VLAN Commands
  • 10 Jul 2024
  • 18 Minutes to read
  • Contributors
  • PDF

VLAN Commands

  • PDF

Article summary

VLANs (Virtual LANs) can be considered a group of devices on different physical LAN segments that can communicate with one another as if they were all on the same physical LAN segment. VLANs are highly flexible because they are configured through software rather than hardware.

VLAN CLI commands are categorized as follows:

Configuration Commands

This section includes VLAN configuration commands.

bridge-mode

Command Objective:

This command configures the bridge mode of the switch.

Syntax:

bridge-mode { customer | provider-edge }


Notes:

It is strongly recommended to use provider-edge mode.

Other modes such as provider and provider-core are not supported.


Parameter Description:

  • customer - Sets the bridge to Customer Bridge Mode which allows the switch to operate as a 802.1Q VLAN Bridge.
  • provider-edge - Sets the bridge to Provider Edge Bridge Mode which allows the switch to operate as a 802.1ad provider edge bridge with S-VLAN component and at least one C-VLAN component.
    Note: This parameter executes only if GARP, MRP, ELPS, ECFM and spanning tree modules are shutdown.

Mode:
Global Configuration Mode / Switch Configuration Mode

Example:

Your Product(config)# bridge-mode provider-edge 

interface range

Command Objective:

This command selects the range of physical interfaces and VLAN interfaces to be configured.

The no form of the command selects the range of VLAN interfaces to be removed.


Notes:

This command is a complete standardized implementation of the existing command.

This feature has been included in adherence to the Industry Standard CLI syntax.


Syntax:

interface range ( { < interface-type > < slot/port-port >} | {vlan < vlan-id(1-4094) > - < vlan-id(2-4094) >})

no interface range vlan < vlan-id(1-4094) > - < vlan-id(2-4094) >

Parameter Description:

  • < interface type > – Selects the range of the specified interface. The interface can be:
    • fastethernet – A version of LAN standard architecture that supports data transfer up to 100 Megabits per second. This is officially referred to as 100BASE-T standard.
    • gigabitethernet – A version of LAN standard architecture that supports data transfer up to 1 Gigabit per second.
    • extreme-ethernet – A version of Ethernet that supports data transfer up to 10 Gigabits per second. This Ethernet supports only full duplex links.
    • internal-lan – Internal LAN created on a bridge per IEEE 802.1ap.
    • port-channel – Logical interface that represents an aggregator which contains several ports aggregated together.
  • < slot/port-port > - Selects the range of the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash, for interface type other than internal-lan and port-channel. Only i-lan or port-channel ID is provided, for interface types internal-lan and port-channel.
  • vlan < vlan-id(1-4094) > - < vlan-id(2-4094) > - Selects the range of the specified VLAN ID. This is a unique value that represents the specific VLAN created and activated. This value ranges from 1 to 4094.

    For specifying the interface VLAN range, space should be provided before and after the dash. That is, the command interface range vlan 1 – 4 is valid, whereas the command interface range vlan 1– 4 is not valid.

Mode:
Global Configuration Mode


Note: For port channel range, the specified range must be configured using the interface command.

Example:

Your Product(config)# interface range gigabitethernet 0/1 vlan 1-2
Your Product(config-if-range)#
Your Product(config)# interface range vlan 1 - 2 gigabitethernet 0/1
Your Product(config-if-range)#

lldp-tunnel-address

Command Objective:
This command configures the destination MAC address to be used in tunneled LLDP PDUs.

Syntax:
lldp-tunnel-address < aa:aa:aa:aa:aa:aa >

Mode:
Global Configuration Mode / Switch Configuration Mode

Default:
01:00:0c:cd:cd:d8

Example:

Your Product (config)# lldp-tunnel-address 01:02:04:03:06:09

provider-bridge ecfm-tunnel-address

Command Objective:
This command configures the destination MAC address to be used in tunneled ECFM PDUs.

