VLAN Commands

This chapter contains the following sections:

name (vlan)

To set the name for a VLAN, use the name VLAN Configuration mode command.

To remove the name for a VLAN, use the no form of this command.

Syntax

name string

no name

Parameters

string—Specifies a unique name associated with this VLAN. (Length: 1 to 32 characters)

Default Configuration

N/A

Command Mode

VLAN Configuration mode. It cannot be configured for a range of VLANs.

User Guidelines

The VLAN name must be unique.

Example

switchxxxxxx(config)# vlan 19
switchxxxxxx(config-if)# name Marketing

management-vlan

To set a VLAN as the management VLAN, use the management-vlan Global Configuration command.

Syntax

management-vlan vlan vlan-id

Parameters

vlan vlan-id—Specifies the VLAN ID as the management VLAN.

Default Configuration

The default management VLAN is VLAN 1.

Command Mode

Global Configuration mode

Example

witchxxxxxx(config)# management-vlan vlan 2

show interfaces protected-ports

To show information for the protected ports, use the show interfaces protected-ports Privileged EXEC mode command.

Syntax

show interfaces protected-ports interface-id

Parameters

interface-id—Specifies an interface ID or a list of interface IDs. The interface can be one of these types: Ethernet port or port channel.

Default Configuration

N/A

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show interfaces protected-ports gi11
 Port   | Protected State
-------+-----------------
gi11 |enabled

show interfaces switchport

To show the administrative and operational status for all interfaces or a specific interface, use the show interfaces switchport Privileged EXEC command.

Syntax

show interfaces switchport interface-list

Parameters

interface-list—Specifies an interface ID or a list of interface IDs. The interface can be one of these types: Ethernet port or port channel.

Default Configuration

N/A

Command Mode

Privileged EXEC mode

Examples

Example 1—The following example displays the command output for a trunk port:

switchxxxxxx# show interface switchport gi1
Port : gi1
Port Mode : Trunk
Gvrp Status : disabled
Ingress Filtering : enabled
Acceptable Frame Type : all
Ingress UnTagged VLAN ( NATIVE ) : 1
Trunking VLANs Enabled: 1,3-4,6-7,10
Port is member in:
 Vlan            Name              Egress rule
------- ----------------------- -----------------
    1                default       Untagged
    3               VLAN0003         Tagged
    4               VLAN0004         Tagged
    6               VLAN0006         Tagged
    7               VLAN0007         Tagged
   10               VLAN0010         Tagged
Forbidden VLANs:
 Vlan            Name
------- -----------------------

Example 2—The following example displays the command output for a general port:

switchxxxxxx# show interface switchport gi1
Port : gi1
Port Mode : General
Gvrp Status : disabled
Ingress Filtering : enabled
Acceptable Frame Type : all
Ingress UnTagged VLAN ( NATIVE ) : 10
Trunking VLANs Enabled: 1,3-4,6-7,10
Port is member in:
 Vlan            Name              Egress rule
------- ----------------------- -----------------
    1                default       Untagged
    3               VLAN0003       Untagged
    5               VLAN0005       Untagged
    7               VLAN0007         Tagged
    9               VLAN0009         Tagged
   10               VLAN0010         Tagged
Forbidden VLANs:
 Vlan            Name
------- -----------------------

Example 3—The following example displays the command output for a access port:

switchxxxxxx# show interface switchport gi1
Port : gi1
Port Mode : Access
Gvrp Status : disabled
Ingress Filtering : enabled
Acceptable Frame Type : untagged-only
Ingress UnTagged VLAN ( NATIVE ) : 5
Trunking VLANs Enabled: 1,3-4,6-7,10
Port is member in:
 Vlan            Name              Egress rule
------- ----------------------- -----------------
    5               VLAN0005       Untagged
Forbidden VLANs:
 Vlan            Name
------- -----------------------

show management-vlan

To show the management VLAN status, use the show management-vlan Privileged EXEC command.

