Document ID

c c

?
?

Requirements
Components Used
Conventions

Catalyst 6500/6000 Series Cisco IOS Software/Catalyst 4500/4000 Cisco IOS Software (Supervisor
Engine III/Supervisor Engine IV), Catalyst 2950, 3550, and 3750 Series Switches
Catalyst 4500/4000, 5500/5000, or 6500/6000 Series CatOS
Catalyst 2900XL, 3500XL, 2950, and 3550
Catalyst Express 500 Series Switches
Practical Examples

!! "# $
%
?
Jhis document provides information on how to configure VLAN Jrunk Protocol (VJP). VJP reduces
administration in a switched network. When you configure a new VLAN on one VJP server, the VLAN is
distributed through all switches in the domain. Jhis reduces the need to configure the same VLAN
everywhere. VJP is a Cisco-proprietary protocol that is available on most of the Cisco Catalyst series
products.

%
Jhere are no specific requirements for this document.
!
Jhis document is not restricted to specific software and hardware versions.
$
Refer to Cisco Jechnical Jips Conventions for more information on document conventions.

Refer to Understanding VLAN Jrunk Protocol (VJP) for more information on VJP.

Jhis section provides some guidelines for the configuration of VJP in the network.
½ All switches have the same the VJP domain name, unless the network design insists for different
VJP domains.
· Jrunk negotiation does not work across VJP domains. Refer to the Data Jraffic Blocked
between VJP Domains section of Jroubleshooting VLAN Jrunk Protocol (VJP) for more
information.
½ All switches in a VJP domain must run the same VJP version.
½ All switches in a VJP domain has the same VJP password, if there is any.
½ All VJP Server switch(es) should have the same configuration revision number and it should also
be the highest in the domain.
½ When you move a VJP mode of a switch from Jransparent to Server, VLANs configured on the
VJP Jransparent switch should exist on the Server switch.

Jhis section provides some basic commands in order to configure VJP on the most commonly used
Catalyst switches.
· Jhe Catalyst 2948G-L3 and Catalyst 4908G-L3 Layer 3 (L3) switches do not support several Layer
2 (L2)-oriented protocols that are found on other Catalyst switches. Such protocols include VJP, DJP,
and Port Aggregation Protocol (PAgP).
& ''(&''' ) ( ''('''

) *!$ +(!$ +,-
.
'-/ '-/0 '
Jhere are two methods that you can use in order to configure VJP, as this section shows. Method 2 (the
global configuration mode method) is not available in earlier software on Catalyst 6500 series switches
that run Cisco IOS® Software.
1. 12·
In Cisco IOS Software, you can configure the VJP domain name, the VJP mode, and the VLANs
in VLAN configuration mode.
a. In EXEC mode, issue this command in order to enter VLAN configuration mode:
[ vlan database?
c.?
d.?!--- Issue this command in privileged EXEC
mode,
e.?!--- not in global configuration mode.
a ?

?
h.?
i.?!--- This is VLAN configuration mode.
ù ?
k. Issue this command in order to set the VJP domain name:

vtp mode {client | server |
transparent}?
m. Issue the 3 command in order to exit VLAN configuration mode.
· Jhe and the "4 commands do not work in this mode.

end?
?

^Z?
?
?
????? ?
?

?
?

exit?
?
?
?

?
?
2.
In Cisco IOS Software global configuration mode, you can configure all VJP parameters with
Cisco IOS Software commands. Jhis is the command format:
a vtp ??
?
????????a?? ? ?
?
a
???????a ??a
?a
?? ?
a ?? ?
a??a ?a???a?
?a?? ???
??????????? ??
???????a ? ? ??
??????a?? ?
??
?????? ????
?
?????? ??? ?
?
3. Issue these commands in order to monitor VJP operation and status:

show vtp status?
?
show vtp counters?
''('''- ''( '''- & ''(&''')

Complete these steps:
1. Issue this command in order to set the domain name:

Ñ set vtp domain name
è ?
· When you configure a new switch, the VJP domain name should be configured before you
create any non-default VLANs.
4. Issue this command in order to set the mode:

set vtp mode [server | client | transparent]?
6. Issue these commands in order to monitor the VJP operation and status:
ÿ show vtp domain?
show vtp status?
.
''51-/ ''51-.
'-/ '
Complete these steps:
1. Issue these commands from the VLAN database mode:
· Jhis is similar to the method for Cisco 6500 series switches that run Cisco IOS Software.
vtp [client | server | transparent]?

vtp domain name
?
2. From enable mode, issue these commands in order to monitor VJP operation:
è show vtp counters?
show vtp status?
· Jhe Catalyst 2900XL series switches with Cisco IOS Software Release 11.2(8)SA4 and
later support VJP protocol. Jhe Cisco IOS Software Release 11.2(8)SA3 and earlier code do not
support VJP protocol on Catalyst 2900XL series switches.
+3! ''
Catalyst Express 500 series switches support only VJP transparent mode. Jhere is currently no support
for VJP client or VJP server mode. Jhe user must manually configure all VLANs that are used on the
switch.
Open the 6, choose 712·7, and fill out the available fields in
order to configure a VLAN on a Catalyst Express 500 series switch.
Refer to the ?

?? ? section of Customization for more information.
+3!
+3!
Jhis example involves two Catalyst 4000 switches that are connected by a Fast Ethernet link:
1. Bing is a new switch that has no VJP domain name and no VLAN. Clic is a switch that currently
exists and runs with 12 VLANs in the VJP domain test.
2. In this sample output from the $! command, you can see that the VJP version is
set at Ñ. Jhis means that the switch is VJP V2-capable. However, the switch does not run VJP
V2 in this case. Jhe switch only runs VJP V2 if the V2 mode is enabled with the $!$.
command:
è [ ?[
?show vtp domain?
?
????????????????????????? ?
?
????
??
???
ÿ ???????????????????????????????????????????????Ñ???????????
???????
?

?
?a ? ?
a?
???
?
??????????Ñè????????????????????????????
[
?
Ñ ?
è ????? Ñ??? ??
[
??

?
???
?
?????????[
?[
?Ñ?
[ ?[
?
ÿ ?
[ ?[
?show vlan?
?
Ñ ??????????????????????????????????
a??
?
Ñ ???
??
ÑÑ ????a
?????????????????????????? ????ÿ??????
ÑÑÑ?
Ñè ????????????????????????????????????????????????????????
è?
Ñ Ñ?aa
????????????????????? ?????
Ñ è? a
??????????????? ????ÿ?
Ñ ?aa
?????????????????? ?????
Ñÿ ?a
???????????????????? ????ÿ?
Ñ ?
Ñ
?[
??show vtp domain?
è ?
è ????????????????????????? ?
?
????
èÑ ??
???
èè ?????????????????????????????????????????Ñ???????????
???????
è ?
è
?
?a ? ?
a?
è ???
?
èÿ Ñ?????????Ñè???????????????????????????
[
?
è ?
è ????? Ñ??? ??
[
??

?
???
?
?????????[
?[
?Ñ?
Ñ ?
è
?[
?show vlan?
?
??????????????????????????????????
a??
?
???
??
ÿ ????a
?????????????????????????? ??????????
ÑÑÑ?
Ñ???? Ñ????????????????????????? ????ÿÿ?
è???? è????????????????????????? ????ÿ??????
Ñè?
???? ????????????????????????? ????ÿ?
???? ????????????????????????? ????ÿè?
Ñ ???? ????????????????????????? ????ÿ?
è ÿ???? ÿ????????????????????????? ????ÿ?
??? ????????????????????????? ?????
Ñ?aa
????????????????????? ?????
è? a
??????????????? ?????
ÿ ?aa
?????????????????? ????ÿ?
?a
???????????????????? ??????????
?
58. At this stage, a trunk is created between the two switches. Notice how they synchronize and
watch the VJP packet exchange:
?è??
?
?
?èÿ??[ ?
61. Clic sends a summary advertisement to bing. Bing learns the VJP domain name from this packet,
in
? in this sample output:
.?
.? !--- On bing:
?
? ????Ñ????
?????? ???a
?
??
.?
.? !--- This indicates that bing has received its
.? !--- first summary advertisement.
ÿ ?
ÿ ? ?a??
ÿÑ ? ?a?
????
.?
.? !--- This is where bing gets the VTP domain name.
ÿ ?
ÿ ??? ?? ???
? ??
ÿÿ ???
??? ??
ÿ ????a
?a
??
ÿ ?

?
?
??????
Ñ ???????
è ?????????? ??? ÑÑè ?
a????è? ?[ ?
??????????
??
????????????????è?
????????Ñ è?
???
ÿ ???????
??????
???????
????????????? ????

? ?
?????????????????
?
Ñ ????????[?a??
è ???????
?????
???????
??????? ????
ÿ ?????????Ñè? ?
???????
???
??
? ?
??
?????? ?
?????? ? ????????????????????????????
Ñ ?????? ? ????????????????????????
?
è ?????? ?[?a?[ ? ???
?????? ? ?a? ?????
?????? ? ??????????????
!!?
?????? ?[?a? ?[???????????Ñ?
ÿ ?????? ?a ? ?[?????
[?
?????? ???????????
?
?????? ????????????????????
!èÑèÿè!?
?????? ?? ?
??????????????????
ÿÑè?
?????? ????????????????????????????????????
ÑÑÑÑÿÑÿÿ?

?
112. With the command set, bing receives a summary advertisement with no followers.
Jherefore, bing updates its domain name and sends advertisement requests to obtain the VLAN
information, in
?Ñ in this sample output:
àà.?
àà.? !--- On bing:
?
?? ?????
??
àà.?
àà.? !--- This is where the advertisement request is
sent.
?
Ñ
?Ñ
?
Ñ ??????
ÑÑ ???????
Ñè ?????????è? ???ÿè èè ?
a????è? ?[ ?
Ñ ??????????
??
Ñ ????????????????èÿ?
Ñ ????????Ñ è?
???
Ñÿ ???????
Ñ ??????
Ñ ???????
è ????????????? ????

? ?
è ?????????????????
?
èÑ ????????[?a??
èè ???????
è ?????
è ???????
è ??????? ????
èÿ ?????????Ñè? ?
è ???????
è ???
??
? ?
??
?????? ?
?????? ? ????????????????????????????
Ñ ?????? ? ???????????????????????è?
?
è ?????? ? ?
?????? ? ?a? ?????
?????? ? ??????????????
!!?
?????? ? ?[?????????????????????Ñ?
ÿ ?????? ??
????????????????????????

? ?

?
148. Clic sends another summary advertisement with field followers to VLAN 1. Jhe subset
advertisement that contains all VLANs, in
?è in this output, follows this packet. Jhen, bing
configures all the VLANs:
à.?
à .? !--- On bing:
?
Ñ ? ????Ñ????
è ?????? ???a
?
??
à .?
à .? !--- Bing has received its second summary
advertisement.
?
ÿ ???? ???a?a?
??
??? ?? ???
? ??
à .?
à.? !--- This configuration revision is higher than
that on bing.
?
Ñ ???
??? ??
è ? ????Ñ????
??[???? ??????

??è?
à .?
à.? !--- Bing has received its subset advertisement.
ÿ ?
???? ???a?a?[?
?
? ?a??
ÿ
???
? ?a??
ÿ
?Ñ??
? ?a??
ÿÑ
a?
??Ñ????
ÿè
???Ñ????
??Ñ?
ÿ
?è??
? ?a??
ÿ
a?
??è????
ÿ
???Ñ????
??è?
ÿÿ
???
? ?a??
ÿ
a?
??????
ÿ
???Ñ????
???

???
? ?a??

a?
??????
Ñ
???Ñ????
???
è
???
? ?a??

a?
??????

???Ñ????
???

?ÿ??
? ?a??
ÿ
a?
??ÿ????

???Ñ????
??ÿ?
?

?è
?
??????
Ñ ???????
è ?????????Ñ? ???è ?
a????è? ?[ ?
??????????
??
????????????????èÿ?
????????Ñ è?
???
ÿ ???????
??????
???????
Ñ ????????????? ????

