Get Support

Archive

HomeKB Article
December 5, 2023by Sumith Ragu

How to Add a VLAN to an Interface on a Cisco Switch

A VLAN (Virtual Local Area Network) is a logical grouping of devices that share the same broadcast domain. VLANs can improve network performance, security, and management by separating different types of traffic or users. To assign a switch port to a VLAN, you need to configure the port as either an access port or a trunk port. An access port can carry traffic for only one VLAN, while a trunk port can carry traffic for multiple VLANs.

Prerequisites

Before you begin, make sure that you have the following:

  • A Cisco switch that supports VLANs and trunking.
  • A console cable or a Telnet/SSH connection to the switch.
  • The VLAN ID and name that you want to create and assign to the port.
  • The port number and mode (access or trunk) that you want to configure.

Steps

  1. Log in to the switch and enter privileged EXEC mode. You can do this by typing enable and entering the enable password if prompted.

  2. Enter global configuration mode by typing configure terminal.

  3. Create the VLAN that you want to use by typing vlan vlan-id, where vlan-id is a number between 1 and 4094. For example, to create VLAN 10, type vlan 10.

  4. Optionally, assign a name to the VLAN by typing name vlan-name, where vlan-name is a descriptive name for the VLAN. For example, to name VLAN 10 as Sales, type name Sales.

  5. Exit VLAN configuration mode by typing exit.

  6. Select the interface that you want to assign to the VLAN by typing interface interface-id, where interface-id is the name of the interface. For example, to select FastEthernet 0/1, type interface fastethernet 0/1.

  7. Configure the interface as an access port or a trunk port by typing switchport mode mode, where mode is either access or trunk. For example, to configure the interface as an access port, type switchport mode access.

  8. If you configured the interface as an access port, assign it to the VLAN by typing switchport access vlan vlan-id, where vlan-id is the VLAN number that you created in step 3. For example, to assign the interface to VLAN 10, type switchport access vlan 10.

  9. If you configured the interface as a trunk port, you can optionally specify which VLANs are allowed or not allowed on the trunk by typing switchport trunk allowed vlan {add | all | except | remove | none} vlan-list, where vlan-list is a comma-separated list of VLAN numbers or ranges. For example, to allow only VLANs 10 and 20 on the trunk, type switchport trunk allowed vlan 10,20.

  10. Exit interface configuration mode by typing exit.

  11. Save the configuration by typing copy running-config startup-config.

Verification

To verify that the interface is assigned to the VLAN, you can use the following commands:

  • show vlan – This command displays information about the VLANs on the switch, such as the VLAN ID, name, status, and ports.
  • show interfaces switchport – This command displays information about the switchport configuration of the interfaces, such as the mode, access VLAN, trunk VLANs, and encapsulation.
  • show mac address-table – This command displays the MAC address table of the switch, which shows the MAC addresses and VLANs of the devices connected to the switch.

Example

The following example shows how to create VLAN 10 and VLAN 20, name them as Sales and Marketing, and assign FastEthernet 0/1 to VLAN 10 as an access port and FastEthernet 0/2 to VLAN 20 as a trunk port that allows only VLANs 10 and 20.

 

Switch> enable
Switch# configure terminal
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name Marketing
Switch(config-vlan)# exit
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# exit
Switch(config)# interface fastethernet 0/2
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# exit
Switch(config)# copy running-config startup-config

 

 

Read More
March 9, 2022by klowdadmin

APC UPS zero-day bugs can remotely burn out devices, disable power

Vulnerability

A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.

The flaws affect APC Smart-UPS systems that are popular in a variety of activity sectors, including governmental, healthcare, industrial, IT, and retail.

Mitigation recommendations

  1. Install the patches available on the Schneider Electric website
  2. If you are using the NMC, change the default NMC password (“apc”) and install a publicly-signed SSL certificate so that an attacker on your network will not be able to intercept the new password. To further limit the attack surface of your NMC, refer to the Schneider Electric Security Handbook for NMC 2 and NMC 3.
  3. Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.
Armis published Technical Whitepaper
 
Still Need Help? Open a Ticket

Let one of our experienced engineer resolve the issue

Open Ticket
Read More
February 7, 2022by klowdadmin

How to Configure Dynamic NAT on CISCO Routers

This artical covers how to configure dynamic NAT (Network Address Translation) on CISCO Routers.

Steps to configure dynamic NAT using CLI.

  1. Login to the device using SSH / TELNET
  2. Go into the config mode.

    Router#configure terminal

  3. Configure the router’s inside interface

    Router(config)#interface fa0/0

    Router(config-if)#ip nat inside

    Router(config-if)#exit

  4. Configure the router’s outside interface

    Router(config)#interface eth0/0/0

    Router(config-if)#ip nat outside

    Router(config-if)#exit

  5. Configure an ACL that has a list of the inside source addresses that will be translated.

    Router(config)#access-list 1 permit 192.168.0.0 0.0.0.255


    Configure the pool of global IP addresses

    Router(config)#ip nat pool POOL01 4.4.4.1 4.4.4.5 netmask 255.255.255.0

    NOTE: The pool configured above consists of 5 addresses: 4.4.4.1, 4.4.4.2, 4.4.4.3, 4.4.4.4, and 4.4.4.5.

  6. Enable dynamic NAT

    Router(config)#ip nat inside source list 1 pool POOL01

    NOTE: The command above instructs the router to translate all addresses specified in the access list 1 to the pool of global addresses called POOL01.

  7. Exit config mode

    Router(config)#exit

  8. Copy the running configuration into startup configuration using following command

    Router#write memory

    Building configuration... [OK]

 

Still Need Help? Open a Ticket

Let one of our experienced engineer resolve the issue

Open Ticket
Read More
February 6, 2022by klowdadmin

Configuring VLAN on Cisco IOS Switch

This article covers how to configure VLAN on CISCO Switches.

  1. First look at the default VLAN Configuration

    Swtich#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/22
                                                Fa0/23, Fa0/24, Gi0/1, Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup


  2.  Create a new VLAN

    Switch(config)#vlan 50
Switch(config-vlan)#name VLANNAME
Switch(config-vlan)#exit
    Replace VLANNAME with the name of your VLAN
  3. Check the newly created VLAN

    SW1#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15,
                                                Fa0/23, Fa0/24, Gi0/1, Gi0/2
50   Newvlan                          active
  4. Now VLAN 50 has been created. Now you need to associate VLAN to the network ports. 

    Switch(config)interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50

Switch(config)interface fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50
  5. Check VLAN port association

    SW1#show vlan 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10,, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15,
                                                Fa0/23, Fa0/24, Gi0/2

50   NEWVLAN                         active    Fa0/1, Fa0/2
      
Still Need Help? Open a Ticket

Let one of our experienced engineer resolve the issue

Open Ticket
Read More
Klowdesk

Klowdesk is a Remote Tech Support service connecting top IT Engineers from around the world with Businesses requiring IT Support on demand.

 
Instagram Linkedin-in Twitter Facebook-f

Contacts

 [email protected]

Company

Privacy

Your privacy is important to us

We do not share or sell your data to third parties. We use cookies and other third-party technologies to improve our website and services.

© 2022 — Klowdesk Inc All Rights Reserved.