Syntax:
provider-bridge ecfm-tunnel-address aa:aa:aa:aa:aa:aa

Mode:
Global Configuration Mode / Switch Configuration Mode

Default:
01:00:0c:cd:cd:d9

Example:

Your Product (config)# provider-bridge ecfm-tunnel-address 01:02:03:04:07:08

service-type

Command Objective:
This command configures the service type for a VLAN.

Syntax:
service-type {e-line | e-lan}

Parameter Description:

  • e-line - Sets the service type of VLAN as two points of customer attachments in the Provider Network.
  • e-lan- Sets the service type of VLAN as multiple points of customer attachments in the Provider Network.

Mode:
Config-VLAN Mode

Default:
e-lan


Note: To configure the service type as:

e-line – there must be two member ports for a given service VLAN.

e-lan – No restriction on the number of member ports for a given service VLAN.


Example:

Your Product(config-vlan)# service-type e-line

stp-tunnel-address

Command Objective:
This command configures the multicast destination MAC address to be used in tunneled STP BPDUs.

When STP tunneling is enabled on a port, this MAC address will be used as the destination MAC address of the customer BPDUs received.

Inside a given Network, BPDUs received with this MAC address will be treated as data packets and is not processed.

When the BPDU is sent out of the given Network, this MAC address will be replaced with the reserved address defined for Customer STP BPDU. This is done only when STP protocol tunnel status is set to Tunnel on the outgoing port else the packets are dropped

Syntax:
stp-tunnel-address aa:aa:aa:aa:aa:aa

Mode:
Global Configuration Mode

Default:
01:00:0c:cd:cd:d0

Prerequisites:

  • This command executes only if VLAN is started in the switch
  • STP tunneling must be enabled to make this address effective.
  • A specific MAC address can be assigned to any one of the L2 protocols DOT1X/ LACP/ STP/ GVRP/ ELMI/ LLDP/EOAM tunneling.

Example:

Your Product(config)# stp-tunnel-address 01:00:00:00:22:44

switchport customer-vlan

Command Objective:
This command configures an entry in the Customer VLAN Identification (C-VID) registration table.

The no form of the command deletes entry in the C-VID registration table.


Note: This command is not supported for BCM target except for BCM SDK 580.

Syntax:
switchport customer-vlan < vlan-id(1-4095) > service-vlan < vlan-id/vfi_id > [untagged-pep {true|false}]

no switchport customer-vlan < vlan-id (1-4095) >

Parameter Description:

  • customer-vlan < vlan-id (1-4095) > - Configures the VLAN ID to which the C-VID registration is to be done. This is a unique value that represents the specific VLAN created. This value ranges from 1 to 4095.
  • service vlan< vlan-id/vfi_id > – Configures the service VLAN/ VFI ID. This value ranges from 1 to 65535.
    • < vlan –id > – VLAN ID is a unique value that represents the specific VLAN. This value ranges from 1 to 4094.
    • < vfi-id > – VFI ID is a VLAN created in the system which contains Pseudo wires and Attachment Circuits as member ports. This creates a logical LAN for the VPLS service. This value ranges from 4096 to 65535.
      Notes:

      The VLAN ID 4095 is reserved and may be used to indicate a wildcard match for the VID in management operations or Filtering Database entries.​

      VFI IDs 4096 and 4097 are reserved identifiers used in MPLS PW.

      The theoretical maximum for the maximum number of VFI is 65535 but the actual number of VFI supported is a sizing constant. Based on this, the maximum number of VFI ID accepted in the management interface is restricted. For example, if 100 VFIs are supported, the maximum number of VFI supported will be restricted to maximum number of VLANs plus 100. An error message is displayed for any value beyond this range.


  • untagged-pep – Sets Untagged Provider Edge Port. The options are:
    • true – Enables the untagged provider edge port.
    • false – Disables the untagged provider edge port.