? ?
Ñ ?????????????????
?
ÑÑ ????????[?a??
Ñè ???????
Ñ ?????
Ñ ???????
Ñ ??????? ????
Ñÿ ?????????Ñè? ?
Ñ ???????
Ñ ???
??
? ?
??
Ñ ?????? ?
Ñ ?????? ? ????????????????????????????
ÑÑ ?????? ? ????????????????????????
?
Ñè ?????? ?[?a?[ ? ???
à.?
à .? !--- Here are the numbers.
Ñ ?
Ñÿ ?????? ? ?a? ?????
Ñ ?????? ? ??????????????
!!?
Ñ ?????? ?[?a? ?[???????????Ñ?
ÑÑ ?????? ?a ? ?[?????
[?
ÑÑ ?????? ???????????
?
ÑÑÑ ?????? ????????????????????
!èÑèÿè!?
ÑÑè ?????? ?? ?
??????????????????
ÿÑè?
ÑÑ ?????? ????????????????????????????????????
ÑÑÑÑÿÑÿÿ?
ÑÑ ?
ÑÑ ??????
ÑÑÿ ???????
ÑÑ ?????????Ñ? ???è ?
a???è?
? ?[ ?
ÑÑ ??????????
??
Ñè ????????????????èÿ?
Ñè ????????Ñ è?
??èÑ?
ÑèÑ ???????
Ñèè ??????
Ñè ???????
Ñè ????????????? ????

? ?
Ñè ?????????????????
?
Ñèÿ ????????[?a??
Ñè ???????
Ñè ?????
Ñ ???????
Ñ ??????? ????
ÑÑ ?????????Ñè? ?
Ñè ???????
Ñ ???
??
? ?
??
Ñ ?????? ?
Ñ ?????? ? ????????????????????????????
Ñÿ ?????? ? ???????????????????????Ñ?
[ ?
Ñ ?????? ??[????????????????????
Ñ ?????? ? ???
??????
Ñ ?????? ? ??????????????
!!?
Ñ ?????? ?[?a? ?[???????????Ñ?
ÑÑ ?????? ?a ? ?[?????
[?
Ñè ?????? ?
Ñ ?????? ? ?a?
???
Ñ ?????? ? ?a?a
?
?????Ñ?
Ñ ?????? ? ?????????????????????????

?
Ñÿ ?????? ? ???????????????????????????

?
Ñ ?????? ? ?a? ????????????????ÿ?
Ñ ?????? ?? ????????????????????????
Ñ ?????? ?????????????????????????????
Ñ ?????? ?Ñ ??a
?????????????????
?
ÑÑ ?????? ? ??????????????????????????
!a
!?
Ñè ?????? ?? ?[?? ????????
Ñ ?????? ?
Ñ ?????? ? ?a?
??Ñ?
Ñ ?????? ? ?a?a
?
?????Ñ?
Ñÿ ?????? ? ?????????????????????????

?
Ñ ?????? ? ???????????????????????????

?
Ñ ?????? ? ?a? ?????????????????
Ñÿ ?????? ?? ???????????????????????Ñ?
Ñÿ ?????? ?????????????????????????????
ÑÿÑ ?????? ?Ñ ??a
?????????????????
Ñ?
Ñÿè ?????? ? ??????????????????????????
! Ñ!?
Ñÿ ?????? ?? ?[?? ????????
Ñÿ ?????? ?
Ñÿ ?????? ? ?a?
??è?
Ñÿÿ ?????? ? ?a?a
?
?????Ñ?
Ñÿ ?????? ? ?????????????????????????

?
Ñÿ ?????? ? ???????????????????????????

?
Ñ ?????? ? ?a? ?????????????????
Ñ ?????? ?? ???????????????????????è?
ÑÑ ?????? ?????????????????????????????
Ñè ?????? ?Ñ ??a
?????????????????
è?
Ñ ?????? ? ??????????????????????????
! è!?
Ñ ?????? ?? ?[?? ????????
Ñ ?????? ?
Ñÿ ?????? ? ?a?
???
Ñ ?????? ? ?a?a
?
?????Ñ?
Ñ ?????? ? ?????????????????????????

?
Ñ ?????? ? ???????????????????????????

?
Ñ ?????? ? ?a? ?????????????????
ÑÑ ?????? ?? ????????????????????????
Ñè ?????? ?????????????????????????????
Ñ ?????? ?Ñ ??a
?????????????????
?
Ñ ?????? ? ??????????????????????????
! !?
Ñ ?????? ?? ?[?? ????????
Ñÿ ?????? ?
Ñ ?????? ? ?a?
???
Ñ ?????? ? ?a?a
?
?????Ñ?
è ?????? ? ?????????????????????????

?
è ?????? ? ???????????????????????????

?
èÑ ?????? ? ?a? ?????????????????
èè ?????? ?? ????????????????????????
è ?????? ?????????????????????????????
è ?????? ?Ñ ??a
?????????????????
?
è ?????? ? ??????????????????????????
! !?
èÿ ?????? ?? ?[?? ????????
è ?????? ?
è ?????? ? ?a?
???
è ?????? ? ?a?a
?
?????Ñ?
è ?????? ? ?????????????????????????

?
èÑ ?????? ? ???????????????????????????

?
èè ?????? ? ?a? ?????????????????
è ?????? ?? ????????????????????????
è ?????? ?????????????????????????????
è ?????? ?Ñ ??a
?????????????????
?
èÿ ?????? ? ??????????????????????????
! !?
è ?????? ?? ?[?? ????????
è ?????? ?
èÑ ?????? ? ?a?
??ÿ?
èÑ ?????? ? ?a?a
?
?????Ñ?
èÑÑ ?????? ? ?????????????????????????

?
èÑè ?????? ? ???????????????????????????

?
èÑ ?????? ? ?a? ?????????????????
èÑ ?????? ?? ???????????????????????ÿ?
èÑ ?????? ?????????????????????????????
èÑÿ ?????? ?Ñ ??a
?????????????????
ÿ?
èÑ ?????? ? ??????????????????????????
! ÿ!?
èÑ ?????? ?? ?[?? ????????
èè ?????? ?
èè ?????? ? ?a?
???
èèÑ ?????? ? ?a?a
?
?????Ñ?
èèè ?????? ? ?????????????????????????

?
èè ?????? ? ???????????????????????????

?
èè ?????? ? ?a? ?????????????????
èè ?????? ?? ????????????????????????
èèÿ ?????? ?????????????????????????????
èè ?????? ?Ñ ??a
?????????????????
?
èè ?????? ? ??????????????????????????
! !?
è ?????? ?? ?[?? ????????
è ?????? ?
èÑ ?????? ? ?a?
???
èè ?????? ? ?a?a
?
?????èÑ?
è ?????? ? ?????????????????????????

?
è ?????? ? ??????????????????????????Ñ?
?
è ?????? ? ?a? ????????????????Ñ?
èÿ ?????? ?? ???????????????????????Ñ?
è ?????? ?????????????????????????????
è ?????? ?Ñ ??a
?????????????????
Ñ?
è ?????? ? ??????????????????????????
!aa
!?
è ?????? ?? ?[?? ????????
èÑ ?????? ? ??[?
èè ?????? ?
è ?????? ? ?a?
???
è ?????? ? ?a?a
?
??????
è ?????? ? ?????????????????????????

?
èÿ ?????? ? ??????????????????????????è?
?
è ?????? ? ?a? ?????????????????
è ?????? ?? ???????????????????????è?
è ?????? ?????????????????????????????
è ?????? ?Ñ ??a
?????????????????
è?
èÑ ?????? ? ??????????????????????????
! a
!?
èè ?????? ?? ?[?? ???????Ñ?
è ?????? ? ??[?
è ?????? ?
è ?????? ? ?a?
???
èÿ ?????? ? ?a?a
?
?????è?
è ?????? ? ?????????????????????????

?
è ?????? ? ???????????????????????????
?
èÿ ?????? ? ?a? ?????????????????
èÿ ?????? ?? ????????????????????????
èÿÑ ?????? ?????????????????????????????
èÿè ?????? ?Ñ ??a
?????????????????
?
èÿ ?????? ? ??????????????????????????
!aa
!?
èÿ ?????? ?? ?[?? ????????
èÿ ?????? ? ??[?
èÿÿ ?????? ?
èÿ ?????? ? ?a?
??Ñ?
èÿ ?????? ? ?a?a
?
?????è?
è ?????? ? ?????????????????????????

?
è ?????? ? ???????????????????????????
?
èÑ ?????? ? ?a? ????????????????è?
èè ?????? ?? ????????????????????????
è ?????? ?????????????????????????????
è ?????? ?Ñ ??a
?????????????????
?
è ?????? ? ??????????????????????????
!a
!?
èÿ ?????? ?? ?[?? ???????è?
è ?????? ? ??[?

?
389. At this point, both switches are synchronized:

è [ ?[
?show vtp domain?
è ?
èÑ ????????????????????????? ?
?
????
èè ??
???
è ?????????????????????????????????????????Ñ???????????
???????
è ?
è
?
?a ? ?
a?
èÿ ???
?
è Ñ?????????Ñè???????????????????????????
[
?
è ?
????? Ñ??? ??
[
??

?
???
?
Ñ ?????????[
?[
?Ñ?
è ?
[ ?[
?show vlan?
?
??????????????????????????????????
a??
?
ÿ ???
??
????a
?????????????????????????? ????
Ñÿ?????ÑÑ?
????????????????????????????????????????????????????????
è?
Ñ???? Ñ????????????????????????? ????
èÑ?
è???? è????????????????????????? ????
èè?
Ñ ???? ????????????????????????? ????
è?
è ???? ????????????????????????? ????
è?
???? ????????????????????????? ????
è?
ÿ???? ÿ????????????????????????? ????
èÿ?
??? ????????????????????????? ????
è?
ÿ Ñ?aa
????????????????????? ????
Ñ?
è? a
??????????????? ????
è?
?aa
?????????????????? ????
Ñ?
?a
???????????????????? ????è?
+3!.
Jhis example shows how to verify the VJP configuration on a Catalyst 6000 that runs Cisco IOS
Software:
show vtp status?

?
? ????????????????????????Ñ?
a ? ???????????Ñÿ?
? ??

??
[?a? ? ??????????èè?
? ?????????????
?
????????????[?
? ??????????????
[
?
? Ñ??????????????????[
?
?? ????????[
?
? ??Ñ???è????
a ?
?a?[? ??Ñ??
?
+3!/
Jhis example shows how to display VJP statistics on a Catalyst 6000 that runs Cisco IOS Software:
show vtp counters?

?
??
? ? ?ÿ?
[? ? ??
? ? ??
? ??ÿ?
[? ??è?
? ??è?
[?a?a ? ???
[?a?a ? ???
[?a? ????
? ??
?
????????????"??"? ?????
? ?
???????????????????????????????????????????????????a?
[
? ?
???
?
?????????????èÿ????????????Ñÿ?????????????

Refer to Jroubleshooting VLAN Jrunk Protocol (VJP) for information to troubleshoot VJP.
!! "# $

Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and
collaborate with your peers. Below are just some of the most recent and relevant conversations
happening right now.?
Want to see more? Join us by clicking ?
½ Clearing VLAN's from trunk vs. VJP...! %!6 years, 9 months ago
½ VJP Protocol 8'%!2 years, 1 month ago
½ show vtp counters - No Jrunk listed 8.0%!11 months, 1 week ago
½ Curious VJP behavior '/./%!2 weeks, 1 day ago
½ ACL's on VLAN not isolating traffic $
.%!5 months, 2 weeks ago
½ Jrunked VLANs between SLM2024 and SA520...!9:$;%!9 months, 1 week ago
½ VJP version 3 and pruning!%!2 weeks, 2 days ago
½ How VJP is transport on the trunk!
&/.%!3 months, 2 weeks ago
½ How do I get "Dial 9 For an Outside...<!!
%!3 months, 1 week ago
½ SLM2008 VLAN%!1 week, 2 days ago

?
?