Syntax

show management-vlan

Parameters

N/A

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show management-vlan
    Management VLAN-ID : default(2)

show vlan

To show information for all VLANs or for a specific VLAN, use the show vlan Privileged EXEC mode command.

Syntax

show vlan [VLAN-LIST | dynamic | static]

show vlan VLAN-LIST [interfaces interface-id membership]

Parameters

VLAN-LIST—(Optional) Displays information for a VLAN ID or a list of VLAN IDs.

dynamic—(Optional) Displays information for the dynamic created VLAN.

static—(Optional) Displays information for the static VLAN.

interfaces interface-id—(Optional) Specifies an interface ID or a list of interface IDs. The interface ID can be one of these types: Ethernet port or port channel.

Default Configuration

N/A

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show vlan 2-5
  VID  |     VLAN Name    |    Untagged Ports        |     Tagged Ports          |  Type
------+-----------------+------------------------+------------------------+---------
     2 |         VLAN0002 |                         --- |     fa1-24,gi1-2,po1-8 | Static
     3 |         VLAN0003 |                         --- |     fa1-24,gi1-2,po1-8 | Static
     4 |         VLAN0004 |                         --- |     fa1-24,gi1-2,po1-8 | Static
     5 |         VLAN0005 |                         --- |     fa1-24,gi1-2,po1-8 | Static

show vlan default-vlan

To show the default VLAN, use the show vlan default-vlan Privileged EXEC command.

Syntax

show vlan default-vlan

Parameters

N/A

Default Configuration

N/A

Command Mode

Privileged EXEC mode

Example

switchxxxxxx# show vlan default-vlan
    Default VLAN-ID : 1

switchport access vlan

An access interface can belong to only one VLAN. To reassign an interface to a different VLAN, use the switchport access vlan Interface Configuration mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport access vlan vlan-id

no switchport access vlan

Parameters

vlan-id—The VLAN ID to which the port is configured.

Default Configuration

The interface belongs to the default VLAN.

Command Mode

Interface Configuration (Ethernet, port channel) mode

User Guidelines

The command automatically removes the port from its previous VLAN and adds it to a new VLAN.

Example

The following example sets gi1 as an access port and assigns it to VLAN 2 (and removes it from its previous VLAN):

switchxxxxxx(config)# interface gi2
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2

switchport default-vlan tagged

To configure the port as a tagged port in the default VLAN, use the switchport default-vlan tagged Interface Configuration mode command.

To return the port to an untagged port, use the no form of this command.

Syntax

switchport default-vlan tagged

no switchport default-vlan tagged

Parameters

N/A

Default Configuration

If the port is a member of the default VLAN, by default, it is a member as an untagged port.

Command Mode

Interface Configuration (Ethernet, port channel) mode

User Guidelines

The command adds a port to the default VLAN as a tagged port. The command is available only if the port mode is trunk or general.

When a trunk port is a member in the default VLAN as a tagged port then:

  • The native VLAN cannot be the default VLAN.

  • The default of the native VLAN is 4095.


    Note

    If the native VLAN of a port is the default VLAN when the port is added to the default VLAN as tagged, the native VLAN is set by the system to 4095.

When a general port is a member in the default VLAN as a tagged port then:

  • The PVID can be the default VLAN.

  • The default PVID is the default VLAN.


    Note

    The PVID is not changed when the port is added to the default VLAN as a tagged. When executing the switchport default-vlan tagged command, the port is added (automatically by the system) to the default VLAN when the following conditions no longer exist:

  • The port is a member in a LAG.

  • The port is 802.1X unauthorized.

  • An IP address is defined on the port.

  • The port is a destination port of port mirroring.

  • An IP address is defined on the default VLAN and the port is a PVE-protected port.

The no switchport default-vlan tagged command removes the port from the default VLAN, and returns the default VLAN mode to untagged.

Please note the following information:

  • If the native VLAN of a trunk port is 4095 when the port is removed from the default VLAN (as a tagged), the native VLAN is set by the system to the default VLAN.

  • The PVID of a general port is not changed when the port is removed from the default VLAN (as a tagged). If the PVID is the default VLAN, the port is added by the system to the default VLAN as an untagged.

