1. Configuring VLANs on a Layer 2 Switch (L2)
A Layer 2 switch forwards traffic based on MAC addresses and requires an external router (or an L3 switch) for inter-VLAN routing.
Step 1: Create VLANs
bashenable
configure terminal
vlan 10
name HR
vlan 20
name IT
exit
Step 2: Assign VLANs to Ports
- Access Mode (for end devices)
bashinterface GigabitEthernet0/1
switchport mode access
switchport access vlan 10
exit
interface GigabitEthernet0/2
switchport mode access
switchport access vlan 20
exit
- Trunk Mode (for uplinks between switches or to routers)
bashinterface GigabitEthernet0/24
switchport mode trunk
switchport trunk allowed vlan 10,20
exit
Step 3: Verify Configuration
bashshow vlan brief
show interfaces trunk
2. Configuring VLANs on a Layer 3 Switch (L3)
A Layer 3 switch can perform inter-VLAN routing without needing an external router.
Step 1: Enable IP Routing
bashenable
configure terminal
ip routing
Step 2: Create VLANs and Assign IP Addresses
bashvlan 10
name HR
vlan 20
name IT
exit
interface Vlan10
ip address 192.168.10.1 255.255.255.0
no shutdown
interface Vlan20
ip address 192.168.20.1 255.255.255.0
no shutdown
Step 3: Assign Physical Ports to VLANs
bashinterface GigabitEthernet0/1
switchport mode access
switchport access vlan 10
exit
interface GigabitEthernet0/2
switchport mode access
switchport access vlan 20
exit
Step 4: Configure a Default Route (Optional)
If this switch needs to communicate with other networks:
bashCopyEditip route 0.0.0.0 0.0.0.0 192.168.1.1
Step 5: Verify Configuration
bashCopyEditshow ip interface brief
show vlan brief
show ip route
Summary
- L2 switch VLANs: Only provide network segmentation, requiring a router (or L3 switch) for inter-VLAN communication.
- L3 switch VLANs: Can route between VLANs directly.