Mode:
Interface Configuration Mode (Physical / Port channel)

Default:

  • untagged-pep - false


Note: This command executes only if the bridge mode is set as provider-edge and bridge port type is set as customerEdgePort.

Example:

Your Product(config-if)# switchport customer-vlan 4 service-vlan 5

switchport [dot1q] ether-type

Command Objective:
This command configures port Ingress/Egress ether-type.

The no form of the command resets port Ingress/Egress ether-type.

Syntax:
switchport [dot1q] { ingress | egress } ( [ether-type <size(1-65535)> ] [inner-ether-type <size(1-65535)>] )

no switchport [dot1q] { ingress | egress } {ether-type | inner-ether-type}

Parameter Description:

  • dot1q - Enables dot1q tunneling for the specified ether-type.
  • ingress - Configures Ingress ether-type and hence allows the service provider to support tunneling. Packets received on a port are considered tagged when the packet ether type matches with the port ether type configured.
  • egress - Configures Egress ether-type This object indicates the ether type of the S-VLAN tag that has to be applied for all the outgoing packets on this port. If a valid value is in this object, all the packets which are outgoing on this port will contain the ether type as configured in this object.
  • ether-type <size(1-65535)> - Specifies the value of the ethertype itself. For example: 0x8100
  • inner-ether-type <size(1-65535)>] - Configures the inner ether-type. This value ranges from 1 to 65535.

Mode:
Interface Configuration Mode (Physical / Port channel)

Example:

Your Product(config-if)# switchport dot1q ingress ether-type 0x8100

switchport outer-customer-vlan

Command Objective:
This command configures an entry in Double-Tagged C-VID registration table.

The no form of this command deletes entry in the Double-Tagged C-VID registration table.

Syntax:
switchport outer-customer-vlan <vlan-id(1-4095)> inner-customer-vlan <vlan-id(1-4095)> service-vlan <vlan-id/vfi_id> [relay-vlan-id <integer(1-4094)>]

no switchport outer-customer-vlan <vlan-id(1-4094)> inner-customer-vlan <vlan-id(1-4094)>

Parameter Description:

  • outer-customer-vlan <integer(1-4095)> - Configures the outer customer VLAN. This value ranges from 1 to 4095.
  • service vlan< vlan-id/vfi_id > – Configures service VLAN Interface configuration for the specified VLAN / VFI ID. This value ranges from 1 to 65535.
    • < vlan –id > – VLAN ID is a unique value that represents the specific VLAN. This value ranges from 1 to 4094.
    • < vfi-id > – VFI ID is a VLAN created in the system which contains Pseudo wires and Attachment Circuits as member ports. This creates a logical LAN for the VPLS service. This value ranges from 4096 to 65535.
      Notes:

      The VLAN ID 4095 is reserved and may be used to indicate a wildcard match for the VID in management operations or Filtering Database entries.​

      VFI IDs 4096 and 4097 are reserved identifiers used in MPLS PW.

      The theoretical maximum for the maximum number of VFI is 65535 but the actual number of VFI supported is a sizing constant. Based on this, the maximum number of VFI ID accepted in the management interface is restricted. For example, if 100 VFIs are supported, the maximum number of VFI supported will be restricted to maximum number of VLANs plus 100. An error message is displayed for any value beyond this range.


  • relay-vlan-id < integer(1-4094) > – Configures the relay VLAN identifier. This value ranges from 1 to 4094.

Mode:
Interface Configuration Mode


Note: This command executes only if the bridge mode is set as provider-edge and bridge port type is set as customerEdgePort.

