VLAN Configuration Guide, Cisco IOS Release 15.

2(7)Ex (Catalyst 1000

Switches)
First Published: 2019-12-25

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
© 2019 Cisco Systems, Inc. All rights reserved.
 CONTENTS

CHAPTER 1 Configuring VTP 1

Prerequisites for VTP 1

Restrictions for VTP 2
Information About VTP 2
VTP 2
VTP Domain 2
VTP Modes 3
VTP Advertisements 4
VTP Version 2 5

VTP Version 3 5

VTP Pruning 6
VTP Configuration Guidelines 6
VTP Configuration Requirements 6
VTP Settings 6
Domain Names for Configuring VTP 7
Passwords for the VTP Domain 7
VTP Version 7
Default VTP Configuration 8
How to Configure VTP 9
Configuring VTP Mode 9
Configuring a VTP Version 3 Password 11

Configuring a VTP Version 3 Primary Server 12

Enabling the VTP Version 12

Enabling VTP Pruning 14

Configuring VTP on a Per-Port Basis 15

Adding a VTP Client Switch to a VTP Domain 16

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
iii
 Contents

Monitoring VTP 18
Configuration Examples for VTP 19
Example: Configuring a Switch as the Primary Server 19
Example: Configuring Switch as VTP Server 19
Example: Enabling VTP on the Interface 19
Example: Creating the VTP Password 20
Feature History for VTP 20

CHAPTER 2 Configuring VLAN 21

Prerequisites for VLANs 21

Restrictions for VLANs 21
Information About VLANs 21
Logical Networks 21
Supported VLANs 22
VLAN Port Membership Modes 22
VLAN Configuration Files 23
Normal-Range VLAN Configuration Guidelines 24
Extended-Range VLAN Configuration Guidelines 24
Default Ethernet VLAN Configuration 25
Default VLAN Configuration 25
How to Configure VLANs 26
Configuring Normal-Range VLANs 26
Creating or Modifying an Ethernet VLAN 26
Deleting a VLAN 28
Assigning Static-Access Ports to a VLAN 29

Configuring Extended-Range VLANs 30

Creating an Extended-Range VLAN 30
Monitoring VLANs 32
Configuration Examples 32
Example: Creating a VLAN Name 32
Example: Configuring a Port as Access Port 32
Example: Creating an Extended-Range VLAN 33
Feature History for VLAN 33

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
iv
 Contents

CHAPTER 3 Configuring VLAN Trunks 35

Prerequisites for VLAN Trunks 35

Information About VLAN Trunks 36
Trunking Overview 36
Trunking Modes 36
Layer 2 Interface Modes 36
Allowed VLANs on a Trunk 37
Load Sharing on Trunk Ports 37
Network Load Sharing Using STP Priorities 37
Network Load Sharing Using STP Path Cost 37
Feature Interactions 38
Default Layer 2 Ethernet Interface VLAN Configuration 38
How to Configure VLAN Trunks 38
Configuring an Ethernet Interface as a Trunk Port 39
Configuring a Trunk Port 39

Defining the Allowed VLANs on a Trunk 41

Changing the Pruning-Eligible List 42

Configuring the Native VLAN for Untagged Traffic 43

Configuring Trunk Ports for Load Sharing 45

Configuring Load Sharing Using STP Port Priorities 45

Configuring Load Sharing Using STP Path Cost 48

Configuration Examples for VLAN Trunking 50

Example: Configuring a Trunk Port 50
Example: Removing a VLAN from a Port 51
Feature History for VLAN Trunks 51

CHAPTER 4 Configuring Voice VLAN 53

Prerequisites for Voice VLANs 53

Restrictions for Voice VLANs 53
Information About Voice VLAN 54
Voice VLANs 54
Cisco IP Phone Voice Traffic 54
Cisco IP Phone Data Traffic 54

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
v
Contents

Voice VLAN Configuration Guidelines 55

Default Voice VLAN Configuration 56
How to Configure Voice VLAN 56
Configuring Cisco IP Phone Voice Traffic 56
Monitoring Voice VLAN 58
Configuration Examples 58
Example: Configuring Cisco IP Phone Voice Traffic 58
Feature History for Voice VLAN 59

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
vi
 CHAPTER 1
Configuring VTP
• Prerequisites for VTP, on page 1
• Restrictions for VTP, on page 2
• Information About VTP, on page 2
• How to Configure VTP, on page 9
• Monitoring VTP, on page 18
• Configuration Examples for VTP, on page 19
• Feature History for VTP, on page 20

Prerequisites for VTP

Before you create VLANs, you must decide whether to use the VLAN Trunking Protocol (VTP) in your
network. Using VTP, you can make configuration changes centrally on one or more switches and have those
changes automatically communicated to all the other devices in the network. Without VTP, you cannot send
information about VLANs to other switches.
VTP is designed to work in an environment where updates are made on a single switch and are sent through
VTP to other switches in the domain. It does not work well in a situation where multiple updates to the VLAN
database occur simultaneously on switches in the same domain, which would result in an inconsistency in the
VLAN database.
The switch supports a total of 256 VLANs. If the switch is notified by VTP of a new VLAN and the switch
is already using the maximum available hardware resources, it sends a message that there are not enough
hardware resources available and shuts down the VLAN. The output of the show vlan user EXEC command
shows the VLAN in a suspended state.
Because trunk ports send and receive VTP advertisements, you must ensure that at least one trunk port is
configured on the switch and that this trunk port is connected to the trunk port of another switch. Otherwise,
the switch cannot receive any VTP advertisements.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
1
 Configuring VTP
Restrictions for VTP

Restrictions for VTP

Note Before adding a VTP client switch to a VTP domain, always verify that its VTP configuration revision number
is lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP
domain always use the VLAN configuration of the switch with the highest VTP configuration revision number.
If you add a switch that has a revision number higher than the revision number in the VTP domain, it can
erase all VLAN information from the VTP server and VTP domain.

The following are restrictions for configuring VTPs:

• It is normal to have approximately 10 access interfaces or 5 trunk interfaces to flap simultaneously with
negligible impact to CPU utilization. If there are more interfaces that flap simultaneously, then CPU
usage may be excessively high.

Information About VTP

VTP
VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the
addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and
configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect
VLAN-type specifications, and security violations.
VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005). VTP version 3
supports the entire VLAN range (VLANs 1 to 4094). Extended range VLANs (VLANs 1006 to 4094) are
supported only in VTP version 3.
You cannot convert from VTP version 3 to VTP version 2 if extended VLANs are configured in the domain.

VTP Domain
A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected
switches under the same administrative responsibility sharing the same VTP domain name. A switch can be
in only one VTP domain. You make global VLAN configuration changes for the domain.
By default, the switch is in the VTP no-management-domain state until it receives an advertisement for a
domain over a trunk link (a link that carries the traffic of multiple VLANs) or until you configure a domain
name. Until the management domain name is specified or learned, you cannot create or modify VLANs on a
VTP server, and VLAN information is not propagated over the network.
If the switch receives a VTP advertisement over a trunk link, it inherits the management domain name and
the VTP configuration revision number. The switch then ignores advertisements with a different domain name
or an earlier configuration revision number.
When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches
in the VTP domain. VTP advertisements are sent over all IEEE trunk connections, including IEEE 802.1Q.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
2
 Configuring VTP
VTP Modes

VTP dynamically maps VLANs with unique names and internal index associates across multiple LAN types.
Mapping eliminates excessive device administration required from network administrators.
If you configure a switch for VTP transparent mode, you can create and modify VLANs, but the changes are
not sent to other switches in the domain, and they affect only the individual switch. However, configuration
changes made when the switch is in this mode are saved in the switch running configuration and can be saved
to the switch startup configuration file.

VTP Modes
Table 1: VTP Modes

VTP Mode Description

VTP server In VTP server mode, you can create, modify, and
delete VLANs, and specify other configuration
parameters (such as the VTP version) for the entire
VTP domain. VTP servers advertise their VLAN
configurations to other switches in the same VTP
domain and synchronize their VLAN configurations
with other switches based on advertisements received
over trunk links.
VTP server is the default mode.
In VTP server mode, VLAN configurations are saved
in NVRAM. If the switch detects a failure while
writing a configuration to NVRAM, VTP mode
automatically changes from server mode to client
mode. If this happens, the switch cannot be returned
to VTP server mode until the NVRAM is functioning.

VTP client A VTP client functions like a VTP server and

transmits and receives VTP updates on its trunks, but
you cannot create, change, or delete VLANs on a VTP
client. VLANs are configured on another switch in
the domain that is in server mode.
In VTP versions 1 and 2 in VTP client mode, VLAN
configurations are not saved in NVRAM. In VTP
version 3, VLAN configurations are saved in NVRAM
in client mode.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
3
 Configuring VTP
VTP Advertisements

VTP Mode Description

VTP transparent VTP transparent switches do not participate in VTP.

A VTP transparent switch does not advertise its
VLAN configuration and does not synchronize its
VLAN configuration based on received
advertisements. However, in VTP version 2 or version
3, transparent switches do forward VTP
advertisements that they receive from other switches
through their trunk interfaces. You can create, modify,
and delete VLANs on a switch in VTP transparent
mode.
When the switch is in VTP transparent mode, the VTP
and VLAN configurations are saved in NVRAM, but
they are not advertised to other switches. In this mode,
VTP mode and domain name are saved in the switch
running configuration, and you can save this
information in the switch startup configuration file
by using the copy running-config startup-config
privileged EXEC command.

VTP off A switch in VTP off mode functions in the same

manner as a VTP transparent switch, except that it
does not forward VTP advertisements on trunks.