Requirements
Components Used
Related Products
Conventions
c=) )
12· %)
Create VLANs and Ports
Remove Ports or VLANs
Jroubleshooting Jips
12· .
''51-/ ''51-.
'-.
0'-.
'
Remove Ports or VLANs
6"12· .
''51(/ ''51
12· / '-/0 '- ''('''-& ''(&'''%
)
Assign Multiple Ports to a Single VLAN
Remove VLANs
Rename VLANs
How to Isolate the Communiation Between Jwo VLANs
How to Configure Extended Range VLANs in a Catalyst 6500 Series Switch
Jroubleshooting Jips

Inconsistent JLB Value Error on IOS Switches
Recover the vlan.dat File on IOS Switches
Failed to Create VLANs in Extended Range
Failed to Configure VLAN from Startup-Config
Backup and Restore of vlan.dat on Cisco IOS Switches
VLAN Creation Fails with VLAN 1003 parent VLAN missing Error Message
!! "# $
%
?
Jhis document provides basic information on how to create VLANs on Catalyst switches that run Catalyst
OS (CatOS) and Cisco IOS® System Software. Jhe sample commands for each section use one Catalyst
switch from each configuration section.

%
Cisco recommends that you have knowledge of the information in this section.
VLANs are a mechanism to allow network administrators to create logical broadcast domains that can
span across a single switch or multiple switches, regardless of physical proximity. Jhis function is useful
to reduce the size of broadcast domains or to allow groups or users to be logically grouped without the
need to be physically located in the same place.
In order to create VLANs, you must decide how to configure these items:
½ What VLAN Jrunk Protocol (VJP) domain name and VJP mode to use on this switch
½ Which ports on the switch belong to which VLAN
½ If you need to have communication between VLANs, or if they are isolated
If you require communication between VLANs, you must use a Layer 3 routing device, such as an
external Cisco router or an internal router module. Here are examples:
WS-X4232-Layer 3 card for Catalyst 4500/4000 Switches with Supervisor Engine I and
Supervisor Engine II
Route Switch Module (RSM) or Route Switch Feature Card (RSFC) for Catalyst
5500/5000 Switches
Multilayer Switch Module (MSM) or Multilayer Switch Feature Card (MSFC) for Catalyst
6500/6000 Switches
Some of the switches have built-in support in software and hardware to do inter-VLAN routing.
With inter-VLAN routing, no external device, modules, or daughter cards are required. Here are
examples of such switches:
Catalyst 3550/3750/6500 with Supervisor Engine 720

Catalyst 4500/4000 with Supervisor Engine II+, Supervisor Engine III, and Supervisor
Engine IV
Refer to these documents for more information on inter-VLAN routing configuration on an MSFC, RSM,
RSFC, or external router:
½ Configuring InterVLAN Routing with Catalyst 3750/3560/3550 Series Switches

½
? ? ??? section of Configuring InterVLAN Routing
½
? ? ??? section of Configuring InterVLAN Routing
½
? ? ???
½
? ? ??? ? ? section of Configuring InterVLAN
Routing
½ Configuring InterVLAN Routing Using an Internal Router (Layer 3 Card) on Catalyst 5500/5000
and 6500/6000 Switches Jhat Run CatOS System Software
½ Configuring InterVLAN Routing and ISL/802.1Q Jrunking on a Catalyst 2900XL/3500XL/2950
Switch Using An External Router
· Jhis document assumes that you have basic connectivity to the switch, either through the console
or through Jelnet access. Refer to these documents for more information on how to get basic connectivity
to the switches:
½ Catalyst 6500/6000 Series Switches²Basic Software Configuration

½ Catalyst 2900 Series XL Switches²Quick Start Guide
!
Jhe information in this document is based on these hardware and software versions:
½ Catalyst 6009 Switch that runs CatOS 5.5(x) software

½ Catalyst 3524XL Switch that runs Cisco IOS Software Release 12.0(5.x)XU
½ Catalyst 4507 Switch with Supervisor Engine IV (WS-X4515) that runs Cisco IOS Software
Release 12.1(13)EW1
Jhe information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make
sure that you understand the potential impact of any command.
%
Jhe information in this document can also be used with these switches:
½ Catalyst 4500/4000/2948G/2980G/4912G Switches

½ Catalyst 5000/2926G Series Switches
½ Catalyst 6500/6000 Series Switches
½ Catalyst 2900XL/3500XL/2950/3550/3750 Switches
$
c=) )

) !$ + ) 6# (Hybrid): a CatOS image can
be used as the system software to run the Supervisor Engine on Catalyst 6500/6000 Switches. If the
optional MSFC is installed, a separate Cisco IOS Software image is used to run the MSFC.
) !$ +6# (Native): a single Cisco IOS Software
image can be used as the system software to run both the Supervisor Engine and MSFC on Catalyst
6500/6000 Switches.
· Refer to Comparison of the Cisco Catalyst and Cisco IOS Operating Systems for the Cisco Catalyst
6500 Series Switch for more information.
12· %
)
12·
Complete the steps in this section in order to create a VLAN.
Before you can create a VLAN, the switch must be in VJP server mode or VJP transparent mode. If the
switch is a VJP server, you must define a VJP domain name before you can add any VLANs.
1. Define a VJP domain name.
You must define the VJP domain name regardless of:
Jhe number of switches in the network, whether one or many

Whether you use VJP in order to propagate VLANs to other switches in the network
Jhis is the default VJP configuration on the switch:
?[
show vtp domain?
?
????????????????????????? ? ?

????
???
??
?????????????????????????????????????????????Ñ???????????
???????
?

?
?a ? ?a?
????
??????????Ñè????????????????????????????[
?
?
????? Ñ??? ??
[
??
?
???
?
?????????[
?[
?Ñ?
Issue the $! command in order to set the domain name and mode.
?[
set vtp domain ??
?
??#???????????????????????
?
?[
set vtp domain cisco ??
?
?????????????????????????? ??
???????????????????????? ??
?? ????????????????????? ? ?
?? Ñ?????????????????????????? ? ?Ñ?
?
?[
set vtp domain cisco mode ??
?
??
????????????????????? ?
??
?? ????????????????????? ? ??
?????????????????? ???
?
?[
set vtp domain cisco mode server?
?
???a?
· Refer to Understanding VLAN Jrunk Protocol (VJP) for more information on VJP.
2. Issue the $! command in order to verify the VJP configuration.
è ?[
show vtp domain?
?
????????????????????????? ? ?

????
???
??
ÿ cisco 1 Ñ
server???????
?

?
?a ? ?a?
???
?
??????????Ñè????????????????????????????[
?
Ñ ?
è ????? Ñ??? ??
[
??
?
???
?
?????????[
?[
?Ñ?
· If you have the output of a $! command from your Cisco device, you can
use Output Interpreter ( registered customers only) in order to display potential issues and
fixes.
15. After you set and verify the VJP domain, begin to create VLANs on the switch.
By default, there is only a single VLAN for all ports. Jhis VLAN is called a
. You cannot
rename or delete VLAN 1.
Issue the $ command in order to display the parameters for all configured VLANs in the
administrative domain.
?[
show vlan?
?
??????????????????????????????????a?
?
?
????
?
1 default active???????????
1/1-Ñ?
????????????????????????????????????????????????????????
/1-48?
????????????????????????????????????????????????????????
4/1-16?
Ñ?aa
????????????????????? ?????
è? a
??????????????? ?????
?aa
?????????????????? ????ÿ?
?a
???????????????????? ?????
?
?????????????? ? ???
??Ñ?
????????
???
????enet???????????????????????????????????????
???????
Ñ?a??Ñ?????????????????????????????????????
???????
è?a?è?????????????????????????????????????
???????
?a??????????????????????????????????????
???????
?[a??????????????????????????[??????????
???????
?
????
???
?????????[
?
Ñ??????[
?
è??????[
?
??????[
?
??????[
?
?
?
?
???? ?
?????
è?ÿ???????ÿ???????aa?
a. Issue the $ command in order to create VLANs.

[ ?[
set vlan?
?
??
?#
?#?
????????
?a???ÑÑè
ÑÑ ?
a ????????
?#
?$?#?$?
#?$?#?
???????????????????????????$
?#
?
???????????????????????????$?#?$?#?
???????????????????????????$ ?# [?
ù ???????????????????????????$ ?
#
[?
???????????????????????????$[ ?#[ [?
$?#
?

???????????????????????????$?#[ ?$?
#?
???????????????????????????$
?#
?
$[a?#aa%?
???????????????????????????$?#?
$?#?
???????????????????????????$?
????????? èÑ???? ?
?
???????????a?a?a?
[a ?
?????????? ÑÿÑ???ÿ ?
????????
??

?
???????? [?? aaa?

[?? ?
????????[ [?? a???Ñ ?
???[ ?
???????????? ?
??
?
?????????? è ?
?
??

?
?
??????????????????????
?a?
?
? ???????????????Ñ ?
??
?
?
?
[[ ?
?[
set vlan Ñ name cisco_vlan_Ñ?
?

?Ñ?a ?a
?
ee. Issue the $ command in order to verify the VLAN configuration.
aa ?[
show vlan?
?
??????????????????????????????????
a??
?
???
??
ùù ????a
?????????????????????????? ???????????
Ñ?
????????????????????????????????????????????????????????
è?

????????????????????????????????????????????????????????
?
Ñ cisco_vlan_Ñ active????ÿ???????
Ñ?aa
????????????????????? ????????????
è? a
??????????????? ????????????
?aa
?????????????????? ????ÿ????????
?a
???????????????????? ????????????
?
?
?????????????? ? ?
?? ??Ñ?
???????
????
???????????????????????????????????
???????????????
Ñ enet 10000Ñ 1500????????????????????????
????????0 0?
Ñ?a??Ñ?????????????????????????????
???????????????
è?a?è?????????????????????????????
???????????????
?a??????????????????????????????
???????????????
?[a??????????????????????????
?????????????????
bbb.?
ccc.? !--- Output suppressed.
?
eee. If you want to add ports to the VLAN, issue the $ (! command.
aaa ?[
set vlan Ñ /1-1Ñ?
?
?Ñ?a ?
??a ?
ùùù ???
??

Ñ?????èÑ?
???????
· You can also create the VLAN and add the ports to that VLAN with all the
information in a single command.
For example, if you want to create the third VLAN and then assign ports 3/13 through
3/15 to that VLAN, issue this command:
?[
set vlan /1-15?
?

?è?a ?a
?
?è?a ?
??a ?
???
??
/1-15?
???????
Issue the $ command in order to verify the VLAN configuration.

?[
show vlan?
?
??????????????????????????????????a?
?
?
????
?
????a
?????????????????????????? ???????????
Ñ?
????????????????????????????????????????????????????????
è?
????????????????????????????????????????????????????????
?
Ñ cisco_vlan_Ñ active 75
/1-1Ñ
VLAN000 active 76
/1-15?
Ñ?aa
????????????????????? ?????
è? a
??????????????? ?????
?aa
?????????????????? ????ÿ?
?a
???????????????????? ?????
?
?????????????? ? ???
??Ñ?
????????
???
???????????????????????????????????????????
???????
Ñ??????Ñ?????????????????????????????????????
???????
è??????è?????????????????????????????????????
???????
Ñ?a??Ñ?????????????????????????????????????
???????
è?a?è?????????????????????????????????????
???????
?a??????????????????????????????????????
???????
?[a????????????????????????????????????
???????
?
? !--- Output suppressed.
?
% $ 12·

In order to remove ports from a VLAN, issue the $ (! command and place
the ports in a different VLAN. Jhis removal is essentially what happens when you assign a port to any
VLAN because all ports initially belong to VLAN 1.
Issue the $ command in order to delete a VLAN. Jhe ports are deactivated because they remain
a part of that VLAN, and the VLAN no longer exists. Jhe switch displays a warning and gives you the
opportunity to cancel the current request.
?[
clear vlan ?
?
??
? ?
???
?è?
??? ? ?
???? ?$ ??
?

?è?
?
?
?[
show vlan?
?
??????????????????????????????????a?
?
?
????
?
????a
?????????????????????????? ???????????Ñ?
????????????????????????????????????????????????????????/16-
48?
?????????????????????????????????????????????????????????
Ñ????
Ñ????????????????????? ????ÿ??????/1-1Ñ?
Ñ?aa
????????????????????? ?????
è? a
??????????????? ?????
?aa
?????????????????? ????ÿ?
?a
???????????????????? ?????
?
?????????????? ? ??? ?
?Ñ?
?????????
??
???????????????????????????????????????????
???????
Ñ??????Ñ?????????????????????????????????????
???????
Ñ?a??Ñ?????????????????????????????????????
???????
è?a?è?????????????????????????????????????
???????
?a??????????????????????????????????????
???????
?[a????????????????????????????????????
???????
!--- Output suppressed.

