Let’s say you want multiple LANs, but only have one switch? Or maybe you want to separate your networks into smaller sections, with each one having a different purpose? One for your trusted devices, one for Guest access, one for management, etc. How can you do this?
This can be done with the use of VLANs. I will show you how to configure VLANs on a Cisco switch.
First, I will show you I have a few VLANs already set up.
Run show vlan brief
Here you can see I have 4 VLANs. 10,20,30, and 40. VLAN 40 has Gigabit Interface 0/5 assigned to it. This means anything connected to that port will be apart of VLAN 40. Let’s walk through how to set up a VLAN.
First, run configure terminal.
Next, run: vlan <VLAN number you want>. This will enter the VLAN configuration mode. Here you can name your VLAN. For this example I will name it “test“
Let’s run do show vlan brief to see our changes. Here you can see it successfully added VLAN 50 to our switch, and is currently active. However, the ports section is empty.Let’s assign a port to VLAN 50.
To assign a port to a VLAN, run the following as shown in the screenshot below. interface gigabitEthernet 0/8 allows you to configure a certain port, in this case, it was port 0/8. switchport mode access sets that port to be an access port. switchport access vlan 50 configures that port to belong to vlan 50.
Now lets run do show vlan brief. You can see port 0/8 now belongs to VLAN 50.
Now lets say you have configured a few VLANs. Now you want to connect your switch to your router, or a firewall. Or even another switch. To do this, you must set up a port that will carry ALL VLANs through it, to the next device you are connecting it to. This is called a trunk port.
Lets see our current trunk ports. To do this, run show interfaces trunk. You can see that only our first 4 VLANs are allowed. Let’s add VLAN 50 to this trunk port.
To set up a trunk port, select an interface you want as your trunk port. This is usually the very first port or the very last one. Run interface gigabitEthernet 0/1, port 0/1 is what we will set our trunk port to. Next, run switchport mode trunk, which will set this port to be the trunk port.
Next, run switchport trunk allowed vlan <VLANs you want to allow on this trunk port>.
Lets see the change we made.
We have now configured a trunk port and added our new VLAN to the trunk port.
To allow communication between VLANs, you must configure this on your firewall or router. You can also allow interVLAN routing if you have a layer 3 switch.