VTP Advertisements
Each switch in the VTP domain sends periodic global configuration advertisements from each trunk port to
a reserved multicast address. Neighboring switches receive these advertisements and update their VTP and
VLAN configurations as necessary.
VTP advertisements distribute this global domain information:
• VTP domain name
• VTP configuration revision number
• Update identity and update timestamp
• MD5 digest VLAN configuration, including maximum transmission unit (MTU) size for each VLAN
• Frame format

VTP advertisements distribute this VLAN information for each configured VLAN:
• VLAN IDs (including IEEE 802.1Q)
• VLAN name
• VLAN type
• VLAN state
• Additional VLAN configuration information specific to the VLAN type

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
4
 Configuring VTP
VTP Version 2

In VTP version 3, VTP advertisements also include the primary server ID, an instance number, and a start
index.

VTP Version 2
If you use VTP in your network, you must decide which version of VTP to use. By default, VTP operates in
version 1.
VTP version 2 supports these features that are not supported in version 1:
• Token Ring support—VTP version 2 supports Token Ring Bridge Relay Function (TrBRF) and Token
Ring Concentrator Relay Function (TrCRF) VLANs.
• Unrecognized Type-Length-Value (TLV) support—A VTP server or client propagates configuration
changes to its other trunks, even for TLVs it is not able to parse. The unrecognized TLV is saved in
NVRAM when the switch is operating in VTP server mode.
• Version-Dependent Transparent Mode—In VTP version 1, a VTP transparent switch inspects VTP
messages for the domain name and version and forwards a message only if the version and domain name
match. Although VTP version 2 supports only one domain, a VTP version 2 transparent switch forwards
a message only when the domain name matches.
• Consistency Checks—In VTP version 2, VLAN consistency checks (such as VLAN names and values)
are performed only when you enter new information through the CLI or SNMP. Consistency checks are
not performed when new information is obtained from a VTP message or when information is read from
NVRAM. If the MD5 digest on a received VTP message is correct, its information is accepted.

VTP Version 3
VTP version 3 supports these features that are not supported in version 1 or version 2:
• Enhanced authentication—You can configure the authentication as hidden or secret. When hidden, the
secret key from the password string is saved in the VLAN database file, but it does not appear in plain
text in the configuration. Instead, the key associated with the password is saved in hexadecimal format
in the running configuration. You must reenter the password if you enter a takeover command in the
domain. When you enter the secret keyword, you can directly configure the password secret key.
• Support for extended range VLAN (VLANs 1006 to 4094) database propagation—VTP versions 1 and
2 propagate only VLANs 1 to 1005.

Note VTP pruning still applies only to VLANs 1 to 1005, and VLANs 1002 to 1005
are still reserved and cannot be modified.

• Support for any database in a domain—In addition to propagating VTP information, version 3 can
propagate Multiple Spanning Tree (MST) protocol database information. A separate instance of the VTP
protocol runs for each application that uses VTP.
• VTP primary server and VTP secondary servers—A VTP primary server updates the database information
and sends updates that are honored by all devices in the system. A VTP secondary server can only back
up the updated VTP configurations received from the primary server to its NVRAM.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
5
 Configuring VTP
VTP Pruning

By default, all devices come up as secondary servers. You can enter the vtp primary privileged EXEC
command to specify a primary server. Primary server status is only needed for database updates when
the administrator issues a takeover message in the domain. You can have a working VTP domain without
any primary servers. Primary server status is lost if the device reloads or domain parameters change,
even when a password is configured on the switch.

VTP Pruning
VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the
traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast,
and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might
discard them. VTP pruning is disabled by default.
VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible
list. Only VLANs included in the pruning-eligible list can be pruned. By default, VLANs 2 through 1001 are
pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues.
VTP pruning is supported in all VTP versions.
With VTP versions 1 and 2, when you enable pruning on the VTP server, it is enabled for the entire VTP
domain. In VTP version 3, you must manually enable pruning on each switch in the domain. Making VLANs
pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on
all switches in the VTP domain).
VTP pruning takes effect several seconds after you enable it. VTP pruning does not prune traffic from VLANs
that are pruning-ineligible. VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from
these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs higher than 1005) are also
pruning-ineligible.

VTP Configuration Guidelines

VTP Configuration Requirements
When you configure VTP, you must configure a trunk port so that the switch can send and receive VTP
advertisements to and from other switches in the domain.

VTP Settings
The VTP information is saved in the VTP VLAN database. When VTP mode is transparent, the VTP domain
name and mode are also saved in the switch running configuration file, and you can save it in the switch
startup configuration file by entering the copy running-config startup-config privileged EXEC command.
You must use this command if you want to save VTP mode as transparent, even if the switch resets.
When you save VTP information in the switch startup configuration file and reboot the switch, the switch
configuration is selected as follows:
• If the VTP mode is transparent in the startup configuration and the VLAN database and the VTP domain
name from the VLAN database matches that in the startup configuration file, the VLAN database is
ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The
VLAN database revision number remains unchanged in the VLAN database.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
6
 Configuring VTP
Domain Names for Configuring VTP

• If the VTP mode or domain name in the startup configuration do not match the VLAN database, the
domain name and VTP mode and configuration for VLAN IDs 1 to 1005 use the VLAN database
information.

Domain Names for Configuring VTP

When configuring VTP for the first time, you must always assign a domain name. You must configure all
switches in the VTP domain with the same domain name. Switches in VTP transparent mode do not exchange
VTP messages with other switches, and you do not need to configure a VTP domain name for them.

Note If the NVRAM and DRAM storage is sufficient, all switches in a VTP domain should be in VTP server mode.

Caution Do not configure a VTP domain if all switches are operating in VTP client mode. If you configure the domain,
it is impossible to make changes to the VLAN configuration of that domain. Make sure that you configure at
least one switch in the VTP domain for VTP server mode.

Passwords for the VTP Domain

You can configure a password for the VTP domain, but it is not required. If you do configure a domain
password, all domain switches must share the same password and you must configure the password on each
switch in the management domain. switches without a password or with the wrong password reject VTP
advertisements.
If you configure a VTP password for a domain, a switch that is booted without a VTP configuration does not
accept VTP advertisements until you configure it with the correct password. After the configuration, the switch
accepts the next VTP advertisement that uses the same password and domain name in the advertisement.
If you are adding a new switch to an existing network with VTP capability, the new switch learns the domain
name only after the applicable password has been configured on it.

Caution When you configure a VTP domain password, the management domain does not function properly if you do
not assign a management domain password to each switch in the domain.

VTP Version
Follow these guidelines when deciding which VTP version to implement:
• All switches in a VTP domain must have the same domain name, but they do not need to run the same
VTP version.
• A VTP version 2-capable switch can operate in the same VTP domain as a switch running VTP version
1 if version 2 is disabled on the version 2-capable switch (version 2 is disabled by default).
• If a switch running VTP version 1, but capable of running VTP version 2, receives VTP version 3
advertisements, it automatically moves to VTP version 2.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
7
 Configuring VTP
Default VTP Configuration

• If a switch running VTP version 3 is connected to a switch running VTP version 1, the VTP version 1
switch moves to VTP version 2, and the VTP version 3 switch sends scaled-down versions of the VTP
packets so that the VTP version 2 switch can update its database.
• A switch running VTP version 3 cannot move to version 1 or 2 if it has extended VLANs.
• Do not enable VTP version 2 on a switch unless all of the switches in the same VTP domain are
version-2-capable. When you enable version 2 on a switch, all of the version-2-capable switches in the
domain enable version 2. If there is a version 1-only switch, it does not exchange VTP information with
switches that have version 2 enabled.
• Cisco recommends placing VTP version 1 and 2 switches at the edge of the network because they do not
forward VTP version 3 advertisements.
• If there are TrBRF and TrCRF Token Ring networks in your environment, you must enable VTP version
2 or version 3 for Token Ring VLAN switching to function properly. To run Token Ring and Token
Ring-Net, disable VTP version 2.
• VTP version 1 and version 2 do not propagate configuration information for extended range VLANs
(VLANs 1006 to 4094). You must configure these VLANs manually on each device. VTP version 3
supports extended-range VLANs and support for extended range VLAN database propagation.
• When a VTP version 3 device trunk port receives messages from a VTP version 2 device, it sends a
scaled-down version of the VLAN database on that particular trunk in VTP version 2 format. A VTP
version 3 device does not send VTP version 2-formatted packets on a trunk unless it first receives VTP
version 2 packets on that trunk port.
• When a VTP version 3 device detects a VTP version 2 device on a trunk port, it continues to send VTP
version 3 packets, in addition to VTP version 2 packets, to allow both kinds of neighbors to coexist on
the same trunk.
• A VTP version 3 device does not accept configuration information from a VTP version 2 or version 1
device.
• Two VTP version 3 regions can only communicate in transparent mode over a VTP version 1 or version
2 region.
• Devices that are only VTP version 1 capable cannot interoperate with VTP version 3 devices.
• VTP version 1 and version 2 do not propagate configuration information for extended range VLANs
(VLANs 1006 to 4094). You must manually configure these VLANs on each device.

Default VTP Configuration

The following table shows the default VTP configuration.

Table 2: Default VTP Configuration

Feature Default Setting

VTP domain name Null

VTP mode (VTP version 1 and version 2) Server

VTP mode (VTP version 3) The mode is the same as the mode in VTP version 1
or 2 before conversion to version 3.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
8
 Configuring VTP
How to Configure VTP

Feature Default Setting

VTP version Version 1

MST database mode Transparent

VTP version 3 server type Secondary

VTP password None

VTP pruning Disabled

How to Configure VTP

Configuring VTP Mode
You can configure VTP mode as one of these:
• VTP server mode: In VTP server mode, you can change the VLAN configuration and have it propagated
throughout the network.
• VTP client mode: In VTP client mode, you cannot change its VLAN configuration. The client switch
receives VTP updates from a VTP server in the VTP domain and then modifies its configuration
accordingly.
• VTP transparent mode: In VTP transparent mode, VTP is disabled on the switch. The switch does not
send VTP updates and does not act on VTP updates received from other switch. However, a VTP
transparent switch running VTP version 2 does forward received VTP advertisements on its trunk links.
• VTP off mode: VTP off mode is the same as VTP transparent mode except that VTP advertisements are
not forwarded.