?
· Ports 3/13 through 3/15 are not displayed in the output of the $ command because the
removal of VLAN 3 deactivates these ports. Jhe ports are not displayed until you add them back in
another VLAN.
!
Jhis section provides troubleshooting tips for common problems that you can encounter while you create
VLANs on Catalyst switches that run CatOS:
½ If you create a VLAN when there is no VJP domain name defined, you receive this error
message:
?a? ??? ? ????

?
In order to correct this, create a VJP domain name on the switch. Jhe Create VLANs and
Ports section provides the procedure.
½ If you create a VLAN on a switch that is in VJP client mode, you receive this error message:
?a? ??? ?

?
· A switch can only create VLANs if it is in VJP server mode or VJP transparent mode. Refer
to Understanding VLAN Jrunk Protocol (VJP) for more information on VJP.
½ Ports are in the state in ! (! command output. Jhis state means that
the VLAN to which the ports originally belonged was deleted, usually because of VJP. You can
either recreate that VLAN or correct the VJP configuration so that the VLAN is reestablished in
the VJP domain. Jhis is sample ! (! command output:
½ ?[
show port /1?
½ ?
½ ??????????????????????
???????
?
??
½ ?????
??
½ ?/1 inactive Ñ auto
auto 10/100BaseTX?
½ ?
½ ??

?
?????
?????

?
½ ????????????????????????????????????????
&??'Ñ ?
½ ??????
??
½ ?è??????????????????????????????????????????
??????
½
½ !--- Output suppressed.
½ ?
If you have the output of a "!! command from your Cisco device, you can
use Output Interpreter ( registered customers only) in order to display potential issues and
fixes.
?[
show vlan Ñ?
?
??????????????????????????????????a?
?
?
????
?
nable to access VTP Vlan Ñ information ?
?
?
?????????????? ? ???
??Ñ?
????????
???
?
?
????
???
?
?
?
?
???? ?
?????
½ Jhe VLAN interfaces created in the routing modules (RSM, RSFC, MSM, or MSFC) come up only
when the corresponding VLAN is available in the switch. In order for the VLAN interface to be
fully active, which means that it is administratively up and line protocol is up, make sure to have
at least one port as a member of that VLAN, with an active device connected to the port. See
the Requirements section of this document for configuration guidelines.
12· .
''51-/ ''51-
.
'-.
0'-.
'
12·
· Jhe output that you see can be different from some of the command output that this section
displays. Jhe difference depends on the model of your switch.
Complete these steps in order to create a VLAN.
1. Decide whether to use VJP in your network.
With VJP, you can make configuration changes centrally on a single switch, and you can
automatically communicate those changes to all the other switches in the network. Jhe default
VJP mode on the Catalyst 2900XL, 3500XL, 2950, 2970, and 2940 Switches is the server mode.
Refer to Understanding VLAN Jrunk Protocol (VJP) for more information on VJP.
· Issue the $! command in order to check the VJP status on XL Series
Switches.
èÑ(show vtp status?

?
? ??????????????????????Ñ?
a ? ????????????
Maximum VLANs supported locall : Ñ54?
[?a? ? ??????????
VTP Operating Mode : Server?
!--- This is the default mode.

?
?????????????????????
? ??????????????????[
?
? Ñ???????????????????????[
?
?? ?????????????[
?
? ???????????????????????????
???ÿ??
a ?
?a?[? ????
2. After you set and verify the VJP domain, begin to create VLANs on the switch.
By default, there is only a single VLAN for all ports. Jhis VLAN is called a
. You cannot
rename or delete VLAN 1.
Issue the $ command in order to check the VLAN information.
èÑ(show vlan?
?
???????????????????????????????????
???
?
1 default active Fa0/1,
Fa0/Ñ, Fa0/, Fa0/4,
Fa0/5,
Fa0/6, Fa0/7, Fa0/8,
Fa0/9,
Fa0/10, Fa0/11, Fa0/1Ñ,
Fa0/1,
Fa0/14, Fa0/15, Fa0/16,
Fa0/17,
Fa0/18, Fa0/19, Fa0/Ñ0,
Fa0/Ñ1,
Fa0/ÑÑ, Fa0/Ñ, Fa0/Ñ4,?
???????????????????????????????????????????????? ?
Ñ?
Ñ?aa
????????????????????? ?
è? a
??????????????? ?
?aa
?????????????????? ?
?a
???????????????????? ?
?
?????????????? ? ???
??Ñ?
????????
???
1 enet 100001 1500??????????????????????????????????
100Ñ 100?
Ñ?a??Ñ???????????????????????????????????????
??????è?
è?????è????????????????????????????
[????????????Ñ?
?a??????????????????????????????????????
???????
???????????????????????????????????????
???????
Issue this set of commands in privileged mode in order to create another VLAN:
èÑ(vlan database?
!--- You must enter into VLAN database in order to

configure any VLAN.
?
èÑ(
vtp server?
?
Device mode alread VTP SERVER ?
!--- You can skip this command if the switch is already

in server mode and you
!--- want the switch to be in server mode.
?
· A switch can only create VLANs if it is in VJP server mode or VJP transparent mode. Refer
to Understanding VLAN Jrunk Protocol (VJP) for more information on VJP.
Ñ(
vlan ??
?
??#??? ??
?
èÑ(
vlan Ñ ??
?
???????????[?a?
??

??
a?? ?
??[a?????a?? ?
??[ ????? ??a?? ?
??????????a?? ?
?????????? ????
???????????a?? ?
????????[?a??? ?a???
? ?? ?
?? ??????? ?[?a???? ?? ?
?????????
?Ñ ??

????????
??a?? ?
???????????[?a? ??

?
?a?? ?
?????????? ???a?? ?
??[
????[?a??a?

? ?
a?? ???
?????????????a? ?
??[
Ñ????[?a???

? ?
a?? ???
?????????????a? ?
?
èÑ(
vlan Ñ name ??
?
??&?????a?? ?
?
èÑ(
vlan Ñ name cisco_vlan_Ñ?
?
?Ñ??
?????
Ñ?
?
èÑ(
exit?
!--- You must exit from the VLAN database in order for
the changes
!--- to be committed.
?
APPLY completed ?

?
èÑ(?
· Jhe VJP mode can change from client mode to transparent mode if the switch attempts to
learn or pass a greater number of VLANs than it supports. Always check that the switches that
run in client mode support the same number of VLANs that the switches in server mode send.
3. Issue the $ command in order to ensure that the VLAN is created.
èÑ(show vlan?
?
???????????????????????????????????
ÿ ???
?
????a
?????????????????????????? ?????
Ñ?è??
?????????????????????????????????????????????????
?ÿ??
?????????????????????????????????????????????????
??Ñ?
????????????????????????????????????????????????è?
???
Ñ ????????????????????????????????????????????????ÿ?
??Ñ?
è ????????????????????????????????????????????????Ñ?
ÑÑ?Ñè?Ñ?
???????????????????????????????????????????????? ?
Ñ?
Ñ cisco_vlan_Ñ active?????
Ñ?aa
????????????????????? ?
ÿ è? a
??????????????? ?
?aa
?????????????????? ?
?a
???????????????????? ?
Ñ ?
Ñ ?????????????? ? ???
??Ñ?
ÑÑ ????????
???
Ñè ?????????????????????????????????????
????????Ñ???è?
Ñ Ñ enet 10000Ñ 1500??????????????????????????
????????0 0?
Ñ Ñ?a??Ñ???????????????????????????????
??????????????è?
Ñ è?????è????????????????????????????
[????????????Ñ?
Ñÿ ?a??????????????????????????????
???????????????
??????????????????????
28. You can add ports (interfaces) in the newly created VLAN.
You must go to interface configuration mode for each of the interfaces that you want to add into
the new VLAN.
· You can assign the ports of a Layer 2 Catalyst Switch to multiple VLANs, but the switch
only supports one active management VLAN interface at a time and other switched virtual
interfaces (SVIs) do not up/up because of Layer 2 functionality. Jherefore, the switch supports
only one active management Layer 3 address. On a Layer 2 Catalyst Switch, you can issue the
optional command under the new SVI in order to automatically shut down VLAN 1
and transfer the IP address to the new VLAN.
configure terminal?
a interface vlan Ñ?
a [a management?
a [a ^Z?
show ip interface brief?
a????????????????????????! ??
???
?
?????????????????????? Ñ????????
?
????????
?????
VLANÑ Ñ0 0 0 Ñ YES manual up
up???????

???????????? ??????
??????????
???????

Ñ???????????? ??????
??????????
?

?
Issue this set of commands in privileged mode in order to add a particular interface in the VLAN:
èÑ(configure terminal?
?
?a ????

??
??
" ?
?
èÑ(a interface fastethernet 0/Ñ?
?
èÑ(a a switchport access ??
?
??
??? ??a?????
?
èÑ(a a switchport access vlan ??
?
??#?? ??a?? ??????
??
?????&?????a? ??

?[? ?
?
èÑ(a a switchport access vlan Ñ?
!--- These commands assign interface Fast Ethernet to

VLAN .
?
èÑ(a a exit?
?
èÑ(a interface fastethernet 0/?
?
èÑ(a a switchport access vlan Ñ?
!--- These commands assign interface Fast Ethernet to

VLAN .
?
èÑ(a a end?
?
èÑ(?
Ñ? ?a ?a?
?[?

?
?
èÑ(write memor?
!--- This saves the configuration.

?

?a ?
29. Issue the $ command in order to verify the VLAN configuration.
è èÑ(show vlan?
è ?
èÑ ???????????????????????????????????
èè ???
?
è ????a
?????????????????????????? ?????
???
è ????????????????????????????????????????????????ÿ?
???
è ?????????????????????????????????????????????????
Ñ?è??
èÿ ?????????????????????????????????????????????????
?ÿ??
è ?????????????????????????????????????????????????
Ñ?Ñ?ÑÑ?
è ????????????????????????????????????????????????Ñè?
Ñ? ? Ñ?
Ñ cisco_vlan_Ñ active Fa0/Ñ,
Fa0/?
Ñ?aa
????????????????????? ?
Ñ è? a
??????????????? ?
è ?aa
?????????????????? ?
?a
???????????????????? ?
?
?????????????? ? ???
??Ñ?
ÿ ????????
???
?????????????????????????????????????
????????Ñ???è?
Ñ??????Ñ???????????????????????????????
???????????????
Ñ?a??Ñ???????????????????????????????
??????????????è?
è?????è????????????????????????????
[????????????Ñ?
Ñ ?a??????????????????????????????
???????????????
???????????????????????????????????????
???????
% $ 12·

In order to remove ports from the VLAN, issue the ! $ command in
interface configuration mode. After the port is removed from a VLAN that is not VLAN 1 (the default
VLAN), that port is automatically added back to the default VLAN.
For example, if you want to remove interface Fast Ethernet 0/2 from cisco_vlan_2 (VLAN 2), issue this set
of commands in privileged mode:
èÑ(configure terminal?
?
?a ????

??
??" ?
?
èÑ(a interface fastethernet 0/Ñ?
?
èÑ(a a no switchport access vlan Ñ?
!--- These two commands remove interface Fast Ethernet

from VLAN .
?
èÑ(a a end?
?
èÑ(show vlan?
?
???????????????????????????????????
???
?
????a
?????????????????????????? ?????Fa0/Ñ?
??
!--- · Fast Ethernet is added back to the default

VLAN.
?
?????????????????????????????????????????????????ÿ?
??
?????????????????????????????????????????????????
?Ñ?è?
?????????????????????????????????????????????????
??ÿ?
?????????????????????????????????????????????????
?Ñ?Ñ?
????????????????????????????????????????????????ÑÑ?
Ñè?Ñ? ?
???????????????????????????????????????????????? Ñ?
Ñ cisco_vlan_Ñ active Fa0/?
Ñ?aa
????????????????????? ?
è? a
??????????????? ?
?aa
?????????????????? ?
?a
???????????????????? ?
?
?????????????? ? ???
??Ñ?
????????
???
?????????????????????????????????????????????
Ñ???è?
Ñ??????Ñ???????????????????????????????????????
???????
Ñ?a??Ñ???????????????????????????????????????
??????è?
è?????è????????????????????????????[??????
??????Ñ?
?a??????????????????????????????????????
???????
???????????????????????????????????????
???????
In order to delete the VLAN, issue the $ command in VLAN database mode.
Interfaces in that VLAN remain a part of that VLAN and are deactivated because they no longer belong to
any VLAN.
For example, if you want to delete cisco_vlan_2 from the switch, issue this set of commands in privileged
mode:
èÑ(vlan database?
!--- This command enters you into the VLAN database mode.
?
èÑ(
no vlan Ñ?
!--- This command removes the VLAN from the database.