Example

The following example configures gi11 as a tagged port in the default VLAN:

switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport default-vlan tagged

switchport dot1q-tunnel vlan

To set the VLAN for a port when it is in the 802.1q-tunnel mode (set by the switchport mode command), use the switchport dot1q-tunnel vlan Interface Configuration mode command.

To remove 802.1q tunnel VLAN, use the no form of this command.

Syntax

switchport dot1q-tunnel vlan vlan-id

no switchport dot1q-tunnel vlan

Parameters

vlan-id—Specifies the 802.1q tunnel VLAN.

Default Configuration

The default VLAN is configured as the 802.1q tunnel VLAN.

Command Mode

Interface Configuration (Ethernet, port channel) mode

Example

The following example defines gi5 as a member of the customer VLAN 2:

switchxxxxxx(config)# interface gi5
switchxxxxxx(config-if)# switchport mode dot1q-tunnel
switchxxxxxx(config-if)# switchport dot1q-tunnel vlan 2

switchport forbidden default-vlan

To forbid a port from being added to the default VLAN, use the switchport forbidden default-vlan Interface Configuration mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport forbidden default-vlan

no switchport forbidden default-vlan

Parameters

N/A

Default Configuration

Membership in the default VLAN is allowed.

Command Mode

Interface and Interface Range Configuration (Ethernet, port channel) modes

User Guidelines

The command may be used at any time regardless of whether the port belongs to the default VLAN.

The no command does not add the port to the default VLAN. It only defines an interface as permitted to be a member of the default VLAN, and the port will be added only when the conditions are met.

Example

The following example forbids gi1 from being added to the default VLAN:

switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# switchport forbidden default-vlan

switchport forbidden vlan

To forbid adding or removing specific VLANs to or from a port, use the switchport forbidden vlan Interface Configuration mode command.

Syntax

switchport forbidden vlan {add vlan-list | remove vlan-list}

Parameters

add vlan-list—Adds a list of VLANs. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of VLAN IDs.

remove vlan-list—Removes a list of VLANs. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of VLAN IDs.

Default Configuration

All VLANs are allowed.

Command Mode

Interface Configuration (Ethernet, port channel) mode

Example

The following example forbids adding VLANs 234 to 256 to gi7:

switchxxxxxx(config)# interface gi7
switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport forbidden vlan add 234-256

switchport general acceptable-frame-type

To configure the types of packets (tagged or untagged) that are filtered (discarded) on the interface, use the switchport general acceptable-frame-type Interface Configuration mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport general acceptable-frame-type {tagged-only | untagged-only | all}

no switchport general acceptable-frame-type

Parameters

tagged-only—Ignores (discards) untagged packets and priority-tagged packets.

untagged-only—Ignores (discards) VLAN-tagged packets (not including priority-tagged packets)

all—Does not discard packets untagged or priority-tagged packets.

Default Configuration

All frame types are accepted at ingress (all).

Command Mode

Interface Configuration (Ethernet, port channel) mode

Example

The following example configures gi3 as a general port and discards the untagged frames at ingress:

switchxxxxxx(config)# interface gi3
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general acceptable-frame-type tagged-only

switchport general allowed vlan

General ports can receive tagged or untagged packets. To add or remove the VLANs to or from a general port and configure whether packets on the egress are tagged or untagged, use the switchport general allowed vlan Interface Configuration mode command.

Syntax

switchport general allowed vlan {add vlan-list [tagged | untagged] | remove vlan-list }

Parameters

add vlan-list—Adds a list of VLANs. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of VLAN IDs.

tagged—(Optional) The port transmits tagged packets for the VLANs. This is the default value.

untagged—(Optional) The port transmits untagged packets for the VLANs.

remove vlan-list—Removes a list of VLANs. Separate nonconsecutive VLAN IDs with a comma and no space. Use a hyphen to designate a range of VLAN IDs.

Default Configuration

The port is an untagged member in the default VLAN. Packets are transmitted as untagged.