When you configure a domain name, it cannot be removed; you can only reassign a switch to a different
domain.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
9
 Configuring VTP
Configuring VTP Mode

Command or Action Purpose

Step 3 vtp domain domain-name Configures the VTP administrative-domain
name. The name can be 1 to 32 characters. All
Example:
switches operating in VTP server or client mode
under the same administrative responsibility
Device(config)# vtp domain eng_group
must be configured with the same domain name.
This command is optional for modes other than
server mode. VTP server mode requires a
domain name. If the switch has a trunk
connection to a VTP domain, it learns the
domain name from the VTP server in the
domain.
You should configure the VTP domain before
configuring other VTP parameters.

Step 4 vtp mode {client | server | transparent | off} Configures the switch for VTP mode (client,
{vlan | mst | unknown} server, transparent, or off).
Example: • vlan—The VLAN database is the default
if none are configured.
Device(config)# vtp mode server
• mst—The multiple spanning tree (MST)
database.
• unknown—An unknown database type.

Step 5 vtp password password (Optional) Sets the password for the VTP
domain. The password can be 8 to 64 characters.
Example:
If you configure a VTP password, the VTP
domain does not function properly if you do not
Device(config)# vtp password mypassword
assign the same password to each switch in the
domain.

Step 6 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 7 show vtp status Verifies your entries in the VTP Operating
Mode and the VTP Domain Name fields of the
Example:
display.
Device# show vtp status

Step 8 copy running-config startup-config (Optional) Saves the configuration in the startup
configuration file.
Example:
Only VTP mode and domain name are saved
Device# copy running-config in the switch running configuration and can be
startup-config copied to the startup configuration file.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
10
 Configuring VTP
Configuring a VTP Version 3 Password

Configuring a VTP Version 3 Password

You can configure a VTP version 3 password on the switch.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 vtp version 3 Enables VTP version 3 on the device. The

default is VTP version 1.
Example:

Device(config)# vtp version 3

Step 4 vtp password password [hidden | secret] (Optional) Sets the password for the VTP
domain. The password can be 8 to 64 characters.
Example:
• (Optional) hidden—Saves the secret key
Device(config)# vtp password mypassword generated from the password string in the
hidden nvram:vlan.dat file. If you configure a
takeover by configuring a VTP primary
server, you are prompted to reenter the
password.
• (Optional) secret—Directly configures the
password. The secret password must
contain 32 hexadecimal characters.

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show vtp password Verifies your entries. The output appears like
this:
Example:
VTP password:
Device# show vtp password 89914640C8D90868B6A0D8103847A733

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
11
 Configuring VTP
Configuring a VTP Version 3 Primary Server

Command or Action Purpose

Step 7 copy running-config startup-config (Optional) Saves your entries in the
configuration file.
Example:

Device# copy running-config

startup-config

Configuring a VTP Version 3 Primary Server

When you configure a VTP server as a VTP primary server, the takeover operation starts.

Procedure

Command or Action Purpose

Step 1 vtp version 3 Enables VTP version 3 on the device. The
default is VTP version 1.
Example:

Device(config)# vtp version 3

Step 2 vtp primary [vlan | mst] [force] Changes the operational state of a switch from
a secondary server (the default) to a primary
Example:
server and advertises the configuration to the
domain. If the switch password is configured
Device# vtp primary vlan force
as hidden, you are prompted to reenter the
password.
• (Optional) vlan—Selects the VLAN
database as the takeover feature. This is
the default.
• (Optional) mst—Selects the multiple
spanning tree (MST) database as the
takeover feature.
• (Optional) force—Overwrites the
configuration of any conflicting servers.
If you do not enter force, you are prompted
for confirmation before the takeover.

Enabling the VTP Version

VTP version 2 and version 3 are disabled by default.
• When you enable VTP version 2 on a switch, every VTP version 2-capable switch in the VTP domain
enables version 2. To enable VTP version 3, you must manually configure it on each switch.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
12
Configuring VTP
Enabling the VTP Version

• With VTP versions 1 and 2, you can configure the version only on switches in VTP server or transparent
mode. If a switch is running VTP version 3, you can change to version 2 when the switch is in client
mode if no extended VLANs exist, and no hidden password was configured.

Caution VTP version 1 and VTP version 2 are not interoperable on switches in the same
VTP domain. Do not enable VTP version 2 unless every switch in the VTP domain
supports version 2.

• In TrCRF and TrBRF Token Ring environments, you must enable VTP version 2 or VTP version 3 for
Token Ring VLAN switching to function properly. For Token Ring and Token Ring-Net media, disable
VTP version 2.

Caution In VTP version 3, both the primary and secondary servers can exist on an instance
in the domain.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 vtp version {1 | 2 | 3} Enables the VTP version on the switch. The
default is VTP version 1.
Example:

Device(config)# vtp version 2

Step 4 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 5 show vtp status Verifies that the configured VTP version is
enabled.
Example:

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
13
 Configuring VTP
Enabling VTP Pruning

Command or Action Purpose

Device# show vtp status

Step 6 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

Enabling VTP Pruning

Before you begin
VTP pruning is not designed to function in VTP transparent mode. If one or more switches in the network
are in VTP transparent mode, you should do one of these actions:
• Turn off VTP pruning in the entire network.
• Turn off VTP pruning by making all VLANs on the trunk of the switch upstream to the VTP transparent
switch pruning ineligible.

To configure VTP pruning on an interface, use the switchport trunk pruning vlan interface configuration
command. VTP pruning operates when an interface is trunking. You can set VLAN pruning-eligibility, whether
or not VTP pruning is enabled for the VTP domain, whether or not any given VLAN exists, and whether or
not the interface is currently trunking.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 vtp pruning Enables pruning in the VTP administrative

domain.
Example:
By default, pruning is disabled. You need to
Device(config)# vtp pruning enable pruning on only one switch in VTP
server mode.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
14
 Configuring VTP
Configuring VTP on a Per-Port Basis

Command or Action Purpose

Step 4 end Returns to privileged EXEC mode.
Example:

Device(config)# end

Step 5 show vtp status Verifies your entries in the VTP Pruning Mode
field of the display.
Example:

Device# show vtp status

Configuring VTP on a Per-Port Basis

With VTP version 3, you can enable or disable VTP on a per-port basis. You can enable VTP only on ports
that are in trunk mode. Incoming and outgoing VTP traffic are blocked, not forwarded.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Identifies an interface, and enters interface

configuration mode.
Example:
Device(config)# interface gigabitethernet
1/0/1
Or
Device(config)# interface fastethernet
1/0/1

Step 4 vtp Enables VTP on the specified port.

Example:

Device(config-if)# vtp

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
15
 Configuring VTP
Adding a VTP Client Switch to a VTP Domain

Command or Action Purpose

Step 5 end Returns to privileged EXEC mode.
Example:

Device(config)# end

Step 6 show running-config interface interface-id (Optional) Verifies the change to the port.
Example:
Device# show running-config interface
gigabitethernet 1/0/1
Or
Device# show running-config interface
fastethernet 1/0/1

Step 7 show vtp interface interface-id (Optional) Displays VTP status and
configuration for all interfaces or the specified
Example:
interface.
Device# show vtp interface
gigabitethernet 1/0/1
Or
Device# show vtp interface fastethernet
1/0/1

Step 8 show vtp status (Optional) Verifies the configuration.

Example:

Device# show vtp status

Adding a VTP Client Switch to a VTP Domain

Follow these steps to verify and reset the VTP configuration revision number on a switch before adding it to
a VTP domain.

Before you begin

Before adding a VTP client to a VTP domain, always verify that its VTP configuration revision number is
lower than the configuration revision number of the other switches in the VTP domain. Switches in a VTP
domain always use the VLAN configuration of the switch with the highest VTP configuration revision number.
With VTP versions 1 and 2, adding a switch that has a revision number higher than the revision number in
the VTP domain can erase all VLAN information from the VTP server and VTP domain. With VTP version
3, the VLAN information is not erased.
You can use the vtp mode transparent global configuration command to disable VTP on the switch and then
to change its VLAN information without affecting the other switches in the VTP domain.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
16
Configuring VTP
Adding a VTP Client Switch to a VTP Domain

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 show vtp status Checks the VTP configuration revision

number.
Example:
If the number is 0, add the switch to the VTP
Device# show vtp status domain.
If the number is greater than 0, follow these
substeps:
• Write down the domain name.
• Write down the configuration revision
number.
• Continue with the next steps to reset the
switch configuration revision number.

Step 3 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 4 vtp domain domain-name Changes the domain name from the original
one displayed in Step 1 to a new name.
Example:

Device(config)# vtp domain domain123

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show vtp status Verifies that the configuration revision number
has been reset to 0.
Example:

Device# show vtp status

Step 7 configure terminal Enters global configuration mode.

Example:

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
17
 Configuring VTP
Monitoring VTP

Command or Action Purpose

Device# configure terminal

Step 8 vtp domain domain-name Enters the original domain name on the switch.
Example:

Device(config)# vtp domain domain012

Step 9 end Returns to privileged EXEC mode. The VLAN

information on the switch is updated.
Example:

Device(config)# end

Step 10 show vtp status (Optional) Verifies that the domain name is
the same as in Step 1 and that the configuration
Example:
revision number is 0.
Device# show vtp status

Monitoring VTP
This section describes commands used to display and monitor the VTP configuration.
You monitor VTP by displaying VTP configuration information: the domain name, the current VTP revision,
and the number of VLANs. You can also display statistics about the advertisements sent and received by the
switch.

Table 3: VTP Monitoring Commands

Command Purpose

show vtp counters Displays counters about VTP messages that have been
sent and received.

show vtp devices [conflict] Displays information about all VTP version 3 devices
in the domain. Conflicts are VTP version 3 devices
with conflicting primary servers. The show vtp
devices command does not display information when
the switch is in transparent or off mode.

show vtp interface [interface-id] Displays VTP status and configuration for all
interfaces or the specified interface.

show vtp password Displays the VTP password. The form of the password
displayed depends on whether or not the hidden
keyword was entered and if encryption is enabled on
the switch.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
18
 Configuring VTP
Configuration Examples for VTP

Command Purpose

show vtp status Displays the VTP switch configuration information.