?
Deleting VLAN Ñ ?
?
èÑ(
exit?
?
?
?
?
?
èÑ(show vlan?
?
???????????????????????????????????
???
?
????a
?????????????????????????? ?????Ñ?
??
?????????????????????????????????????????????????ÿ?
??
?????????????????????????????????????????????????
?Ñ?è?
?????????????????????????????????????????????????
??ÿ?
?????????????????????????????????????????????????
?Ñ?Ñ?
????????????????????????????????????????????????ÑÑ?
Ñè?Ñ? ?
???????????????????????????????????????????????? Ñ?
Ñ?aa
????????????????????? ?
è? a
??????????????? ?
?aa
?????????????????? ?
?a
???????????????????? ?

?
Notice that port Fast Ethernet 0/3 is not displayed in the $ command output. Jhe removal of
VLAN 2 deactivates this port. Unless you add the port back in another VLAN, the port is neither displayed
or usable.
èÑ(show interfaces fastethernet 0/?

?
FastEthernet0/ is down, line protocol is down?

?
In order to make the interface usable, you must ensure that it belongs to some VLAN. In the case in this
section of the document, you must add interface Fast Ethernet 0/3 to the default VLAN (VLAN 1) in order
to make this interface usable.
If you have the output of a "!! command from your Cisco device, you can use Output
Interpreter ( registered customers only) in order to display potential issues and fixes.
· In the case of Catalyst 3550 Switches, you can still use the interface without the addition of the
interface to a VLAN. However, you need to make that interface a Layer 3 interface. Refer to
the
? ?"?
section of Configuring Interface Characteristics for more information on
Layer 3 interfaces on Catalyst 3550 Switches.
6"12·

.
''51(/ ''51
Jhe multi-VLAN port feature on Catalyst 2900XL/3500XL Switches allows you to configure a single port in
two or more VLANs. Jhis feature allows users from different VLANs to access a server or router without
the implementation of inter-VLAN routing capability. A multi-VLAN port performs normal switching
functions in all of its assigned VLANs. VLAN traffic on the multi-VLAN port is not encapsulated as it is in
trunking.
· Jhese are the limitations to the implementation of multi-VLAN port features:
½ You cannot configure a multi-VLAN port when a trunk is configured on the switch. You can
connect the multi-VLAN port only to a router or server. Jhe switch automatically transitions to
VJP transparent mode when the multi-VLAN port feature is enabled, which disables the VJP. No
VJP configuration is necessary.
½ Jhe multi-VLAN port feature is supported only on Catalyst 2900XL/3500XL Series Switches. Jhis
feature is not supported on Catalyst 4500/4000, 5500/5000, or 6500/6000 Series Switches or any
other Catalyst switches.
1. Determine which port to configure as a multi-VLAN port.
Here, three VLANs are created on a Catalyst 3512XL Switch, and one port of the switch is
connected to an external router. Jhis example configures the port that is connected to the router
as a multi-VLAN port.
èÑ
show vlan?
?
?????????????????????????????????????
?????
?
????a
?????????????????????????? ???????
è??ÿ?
???????????????????????????????????????????????????
???
??????????????????????????????????????????????????Ñ?
? Ñ?
Ñ???? Ñ????????????????????????? ??????Ñ?
?
è???? è????????????????????????? ???????
???? ????????????????????????? ?
???? ????????????????????????? ?
???? ????????????????????????? ?
In the example, port Fast Ethernet 0/1 is connected to an external router. For more information
about how to create VLANs and assign ports to VLANs, see the Configure the VLAN on Catalyst
2900XL, 3500XL, 2950, 2970, and 2940 Series Switches section of this document.
2. Configure the Fast Ethernet 0/1 port in multi-VLAN mode, and add assigned VLANs to the multi-
VLAN port.
è èÑ
configure terminal?
?

?a ????
??
??
" ?
?
ÿ èÑ
a interface fastethernet 0/1?
?
èÑ
a a switchport mode multi?
à.?
àà.? !--- This command changes the port Fast Ethernet à
mode to multi.
Ñ ?
è èÑ
a a switchport multi vlan ??
?
??
???? ??a? ??[???
?
?
???????? ????
?
ÿ ?? ?? ? ?a???
?
?
èÑ
a a switchport multi vlan 1,Ñ,?
.?
à.? !--- This command assigns VLANs à, , and to multi-
VLAN port Fast Ethernet à.
ÑÑ ?
Ñè èÑ
a a ^Z?
Ñ ??
èÑ
?
25. Issue the

! command and the $ command in
order to verify the configuration.
Ñ èÑ
show interface fastethernet 0/1 switchport?
Ñÿ ?
Ñ ??
Ñ Operational Mode: multi?
.?
à.? !--- The port is in multi-VLAN mode.
èÑ ?
èè ? ?

?
?
è
? ?

?
?
è ?a? ?[
?
è ?? ?? ?
èÿ ? ?? ??a
?
è ? ?
[
?
?
è ? ?
[
?
?
?
?a? ?a??
Ñ ?
è ?
? ??
?
?
? ??
?
ÿ
???
?
èÑ
show vlan brief?
?
??????????????????????????????????????
Ñ ??????
?
è ????a
?????????????????????????? ???????
?è??ÿ?
???????????????????????????????????????????????????
????
???????????????????????????????????????????????????
Ñ? ? Ñ?
Ñ???? Ñ????????????????????????? ???????
?Ñ??
.?
.? !--- · Previously, port Fast Ethernet à was only
in VLAN à.
.? !--- Now the port is assigned to multiple VLANs à, ,
and .
?
è???? è????????????????????????? ???????
??
Ñ ???? ????????????????????????? ?
???? ????????????????????????? ?
63. Issue the ! command from the switch to the router in order to verify the multi-VLAN operation.
Jhe ! command receives a reply from the router each time the management IP address is
assigned to any of the VLANs 1, 2, or 3.
èÑ
configure terminal?
?
?a ????

??
??
" ?
?
èÑ
a interface vlan 1?
?
èÑ
a a ip address 19Ñ 168 1 1 Ñ55 Ñ55 Ñ55 0?
!--- The management IP address is assigned to VLAN à.

?
èÑ
a a ^Z?
?
èÑ
?
Ñè? ?a ?a?
?[?

?
?
èÑ
ping 19Ñ 168 1 1?
?
????[ ?
??[??
??Ñ ???
Ñ??
)))))?
????? ?? ?
?Ñè??
?
èÑ
ping 19Ñ 168 1 Ñ?
!--- You can ping the router from VLAN à.

?
????[ ?
??[??
??Ñ Ñ???
Ñ??
)))))?
????? ?? ?
?è??
?
èÑ
configure terminal?
?
?a ????

??
??
" ?
?
èÑ
a interface vlan 1?
?
èÑ
a a no ip address?
!--- The management IP address is removed from VLAN à.

?
èÑ
a a shutdown?
?
èÑ
a a exit?
?
èÑ
?
èÑ
a [a ip address 19Ñ 168 1 1
Ñ55 Ñ55 Ñ55 0?
?
èÑ
a [a no shutdown?
!--- The management IP address is assigned to VLAN .

?
èÑ
a [a exit?
?
èÑ
a exit?
?
èÑ
ping 19Ñ 168 1 1?
?
????[ ?
??[??
??Ñ ???
Ñ??
)))))?
????? ?? ?
?è??
?
èÑ
ping 19Ñ 168 1 Ñ?
!--- You can ping the router from VLAN .

?
????[ ?
??[??
??Ñ Ñ???
Ñ??
)))))?
????? ?? ?
?ÑÑ??
?
èÑ
configure terminal?
?

?a ????
??
??
" ?
?
èÑ
?
èÑ
a [a no ip address?
!--- The management IP address is removed from VLAN .

?
èÑ
a [a shutdown?
?
èÑ
a [a exit?
?
èÑ
a interface vlan ?
?
èÑ
a [a ip address 19Ñ 168 1 1
Ñ55 Ñ55 Ñ55 0?
?
èÑ
a [a no shut?
!--- The management IP address is assigned to VLAN .

?
èÑ
a [a exit?
?
èÑ
a exit?
?
èÑ
ping 19Ñ 168 1 1?
?
????[ ?
??[??
??Ñ ???
Ñ??
)))))?
????? ?? ?
?è??
?
èÑ
ping 19Ñ 168 1 Ñ?
!--- You can ping the router from VLAN .

?
????[ ?
??[??
??Ñ Ñ???
Ñ??
)))))?
????? ?? ?
?Ñ??
12· / '-/0 '-
''('''-& ''(&'''%
)
12·
Jhis section uses the Catalyst 4500 Switch for sample configuration commands, but the configuration
tasks also apply to other switches that run Layer 3 (or Cisco IOS Software). Jhese other switches include
the Catalyst 3550, 3570, and 6500 Series Switches that run Cisco IOS Software. Before you can create a
VLAN, the switch must be in VJP server mode or VJP transparent mode. If the switch is a VJP server,
you must define a VJP domain name before you add any VLANs. You must define a VJP domain name
regardless of:
½ Jhe number of switches in the network, whether one or many

½ Whether you use VJP in order to propagate VLANs to other switches in the network
Refer to Understanding and Configuring VJP for more information on how to configure VJP on Catalyst
4500/4000 Cisco IOS Software-based Supervisor Engine modules. Refer to the Software Configuration
Guide for the switch platform under consideration for VJP configuration information for other Catalyst
switch platforms. Refer to the LAN Product Support Pages in order to locate the Software Configuration
Guide.
You can create VLANs in either VLAN database mode or global configuration mode. You must create
VLANs that are numbered higher than 1005 in global configuration mode. Jhe VJP mode must be set to
transparent in order to create these VLANs. VLANs that are numbered higher than 1005 are not
advertised by VJP. Furthermore, VLANs that are numbered higher than 1005 are stored in the switch
configuration file and not in the VLAN .dat file. Jhe default location of the VLAN .dat file in Catalyst 4000
Switches with Supervisor Engine IV is the cat4000_flash directory.
dir cat4000_flash:?
?
?a?a
?
?
??ÿ?#??
?
?
ÑÑ?[?
?Ñè?[?a ?
· A Catalyst 6500 Switch that runs Cisco IOS Software allows you to create VLANs in server mode
without a VJP domain name.
Jhe $! command shows the VJP information in the switch.
show vtp status?

?
? ??Ñ?
a ? ???
? ??

???
[?a? ? ???
? ??? ?
?????
? ???
[
?
? Ñ???[
?
?? ??[
?
? ????ÿ?Ñ???Ñ
??
a ?
?a?[? ??Ñ?ÿÑ?

???? ??a?
?
?
[? ?a ?
1. Issue the $ command in order to check the VLAN information.

Ñ show vlan?
è ?
???????????????????????????????????
???
?
????a
?????????????????????????? ???? ?
Ñ? è? èÑ?
ÿ ???????????????????????????????????????????????? èè?
è? è? è?
???????????????????????????????????????????????? èÿ?
è? è? è?
???????????????????????????????????????????????? è?
èÑ? èè? è?
???????????????????????????????????????????????? è?
è? èÿ? è?
àà.?
à .? !--- Output suppressed.
è ?
???????????????????????????????????
???
?
Ñ?aa
??????????????????????
ÿ è? a
????????????????
?aa
???????????????????
?a
?????????????????????
Ñ ?
Ñ ?????????????? ? ???
??Ñ?
ÑÑ ????????
???
Ñè ?????????????????????????????????????
???????????????
Ñ Ñ?a??Ñ???????????????????????????????
???????????????
Ñ è?????è???????????????????????????????
???????????????
Ñ ?a?????????????????????????????
???????????????
Ñÿ ?????????????????????????????[??
???????????????
Ñ ?
Ñ ??????????????????
???
?
30. Enter the correct mode, either database mode or global configuration mode.
Issue the $ command in privileged mode in order to enter VLAN database mode.
vlan database?
?

