Skip to content
TEQcloud Knowledge base

VLANs and Trunking

VLANs segment a network into separate broadcast domains - like creating virtual switches within one physical switch.

Why Use VLANs?

Section titled “Why Use VLANs?”

You need VLANs when:

  • You want to separate departments (Sales, IT, Guest) for security
  • You need to reduce broadcast traffic on large networks
  • You want to group devices logically regardless of physical location
  • You need to apply different security policies to different groups

Create VLAN

Section titled “Create VLAN”
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit


Switch(config)# vlan 20
Switch(config-vlan)# name Engineering
Switch(config-vlan)# exit

Parameters:

  • 10, 20 - VLAN numbers. Can be 1-4094 (VLAN 1 is default and cannot be deleted).
  • Sales, Engineering - VLAN names. Replace with descriptive names for your organization (optional but recommended).

Assign Port to VLAN

Section titled “Assign Port to VLAN”
Switch(config)# interface FastEthernet0/5
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10

Parameters:

  • FastEthernet0/5 - Replace with the port number where your device is connected.
  • 10 - VLAN number. Replace with your desired VLAN.

Delete VLAN

Section titled “Delete VLAN”
Switch(config)# no vlan 10

Delete all VLANs (reset to default):

Switch# delete vlan.dat
Switch# reload

Trunk Configuration

Section titled “Trunk Configuration”

When to use: Trunk ports are used to connect switches together or connect switches to routers. They carry traffic for multiple VLANs over a single cable.

Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30

Parameters:

  • GigabitEthernet0/1 - Replace with the port connecting to another switch or router.
  • 10,20,30 - VLAN list. Replace with your VLANs (or use all to allow all VLANs).

VTP (VLAN Trunking Protocol)

Section titled “VTP (VLAN Trunking Protocol)”

When to use: VTP is useful in large networks with many switches. Instead of configuring the same VLANs on every switch manually, you configure them once on the VTP server and they propagate automatically.

Warning: VTP can accidentally delete all your VLANs if a switch with a higher revision number joins your network. Many admins prefer VTP transparent mode to avoid this risk.

VTP Server (creates and modifies VLANs):

Switch(config)# vtp mode server
Switch(config)# vtp domain DOMAIN
Switch(config)# vtp version 2
Switch(config)# vtp password SecureVTP123

Parameters:

  • DOMAIN - VTP domain name. Replace with any name (all switches in the domain must use the same name).
  • 2 - VTP version. Can be 1, 2, or 3 (version 2 is most common).
  • SecureVTP123 - VTP password. Replace with any password (all switches must use the same password).

VTP Client (receives VLAN info, cannot create VLANs):

Switch(config)# vtp mode client
Switch(config)# vtp domain DOMAIN
Switch(config)# vtp version 2
Switch(config)# vtp password SecureVTP123

Note: Client switches automatically receive VLAN configurations from the server. They cannot create, modify, or delete VLANs locally.

VTP Transparent (ignores VTP, passes VTP updates through):

Switch(config)# vtp mode transparent
Switch(config)# vtp domain DOMAIN

Note: Use transparent mode when you want full control over VLANs on this specific switch. The switch will ignore VTP updates but will forward them to other switches. This is the safest mode and is commonly used.

VTP Mode Summary:

  • Server: Can create/modify/delete VLANs, sends updates to others
  • Client: Receives VLAN info automatically, cannot make changes
  • Transparent: Manages VLANs locally, ignores VTP (recommended for most scenarios)

STP (Spanning Tree Protocol)

Section titled “STP (Spanning Tree Protocol)”

When to use: STP is automatically enabled on all Cisco switches. You need to configure it when you have redundant links between switches (for backup) or want to control which switch is the “root” of the spanning tree.

Why it matters: Without STP, having redundant connections between switches would create broadcast storms that crash your network. STP blocks redundant paths automatically.

Force a switch to be root bridge:

The root bridge is the “center” of your network. All path decisions are made relative to the root. You typically want your most powerful core switch to be the root.

Switch(config)# spanning-tree vlan 1 priority 4096

Parameters:

  • 1 - VLAN number. Replace with your VLAN.
  • 4096 - Priority value. Must be in increments of 4096 (0, 4096, 8192, 12288, etc.). Lower = more likely to become root.

Quick root bridge command:

Switch(config)# spanning-tree vlan 1 root primary

This automatically sets a priority low enough to become root.

PortFast (for access ports only):

When to use: On ports connecting to end devices (PCs, printers, servers). Speeds up the time it takes for the port to start forwarding traffic (skips the 30-second STP delay).

Switch(config-if)# spanning-tree portfast

Enable globally on all access ports:

Switch(config)# spanning-tree portfast default

⚠️ Never use PortFast on trunk ports or ports connected to other switches - it will create loops and crash your network.

BPDU Guard (security):

When to use: Always use BPDU Guard with PortFast. If someone plugs an unauthorized switch into a PortFast port, BPDU Guard shuts down the port immediately.

Switch(config-if)# spanning-tree bpduguard enable

Note: This prevents users from plugging in rogue switches that could disrupt your network.

Verify Configuration

Section titled “Verify Configuration”
Switch# show vlan brief
Switch# show vlan id 10
Switch# show interfaces trunk
Switch# show vtp status
Switch# show vtp counters
Switch# show spanning-tree
Switch# show spanning-tree vlan 1
Switch# show spanning-tree summary