Configuration Examples for VTP

Example: Configuring a Switch as the Primary Server
This example shows how to configure a switch as the primary server for the VLAN database (the default)
when a hidden or secret password was configured:

Device# vtp primary vlan

VTP Feature Conf Revision Primary Server Device ID Device Description
------------ ---- -------- -------------- -------------- ----------------------
VLAN Yes 25 bcf1.f2e4.9700 0c75.bd07.4a00 P3A_NEW
VLAN Yes 547 0c75.bd07.4a00 40a6.e8db.9780 Switch_A
MST Yes 10 006c.bc4e.2500 40a6.e8db.9780 Switch_A
VLAN Yes 25 bcf1.f2e4.9700 e8b7.489c.cc00 Switch_B-11

Do you want to continue? [confirm]

Switch#
Jun 17 01:08:50.758 PST: %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 006c.bc4e.2500 has become the
primary server for the VLAN VTP feature

Example: Configuring Switch as VTP Server

This example shows how to configure the switch as a VTP server with the domain name eng_group and the
password mypassword:

Switch(config)# vtp domain eng_group

Setting VTP domain name to eng_group.

Switch(config)# vtp mode server

Setting device to VTP Server mode for VLANS.

Switch(config)# vtp password mypassword

Setting device VLAN database password to mypassword.
Switch(config)# end

Example: Enabling VTP on the Interface

To enable VTP on the interface, use the vtp interface configuration command. To disable VTP on the interface,
use the no vtp interface configuration command.

Device(config)# interface gigabitethernet 1/0/1

Device(config-if)# vtp
Device(config-if)# end

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
19
 Configuring VTP
Example: Creating the VTP Password

Example: Creating the VTP Password

The follow is an example of creating the VTP password.

Switch(config)# vtp password mypassword hidden

Generating the secret associated to the password.
Switch(config)# end
Switch# show vtp password
VTP password: 89914640C8D90868B6A0D8103847A733

Feature History for VTP

This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted
otherwise.

Release Feature Feature Information

Cisco IOS Release 15.2(7)E1 VTP VTP is a Layer 2 messaging protocol that
maintains VLAN configuration consistency
by managing the addition, deletion, and
renaming of VLANs on a network-wide basis.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco
Feature Navigator, go to http://www.cisco.com/go/cfn.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
20
 CHAPTER 2
Configuring VLAN
• Prerequisites for VLANs, on page 21
• Restrictions for VLANs, on page 21
• Information About VLANs, on page 21
• How to Configure VLANs, on page 26
• Monitoring VLANs, on page 32
• Configuration Examples, on page 32
• Feature History for VLAN, on page 33

Prerequisites for VLANs

The following are prerequisites and considerations for configuring VLANs:
• Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain
global VLAN configuration for your network.
• The switch supports 256 VLANs in VTP client, server, and transparent modes.

Restrictions for VLANs

The following are restrictions for configuring VLANs:
• To avoid warning messages of high CPU utilization with a normal-range VLAN configuration, we
recommend that you have no more than 256 VLANs. If a large number of access interfaces or trunk
interfaces flap simultaneously, then CPU usage may be excessively high.

Information About VLANs

Logical Networks
A VLAN is a switched network that is logically segmented by function, project team, or application, without
regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can
group end stations even if they are not physically located on the same LAN segment. Any switch port can

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
21
 Configuring VLAN
Supported VLANs

belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end
stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do
not belong to the VLAN must be forwarded through a router or a switch supporting fallback bridging. Because
a VLAN is considered a separate logical network, it contains its own bridge Management Information Base
(MIB) information and can support its own implementation of spanning tree.
VLANs are often associated with IP subnetworks. For example, all the end stations in a particular IP subnet
belong to the same VLAN. Interface VLAN membership on the switch is assigned manually on an
interface-by-interface basis. When you assign switch interfaces to VLANs by using this method, it is known
as interface-based, or static, VLAN membership.
Traffic between VLANs must be routed.
The switch can route traffic between VLANs by using switch virtual interfaces (SVIs). An SVI must be
explicitly configured and assigned an IP address to route traffic between VLANs.

Supported VLANs
The switch supports VLANs in VTP client, server, and transparent modes. VLANs are identified by a number
from 1 to 4094. VLAN IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.
VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005). In these versions,
the switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094. Cisco IOS
Release 12.2(52)SE and later support VTP version 3. VTP version 3 supports the entire VLAN range (VLANs
1 to 4094). Extended range VLANs (VLANs 1006 to 4094) are supported only in VTP version 3. You cannot
convert from VTP version 3 to VTP version 2 if extended VLANs are configured in the domain.
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 64
spanning-tree instances. One spanning-tree instance is allowed per VLAN. The switch supports only IEEE
802.1Q trunking methods for sending VLAN traffic over Ethernet ports.

VLAN Port Membership Modes

You configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic
the port carries and the number of VLANs to which it can belong.
When a port belongs to a VLAN, the device learns and manages the addresses associated with the port on a
per-VLAN basis.

Table 4: Port Membership Modes and Characteristics

Membership VLAN Membership Characteristics VTP Characteristics

Mode

Static-access A static-access port can belong to one VLAN VTP is not required. If you do not want
and is manually assigned to that VLAN. VTP to globally propagate information,
set the VTP mode to transparent. To
participate in VTP, there must be at least
one trunk port on the device connected to
a trunk port of a second device.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
22
 Configuring VLAN
VLAN Configuration Files

Membership VLAN Membership Characteristics VTP Characteristics

Mode

Trunk (IEEE A trunk port is a member of all VLANs by VTP is recommended but not required.
802.1Q) : default, including extended-range VLANs, VTP maintains VLAN configuration
but membership can be limited by configuring consistency by managing the addition,
• IEEE
the allowed-VLAN list. You can also modify deletion, and renaming of VLANs on a
802.1Q—
the pruning-eligible list to block flooded network-wide basis. VTP exchanges
Industry-standard
traffic to VLANs on trunk ports that are VLAN configuration messages with other
trunking
included in the list. devices over trunk links.
encapsulation.

Dynamic access A dynamic-access port can belong to one VTP is required.

VLAN (VLAN ID 1 to 4094) and is
Configure the VMPS and the client with
dynamically assigned by a VLAN Member
the same VTP domain name.
Policy Server (VMPS).
To participate in VTP, at least one trunk
You can have dynamic-access ports and trunk
port on the device must be connected to a
ports on the same device, but you must
trunk port of a second device.
connect the dynamic-access port to an end
station or hub and not to another device.

Voice VLAN A voice VLAN port is an access port attached VTP is not required; it has no effect on a
to a Cisco IP Phone, configured to use one voice VLAN.
VLAN for voice traffic and another VLAN
for data traffic from a device attached to the
phone.

VLAN Configuration Files

Configurations for VLAN IDs 1 to 1005 are written to the vlan.dat file (VLAN database), and you can display
them by entering the show vlan privileged EXEC command. The vlan.dat file is stored in flash memory. If
the VTP mode is transparent, they are also saved in the device running configuration file.
You use the interface configuration mode to define the port membership mode and to add and remove ports
from VLANs. The results of these commands are written to the running-configuration file, and you can display
the file by entering the show running-config privileged EXEC command.
When you save VLAN and VTP information (including extended-range VLAN configuration information)
in the startup configuration file and reboot the device, the device configuration is selected as follows:
• If the VTP mode is transparent in the startup configuration, and the VLAN database and the VTP domain
name from the VLAN database matches that in the startup configuration file, the VLAN database is
ignored (cleared), and the VTP and VLAN configurations in the startup configuration file are used. The
VLAN database revision number remains unchanged in the VLAN database.
• If the VTP mode or domain name in the startup configuration does not match the VLAN database, the
domain name and VTP mode and configuration for the VLAN IDs 1 to 1005 use the VLAN database
information.
• In VTP versions 1 and 2, if VTP mode is server, the domain name and VLAN configuration for VLAN
IDs 1 to 1005 use the VLAN database information. VTP version 3 also supports VLANs 1006 to 4094.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
23
 Configuring VLAN
Normal-Range VLAN Configuration Guidelines

Note Ensure that you delete the vlan.dat file along with the configuration files before you reset the switch
configuration using write erase command. This ensures that the switch reboots correctly on a reset.

Normal-Range VLAN Configuration Guidelines

Normal-range VLANs are VLANs with IDs from 1 to 1005.
Follow these guidelines when creating and modifying normal-range VLANs in your network:
• Normal-range VLANs are identified with a number between 1 and 1001. VLAN numbers 1002 through
1005 are reserved for Token Ring and FDDI VLANs.
• VLAN configurations for VLANs 1 to 1005 are always saved in the VLAN database. If the VTP mode
is transparent, VTP and VLAN configurations are also saved in the switch running configuration file.
• If the switch is in VTP server or VTP transparent mode, you can add, modify or remove configurations
for VLANs 2 to 1001 in the VLAN database. (VLAN IDs 1 and 1002 to 1005 are automatically created
and cannot be removed.)
• Extended-range VLANs created in VTP transparent mode are not saved in the VLAN database and are
not propagated. VTP version 3 supports extended range VLAN (VLANs 1006 to 4094) database
propagation in VTP server mode.
• Before you can create a VLAN, the switch must be in VTP server mode or VTP transparent mode. If the
switch is a VTP server, you must define a VTP domain or VTP will not function.
• The switch does not support Token Ring or FDDI media. The switch does not forward FDDI, FDDI-Net,
TrCRF, or TrBRF traffic, but it does propagate the VLAN configuration through VTP.
• The switch supports 64 spanning tree instances. If the switch has more active VLANs than the supported
number of spaning tree instances, spanning tree is still enabled only on the supported number of VLANs
and disabled on all remaining VLANs.
If you have already used all available spanning-tree instances on a switch, adding another VLAN anywhere
in the VTP domain creates a VLAN on that switch that is not running spanning-tree. If you have the
default allowed list on the trunk ports of that switch (which is to allow all VLANs), the new VLAN is
carried on all trunk ports. Depending on the topology of the network, this could create a loop in the new
VLAN that would not be broken, particularly if there are several adjacent switches that all have run out
of spanning-tree instances. You can prevent this possibility by setting allowed lists on the trunk ports of
switches that have used up their allocation of spanning-tree instances.
If the number of VLANs on the device exceeds the number of supported spanning-tree instances, we
recommend that you configure the IEEE 802.1s Multiple STP (MSTP) on your device to map multiple
VLANs to a single spanning-tree instance.

