Introduction
This is an example of configuring a switch with three VLANs (VLAN1 default name VLAN10 VLAN20 faculty and student name). When you configure VLANs, you must know first that they are on separate broadcast domains, i.e., are separated from each network and not simply data-link, as if all hosts on different VLANs to be on a different interface a router, in fact, each VLAN is a network address or subnet different. So, for example, all hosts connected to VLAN10 faculty can communicate with each other, but not with the hosts VLAN20 student or with hosts connected to VLAN1.
Warning: because VLANs can communicate, you must put a router in such a way that routing protocols to handle communication between different VLANs.
This command lets you create VLANs, we will put only two: “VLAN10 ‘and’ VLANs 20″ because VLAN1 is already present and is not added, in fact, that is the management VLANs are assigned to which all ports when has a default configuration in the switch, VLAN that can not be erased and is always present in the switch:
Switch # vlan database
Switch (vlan) # vlan 10 name Faculty
Switch (vlan) # vlan 20 name Student
This command sets the domain name “Group1″
Switch (vlan) # vtp domain Group1
Without this we assign the gateway for the VLAN if it is connected to a router or gateway device that face:
Switch (config) # ip default-gateway 172.16.1.1
Now enter in the configuration of VLAN1 specify the address to the VLAN Management, the latter will be used if we manage the switch remotely:
Switch (config) # interface vlan 1
Switches (config-if) # ip address 172.16.1.2 255.255.255.0
Now assign the switch ports to VLANs, assign port Fa0 / 5 and Fa0 / 6 to VLAN 10 faculty and ports Fa0 / 7 and Fa0 / 8 to VLAN20 student, the remaining ports (FA0 / 1, Fa0 / 2, FA0 / 3, Fa0 / 4) not assigned to any VLAN management will remain in VLAN1.
Switch (config) # interface Fa0 / 5
Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan 10
Switch (config) # interface Fa0 / 6
Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan 10
Switch (config) # interface Fa0 / 7
Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan 20
Switch (config) # interface Fa0 / 8
Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan 20
Port Security
For those who need to ensure that on each switch port can only stand at a machine with mac address fixed-port-security setting. When you configure Port Security on a Switch or more specific ports, these will be subject to our rules we make for example to expire after reading a mac-address different than usual.
These following commands let you set the number of attempts in which a new mac-address can connect to the switch port, after which the violation of this number means that the port goes into shutdown. These commands are given in the interface that you want to apply this rule.
Switch (config-if) # switchport port-security maximum 1
Switch (config-if) # switchport port-security violation shutdown
Warning: the first mac-address that is read after entering the command and the mac-address identified as “good”, then once you find a mac-address different from this port will indeed be subject to Port Security.