Example:

Your Product (config-if)# switchport outer-customer-vlan 10 inner-customer-vlan 20 service-vlan 100

switchport three-tagged-pnp tunnel

Command Objective:
This command configures the VLAN related parameters for Three Tagged PNP port

The no form of this command resets the value of VLAN related parameters to default for Three Tagged PNP port

Syntax:
switchport three-tagged-pnp tunnel {[vlan <vlan-id(1-4095)>][ethertype <size(1-65535)>][priority <priority value(0-7)>][use-dei {true | false}]}

no switchport three-tagged-pnp tunnel [vlan][ethertype][priority][use-dei]

Parameter Description:

  • vlan <vlan-id(1-4095)> - Configures the VLAN identifier for the three-tagged-pnp tunnel. This value ranges from 1 to 4095.
  • ethertype <size(1-65535)> - Configures the size of the ether-type. This value ranges from 1 to 65535.
  • priority <priority value(0-7)> - Configures the priority value to be set for the specified vlan. This value ranges from 0 to 7.
  • use-dei – Configures the use_dei (Drop Eligibility Indicator) for the service-instance.
    • true – Configures the value for drop eligibility indicator as true
    • false – Configures the value for drop eligibility indicator as false

Mode:
Interface Configuration Mode


Note: This command executes only if the bridge mode is set as provider-edge.

Example:

Your Product (config-if)# switchport three-tagged-pnp tunnel vlan 15

vlan

Command Objective:
This command creates a VLAN / VFI ID and enters into the config-VLAN mode in which VLAN specific configurations are done. This command directly enters into the config-VLAN mode for the specified VLAN / VFI ID, if the VLAN is already created.

Syntax:
vlan < vlan-id/vfi_id >

no vlan < vlan-id/vfi_id >

Parameter Description:

  • < vlan –id > - This is a unique value that represents the specific VLAN. This value ranges from 1 to 4094.
  • < vfi-id > - VFI ID is a VLAN created in the system which contains Pseudo wires and Attachment Circuits as member ports. This creates a logical LAN for the VPLS service. This value ranges from 4096 to 65535.


Notes:

The VLAN ID 4095 is reserved and may be used to indicate a wildcard match for the VID in management operations or Filtering Database entries.

VFI IDs 4096 and 4097 are reserved identifiers used in MPLS PW.

The theoretical maximum for the maximum number of VFI is 65535 but the actual number of VFI supported is a sizing constant. Based on this, the maximum number of VFI ID accepted in the management interface is restricted. For example if 100 VFIs are supported, the maximum number of VFI supported will be restricted to maximum number of VLANs + 100. An error message is displayed for any value beyond this range.


Mode:
Global Configuration Mode/ Switch Configuration Mode

Default:
By default VLAN 1 is created


Notes:

The Native VLAN (VLAN 1) created by default cannot be deleted using the no form of the command.

For default VLAN 1, interface VLAN configuration alone is permitted and no other configuration on this VLAN is allowed, if the base bridge mode is set as transparent bridging. No new VLAN can be created, if the base bridge mode is set as transparent bridging.

The creation of new VLAN and configuration of existing VLAN can be done, only if the VLAN switching feature is started and enabled in the switch.


Example:

Your Product(config-switch)# vlan 4
Your Product(config-switch-vlan)#

vlan active

Command Objective:
This command activates a VLAN in the switch. The created VLANs should be active for further VLAN related configurations. The VLAN can also be activated using ports command.

Syntax:
vlan active

Mode:
Config-VLAN Mode

Default:
Only default VLAN (VLAN 1) is activated once the switch is started.


Note: VLAN cannot be made active if base bridge mode is set as transparent bridging.

Example:

Your Product(config-vlan)# vlan active

Display Commands

This section includes VLAN display commands.

show double-tagged-cep service vlan

Command Objective:
This command displays double-tagged service VLAN translation information.