Extended-Range VLAN Configuration Guidelines

Extended-range VLANs are VLANs with IDs from 1006 to 4094.
Follow these guidelines when creating extended-range VLANs:

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
24
 Configuring VLAN
Default Ethernet VLAN Configuration

• VLAN IDs in the extended range are not saved in the VLAN database and are not recognized by VTP
unless the switch is running VTP version 3.
• You cannot include extended-range VLANs in the pruning eligible range.
• For VTP version 1 or 2, you can set the VTP mode to transparent in global configuration mode. You
should save this configuration to the startup configuration so that the device boots up in VTP transparent
mode. Otherwise, you lose the extended-range VLAN configuration if the device resets. If you create
extended-range VLANs in VTP version 3, you cannot convert to VTP version 1 or 2.

Default Ethernet VLAN Configuration

The following table displays the default configuration for Ethernet VLANs.

Note The switch supports Ethernet interfaces exclusively. Because FDDI and Token Ring VLANs are not locally
supported, you only configure FDDI and Token Ring media-specific characteristics for VTP global
advertisements to other switches.

Table 5: Ethernet VLAN Defaults and Range

Parameter Default Range

VLAN ID 1 1 to 4094.
Note Extended-range VLANs
(VLAN IDs 1006 to
4094) are only saved in
the VLAN database in
VTP version 3.

VLAN name VLANxxxx, where xxxx represents No range

four numeric digits (including
leading zeros) equal to the VLAN
ID number

IEEE 802.10 SAID 100001 (100000 plus the VLAN 1 to 4294967294

ID)

IEEE 802.10 SAID 1500 576-18190

Default VLAN Configuration

You can change only the MTU size and the remote SPAN configuration state on extended-range VLANs; all
other characteristics must remain at the default state.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
25
 Configuring VLAN
How to Configure VLANs

How to Configure VLANs

Configuring Normal-Range VLANs
You can set these parameters when you create a new normal-range VLAN or modify an existing VLAN in
the VLAN database:
• VLAN ID
• VLAN name
• VLAN type
• Ethernet
• Fiber Distributed Data Interface [FDDI]
• FDDI network entity title [NET]
• TrBRF or TrCRF
• Token Ring
• Token Ring-Net

• VLAN state (active or suspended)

• Security Association Identifier (SAID)
• Bridge identification number for TrBRF VLANs
• Ring number for FDDI and TrCRF VLANs
• Parent VLAN number for TrCRF VLANs
• Spanning Tree Protocol (STP) type for TrCRF VLANs
• VLAN number to use when translating from one VLAN type to another

You can cause inconsistency in the VLAN database if you attempt to manually delete the vlan.dat file. If you
want to modify the VLAN configuration, follow the procedures in this section.

Creating or Modifying an Ethernet VLAN

Each Ethernet VLAN in the VLAN database has a unique, 4-digit ID that can be a number from 1 to 1001.
VLAN IDs 1002 to 1005 are reserved for Token Ring and FDDI VLANs. To create a normal-range VLAN
to be added to the VLAN database, assign a number and name to the VLAN.

Note With VTP version 1 and 2, if the device is in VTP transparent mode, you can assign VLAN IDs greater than
1006, but they are not added to the VLAN database.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
26
Configuring VLAN
Creating or Modifying an Ethernet VLAN

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 vlan vlan-id Enters a VLAN ID, and enters VLAN

configuration mode. Enter a new VLAN ID to
Example:
create a VLAN, or enter an existing VLAN ID
to modify that VLAN.
Device(config)# vlan 20
Note The available VLAN ID range for
this command is 1 to 4094.

Step 4 name vlan-name (Optional) Enters a name for the VLAN. If no

name is entered for the VLAN, the default is to
Example:
append the vlan-id value with leading zeros to
the word VLAN. For example, VLAN0004 is
Device(config-vlan)# name test20
a default VLAN name for VLAN 4.

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show vlan {name vlan-name | id vlan-id} Verifies your entries.

Example:

Device# show vlan name test20 id 20

Step 7 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
27
 Configuring VLAN
Deleting a VLAN

Deleting a VLAN
When you delete a VLAN from a device that is in VTP server mode, the VLAN is removed from the VLAN
database for all devices in the VTP domain. When you delete a VLAN from a device that is in VTP transparent
mode, the VLAN is deleted only on that specific device.
You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token
Ring VLANs 1002 to 1005.

Caution When you delete a VLAN, any ports assigned to that VLAN become inactive. They remain associated with
the VLAN (and thus inactive) until you assign them to a new VLAN.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 no vlan vlan-id Removes the VLAN by entering the VLAN ID.
Example:

Device(config)# no vlan 4

Step 4 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 5 show vlan brief Verifies the VLAN removal.

Example:

Device# show vlan brief

Step 6 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
28
 Configuring VLAN
Assigning Static-Access Ports to a VLAN

Command or Action Purpose

startup-config

Assigning Static-Access Ports to a VLAN

You can assign a static-access port to a VLAN without having VTP globally propagate VLAN configuration
information by disabling VTP (VTP transparent mode).
If you assign an interface to a VLAN that does not exist, the new VLAN is created.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Enters the interface to be added to the VLAN.

Example:
Device(config)# interface gigabitethernet
1/0/1
Or
Device(config)# interface fastethernet
1/0/1

Step 4 switchport mode access Defines the VLAN membership mode for the
port (Layer 2 access port).
Example:

Device(config-if)# switchport mode access

Step 5 switchport access vlan vlan-id Assigns the port to a VLAN. Valid VLAN IDs
are 1 to 4094.
Example:

Device(config-if)# switchport access vlan

2

Step 6 end Returns to privileged EXEC mode.

Example:

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
29
 Configuring VLAN
Configuring Extended-Range VLANs

Command or Action Purpose

Device(config)# end

Step 7 show running-config interface interface-id Verifies the VLAN membership mode of the
interface.
Example:
Device# show running-config interface
gigabitethernet 1/0/1
Or
Device# show running-config interface
fastethernet 1/0/1

Step 8 show interfaces interface-id switchport Verifies your entries in the Administrative Mode
and the Access Mode VLAN fields of the
Example:
display.
Device# show interfaces gigabitethernet
1/0/1
Or
Device# show interfaces fastethernet
1/0/1

Configuring Extended-Range VLANs

With VTP version 1 and version 2, when the switch is in VTP transparent mode (VTP disabled), you can
create extended-range VLANs (in the range 1006 to 4094). VTP version supports extended-range VLANs in
server or transparent move. Extended-range VLANs enable service providers to extend their infrastructure to
a greater number of customers. The extended-range VLAN IDs are allowed for any switchport commands
that allow VLAN IDs.
With VTP version 1 or 2, extended-range VLAN configurations are not stored in the VLAN database, but
because VTP mode is transparent, they are stored in the switch running configuration file, and you can save
the configuration in the startup configuration file by using the copy running-config startup-config privileged
EXEC command. Extended-range VLANs created in VTP version 3 are stored in the VLAN database.

Creating an Extended-Range VLAN

You create an extended-range VLAN in global configuration mode by entering the vlan global configuration
command with a VLAN ID from 1006 to 4094. The extended-range VLAN has the default Ethernet VLAN
characteristics and the MTU size. See the description of the vlan global configuration command in the command
reference for the default settings of all parameters. In VTP version 1 or 2, if you enter an extended-range
VLAN ID when the switch is not in VTP transparent mode, an error message is generated when you exit
VLAN configuration mode, and the extended-range VLAN is not created.
In VTP version 1 and 2, extended-range VLANs are not saved in the VLAN database; they are saved in the
switch running configuration file. You can save the extended-range VLAN configuration in the switch startup
configuration file by using the copy running-config startup-config privileged EXEC command. VTP version
3 saves extended-range VLANs in the VLAN database.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
30
Configuring VLAN
Creating an Extended-Range VLAN

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 vtp mode transparent Configures the device for VTP transparent
mode, disabling VTP.
Example:
Note This step is not required for VTP
Device(config)# vtp mode transparent version 3.

Step 4 vlan vlan-id Enters an extended-range VLAN ID and enters

VLAN configuration mode. The range is 1006
Example:
to 4094.
Device(config)# vlan 2000
Device(config-vlan)#

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show vlan id vlan-id Verifies that the VLAN has been created.
Example:

Device# show vlan id 2000

Step 7 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
31
 Configuring VLAN
Monitoring VLANs

Monitoring VLANs
Table 6: Privileged EXEC show Commands

Command Purpose

show interfaces [vlan vlan-id] Displays characteristics for all interfaces or for the
specified VLAN configured on the device.

show vlan [brief | group [group-name name] |id Displays parameters for all VLANs or the specified
vlan-id | ifindex | internal | mtu | name name VLAN on the device. The following command options
summary]] are available:
• brief: Displays VTP VLAN status in brief.
• group: Displays the VLAN group with its name
and the connected VLANs that are available.
• id: Displays VTP VLAN status by identification
number.
• ifindex: Displays SNMP ifIndex.
• mtu: Displays VLAN MTU information.
• name: Display the VTP VLAN information by
specified name.
• summary: Displays a summary of VLAN
information.

