Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Configuring Static VLANs

Static VLAN Configuration describes how to create and configure a static VLAN. Unspecified parameters use their default values.

Click to expand in new window

Static VLAN Configuration

Step Task Command(s)
1 Show existing VLANs. show vlan
2 Create VLAN.

Valid values are 1–4094. Each vlan-id must be unique. If an existing vlan-id is entered, the existing VLAN is modified.

 set vlan create vlan-id
3 Optionally, assign a name to the VLAN. 
Valid strings are from 1 to 32 characters. set vlan name vlan-id string
4 Assign switched ports to the VLAN. 
This sets the port VLAN ID (PVID). The PVID determines the VLAN to which all untagged frames received on the port will be classified.
Note: If the VLAN specified has not already been created, the above command will create it. It will also add the VLAN to the port‘s egress list as untagged, and remove the default VLAN from the port‘s egress list. This automatically changes the existing untagged VLAN egress permission to match the new PVID value.
 set port vlan port-string vlan-id
5 Configure VLAN egress, which determines which ports a frame belonging to the VLAN may be forwarded out on.

Static configuration:

Add the port to the VLAN egress list for the device.

  • The default setting, tagged, allows the port to transmit frames for a particular VLAN.
  • The untagged setting allows the port to transmit frames without a VLAN tag. This setting is usually used to configure a port connected to an end user device.
  • The forbidden setting prevents the port from participating in the specified VLAN and ensures that any dynamic requests for the port to join the VLAN will be ignored.

If necessary, remove ports from the VLAN egress list.

  • If specified, the forbidden setting will be cleared from the designated ports and the ports will be reset as allowed to egress frames, if so configured by either static or dynamic means.
  • If forbidden is not specified, tagged and untagged egress settings will be cleared from the designated ports.

Dynamic configuration:

By default, dynamic egress is disabled on all VLANs. If dynamic egress is enabled for a VLAN, the device will add the port receiving a frame to the VLAN‘s egress list as untagged according to the VLAN ID of the received frame.

 set vlan egress vlan-id port-string forbidden | tagged | untagged

clear vlan egress vlan-list port-string [forbidden]

set vlan dynamicegress vlan-id {enable | disable}
6 Optionally, set VLAN constraints to control the filtering database a VLAN will use for forwarding traffic. Filtering databases can be shared or independent. By default, filtering databases are independent. set vlan constraint vlan-id set-num [shared | independent]
7 Optionally, enable ingress filtering on a port to drop those incoming frames that do not have a VLAN ID that matches a VLAN ID on the port‘s egress list. set port ingress-filter port-string enable
8 Optionally, choose to discard tagged or untagged, (or both) frames on selected ports.

Select none to allow all frames to pass through.

 set port discard port-string {tagged | untagged | none | both}
9 If the device supports routing, enter interface configuration mode and configure an IP address on the VLAN interface.
Note: Each VLAN interface must be configured for routing separately using the interface command shown above. To end configuration on one interface before configuring another, type exit at the command prompt. Enabling interface configuration mode is required for completing interface-specific configuration tasks.
 configure

interface vlan vlan-id

ip address ip-address ip-mask

no shutdown
Published May 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page