?
31. Issue the $ command in order to configure a VLAN.

èÑ
vlan Ñ?
èè ?
è ?Ñ??
è ? Ñ?
è ?
èÿ
appl?
è ?
?
?
· For the configuration to take effect, you can either issue the !! command or exit out of
VLAN database mode. Jhe keyword and "4 exit methods do not work in VLAN database
mode. Issue the 3 command in order to exit out of VLAN database mode.
Issue these commands in order to perform the VLAN configuration in global configuration mode:
a vlan ?
?
a
exit?
?
a ?
39. Issue the command in order to view VLANs that are numbered higher than 1005 in the
running configuration.
show running-config?
?
Ñ
?a ?
è ?
?a ??Ñÿ?[?
)?
?Ñ ?
ÿ ? ??
??[ ??
??
??
? ??
?a ?
Ñ )?
è ??
)?
)?
?[?
ÿ )?
???
)?
?
??
Ñ ?
è ??
)?
)?

?Ñ?
ÿ )?
a? [
?
)?
ÿ a? [
Ñ?
ÿ )?
.?
.? !--- Output suppressed.
ÿ ?
In Cisco IOS Software, interfaces are in the state by default, unlike in CatOS-based switches.
In CatOS, the port becomes active if it senses the presence of a physical link.
By default, Cisco IOS Software interfaces are Layer 2 interfaces on Catalyst 3550, 3750, and 4500 Series
Switches. Jhe interfaces are Layer 3 interfaces on Catalyst 6500/6000 Series Switches. You can
configure the interface as a Layer 2 interface with the ! command in interface configuration
mode. You must issue this command before you assign an interface to a VLAN, if the interface is in Layer
3 mode. Jhe command to assign an interface to a VLAN is! $ .
· If the interface is configured as a Layer 3 interface, which means that the ! command
is configured, you cannot assign the interface to a VLAN.
In order to associate the ports to VLANs in Cisco IOS Software, this minimum configuration is required:
a interface gigabitethernet /1?

?
a a switchport?
!--- This command is required if the interface is in Layer

mode.
?
a a switchport access vlan Ñ?
?
a a no shutdown?
Issue the (

! command in order to check the
Layer 2 interface status.
show interface gigabitethernet /1 switchport?

?
? è?
?
[
?
????

????
? ?

? ?

? ?

? ?
?a? ??
?? ?Ñ? Ñ ?
? ?? ??a
?
? ??
?
???
?
? ??
?
?? ? ??
?
??
??
?
??
? ??
?
?? ? ??

?
??
? ?
[
??
? ?
[
?Ñ?
??[
?
? ?
??
? ?? ?

???
If the port is set up as a trunk, which is a port that can carry more than one VLAN, the ! 9
$$ command can be useful. Jhe command is useful if the native VLAN of the interface has been
changed or needs to be changed from its defaults. Jhe native VLAN is the VLAN that is used if the
interface is to become a Layer 2 interface. If you do not explicitly define a native VLAN, VLAN 1 becomes
the native VLAN by default. Be aware that an IEEE 802.1Q header is not added when data are sent on
the native VLAN. Ensure that the trunk ports on both of the connected devices have the same native
VLAN. A mismatch in native VLANs can cause inter-VLAN routing issues, among other problems.
Jhis message appears when the native VLAN is mismatched on the two Cisco switches:

? ? ?? ?
? [
?Ñ ?
??è? [
? ?
In this example message, the native VLAN is VLAN 2 on one of the switches, but the neighboring switch
has native VLAN 1.
Issue the (

9 command in order to see the native VLAN,
encapsulation, and trunking VLAN information.
show interfaces gigabitethernet /1 trunk?

?
??

?? ?
?
è??Ñ ? ??
??
?
???
è??
??
?
?? ?? ??

è?Ñè?
??
?? ??a ?????
è??
If you use the default configuration, native VLAN is set to VLAN 1. In order to change the native VLAN on
the interface that is trunking, issue the ! 9$$ command.
a interface gigabitethernet /1?

?
a a switchport trunk native vlan Ñ?
Issue this command in order to verify:
show interfaces gigabitethernet /1 trunk?

?
??

?? ?
?
è??Ñ ? ?Ñ?
??
?
???
è??
??
?
?? ?? ??

è?Ñè?
??
?? ??a ?????
è??
26! 12·

You can assign the multiple interfaces on a switch to a single VLAN. Issue these commands:
a interface range fastethernet [mod/slot -
mod/slot]?
2.
a a switchport access vlan
vlan_number
?
5.
a a switchport mode access?
7.
a a no shut?
9.
· Jhe command is not supported in all software releases. Jhe
command is supported in Cisco IOS Software Release 12.1(13)EW and later.
% $12·
In order to remove a VLAN from the VLAN database, issue the $ command in either
VLAN database mode or global configuration mode. Jhis example uses the VLAN database mode to
remove VLAN 2.
vlan database?
?

no vlan Ñ?
?

? ?Ñ ?
?

appl?
?
?
?
Jhe global configuration mode does not log any message on the console that indicates the deletion of the
VLAN. However, you can issue the $ command in order to verify the deletion of the VLAN.
%12·
In order to rename a VLAN from the VLAN database, issue the command in either
VLAN database mode or global configuration mode.
Jhis example uses VLAN database mode to rename VLAN 3:
vlan database?
?

vlan ?
?

name CISCO
?

appl?
?
?
?
Jhis example uses global configuration mode to rename the VLAN 3:
conf t?
?a ????

??
??" ?
?

vlan ?
?

name CISCO
?
In order to verify, issue the $ or $" command.
show vlan brief?

?
????????????????????????????????????
????
?è???????????????????????????????? ????è?
· When you rename the VLAN, it is not necessary to remove the VLAN assigned to the port using
the ! $ command.
Õ = 12·

Jhis section does not discuss private VLANs. Private VLANs provide Layer 2 isolation between ports
within the same private VLAN (isolated VLAN) or between the private VLANs (community VLANs).
Jhere are two scenarios for when you try to isolate two VLANs.
½ Layer 2 VLANs
½ Layer 3 VLANs
= 1.12·
A Layer 2 VLAN is the VLAN created in the switch and not configured with the $
>$8 7 command. Hosts in the different Layer 2 VLANs cannot communicate with each other.
Complete these steps in order to create a Layer 2 VLAN and isolate it from older VLANs:
1. Create the new VLAN in the database. When you exit vlan database mode, the configuration
changes are applied.
Ñ vlan database?
.?
.?!--- You must enter into VLAN database mode in order to
.?!--- configure any VLAN.
?
ÿ
vlan 5?
???
????? ?

vlan 6?
???
Ñ ????? ?
è
exit?
?
?

?
15. Make sure the VLAN is created in the vlan database. Jhe new VLAN must appear in the output of
the $command.
16. Do not set an IP address to the newly created VLANs.
17. Configure physical interfaces that connect the clients to the corresponding VLAN.
a interface fastEthernet Ñ/1?
Ñ a a switchport access vlan 5?
Ñ a a no shut?
ÑÑ ?
Ñè a interface fastEthernet Ñ/Ñ?
Ñ a a switchport mode access?
Ñ a a no shut?
27. Assign to each host a static IP address, subnet mask, and do set a default gateway. Jhis
causes hosts on the ports fa 2/1 and 2/2 to not communicate with each other. Devices that belong
to one VLAN do not reach anything else but devices within the same VLAN.
= 1/12·
When you create a VLAN and assign an IP address with the $>$8 7 command,
the VLAN becomes a Layer 3 VLAN. In Layer 3 switches, the hosts between the two VLANs can
communicate with each other (if the hosts are configured with the default gateway as the VLAN interface
IP address). You can use ACLs to deny communication between the VLANs.
Jhis section shows an example of how to isolate the communication between a newly created Layer 3
VLAN and an older VLAN.
In this example, the 3750 switch has two old VLANs (VLAN 1 and VLAN 2). Jhe newly created VLAN is
VLAN 5. VLAN 1, VLAN 2 and VLAN 5 are Layer 3 VLANs. ACLs are implemented to deny traffic so that
VLAN 1 and VLAN 2 cannot communicate with VLAN 5 and so that VLAN 5 does not communicate either
with VLAN 1 or VLAN 2.
½ VLAN 1 - 10.10.10.0 /24

½ VLAN 2 - 172.16.1.0 /24
½ VLAN 5 - 192.168.1.0 /24
1. Create the new VLAN in the database. In this case the new VLAN is VLAN 5. When you exit vlan
database mode, the configuration changes are applied.
Ñ vlan database?
.?
.?!--- You must enter into VLAN database mode
.?!--- in order to configure any VLAN.
?
ÿ
vlan 5?
???
????? ?

exit?
?
?

?
12. Make sure the VLAN is created in the vlan database. Check the output of the
$ command.
13. Set an IP address for the newly created VLAN.
a interface vlan 5?
a a ip address 19Ñ 168 1 1 Ñ55 Ñ55 Ñ55 0?
a no shut?
17. Configure physical interfaces that connect the clients to the corresponding VLAN.
a interface fastEthernet Ñ/1 ?
Ñ a a no shut?
You need to configure three access-lists, one for each VLAN.
Jhis access list denies traffic that comes from VLAN 1 to get to VLAN 5.

!--- Some of the commands in this output are wrapped
!--- to a second line due to spatial reasons.
?
configure terminal?
a access-list 101 den
ip 10 10 10 0 0 0 0 Ñ55 19Ñ 168 1 0 0 0 0 Ñ55?
a access-list 101 permit ip 10 10 10 0
0 0 0 Ñ55 an?
Jhis access list denies traffic that comes from VLAN 2 to get to VLAN 5.
configure terminal?
a access-list 10Ñ den ip 17Ñ 16 1 0
0 0 0 Ñ55 19Ñ 168 1 0 0 0 0 Ñ55?
a access-list 10Ñ permit ip 17Ñ 16 1 0
0 0 0 Ñ55 an?
Jhis access list denies traffic that comes from VLAN 5 to get to VLAN 1 and VLAN 2.
configure terminal?
a access-list 105 den ip 19Ñ 168 1 0
0 0 0 Ñ55 10 10 10 0 0 0 0 Ñ55?
a access-list 105 den ip 19Ñ 168 1 0
0 0 0 Ñ55 17Ñ 16 1 0 0 0 0 Ñ55?
a access-list 105 permit ip 19Ñ 168 1 0
0 0 0 Ñ55 an?
And once they are configured, apply the access lists to interface VLAN 1, interface VLAN 2 and
interface VLAN 5.
configure terminal?
a interface vlan 1?
a a ip access-group 101 in?
a a exit?
?
configure terminal?
a a ip access-group 10Ñ in?
a a exit?
?
configure terminal?
a interface vlan 5?
a a ip access-group 105 in?
a a end?
Õ +3%12·& ''

In order to configure extended VLANs on the Catalyst 6500 Series Switches running Cisco IOS, you need
to enter the !"3" command. Jhen the extended VLAN must be created in
the configuration mode and not from the $ mode.
Complete these steps in order to create extended VLANs on the Catalyst 6500 Series Switches that run
Cisco IOS:
1. Console into the switch:

Ñ enable?
?
3. Enter configuration mode:

configure terminal?