Configuration Examples
Example: Creating a VLAN Name
This example shows how to create Ethernet VLAN 20, name it test20, and add it to the VLAN database:

Switch# configure terminal

Switch(config)# vlan 20
Switch(config-vlan)# name test20
Switch(config-vlan)# end

Example: Configuring a Port as Access Port

This example shows how to configure a port as an access port in VLAN 2:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
32
 Configuring VLAN
Example: Creating an Extended-Range VLAN

Switch(config)# interface gigabitethernet 1/0/1

Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 2
Switch(config-if)# end

Example: Creating an Extended-Range VLAN

This example shows how to create a new extended-range VLAN with all default characteristics, enter VLAN
configuration mode, and save the new VLAN in the switch startup configuration file:

Switch(config)# vtp mode transparent

Switch(config)# vlan 2000
Switch(config-vlan)# end
Switch# copy running-config startup config

Feature History for VLAN

This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted
otherwise.

Release Feature Feature Information

Cisco IOS Release 15.2(7)E1 VLAN A VLAN is a switched network that is

logically segmented by function, project team,
or application, without regard to the physical
locations of the users.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco
Feature Navigator, go to http://www.cisco.com/go/cfn.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
33
 Configuring VLAN
Feature History for VLAN

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
34
 CHAPTER 3
Configuring VLAN Trunks
• Prerequisites for VLAN Trunks, on page 35
• Information About VLAN Trunks, on page 36
• How to Configure VLAN Trunks, on page 38
• Configuration Examples for VLAN Trunking, on page 50
• Feature History for VLAN Trunks, on page 51

Prerequisites for VLAN Trunks

The IEEE 802.1Q trunks impose these limitations on the trunking strategy for a network:
• In a network of Cisco devices connected through IEEE 802.1Q trunks, the devices maintain one
spanning-tree instance for each VLAN allowed on the trunks. Non-Cisco devices might support one
spanning-tree instance for all VLANs.
When you connect a Cisco device to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco device
combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the
non-Cisco IEEE 802.1Q device. However, spanning-tree information for each VLAN is maintained by
Cisco device separated by a cloud of non-Cisco IEEE 802.1Q devices. The non-Cisco IEEE 802.1Q
cloud separating the Cisco devices is treated as a single trunk link between the devices.
• Make sure the native VLAN for an IEEE 802.1Q trunk is the same on both ends of the trunk link. If the
native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree
loops might result.
• Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk without disabling spanning tree
on every VLAN in the network can potentially cause spanning-tree loops. We recommend that you leave
spanning tree enabled on the native VLAN of an IEEE 802.1Q trunk or disable spanning tree on every
VLAN in the network. Make sure your network is loop-free before disabling spanning tree.

General Restrictions
• Native VLAN tagging is not supported, and the vlan dot1q tag native command is not available.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
35
 Configuring VLAN Trunks
Information About VLAN Trunks

Information About VLAN Trunks

Trunking Overview
A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device
such as a router or a switch. Ethernet trunks carry the traffic of multiple VLANs over a single link, and you
can extend the VLANs across an entire network.

Note You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle.

Trunking Modes
Ethernet trunk interfaces support different trunking modes. You can set an interface as trunking or nontrunking
or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in
the same VTP domain.
Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Point-to-Point Protocol
(PPP). However, some internetworking devices might forward DTP frames improperly, which could cause
misconfigurations.

Layer 2 Interface Modes

Table 7: Layer 2 Interface Modes

Mode Function

switchport mode access Puts the interface (access port) into permanent nontrunking mode and negotiates
to convert the link into a nontrunk link. The interface becomes a nontrunk
interface regardless of whether or not the neighboring interface is a trunk
interface.

switchport mode dynamic Makes the interface able to convert the link to a trunk link. The interface
auto becomes a trunk interface if the neighboring interface is set to trunk or
desirable mode. The default switchport mode for all Ethernet interfaces is
dynamic auto.

switchport mode dynamic Makes the interface actively attempt to convert the link to a trunk link. The
desirable interface becomes a trunk interface if the neighboring interface is set to trunk,
desirable, or auto mode.

switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the
neighboring link into a trunk link. The interface becomes a trunk interface
even if the neighboring interface is not a trunk interface.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
36
 Configuring VLAN Trunks
Allowed VLANs on a Trunk

Mode Function

switchport nonegotiate Prevents the interface from generating DTP frames. You can use this command
only when the interface switchport mode is access or trunk. You must
manually configure the neighboring interface as a trunk interface to establish
a trunk link.

Allowed VLANs on a Trunk

By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs, 1 to 4094, are
allowed on each trunk. However, you can remove VLANs from the allowed list, preventing traffic from those
VLANs from passing over the trunk.
To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN trunk
port by removing VLAN 1 from the allowed list. When you remove VLAN 1 from a trunk port, the interface
continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), Port
Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), DTP, and VTP in VLAN 1.
If a trunk port with VLAN 1 disabled is converted to a nontrunk port, it is added to the access VLAN. If the
access VLAN is set to 1, the port will be added to VLAN 1, regardless of the switchport trunk allowed
setting. The same is true for any VLAN that has been disabled on the port.
A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN, and if
the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the VLAN is in
the allowed list for a trunk port, the trunk port automatically becomes a member of the enabled VLAN. When
VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does not
become a member of the new VLAN.

Load Sharing on Trunk Ports

Load sharing divides the bandwidth supplied by parallel trunks connecting switches. To avoid loops, STP
normally blocks all but one parallel link between switches. Using load sharing, you divide the traffic between
the links according to which VLAN the traffic belongs.
You configure load sharing on trunk ports by using STP port priorities or STP path costs. For load sharing
using STP port priorities, both load-sharing links must be connected to the same switch. For load sharing
using STP path costs, each load-sharing link can be connected to the same switch or to two different switches.

Network Load Sharing Using STP Priorities

When two ports on the same switch form a loop, the switch uses the STP port priority to decide which port
is enabled and which port is in a blocking state. You can set the priorities on a parallel trunk port so that the
port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN
is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN
remains in a blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

Network Load Sharing Using STP Path Cost

You can configure parallel trunks to share VLAN traffic by setting different path costs on a trunk and associating
the path costs with different sets of VLANs, blocking different ports for different VLANs. The VLANs keep
the traffic separate and maintain redundancy in the event of a lost link.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
37
 Configuring VLAN Trunks
Feature Interactions

Feature Interactions
Trunking interacts with other features in these ways:
• A trunk port cannot be a secure port.
• Trunk ports can be grouped into EtherChannel port groups, but all trunks in the group must have the
same configuration. When a group is first created, all ports follow the parameters set for the first port to
be added to the group. If you change the configuration of one of these parameters, the switch propagates
the setting that you entered to all ports in the group:
• Allowed-VLAN list.
• STP port priority for each VLAN.
• STP Port Fast setting.
• Trunk status:
If one port in a port group ceases to be a trunk, all ports cease to be trunks.

• If you try to enable IEEE 802.1x on a trunk port, an error message appears, and IEEE 802.1x is not
enabled. If you try to change the mode of an IEEE 802.1x-enabled port to trunk, the port mode is not
changed.
• A port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable IEEE
802.1x on a dynamic port, an error message appears, and IEEE 802.1x is not enabled. If you try to change
the mode of an IEEE 802.1x-enabled port to dynamic, the port mode is not changed.

Default Layer 2 Ethernet Interface VLAN Configuration

The following table shows the default Layer 2 Ethernet interface VLAN configuration.

Table 8: Default Layer 2 Ethernet Interface VLAN Configuration

Feature Default Setting

Interface mode switchport mode dynamic auto

Allowed VLAN range VLANs 1 to 4094

VLAN range eligible for pruning VLANs 2 to 1001

Default VLAN (for access ports) VLAN 1

Native VLAN (for IEEE 802.1Q trunks) VLAN 1

How to Configure VLAN Trunks

To avoid trunking misconfigurations, configure interfaces connected to devices that do not support DTP to
not forward DTP frames, that is, to turn off DTP.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
38
 Configuring VLAN Trunks
Configuring an Ethernet Interface as a Trunk Port

• If you do not intend to trunk across those links, use the switchport mode access interface configuration
command to disable trunking.
• To enable trunking to a device that does not support DTP, use the switchport mode trunk and switchport
nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate
DTP frames.

Configuring an Ethernet Interface as a Trunk Port

Configuring a Trunk Port
Because trunk ports send and receive VTP advertisements, to use VTP you must ensure that at least one trunk
port is configured on the switch and that this trunk port is connected to the trunk port of a second switch.
Otherwise, the switch cannot receive any VTP advertisements.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Specifies the port to be configured for

trunking, and enters interface configuration
Example:
mode.
Device(config)# interface
gigabitethernet 1/0/2
Or
Device(config)# interface fastethernet
1/0/2

Step 4 switchport mode {dynamic {auto | Configures the interface as a Layer 2 trunk
desirable} | trunk} (required only if the interface is a Layer 2
access port or tunnel port or to specify the
Example:
trunking mode).
Device(config-if)# switchport mode • dynamic auto: Sets the interface to a
dynamic desirable trunk link if the neighboring interface is
set to trunk or desirable mode. This is the
default.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
39
 Configuring VLAN Trunks
Configuring a Trunk Port

Command or Action Purpose

• dynamic desirable: Sets the interface to
a trunk link if the neighboring interface
is set to trunk, desirable, or auto mode.
• trunk: Sets the interface in permanent
trunking mode and negotiate to convert
the link to a trunk link even if the
neighboring interface is not a trunk
interface.