Command Mode

Interface Configuration (Ethernet, port channel) mode

User Guidelines

You can change the egress rule (for example, from tagged to untagged) without first removing the VLAN from the list.

Example

The following example sets gi11 to the general mode and adds VLAN 2 to it. Packets are tagged on the egress.

switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged

switchport general ingress-filtering disable

To disable port ingress filtering (no packets are discarded at the ingress) on a general port, use the switchport general ingress-filtering disable Interface Configuration (Ethernet, port channel) mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport general ingress-filtering disable

no switchport general ingress-filtering disable

Parameters

N/A

Default Configuration

Ingress filtering is enabled.

Command Mode

Interface Configuration (Ethernet, port channel) mode

Example

The following example disables port ingress filtering on gi11:

switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general ingress-filtering disable

switchport general pvid

The port VLAN ID (PVID) is the VLAN to which incoming untagged and priority-tagged frames are classified on a general port. To configure the PVID of an interface when it is in the general mode, use the switchport general pvid Interface Configuration (Ethernet, port channel) mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport general pvid vlan-id

no switchport general pvid

Parameters

vlan-id—The VLAN as the PVID.

Default Configuration

The default VLAN is the PVID.

Command Mode

Interface Configuration (Ethernet, port channel) mode

Examples

Example 1—The following example configures gi2 as a general port and sets its PVID to 234:

switchxxxxxx(config)# interface gi2
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general pvid 234

Example 2—The following example adds VLAN 2 as tagged, and VLAN 100 as untagged to the general port gi14, defines VID 100 as the PVID, and then reverts to the default PVID (VID=1). 

switchxxxxxx(config)# interface gi14
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged
switchxxxxxx(config-if)# switchport general allowed vlan add 100 untagged
switchxxxxxx(config-if)# switchport general pvid 100
switchxxxxxx(config-if)# no switchport general pvid

Example 3—The following example configures VLAN on gi14 as untagged on input and untagged on output:

switchxxxxxx(config)# interface gi14
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general pvid 2
switchxxxxxx(config-if)# switchport general allowed vlan add 2 untagged

Example 4—The following example configures VLAN on gi21 as untagged on input and tagged on output:

switchxxxxxx(config)# interface gi21
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general pvid 2
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged

Example 5—The following example configures VLAN on gi11 as tagged on input and tagged on output:

switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged
switchxxxxxx(config-if)#

Example 6—The following example configures VLAN on gi23 as tagged on input and untagged on output:

switchxxxxxx(config)# interface gi23
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged
switchxxxxxx(config-if)#

switchport mode

To configure the VLAN membership mode (access, trunk, general, or dot1q-tunnel) for a port, use the switchport mode Interface Configuration mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport mode {access | trunk | general | dot1q-tunnel}

no switchport mode

Parameters

access—Specifies an untagged Layer 2 VLAN port.

trunk—Specifies a trunking Layer 2 VLAN port.

general—Specifies a fully 802.1q-supported VLAN port.

dot1q-tunnel—Specifies a 802.1q tunnel port.

Default Configuration

Trunk mode

Command Mode

Interface Configuration (Ethernet, port channel) mode

User Guidelines

  • When the port mode is changed, it receives the configuration corresponding to the mode.

  • If the port mode is changed to access mode and the access VLAN does not exist, then the port does not belong to any VLAN.

  • Trunk and general ports can be changed to access mode only if all VLANs (except for an untagged PVID) are first removed.

Example

The following example configures gi1 as an access port and assigns it to VLAN 2:

switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2

switchport mode trunk uplink

To enable a trunk mode port as an uplink port, use the switchport mode trunk uplink Interface Configuration (Ethernet, port channel) mode command.

Syntax

switchport mode trunk uplink

Parameters

N/A

Default Configuration

N/A

Command Mode

Interface Configuration mode (Ethernet) mode

User Guidelines

The interface to be set as an uplink port must be in the VLAN trunk mode only.