?a ????
??
??
" ?
a ?
6. Enter the !"3" command in configuration mode:

ÿ a spanning-tree extended sstem-id?
8. Enter the $! ! command in configuration mode:
a vtp mode transparent?
10. Create the VLAN in configuration mode:
a vlan 111?
Ñ Notice?
è a
exit?
14. Exit configuration mode:
a exit?
16. Issue the $ command in order to check the VLAN information.
ÿ show vlan?
???????????????????????????????????
???
?
Ñ ????a
?????????????????????????? ?????
Ñ ?? ????????????????????????? ???? ?
?
ÑÑ Ñ?aa
???????????????????????
Ñè è? a
?????????????????
Ñ ?aa
????????????????????
Ñ ?a
??????????????????????
Ñ 111 VLAN111 active ?
Ñÿ ?
Ñ ?????????????? ? ???
??Ñ?
Ñ ????????
???
è ?????????????????????????????????????
??????????????????
è ???????????????????????????????????
??????????????????
èÑ Ñ?a??Ñ???????????????????????????????
??????????????????
èè è?????è???????????????????????????????
??????????????????
è ?a?????????????????????????????
??????????????????
è ?????????????????????????????[??
??????????????????
è???è???????????????????????????????????????
??????????
!
Jhis section provides troubleshooting tips for common problems that you can encounter during the
creation of VLANs on Catalyst switches that run Cisco IOS Software.
On switches that run Cisco IOS Software, you can use the switch itself for interVLAN routing, instead of
an external router. When an SVI is created, it does not automatically create a VLAN in the Layer 2
database. In order for an SVI to come up, a VLAN must be created in VLAN database mode or (in later
Cisco IOS Software releases) in global configuration mode. In order for the SVI to be fully active, which
means that it is administratively up and line protocol is up, make sure to have at least one port as a
member of that VLAN, with an active device connected to the port.
Jhis same issue applies when you copy configurations from a different switch or restore configurations
with VLANs that were created in VLAN database mode. You must also replace the VLAN database file
(vlan.dat), or you must recreate the VLANs, as the procedure in the Create VLANs and Ports section of
this document shows. If you copy the configuration from another switch, the VLAN database is not
copied.
If the Layer 2 VLAN is not created on the switch, SVI interfaces show as & in the !
command output when the configuration is applied to the switch. Ensure that all previous
VLANs that were created in VLAN database mode or global configuration mode still exist after the
configuration is copied to the switch.

Jhere is currently no verification procedure available for this configuration.

1=+ )
Jhe inconsistent translational bridging (JLB) value error occurs when you create a VLAN on a Cisco IOS
switch that recently received a VJP update from a CatOS switch or which was converted from CatOS.
Jhis is because CatOS and Cisco IOS have some different default values for translation bridge VLAN.
Jranslational VLANs translate Fiber Distributed Data Interface (FDDI) or Joken Ring to Ethernet. Jhe
translation bridge (tb) VLANs for VLAN 1, 1002 and 1003 are different in CatOS and are ' by default .
Jhe factory default translation bridge VLANs in Cisco IOS switches are:

???????[????????[Ñ?
???????????
????????????Ñ??????è?
Ñ??????????????????è?
è??????????????????Ñ?
A Cisco IOS switch that recently received a VJP update from a CatOS switch or which was converted
from CatOS overwrites the default tb values. When you try to create any VLAN after this, it generates this
error message:
?Ñ??? ?????

??? ?
As a workaround for this issue, change the Cisco IOS switch tb default values for VLAN 1, 1002 and 1003
to match the CatOS values.
vlan data?

no vlan 100Ñ tb-vlan1 tb-vlanÑ?

no vlan 100 tb-vlan1 tb-vlanÑ?

appl?
?
?

exit?
?

?
% $$;# )

For Cisco Catalyst Switches that run Cisco IOS software, the VLAN information is on a separate file
named $;. If the vlan.dat file is deleted accidently and the switch gets reloaded, all the VLANs that
were available on the switch are lost. Until the switch is reloaded, the VLAN information is present in the
switch.
Complete these steps in order to recover the vlan.dat file:
1. Issue the $ command in order to confirm the availability of VLAN information.
Ñ show vlan?
è ?
???????????????????????????????????
???
?
????a
?????????????????????????? ?????
Ñ?è??
ÿ ?????????????????????????????????????????????????
?ÿ??
?????????????????????????????????????????????????
?Ñ? ?
???????????????????????????????????????????????? Ñ?
??? ????????????????????????? ?
??? ????????????????????????? ?
Ñ Ñ??? Ñ????????????????????????? ?
è Ñ??? Ñ????????????????????????? ?
è??? è????????????????????????? ?
è??? è????????????????????????? ?
??? ????????????????????????? ?
ÿ ??? ????????????????????????? ?
???
??????????????????????????? ?
?? ???????????????????????? ?
19. If the switch is in VJP Server or Jransparent mode, make any modifications to the VLAN
database.
Modifications to the VLAN database can be any of these:
Create any VLAN.

Delete any VLAN.
Modify the properties of any existing VLAN.
If the switch is in VJP Client mode, make modifications to the VLAN database at any VJP Server
of the same domain.
configure terminal?

?a ????
??
??
" ?
a vlan
?
a
name thVLAN
?
a
end?
?
Once any change has been done to the VLAN database, the switch automatically creates the
vlan.dat file.
20. Issue the command in order to verify the creation of the vlan.dat file.
Ñ show flash:?
ÑÑ ?
Ñè ?a?a
?
Ñ ?
Ñ ????Ñ??????????????????è?ÿ??
a ?
Ñ ????è???????Ñÿ????Ñ?è???Ñ

Ñ Ñ
[?
Ñÿ ???????????????????è?Ñÿ??vlan dat?
Ñ ??????????????????è?ÿ??
a ?
Ñ ??????????????????Ñ?è?èÑ??
?
è ????ÿ???????èÑèè????Ñ?è?èÿÑ??Ñ

Ñ ÑÑÑ
[?
è ?
ÿÿ?[?
?è?[?a ?
# 12·+3%
+
?
??? ?$?
??
[
??? ?
Layer 3 LAN ports, WAN interfaces and subinterfaces, and some software features, such as RSPAN, use
internal VLANs in the extended range. You cannot use an extended range VLAN that is allocated for
internal use.
In order to display the VLANs used internally, issue the $ command. You can
configure ascending internal VLAN allocation (from 1006 and up) or descending internal VLAN allocation
(from 4094 and down).
a vlan internal allocation polic ascending |
descending}
?
!--- Enter the keyword to allocate internal VLANs

from à and up.
!--- Enter the keyword to allocate internal VLAN
from and down.
?
a ??
reload?
You do not need to issue the command immediately. Issue the command
during a planned maintenance window. Jhe internal VLAN allocation policy is applied only after a reload.
If a device reload is not an option, as a workaround, you can use VLAN Jranslation. On trunk ports, you
can translate one VLAN number to another VLAN number, which transfers all traffic received in one
VLAN to the other VLAN. Refer to the
??# ?section of Configuring VLANs for
more information.
· Switches that run Catalyst product family software do not support the configuration of VLANs 1006-
1024. If you configure VLANs 1006-1024, ensure that the VLANs do not extend to any switches that run
Catalyst product family software.
+ .

???? ? ?
You might receive this message when you are trying to create Extended VLANs in Server or Client mode
of VJP.
Make sure that the device (Switch or Router) is in Jransparent mode when you create extended range
VLANs. Refer to the ?# $ ?% ?& section of Extended VLAN ID for more
information.
# 12· !"
&

?
??a ?
?a??
a ?
[??? ?a ?a

?a?

??
Jhis message indicates that the VLAN software failed to use the VLAN configuration from the startup
configuration file. Jhe VLAN configuration is stored in the$; file. Jhe vlan.dat file resides in non-
volatile memory. When the Supervisor module is replaced, vlan.dat is empty (0). On bootup, the switch
compares the VJP domain name and VJP mode in the startup configuration file and the vlan.dat file. If
the values do not match, the switch uses the configuration in the vlan.dat file.
In order to perform a complete backup of your configuration, the vlan.dat file must be included in the
backup with the configuration. Jhe network administrator must upload both the vlan.dat file and the
configuration file in order to restore the complete configuration.
=9!% $; )

In order to backup the vlan.dat, complete this step:
Copy the vlan.dat file from the device's NVRAM to a JFJP server or an external PCMCIA card.
cop const_nvram:vlan.dat tftp:?
· Jhe memory location where the vlan.dat file is stored varies from device to device. In Cisco
Catalyst 6500/6000 Series Switches, it is . Similarily for Catalyst 4500/4000 Switches, it
is a
. Refer to the respective product documentation before issuing the ! command.
In order to restore the vlan.dat file, complete these steps:
1. Copy the vlan.dat file into the device's NVRAM from a JFJP server or an external PCMCIA card.
?a? ?
2. Reload the switch, as vlan.dat is read only during the booting process.
12· #12·''/!12·+

6
conf t?
?a ????

??
??" ?
a vlan 10Ñ?
a
name marketing?
a
exit?
VLAN 100 parent VLAN missing
APPLY VLAN changes failed ?
a end?
?
A misconfiguration on a switch can cause the configuration updates of the VJP to fail. In most cases, the
problem is that the new VLAN created in the VJP server switch does not propagate to the VJP client
switches, which creates host connectivity issues.
A common cause for this issue is a VJP version mismatch between the switches in a VJP domain. VJP
version 1 and VJP version 2 are not interoperable on the network devices in the same VJP domain. A
VJP version 2 capable network device can operate with a network device that runs VJP version 1,
provided that VJP version 2 is disabled on the VJP version 2 capable network device. VJP version 2 is
disabled by default. Every network device in the VJP domain must use the same VJP version. Verify the
VJP version that runs on a switch. If VJP version 2 is enabled, disable it in order to resolve this issue.
Verify if the switch is configured properly for other VJP parameters:

½ Verify that the switches are connected through trunk links, because VJP updates are only
exchanged over trunk links.
½ Verify that the VJP domain name is exactly the same on the appropriate switches. Jhe name is
case sensitive. Jhe VJP updates are only exchanged between switches in the same VJP
domain.
½ Verify that the VJP password is exactly the same on all the switches in the domain. Jhe
password is case sensitive. If a password is configured, it must be configured on all switches in
the domain and the password must be the same.
In case of a VJP convergence issue, where a VJP client does not update the VLAN information, the
workaround is to force a VJP convergence by the creation, then the removal of a dummy VLAN on the
VJP server. Jhis increments the revision number and forces all VJP clients to update their VLAN
database.
!! "# $

?

Requirements
Components Used
Conventions

Flash Animation: VJP
VJP Messages in Detail
))!
VJP Modes
VJP V2
VJP Password
VJP Pruning
· 9

!! "# $
%
?
?
VLAN Jrunk Protocol (VJP) reduces administration in a switched network. When you configure a new
VLAN on one VJP server, the VLAN is distributed through all switches in the domain. Jhis reduces the
need to configure the same VLAN everywhere. VJP is a Cisco-proprietary protocol that is available on
most of the Cisco Catalyst series products.
· Jhis document does not cover VJP Version 3. VJP Version 3 differs from VJP Version 1 (V1) and
Version 2 (V2), and it is only available on Catalyst OS (CatOS) 8.1(1) or later. VJP Version 3 incorporates
many changes from VJP V1 and V2. Make certain that you understand the differences between VJP
Version 3 and earlier versions before you alter your network configuration. Refer to one of these sections
of Configuring VJP for more information:
½ î ?'(?#%? ?"?) $

½ ?( ?#%? ?*??#%? ?+ ,#%? ?"-

%
Jhere are no specific requirements for this document.
!
Jhis document is not restricted to specific software or hardware versions.
$

#2
Refer to the VLAN Jrunk Protocol (VJP) Flash animation , which explains these concepts for VJP
V1 and V2:
½ Introduction to VJP
½ VJP domain and VJP modes
½ Common VJP problems and solutions
· Jhis document does not cover VJP Version 3. VJP Version 3 differs from VJP V1 and V2 and is
only available on CatOS 8.1(1) or later. Refer to one of these sections of Configuring VJP for more
information:
½ î ?'(?#%? ?"?) $

½ ?( ?#%? ?*??#%? ?+ ,#%? ?"-
6c
VJP packets are sent in either Inter-Switch Link (ISL) frames or in IEEE 802.1Q (dot1q) frames. Jhese
packets are sent to the destination MAC address 01-00-0C-CC-CC-CC with a logical link control (LLC)
code of Subnetwork Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header). Jhis is
the format of a VJP packet that is encapsulated in ISL frames:
Of course, you can have a VJP packet inside 802.1Q frames. In that case, the ISL header and cyclic
redundancy check (CRC) is replaced by dot1q tagging.
Now consider the detail of a VJP packet. Jhe format of the VJP header can vary, based on the type of
VJP message. But, all VJP packets contain these fields in the header:
½ VJP protocol version: 1, 2, or 3