Step 5 switchport access vlan vlan-id (Optional) Specifies the default VLAN, which
is used if the interface stops trunking.
Example:

Device(config-if)# switchport access

vlan 200

Step 6 switchport trunk native vlan vlan-id Specifies the native VLAN for IEEE 802.1Q
trunks.
Example:

Device(config-if)# switchport trunk

native vlan 200

Step 7 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 8 show interfaces interface-id switchport Displays the switch port configuration of the
interface in the Administrative Mode and the
Example:
Administrative Trunking Encapsulation fields
Device# show interfaces gigabitethernet of the display.
1/0/2 switchport
Or
Device# show interfaces fastethernet
1/0/2 switchport

Step 9 show interfaces interface-id trunk Displays the trunk configuration of the
interface.
Example:
Device# show interfaces gigabitethernet
1/0/2 trunk
Or
Device# show interfaces fastethernet
1/0/2 trunk

Step 10 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
40
 Configuring VLAN Trunks
Defining the Allowed VLANs on a Trunk

Command or Action Purpose

Device# copy running-config

startup-config

Defining the Allowed VLANs on a Trunk

VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a requirement
that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable
VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements)
is sent or received on VLAN 1.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Specifies the port to be configured, and enters

interface configuration mode.
Example:
Device(config)# interface gigabitethernet
1/0/2
Or
Device(config)# interface fastethernet
1/0/2

Step 4 switchport mode trunk Configures the interface as a VLAN trunk port.
Example:

Device(config-if)# switchport mode trunk

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
41
 Configuring VLAN Trunks
Changing the Pruning-Eligible List

Command or Action Purpose

Step 6 show interfaces interface-id switchport Verifies your entries in the Trunking VLANs
Enabled field of the display.
Example:
Device# show interfaces gigabitethernet
1/0/2 switchport
Or
Device# show interfaces fastethernet
1/0/2 switchport

Step 7 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

Changing the Pruning-Eligible List

The pruning-eligible list applies only to trunk ports. Each trunk port has its own eligibility list. VTP pruning
must be enabled for this procedure to take effect.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Selects the trunk port for which VLANs should
be pruned, and enters interface configuration
Example:
mode.
Device(config)# interface gigabitethernet
1/0/1-48
Or
Device(config)# interface fastethernet
1/0/1-48

Step 4 switchport trunk pruning vlan {add | except Configures the list of VLANs allowed to be
| none | remove} vlan-list [,vlan [,vlan [,,,]] pruned from the trunk.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
42
 Configuring VLAN Trunks
Configuring the Native VLAN for Untagged Traffic

Command or Action Purpose

For explanations about using the add, except,
none, and remove keywords, see the command
reference for this release.
Separate non-consecutive VLAN IDs with a
comma and no spaces; use a hyphen to
designate a range of IDs. Valid IDs are 2 to
1001. Extended-range VLANs (VLAN IDs
1006 to 4094) cannot be pruned.
VLANs that are pruning-ineligible receive
flooded traffic.
The default list of VLANs allowed to be pruned
contains VLANs 2 to 1001.

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show interfaces interface-id switchport Verifies your entries in the Pruning VLANs
Enabled field of the display.
Example:
Device# show interfaces gigabitethernet
1/0/2 switchport
Or
Device# show interfaces fastethernet
1/0/2 switchport

Step 7 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

Configuring the Native VLAN for Untagged Traffic

A trunk port configured with IEEE 802.1Q tagging can receive both tagged and untagged traffic. By default,
the switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN
1 by default.
The native VLAN can be assigned any VLAN ID.
If a packet has a VLAN ID that is the same as the outgoing port native VLAN ID, the packet is sent untagged;
otherwise, the switch sends the packet with a tag.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
43
 Configuring VLAN Trunks
Configuring the Native VLAN for Untagged Traffic

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Defines the interface that is configured as the

IEEE 802.1Q trunk, and enters interface
Example:
configuration mode.
Device(config)# interface gigabitethernet
1/0/2
Or
Device(config)# interface fastethernet
1/0/2

Step 4 switchport trunk native vlan vlan-id Configures the VLAN that is sending and
receiving untagged traffic on the trunk port.
Example:
For vlan-id, the range is 1 to 4094.
Device(config-if)# switchport trunk
native vlan 12

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show interfaces interface-id switchport Verifies your entries in the Trunking Native
Mode VLAN field.
Example:
Device# show interfaces gigabitethernet
1/0/2 switchport
Or
Device# show interfaces fastethernet
1/0/2 switchport

Step 7 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
44
 Configuring VLAN Trunks
Configuring Trunk Ports for Load Sharing

Configuring Trunk Ports for Load Sharing

Configuring Load Sharing Using STP Port Priorities
These steps describe how to configure a network with load sharing using STP port priorities.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 vtp domain domain-name Configures a VTP administrative domain.

Example: The domain name can be 1 to 32 characters.

Device(config)# vtp domain workdomain

Step 4 vtp mode server Configures Switch A as the VTP server.

Example:

Device(config)# vtp mode server

Step 5 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 6 show vtp status Verifies the VTP configuration on both Switch
A and Switch B.
Example:
In the display, check the VTP Operating Mode
Device# show vtp status and the VTP Domain Name fields.

Step 7 show vlan Verifies that the VLANs exist in the database
on Switch A.
Example:

Device# show vlan

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
45
 Configuring VLAN Trunks
Configuring Load Sharing Using STP Port Priorities

Command or Action Purpose

Step 8 configure terminal Enters global configuration mode.
Example:

Device# configure terminal

Step 9 interface interface-id Defines the interface to be configured as a

trunk, and enters interface configuration mode.
Example:
Device(config)# interface
gigabitethernet 1/0/2
Or
Device(config)# interface fastethernet
1/0/2

Step 10 switchport mode trunk Configures the port as a trunk port.

Example:

Device(config-if)# switchport mode trunk

Step 11 end Returns to privileged EXEC mode.

Example:

Device(config)# end

Step 12 show interfaces interface-id switchport Verifies the VLAN configuration.

Example:
Device# show interfaces gigabitethernet
1/0/2 switchport
Or
Device# show interfaces fastethernet
1/0/2 switchport

Step 13 Repeat the above steps on Switch A for a

second port in the switch.
Step 14 Repeat the above steps on Switch B to
configure the trunk ports that connect to the
trunk ports configured on Switch A.
Step 15 show vlan When the trunk links come up, VTP passes the
VTP and VLAN information to Switch B. This
Example:
command verifies that Switch B has learned
the VLAN configuration.
Device# show vlan

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
46
Configuring VLAN Trunks
Configuring Load Sharing Using STP Port Priorities

Command or Action Purpose

Step 16 configure terminal Enters global configuration mode on Switch
A.
Example:

Device# configure terminal

Step 17 interface interface-id Defines the interface to set the STP port
priority, and enters interface configuration
Example:
mode.
Device(config)# interface
gigabitethernet 1/0/1
Or
Device(config)# interface fastethernet
1/0/1

Step 18 spanning-tree vlan vlan-range port-priority Assigns the port priority for the VLAN range
priority-value specified. Enter a port priority value from 0 to
240. Port priority values increment by 16.
Example:

Device(config-if)# spanning-tree vlan

8-10 port-priority 16

Step 19 exit Returns to global configuration mode.

Example:

Device(config-if)# exit

Step 20 interface interface-id Defines the interface to set the STP port
priority, and enters interface configuration
Example:
mode.
Device(config)# interface
gigabitethernet 1/0/2
Or
Device(config)# interface fastethernet
1/0/2

Step 21 spanning-tree vlan vlan-range port-priority Assigns the port priority for the VLAN range
priority-value specified. Enter a port priority value from 0 to
240. Port priority values increment by 16.
Example:

Device(config-if)# spanning-tree vlan

3-6 port-priority 16

Step 22 end Returns to privileged EXEC mode.

Example:

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
47
 Configuring VLAN Trunks
Configuring Load Sharing Using STP Path Cost

Command or Action Purpose

Device(config)# end

Step 23 show running-config Verifies your entries.

Example:

Device# show running-config

Step 24 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

Configuring Load Sharing Using STP Path Cost

These steps describe how to configure a network with load sharing using STP path costs.

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface interface-id Defines the interface to be configured as a

trunk, and enters interface configuration mode.
Example:
Device(config)# interface
gigabitethernet 1/0/1
Or
Device(config)# interface fastethernet
1/0/1

Step 4 switchport mode trunk Configures the port as a trunk port.

Example:

Device(config-if)# switchport mode trunk

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
48
Configuring VLAN Trunks
Configuring Load Sharing Using STP Path Cost

Command or Action Purpose

Step 5 exit Returns to global configuration mode.

Example:

Device(config-if)# exit

Step 6 Repeat Steps 2 through 4 on a second interface

in Switch A.
Step 7 end Returns to privileged EXEC mode.
Example:

Device(config)# end

Step 8 show running-config Verifies your entries. In the display, make sure
that the interfaces are configured as trunk
Example:
ports.
Device# show running-config

Step 9 show vlan When the trunk links come up, Switch A
receives the VTP information from the other
Example:
switches. This command verifies that Switch
A has learned the VLAN configuration.
Device# show vlan

Step 10 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 11 interface interface-id Defines the interface on which to set the STP
cost, and enters interface configuration mode.
Example:
Device(config)# interface
gigabitethernet 1/0/1
Or
Device(config)# interface fastethernet
1/0/1

Step 12 spanning-tree vlan vlan-range cost cost-value Sets the spanning-tree path cost to 30 for
VLANs 2 through 4.
Example:

Device(config-if)# spanning-tree vlan

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
49
 Configuring VLAN Trunks
Configuration Examples for VLAN Trunking

Command or Action Purpose

2-4 cost 30

Step 13 end Returns to global configuration mode.

Example:

Device(config-if)# end

Step 14 Repeat Steps 9 through 13 on the other

configured trunk interface on Switch A, and
set the spanning-tree path cost to 30 for
VLANs 8, 9, and 10.
Step 15 exit Returns to privileged EXEC mode.
Example:

Device(config)# exit

Step 16 show running-config Verifies your entries. In the display, verify that
the path costs are set correctly for both trunk
Example:
interfaces.
Device# show running-config

Step 17 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

Configuration Examples for VLAN Trunking

Example: Configuring a Trunk Port
The following example shows how to configure a port as an IEEE 802.1Q trunk. The example assumes that
the neighbor interface is configured to support IEEE 802.1Q trunking.