Syntax:
show double-tagged-cep service vlan [{outer-cvlan < vlan-id(1-4095) > | inner-cvlan < vlan-id(1-4095) > | interface < interface-type > < interface-id > }]

Parameter Description:

  • outer-cvlan < vlan-id(1-4095) > - Displays the configured outer customer VLAN. This value ranges from 1 to 4095.
  • inner-cvlan < vlan-id(1-4095) > - Displays the configured inner customer VLAN. This value ranges from 1 to 4095.
  • < interface-type > - Displays the double-tagged service VLAN translation configuration for the specified type of interface.
  • < interface-id > - Displays the double-tagged service VLAN translation configuration for the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash for interface type other than internal-lan and port-channel. For Example: 0/1 represents that the slot number is 0 and port number is 1. Only internal-lan virtual and port-channel ID is provided for interface types internal-lan, virtual and port-channel. For Example: 1 represents internal-lan and port-channel ID.

Mode:
Privileged EXEC Mode

Example:

Your Product # show double-tagged-cep service vlan
Switch default

Port  SVLAN  Outer  Inner    Relay
             CVLAN  CVLAN    CVLAN
-------------------------------------
Xl0/2  2      10    20       20
Xl0/2  3      100   200      5

show three-tagged-pnp

Command Objective:
This command displays three-tagged PNP related VLAN configuration information.

Syntax:
show three-tagged-pnp [interface < interface-type > < interface-id >] vlan config

Parameter Description:

  • < interface-type > - Displays the three-tagged PNP related VLAN configuration for the specified type of interface.
  • < interface-id > - Displays the three-tagged PNP related VLAN configuration for the specified interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash for interface type other than internal-lan and port-channel. For Example: 0/1 represents that the slot number is 0 and port number is 1. Only internal-lan virtual and port-channel ID is provided for interface types internal-lan, virtual and port-channel. For Example: 1 represents internal-lan and port-channel ID.
  • vlan config - Displays the three-tagged PNP related VLAN configuration details.

Mode:
Privileged EXEC Mode

Example:

Your Product # show three-tagged-pnp vlan config
Switch default 

Port  Tunnel   Tunnel      Tunnel    Tunnnel
       VLAN   EtherType   Priority   CFI/DEI
---------------------------------------------------
Xl0/4    1000   0x9100      0          0

show vlan

Command Objective:
This command displays VLAN entry related information of all active and inactive VLANs for which the port details are configured.

The information contains the member ports, untagged ports, forbidden ports, VLAN name and the status of that VLAN entry.


Note: This command is only available if the switch NPAPI_WANTED is set as no during the compilation of the exe.

Syntax:
If switch L2RED_WANTED is set as no during compilation of exe:

show vlan [brief | id < vlan-range > | summary | ascending] [ switch < context_name >]

If switch L2RED_WANTED is set as yes during compilation of exe:

show vlan [{brief | id < vlan-range > | summary | redundancy | ascending}] [ switch <context_name>]

Parameter Description:

  • brief - Displays VLAN entry related information of all active and inactive VLANs for which the port details are configured.
  • id < vlan-range > - Displays the VLAN entry related information for specified VLANs alone. This value denotes the VLAN ID range for which the information needs to be displayed. This value ranges from 1 to 4094. For example, the value is provided as 4000-4010 to display the information for VLANs IDs from 4000 to 4010. The information is displays VLAN entry related information of all active and inactive VLANs for which the port details are configured.
  • summary - Displays only the total number of VLANs existing in the switch. This includes only the active VLANs and inactive VLANs for which the port details are configured. The VLAN entry related information is not displayed.
  • redundancy - Displays the VLAN entry related information for standby node.
  • ascending - Displays the VLAN entry related information in ascending order.
  • switch < context_name > - Displays the VLAN entry related information or total number of existing VLANs for the specified context. This value represents unique name of the switch context. This value is a string whose maximum size is 32. This parameter is specific to multiple instance feature.


Note: After configuring beaconer to use C-VLAN tagged traffic and properly pushing the ZTP configuration, the VLAN configurations returned by this command do not entirely reflect the expected Ethertype 0x8100 for the VLAN and each interface associated to it. This is the expected behavior as per requirements and implementation choices.

