A virtual LAN (VLAN) is an administratively defined broadcast domain logically segmented by function, team, or application that enhances performance by limiting traffic to stations in the same VLAN; traffic to other VLANs is blocked. By default, a switch is configured with a single VLAN that contains only static-access ports. With the VLAN Membership window, you can:
Note: You cannot use this window to assign ATM ports to VLANs; see the Catalyst 2900 Series ATM Modules Install and Configure Guide for CLI instructions.
By default, all ports are static-access ports assigned to VLAN 1. If you change the VLAN ID, use VLAN IDs in the range of 1 to 1001. Four VLAN IDs are reserved, 1002 to 1005.
Static access ports cannot be assigned to multiple VLANs, so if you plan to move a port connection from one switch to another, configure the port for dynamic VLAN membership or as a trunk port to avoid reconfiguring it.
On Catalyst 2912MF, 2924M, and 3500 XL series switches, you can configure up to 250 port-based VLANs and up to 64 instances of the Spanning-Tree Protocol (see STP Membership). On other Catalyst 2900, 1900, and 2820 switches, you can create up to 64 port-based VLANs.
Note: Before you assign ports to a VLAN, you must first create the VLAN (select VLAN > VTP Management) and decide whether to use VLAN Trunking Protocol (see VTP Management for details).
To assign static-access ports to a different VLAN:
Dynamic-access ports function as the VLAN Query protocol (VQP) client that queries the VLAN Membership Policy Server (VMPS). Assign dynamic-access ports to only one VLAN and connect them only to end stations. Be sure to configure the network so that STP does not put the dynamic-access port into an STP blocking state (see Spanning-Tree Protocol for details).
You must configure the VMPS server before you configure dynamic ports (see VMPS Configuration for details).
You cannot configure dynamic-access ports as:
Caution: To avoid loss of connectivity, do not connect dynamic-access ports to switches or routers running bridging protocols.
To assign a dynamic-access port to a VLAN:
Note: Be sure the VMPS server is configured before you start this procedure (see VMPS Configuration for details).
A multi-VLAN port can belong to more than one VLAN, which creates overlapping VLANs. Only ports connected to routers or servers should be defined as multi-VLAN ports. When the multi-VLAN port is connected to a router, all traffic is forwarded within the boundaries of the VLANs, but the two (or more) VLANs establish connectivity through the router.
A multi-VLAN port functions normally in all its VLANs. For example, when an unknown MAC address is received on a multi-VLAN port, it is learned by all VLANs in which the port is a member. Multi-VLAN ports also respond to the STP messages generated by the different instance of STP in each VLAN. Because the multi-VLAN port is a member of more than one VLAN, flooded traffic received from the multi-VLAN port is forwarded to ports in all VLANs assigned to the multi-VLAN port, unless the VLAN is pruned (see Configuring Trunk Ports).
Caution: To avoid loss of connectivity, do not connect multi-VLAN ports to hubs or switches.
To assign a multi-VLAN port to a VLAN:
To display port members of a VLAN:
A trunk is a point-to-point link between two switches or between switches and routers. Trunks carry the traffic of multiple VLANs and extend VLANs from one switch to another.
You can configure two types of trunk ports: ISL and IEEE 802.1Q. On ISL trunk ports, the switch encapsulates all received and transmitted packets with an ISL header, and it filters native frames received from an ISL trunk port. On an 802.1Q trunk port, the switch receives both untagged traffic and traffic containing 802.1Q tags.
Follow these guidelines when configuring a trunk port:
To configure a trunk port:
The Per VLAN Spanning Tree+ (PVST+) protocol is automatically enabled on 802.1Q trunks. This protocol ensures interoperability between Cisco devices that implement one spanning-tree instance per VLAN (PVST) and devices that implement one spanning tree for all VLANs in the network (specified in the IEEE 802.1 standard). By default, the switch forwards untagged traffic with the native VLAN configured for the port.
Disabling STP on the native VLAN of an 802.1Q trunk or disabling STP on any VLAN in the network can cause STP loops. Cisco recommends that you leave STP enabled on the native VLAN of an 802.1Q trunk, or disable STP on every VLAN in the network (see Spanning Tree Protocol).
Trunk ports are automatically assigned to all VLANs in the VTP domain where the switch is a member. To restrict the VLAN membership for a trunk port:
VLAN information is advertised to network devices by means of the VLAN Trunk Protocol (VTP). To save network bandwidth, VTP prunes to protect VLANs from unnecessary traffic. If you create a new trunk on a switch that belongs to a VTP domain where pruning is in effect, pruning is automatically enabled. If the trunk is created in a VTP domain where pruning is not in effect, pruning is disabled.
All VLANs are placed on a Pruning Eligibility list so pruning will occur if it is in effect. However, in some network configurations, pruning will block VLAN traffic to ports that need it. Pruning should not occur in these VLANs. To disable pruning on a VLAN, you must remove the VLAN from the Pruning Eligibility list.
To remove a VLAN from the Pruning Eligibility list: