 (Sales)
SW1(config)# vlan 20 SW1(config-vlan)# name Sales SW1(config-vlan)# exit
The VLANs are now created in the VLAN database.
3. Verifying VLAN Configuration
Let’s make sure VLANs have been successfully created.
SW1# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- £1 default active G0/0, G0/1, G0/2, G0/3, G0/4, G0/5£ £10 HR active£ £20 Sales active£ 1002 fddi-default act/unsup 1003 token-ring-default act/unsup
Note: All ports are still in VLAN 1 (Default VLAN) for now !
4. Assigning Ports to VLANs
Let’s now assign the correct switch ports to their respective VLANs.
Assign HR Ports: G0/0 – G0/2
SW1(config)# interface range G0/0 - G0/2 SW1(config-if-range)# switchport mode access SW1(config-if-range)# switchport access vlan 10 SW1(config-if-range)# exit
Assign Sales Ports: G0/3 – G0/5
SW1(config)# interface range G0/3 - G0/5 SW1(config-if-range)# switchport mode access SW1(config-if-range)# switchport access vlan 20 SW1(config-if-range)# exit
🧠 What’s Happening Here?
switchport mode access→ Forces each interface to operate in access mode, which supports one VLAN only.switchport access vlan X→ Assigns the specified VLAN ID to the port.
This ensures traffic from each department is logically separated, even though all devices are physically connected to the same switch.
5. Verifying Port Assignments
Let’s verify that the interfaces are assigned to the correct VLANs.
SW1# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active none 10 HR active G0/0, G0/1, G0/2 20 Sales active G0/3, G0/4, G0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup
✅ VLAN configuration is successful.
🎯 Each department is now logically isolated within the switch.
6. Managing VLAN Configuration on Cisco Switches
Let’s explore how VLANs are saved, modified, or removed in a real switch environment.
📁 What Is vlan.dat ?
When you create a VLAN, the configuration is not stored in the running-config.
Instead, VLANs are saved in a dedicated file called vlan.dat, located in the switch’s flash memory.
Why does it matter?
- ✅ VLANs survive a reboot
- ❌
erase startup-configdoesn’t remove them - 🧹 You must delete
vlan.datto wipe VLANs entirely
✏️ Modify a VLAN (Rename Example)
Suppose you want to rename VLAN 10 from HR to HR_Department.
You need to :
1. Enter VLAN configuration mode:
SW1# configure terminal SW1(config)# vlan 10 SW1(config-vlan)# name HR_Department SW1(config-vlan)# exit
2. Rename the VLAN (from “HR” to “HR_Department”):
SW1(config-vlan)# name HR_Department
You can now verify the change with:
SW1# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active none £10 HR_Department active G0/0, G0/1, G0/2£ 20 Sales active G0/3, G0/4, G0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup
🧹 Removing VLAN Configurations
Here’s a key thing to know:
VLANs are not saved in the running-config or startup-config—they’re stored in a separate file called vlan.dat.
This file is located in the switch’s flash memory, and it keeps all your VLANs persistent across reboots.
🧠 If you want to completely wipe VLAN configurations, you need to delete
vlan.datmanually.
Removing VLAN Configurations
- Delete the VLAN database:
SW1# delete flash:vlan.dat Delete filename [vlan.dat]? [confirm]
2. Erase the startup configuration:
SW1# erase startup-config
3. Reload the switch:
SW1# reload
⚠️ The switch will reboot and come back with only the default VLAN (VLAN 1).
✅ Verifying the Reset
Once the switch is back online, run:
SW1# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active G0/0, G0/1, G0/2, G0/3, G0/4, G0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup
✅ Only VLAN 1 remains
❌ VLAN 10, VLAN 20, and any others are gone
👉 Your switch is now clean and ready for a new configuration.
Ready to go further?
➡️ In the next lesson, we’ll configure trunk ports, which allow VLANs to travel between switches—a key concept for scaling your network.
Let’s keep going! 🚀