This command only executes if the VLAN switching feature is started and enabled in the switch.


Mode:
Privileged EXEC Mode

Example:

Your Product# show vlan summary
Switch default

Number of vlans : 5

Switch sw1
Number of vlans : 1

Switch sw2
Number of vlans : 2

Switch sw3
Number of vlans : 1

show vlan port config

Command Objective:
This command displays the VLAN related port specific information for all interfaces available in the switch and all contexts.

Syntax:
show vlan port config [{port < interface-type > < interface-id > | switch < context_name >}]

Parameter Description:

  • port - Displays the VLAN related port specific information for the specified interface.

  • < interface-type > - Sets the type of interface (fastethernet, gigabitethernet, extreme-ethernet, internal-lan, port-channel, virtual).

  • < interface-id > - Sets the interface identifier. This is a unique value that represents the specific interface. This value is a combination of slot number and port number separated by a slash for interface type other than internal-lan, virtual and port-channel. Only i-lan , virtual or port-channel ID is provided for interface types internal-lan, virtual and port-channel.

  • switch < context_name > - Displays the VLAN related port specific information, for the specified context. This value represents unique name of the switch context. This value is a string with the maximum size as 32. This parameter is specific to multiple instance feature.


Note: After configuring beaconer to use C-VLAN tagged traffic and properly pushing the ZTP configuration, the VLAN configurations returned by this command do not entirely reflect the expected Ethertype 0x8100 for the VLAN and each interface associated to it. This is the expected behavior as per requirements and implementation choices.

This command only executes if the VLAN switching feature is started and enabled in the switch.


Mode:
Privileged EXEC Mode

Example:

Your Product# show vlan port config
Switch default

Vlan Port configuration table
-------------------------------
Port Gi0/1
 Port Vlan ID                        : 
 Port Acceptable Frame Type          : Admit All
 Port Ingress Filtering              : Disabled
 Port Mode                           : Hybrid
 Port Gvrp Status                    : Enabled
 Port Gmrp Status                    : Enabled
 Port Gvrp Failed Registrations      : 0
 Gvrp last pdu origin                : 00:00:00:00:00:00
 Port Restricted Vlan Registration   : Disabled
 Port Restricted Group Registration  : Disabled
 Mac Based Support                   : Disabled
 Subnet Based Support                : Disabled
 Port-and-Protocol Based Support     : Enabled
 Default Priority                    : 0
 Filtering Utility Criteria          : Default
 Port Protected Status               : Disabled
 Ingress EtherType                   : 0x8100
 Egress EtherType                    : 0x8100
 Egress TPID Type                    : Portbased
 Allowable TPID 1                    : 0x0
 Allowable TPID 2                    : 0x0
 Allowable TPID 3                    : 0x0
 Reflection Status                   : Enabled
 -------------------------------------------------------
Port Gi0/2
 Port Vlan ID                        : 1
 Port Acceptable Frame Type          : Admit All
 Port Ingress Filtering              : Disabled
 Port Mode                           : Hybrid
 Port Gvrp Status                    : Enabled
 Port Gmrp Status                    : Enabled
 Port Gvrp Failed Registrations      : 0
 Gvrp last pdu origin                : 00:00:00:00:00:00
 Port Restricted Vlan Registration   : Disabled
 Port Restricted Group Registration  : Disabled
 Mac Based Support                   : Disabled
 Subnet Based Support                : Disabled
 Port-and-Protocol Based Support     : Enabled
 Default Priority                    : 0
 Filtering Utility Criteria          : Default
 Port Protected Status               : Disabled
 Ingress EtherType                   : 0x8100
 Egress EtherType                    : 0x8100
 Egress TPID Type                    : Portbased
 Allowable TPID 1                    : 0x0
 Allowable TPID 2                    : 0x0
 Allowable TPID 3                    : 0x0
 Reflection Status                   : Enabled
 -------------------------------------------------------

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.