Example

switchxxxxxx (config)# interface gi11
switchxxxxxx (config-if)# switchport mode trunk
switchxxxxxx (config-if)# switchport mode trunk uplink

switchport protected

To isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch, use the switchport protected Interface Configuration mode command.

To disable protection on the port, use the no form of this command.

Syntax

switchport protected

no switchport protected

Parameters

N/A

Default Configuration

Unprotected

Command Mode

Interface Configuration (Ethernet, port channel) mode

User Guidelines

Packets are subject to all filtering rules and Filtering Database (FDB) decisions.

Example

switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# switchport protected

switchport trunk allowed vlan

A trunk interface is an untagged member of a single VLAN. It may be a tagged member of one or more VLANs. To add or remove VLANs to or from a trunk port, use the switchport trunk allowed vlan Interface Configuration mode command.

Syntax

switchport trunk allowed vlan {add vlan-list | remove vlan-list | all}

Parameters

add vlan-list—Adds a list of VLANs to a port. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of VLAN IDs.

remove vlan-list—Removes a list of VLANs from a port. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of VLAN IDs.

all—Adds or removes all VLANs from a port.

Default Configuration

Trunk port is an untagged member in the default VLAN and is not tagged member in any other VLANs.

Command Mode

Interface Configuration (Ethernet, port channel) mode

Example

The following example adds VLANs 2, 3, and 100 to trunk ports 1 to 13:

switchxxxxxx(config)# interface range gi1-13
switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport trunk allowed vlan add 2-3,100

switchport trunk native vlan

If an untagged packet arrives on a trunk port, it is directed to the port’s native VLAN. To define the native VLAN for a trunk port, use the switchport trunk native vlan Interface Configuration mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport trunk native vlan vlan-id

no switchport trunk native vlan

Parameters

vlan-id—The native VLAN ID.

Default Configuration

The default VLAN is the native VLAN.

Command Mode

Interface Configuration (Ethernet, port channel) mode

User Guidelines

The command adds the port as a member of the VLAN. If the port is already a member of the VLAN (not a native), it must first be removed from that VLAN.

Example

The following example defines VLAN 2 as the native VLAN for gi11.

switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# switchport trunk native vlan 2

switchport vlan tpid

To set the Modified Tag Protocol Identifier (TPID) for an interface, use the switchport vlan tpid Interface Configuration mode command.

To revert to its default setting, use the no form of this command.

Syntax

switchport vlan tpid {0x8100 | 0x88A8 | 0x9100 | 0x9200}

Parameters

0x8100 —The TPID is 0x8100.

0x88A8 —The TPID is 0x88A8.

0x9100 —The TPID is 0x9100.

0x9200 —The TPID is 0x9200.

Default Configuration

The default TPID is 0x8100.

Command Mode

Interface Configuration mode

Example

switchxxxxxx(config)# interface gi11
switchxxxxxx(config-if)# switchport vlan tpid 0x88A8

vlan

To create a VLAN or a list of VLANs, use the vlan Global Configuration mode command.

To delete the VLANs, use the no form of this command.

Syntax

vlan vlan-range

no vlan vlan-range

Parameters

vlan-range—A list of VLANs. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of VLAN IDs (range: 1 to 4094).

Default Configuration

VLAN 1 exists by default.

Command Mode

Global Configuration mode

Example

The following example creates a new VLAN (VLAN 100):

switchxxxxxx(config)# vlan 100
switchxxxxxx(config-vlan)#

vlan default-vlan

To define the default VLAN, use the vlan default-vlan VLAN Configuration mode command.

To set the VLAN 1 as the default VLAN, use the no form of this command.

Syntax

vlan default-vlan vlan-id

no vlan default-vlan

Parameters

vlan-id—Specifies the default VLAN ID.

Default Configuration

The default VLAN is VLAN 1 by default.

Command Mode

VLAN Configuration mode

User Guidelines

This command becomes effective after the switch reboots.

Example

The following example defines the default VLAN as VLAN 2:

switchxxxxxx(config)# vlan default-vlan 2