A Layer 2 VLAN is the VLAN created in the switch and not configured with the interface vlan <vlan_number> command. Hosts in the different Layer 2 VLANs cannot communicate with each other.
Complete these steps in order to create a Layer 2 VLAN and isolate it from older VLANs:
- Create the new VLAN in the database. When you exit vlan database mode, the configuration changes are applied.
Switch#vlan database !--- You must enter into VLAN database mode in order to !--- configure any VLAN. Switch(vlan)#vlan 5 VLAN 5 added: Name: VLAN0005 Switch(vlan)#vlan 6 VLAN 6 added: Name: VLAN0006 Switch(vlan)#exit APPLY completed. Exiting....- Make sure the VLAN is created in the vlan database. The new VLAN must appear in the output of the show vlan command.
- Do not set an IP address to the newly created VLANs.
- Configure physical interfaces that connect the clients to the corresponding VLAN.
Switch(config)#interface fastEthernet 2/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 5 Switch(config-if)#no shut Switch(config)#interface fastEthernet 2/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 6 Switch(config-if)#no shut- Assign to each host a static IP address, subnet mask, and do not set a default gateway. This causes hosts on the ports fa 2/1 and 2/2 to not communicate with each other. Devices that belong to one VLAN do not reach anything else but devices within the same VLAN.
Complete document found here.
No comments:
Post a Comment