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface gigabitethernet 1/0/2
Switch(config-if)# switchport mode dynamic desirable
Switch(config-if)# end

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
50
 Configuring VLAN Trunks
Example: Removing a VLAN from a Port

Example: Removing a VLAN from a Port

This example shows how to remove VLAN 2 from the allowed VLAN list on a port:

Switch(config)# interface gigabitethernet 1/0/1

Switch(config-if)# switchport trunk allowed vlan remove 2
Switch(config-if)# end

Feature History for VLAN Trunks

This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted
otherwise.

Release Feature Feature Information

Cisco IOS Release 15.2(7)E1 VLAN Trunks A trunk is a point-to-point link between one
or more Ethernet interfaces and another
networking device such as a router or a
controller.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco
Feature Navigator, go to http://www.cisco.com/go/cfn.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
51
 Configuring VLAN Trunks
Feature History for VLAN Trunks

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
52
 CHAPTER 4
Configuring Voice VLAN
• Prerequisites for Voice VLANs, on page 53
• Restrictions for Voice VLANs, on page 53
• Information About Voice VLAN, on page 54
• How to Configure Voice VLAN, on page 56
• Monitoring Voice VLAN, on page 58
• Configuration Examples, on page 58
• Feature History for Voice VLAN, on page 59

Prerequisites for Voice VLANs

The following are the prerequisites for voice VLANs:
• Voice VLAN configuration is only supported on switch access ports; voice VLAN configuration is not
supported on trunk ports.

Note Trunk ports can carry any number of voice VLANs, similar to regular VLANs.
The configuration of voice VLANs is not supported on trunk ports.

• Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the mls
qos global configuration command and configure the port trust state to trust by entering the mls qos
trust cos interface configuration command. If you use the auto-QoS feature, these settings are
automatically configured.
• You must enable Cisco Discovery Protocol on the switch port connected to the Cisco IP Phone to send
the configuration to the phone. (Cisco Discovery Protocol is globally enabled by default on all switch
interfaces.)

Restrictions for Voice VLANs

You cannot configure static secure MAC addresses in the voice VLAN.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
53
 Configuring Voice VLAN
Information About Voice VLAN

Information About Voice VLAN

Voice VLANs
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is
connected to a Cisco IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class
of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can
deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p
CoS. QoS uses classification and scheduling to send network traffic from the switch in a predictable manner.
The Cisco IP Phone is a configurable device, and you can configure it to forward traffic with an IEEE 802.1p
priority. You can configure the switch to trust or override the traffic priority assigned by a Cisco IP Phone.

Cisco IP Phone Voice Traffic

You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and
another VLAN for data traffic from a device attached to the phone. You can configure access ports on the
switch to send Cisco Discovery Protocol packets that instruct an attached phone to send voice traffic to the
switch in any of these ways:
• In the voice VLAN tagged with a Layer 2 CoS priority value
• In the access VLAN tagged with a Layer 2 CoS priority value
• In the access VLAN, untagged (no Layer 2 CoS priority value)

Note In all configurations, the voice traffic carries a Layer 3 IP precedence value (the default is 5 for voice traffic
and 3 for voice control traffic).

Cisco IP Phone Data Traffic

The switch can also process tagged data traffic (traffic in IEEE 802.1Q or IEEE 802.1p frame types) from the
device attached to the access port on the Cisco IP Phone. You can configure Layer 2 access ports on the switch
to send Cisco Discovery Protocol packets that instruct the attached phone to configure the phone access port
in one of these modes:
• In trusted mode, all traffic received through the access port on the Cisco IP Phone passes through the
phone unchanged.
• In untrusted mode, all traffic in IEEE 802.1Q or IEEE 802.1p frames received through the access port
on the Cisco IP Phone receive a configured Layer 2 CoS value. The default Layer 2 CoS value is 0.
Untrusted mode is the default.

Note Untagged traffic from the device attached to the Cisco IP Phone passes through the phone unchanged, regardless
of the trust state of the access port on the phone.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
54
 Configuring Voice VLAN
Voice VLAN Configuration Guidelines

Voice VLAN Configuration Guidelines

• Because a Cisco IP Phone also supports a connection to a PC or other device, a port connecting the switch
to a Cisco IP Phone can carry mixed traffic. You can configure a port to decide how the Cisco IP Phone
carries voice traffic and data traffic.
• The voice VLAN should be present and active on the switch for the IP phone to correctly communicate
on the voice VLAN. Use the show vlan privileged EXEC command to see if the VLAN is present (listed
in the display). If the VLAN is not listed, create the voice VLAN.
• The Power over Ethernet (PoE) switches are capable of automatically providing power to Cisco
pre-standard and IEEE 802.3af-compliant powered devices if they are not being powered by an AC power
source.
• The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice
VLAN, the Port Fast feature is not automatically disabled.
• If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the
same IP subnet. These conditions indicate that they are in the same VLAN:
• They both use IEEE 802.1p or untagged frames.
• The Cisco IP Phone uses IEEE 802.1p frames, and the device uses untagged frames.
• The Cisco IP Phone uses untagged frames, and the device uses IEEE 802.1p frames.
• The Cisco IP Phone uses IEEE 802.1Q frames, and the voice VLAN is the same as the access VLAN.

• The Cisco IP Phone and a device attached to the phone cannot communicate if they are in the same
VLAN and subnet but use different frame types because traffic in the same subnet is not routed (routing
would eliminate the frame type difference).
• Voice VLAN ports can also be these port types:
• Dynamic access port.
• IEEE 802.1x authenticated port.

Note If you enable IEEE 802.1x on an access port on which a voice VLAN is configured
and to which a Cisco IP Phone is connected, the phone loses connectivity to the
for up to 30 seconds.

• Protected port.
• A source or destination port for a SPAN session.
• Secure port.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
55
 Configuring Voice VLAN
Default Voice VLAN Configuration

Note When you enable port security on an interface that is also configured with a voice
VLAN, you must set the maximum allowed secure addresses on the port to two
plus the maximum number of secure addresses allowed on the access VLAN.
When the port is connected to a Cisco IP Phone, the phone requires up to two
MAC addresses. The phone address is learned on the voice VLAN and might
also be learned on the access VLAN. Connecting a PC to the phone requires
additional MAC addresses.

Default Voice VLAN Configuration

The voice VLAN feature is disabled by default.
When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of
the port.
The CoS value is not trusted for IEEE 802.1p or IEEE 802.1Q tagged traffic.

How to Configure Voice VLAN

Configuring Cisco IP Phone Voice Traffic
You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the
way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a
specified voice VLAN with a Layer 2 CoS value. It can use IEEE 802.1p priority tagging to give voice traffic
a higher priority and forward all voice traffic through the native (access) VLAN. The Cisco IP Phone can also
send untagged voice traffic or use its own configuration to send voice traffic in the access VLAN. In all
configurations, the voice traffic carries a Layer 3 IP precedence value (the default is 5).

Procedure

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
56
Configuring Voice VLAN
Configuring Cisco IP Phone Voice Traffic

Command or Action Purpose

Step 3 interface interface-id Specifies the interface connected to the phone,
and enters interface configuration mode.
Example:
Device(config)# interface gigabitethernet
1/0/1
Or
Device(config)# interface fastethernet
1/0/1

Step 4 mls qos trust cos Configures the interface to classify incoming
traffic packets by using the packet CoS value.
Example:
For untagged packets, the port default CoS
value is used.
Device(config-if)# mls qos trust cos
Note Before configuring the port trust
state, you must first globally enable
QoS by using the mls qos global
configuration command.

Step 5 switchport voice {vlan{vlan-id | dot1p | none Configures the voice VLAN.
| untagged}}
• vlan-id: Configures the phone to forward
Example: all voice traffic through the specified
VLAN. By default, the Cisco IP Phone
Device(config-if)# switchport voice vlan forwards the voice traffic with an IEEE
dot1p 802.1Q priority of 5. Valid VLAN IDs are
1 to 4094.
• dot1p: Configures the switch to accept
voice and data IEEE 802.1p priority frames
tagged with VLAN ID 0 (the native
VLAN). By default, the switch drops all
voice and data traffic tagged with VLAN
0. If configured for 802.1p the Cisco IP
Phone forwards the traffic with an IEEE
802.1p priority of 5.
• none: Allows the phone to use its own
configuration to send untagged voice
traffic.
• untagged: Configures the phone to send
untagged voice traffic.

Step 6 end Returns to privileged EXEC mode.

Example:

Device(config-if)# end

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
57
 Configuring Voice VLAN
Monitoring Voice VLAN

Command or Action Purpose

Step 7 Use one of the following: Verifies your voice VLAN entries or your QoS
and voice VLAN entries.
• show interfaces interface-id switchport
• show running-config interface
interface-id
Example:
Device(config)# show interfaces
gigabitethernet 1/0/1 switchport
Or
Device(config)# show interfaces
fastethernet 1/0/1 switchport

or
Device(config)# show running-config
interface gigabitethernet 1/0/1
Or
Device(config)# show running-config
interface fastethernet 1/0/1

Step 8 copy running-config startup-config (Optional) Saves your entries in the

configuration file.
Example:

Device# copy running-config

startup-config

Monitoring Voice VLAN

To display voice VLAN configuration for an interface, use the show interfaces interface-id switchport
privileged EXEC command.

Configuration Examples
Example: Configuring Cisco IP Phone Voice Traffic
This example shows how to configure a port connected to a Cisco IP Phone to use the CoS value to classify
incoming traffic and to accept voice and data priority traffic tagged with VLAN ID 0:

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface gigabitethernet 1/0/1

Switch(config-if)# mls qos trust cos
Switch(config-if)# switchport voice vlan dot1p

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
58
 Configuring Voice VLAN
Feature History for Voice VLAN

Switch(config-if)# end

To return the port to its default setting, use the no switchport voice vlan interface configuration command.

Feature History for Voice VLAN

This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted
otherwise.

Release Feature Feature Information

Cisco IOS Release 15.2(7)E1 Voice VLAN The voice VLAN feature enables access ports
to carry IP voice traffic from an IP phone.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco
Feature Navigator, go to http://www.cisco.com/go/cfn.

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
59
 Configuring Voice VLAN
Feature History for Voice VLAN

VLAN Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches)
60