½ VJP message types:
Summary advertisements
Subset advertisement
Advertisement requests
VJP join messages
½ Management domain length
½ Management domain name
%$ ·
Jhe configuration revision number is a 32-bit number that indicates the level of revision for a VJP packet.
Each VJP device tracks the VJP configuration revision number that is assigned to it. Most of the VJP
packets contain the VJP configuration revision number of the sender.
Jhis information is used in order to determine whether the received information is more recent than the
current version. Each time that you make a VLAN change in a VJP device, the configuration revision is
incremented by one. In order to reset the configuration revision of a switch, change the VJP domain
name, and then change the name back to the original name.
2$
By default, Catalyst switches issue summary advertisements in five-minute increments. Summary

advertisements inform adjacent Catalysts of the current VJP domain name and the configuration revision
number.
When the switch receives a summary advertisement packet, the switch compares the VJP domain name
to its own VJP domain name. If the name is different, the switch simply ignores the packet. If the name is
the same, the switch then compares the configuration revision to its own revision. If its own configuration
revision is higher or equal, the packet is ignored. If it is lower, an advertisement request is sent.
Jhis list clarifies what the fields means in the summary advertisement packet:
½ Jhe Followers field indicates that this packet is followed by a Subset Advertisement packet.
½ Jhe Updater Identity is the IP address of the switch that is the last to have incremented the
configuration revision.
½ Jhe Update Jimestamp is the date and time of the last increment of the configuration revision.
½ Message Digest 5 (MD5) carries the VJP password, if MD5 is configured and used to
authenticate the validation of a VJP update.
2$
When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are made
increments the configuration revision and issues a summary advertisement. One or several subset
advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN
information. If there are several VLANs, more than one subset advertisement can be required in order to
advertise all the VLANs.
Jhis formatted example shows that each VLAN information field contains information for a different VLAN.
It is ordered so that lowered-valued ISL VLAN IDs occur first:
Most of the fields in this packet are easy to understand. Jhese are two clarifications:
½ ²Jhe format for this is 0x02 for subset advertisement.

½ ²Jhis is the sequence of the packet in the stream of packets that follow a
summary advertisement. Jhe sequence starts with 1.
2$%
A switch needs a VJP advertisement request in these situations:
½ Jhe switch has been reset.

½ Jhe VJP domain name has been changed.
½ Jhe switch has received a VJP summary advertisement with a higher configuration revision than
its own.
Upon receipt of an advertisement request, a VJP device sends a summary advertisement. One or more
subset advertisements follow the summary advertisement. Jhis is an example:
½ ²Jhe format for this is 0x03 for an advertisement request.

½ "²Jhis is used in cases in which there are several subset advertisements. If the first
() subset advertisement has been received and the subsequent one (+1) has not been
received, the Catalyst only requests advertisements from the (+1)th one.
))!
6
You can configure a switch to operate in any one of these VJP modes:
½ Server²In VJP server mode, you can create, modify, and delete VLANs and specify other
configuration parameters, such as VJP version and VJP pruning, for the entire VJP domain. VJP
servers advertise their VLAN configuration to other switches in the same VJP domain and
synchronize their VLAN configuration with other switches based on advertisements received over
trunk links. VJP server is the default mode.
½ Client²VJP clients behave the same way as VJP servers, but you cannot create, change, or
delete VLANs on a VJP client.
½ Jransparent²VJP transparent switches do not participate in VJP. A VJP transparent switch
does not advertise its VLAN configuration and does not synchronize its VLAN configuration based
on received advertisements, but transparent switches do forward VJP advertisements that they
receive out their trunk ports in VJP Version 2.
½ Off (configurable only in CatOS switches)²In the three described modes, VJP advertisements
are received and transmitted as soon as the switch enters the management domain state. In the
VJP off mode, switches behave the same as in VJP transparent mode with the exception that
VJP advertisements are not forwarded.
.
VJP V2 is not much different than VJP V1. Jhe major difference is that VJP V2 introduces support for
Joken Ring VLANs. If you use Joken Ring VLANs, you must enable VJP V2. Otherwise, there is no
reason to use VJP V2. Changing the VJP version from 1 to 2 will not cause a switch to reload.

If you configure a password for VJP, you must configure the password on all switches in the VJP domain.
Jhe password must be the same password on all those switches. Jhe VJP password that you configure
is translated by algorithm into a 16-byte word (MD5 value) that is carried in all summary-advertisement
VJP packets.

VJP ensures that all switches in the VJP domain are aware of all VLANs. However, there are occasions
when VJP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded
over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few
users are connected in that VLAN. VJP pruning is a feature that you use in order to eliminate
or ! this unnecessary traffic.
= 9 !?
?
Jhis figure shows a switched network without VJP pruning enabled. Port 1 on Switch A and Port 2 on
Switch D are assigned to the Red VLAN. If a broadcast is sent from the host connected to Switch A,
Switch A floods the broadcast and every switch in the network receives it, even though Switches C, E,
and F have no ports in the Red VLAN.
= 9!?
?
Jhis figure shows the same switched network with VJP pruning enabled. Jhe broadcast traffic from
Switch A is not forwarded to Switches C, E, and F because traffic for the Red VLAN has been pruned on
the links shown (Port 5 on Switch B and Port 4 on Switch D).
When VJP pruning is enabled on a VJP server, pruning is enabled for the entire management domain.
Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that
trunk only (not on all switches in the VJP domain). VJP pruning takes effect several seconds after you
enable it. VJP pruning does not prune traffic from VLANs that are pruning-ineligible. VLAN 1 and VLANs
1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range
VLANs (VLAN IDs greater than 1005) are also pruning-ineligible.
· 9
By default, all switches are configured to be VJP servers. Jhis configuration is suitable for small-scale
networks in which the size of the VLAN information is small and the information is easily stored in all
switches (in NVRAM). In a large network, the network administrator must make a judgment call at some
point, when the NVRAM storage that is necessary is wasteful because it is duplicated on every switch. At
this point, the network administrator must choose a few well-equipped switches and keep them as VJP
servers. Everything else that participates in VJP can be turned into a client. Jhe number of VJP servers
should be chosen in order to provide the degree of redundancy that is desired in the network.
·
½ If a switch is configured as a VJP server without a VJP domain name, you cannot configure a
VLAN on the switch.
· It is applicable only for CatOS. You can configure VLAN(s) without having the VJP domain
name on the switch which runs on IOS.
½ If a new Catalyst is attached in the border of two VJP domains, the new Catalyst keeps the
domain name of the first switch that sends it a summary advertisement. Jhe only way to attach
this switch to another VJP domain is to manually set a different VJP domain name.
½ Dynamic Jrunking Protocol (DJP) sends the VJP domain name in a DJP packet. Jherefore, if
you have two ends of a link that belong to different VJP domains, the trunk does not come up if
you use DJP. In this special case, you must configure the trunk mode as or ,
on both sides, in order to allow the trunk to come up without DJP negotiation agreement.
½ If the domain has a single VJP server and it crashes, the best and easiest way to restore the
operation is to change any of the VJP clients in that domain to a VJP server. Jhe configuration
revision is still the same in the rest of the clients, even if the server crashes. Jherefore, VJP
works properly in the domain.

Refer to Configuring VLAN Jrunk Protocol (VJP) for information to configure VJP.

Refer to Jroubleshooting VLAN Jrunk Protocol (VJP) for information to troubleshoot VJP.

Jhere are some disadvantages to the use of VJP. You must balance the ease of VJP administration
against the inherent risk of a large SJP domain and the potential instability and risks of SJP. Jhe greatest
risk is an SJP loop through the entire campus. When you use VJP, there are two things to which you
must pay close attention:
½ Remember the configuration revision and how to reset it each time that you insert a new switch in
your network so that you do not bring down the entire network.
½ Avoid as much as possible to have a VLAN that spans the entire network.
!! "# $

Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and
collaborate with your peers. Below are just some of the most recent and relevant conversations
happening right now.?

Document ID

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Document ID

Transféré par

Droits d'auteur :

Formats disponibles

c c

  

   

& ''(&''' ) ( ''(''' 

2.     

3. Issue these commands in order to monitor VJP operation and status:

 ''('''- ''( '''- & ''(&''')

1. Issue this command in order to set the domain name:

4. Issue this command in order to set the mode:

1. Issue these commands from the VLAN database mode:

vtp [client | server | transparent]?

Refer to the  ?

389. At this point, both switches are synchronized:

show vtp status?

show vtp counters?

 !!  "# $ 

Catalyst 3550/3750/6500 with Supervisor Engine 720

½ Configuring InterVLAN Routing with Catalyst 3750/3560/3550 Series Switches

½ Catalyst 6500/6000 Series Switches²Basic Software Configuration

½ Catalyst 6009 Switch that runs CatOS 5.5(x) software

½ Catalyst 4500/4000/2948G/2980G/4912G Switches

1. Define a VJP domain name.

You must define the VJP domain name regardless of:

Jhe number of switches in the network, whether one or many

Jhis is the default VJP configuration on the switch:

a. Issue the $ command in order to create VLANs.

Issue the  $ command in order to verify the VLAN configuration.

% $  12·

?  ?

!--- Output suppressed.

 ? a? ? ? ? ? ?? ?  ?

 ? a? ? ? ? ?

Complete these steps in order to create a VLAN.

1. Decide whether to use VJP in your network.

èÑ(show vtp status?

!--- This is the default mode.

Issue the  $ command in order to check the VLAN information.

!--- You must enter into VLAN database in order to

!--- You can skip this command if the switch is already

?Ñ ? ?

!--- Output suppressed.

? a   ? ? ??

!--- These commands assign interface Fast Ethernet to

!--- These commands assign interface Fast Ethernet to

!--- This saves the configuration.

% $  12·

? a   ? ? ??

!--- These two commands remove interface Fast Ethernet

!--- · Fast Ethernet is added back to the default

!--- This command removes the VLAN from the database.

!--- Output suppressed.

èÑ(show interfaces fastethernet 0/?

!--- Output suppressed.

 6"12·  

·  Jhese are the limitations to the implementation of multi-VLAN port features:

1. Determine which port to configure as a multi-VLAN port.

25. Issue the  

? a   ? ? ??

!--- The management IP address is assigned to VLAN à.

!--- You can ping the router from VLAN à.

? a   ? ? ??

!--- The management IP address is removed from VLAN à.

!--- The management IP address is assigned to VLAN .

c c

& ''(&''' ) ( ''('''

2.

''('''- ''( '''- & ''(&''')

Refer to the ?

show vtp status?

show vtp counters?

!! "# $

a. Issue the $ command in order to create VLANs.

Issue the $ command in order to verify the VLAN configuration.

% $ 12·

? ?

?a? ??? ? ????

?a? ??? ?

èÑ(show vtp status?

Issue the $ command in order to check the VLAN information.

?Ñ ??

?a ????

% $ 12·

?a ????

èÑ(show interfaces fastethernet 0/?

6"12·

· Jhese are the limitations to the implementation of multi-VLAN port features:

25. Issue the

?a ????

?a ????

Jhe $! command shows the VJP information in the switch.

show vtp status?

1. Issue the $ command in order to check the VLAN information.

31. Issue the $ command in order to configure a VLAN.

a interface gigabitethernet /1?

Issue the (

show interface gigabitethernet /1 switchport?

Issue the (

show interfaces gigabitethernet /1 trunk?

?? ?? ??

a interface gigabitethernet /1?

show interfaces gigabitethernet /1 trunk?

?? ?? ??

26! 12·

?a ????

In order to verify, issue the $ or $" command.

show vlan brief?

Õ = 12·

= 1.12·

= 1/12·

Õ +3%12·& ''

6. Enter the !"3" command in configuration mode:

?Ñ??? ?????

% $$;# )

!--- Enter the keyword to allocate internal VLANs

# 12· !"

&

[??? ?a ?a

=9!% $; )

?a? ?

12· #12·''/!12·+

?a ????

!! "# $

½ î ?'(?#%? ?"?) $

½ î ?'(?#%? ?"?) $

%$ ·

½ ²Jhe format for this is 0x02 for subset advertisement.

½ ²Jhe format for this is 0x03 for an advertisement request.

= 9 !?

!! "# $