VLAN Creation and Management

VLANs are a core switching concept used in almost every modern network. In this tutorial, you will learn how to create, name, verify, and delete VLANs using Cisco IOS commands, along with understanding where VLANs are stored.

What is a VLAN?

A VLAN (Virtual Local Area Network) is a logical segmentation of a switch network that groups devices as if they were on the same physical LAN, regardless of their physical location.

  • Reduces broadcast traffic
  • Improves network performance
  • Enhances security through isolation
  • Simplifies network management

Each VLAN is identified by a VLAN ID (1 - 4094).

1. Create VLANs

Explanation

By default, all switch ports belong to VLAN 1. To logically separate traffic, new VLANs must be created on the switch.

VLAN creation only defines the VLAN in the switch database. No ports are assigned during this step.

Cisco Prompt Commands

Creating VLAN 10 and 20 on Cisco Switch

NetsTuts_SW1&tg;en
NetsTuts_SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NetsTuts_SW1(config)#vlan 10
NetsTuts_SW1(config-vlan)#exit
NetsTuts_SW1(config)#vlan 20
NetsTuts_SW1(config-vlan)#end
NetsTuts_SW1#
%SYS-5-CONFIG_I: Configured from console by console
wr
Building configuration...
[OK]
NetsTuts_SW1#
Creating VLAN 10 and 20 using global configuration mode.

Note: The exit command is not required after each VLAN creation. You may define multiple VLANs consecutively, as the switch remains in VLAN configuration mode until explicitly exited.

2. Verify VLAN Configuration

After creating and naming VLANs, verification is essential. The show vlan brief command provides a clear summary. 

NetsTuts_SW1#sho vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
10   VLAN0010                         active    
20   VLAN0020                         active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
NetsTuts_SW1#
VLANs 10 and 20 have been successfully created!

3. Name VLANs

Explanation

Naming VLANs allows administrators to easily identify their purpose, especially in large enterprise networks.

  • VLAN 30 - SALES
  • VLAN 40 - HR
  • VLAN 50 - IT

Cisco Prompt Commands

Naming VLANs in Cisco IOS

NetsTuts_SW1>en
NetsTuts_SW1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NetsTuts_SW1(config)#vlan 30
NetsTuts_SW1(config-vlan)#name SALES
NetsTuts_SW1(config-vlan)#vlan 40
NetsTuts_SW1(config-vlan)#name HR
NetsTuts_SW1(config-vlan)#vlan 50
NetsTuts_SW1(config-vlan)#name IT
NetsTuts_SW1(config-vlan)#END
NetsTuts_SW1#
%SYS-5-CONFIG_I: Configured from console by console
wr
Building configuration...
[OK]
NetsTuts_SW1#
Assigning descriptive names to VLANs.

4. Verify naming VLANs Configuration

After creating and naming VLANs, verification is essential. The show vlan brief command provides a clear summary. 

NetsTuts_SW1#sho vla bri

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
30   SALES                            active    
40   HR                               active    
50   IT                               active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
NetsTuts_SW1#
Note: These VLANs are active but show no ports in the "Ports" column, meaning switch ports haven't been assigned yet.

Understanding Legacy Cisco VLANs (1002-1005)

Quick Summary:

These 4 VLANs (1002-1005) are legacy system VLANs that Cisco switches create by default. You cannot delete or modify them - they're reserved for backward compatibility.

What They Are:

1002 fddi-default
  • Reserved for FDDI (Fiber Distributed Data Interface) networks
  • Legacy fiber optic networking technology
1003 token-ring-default
  • Reserved for Token Ring networks
  • Old IBM networking technology (popular in 80s-90s)
1004 fddinet-default
  • Reserved for FDDI Net (FDDI to Ethernet translation)
1005 trnet-default
  • Reserved for Token Ring Net (Token Ring to Ethernet translation)

Key Points:

  • "act/unsup" = "active/unsupported" - they exist but aren't usable on modern Ethernet switches
  • Automatically created on all Cisco switches
  • Cannot be deleted or used for your network traffic
  • Reserved VLAN IDs - you cannot create your own VLANs with these numbers
  • Ignored in practice - just leave them alone, they don't affect your configuration

Modern Relevance:

These are historical artifacts from when switches needed to support multiple networking technologies. Today's networks are almost exclusively Ethernet, so you can safely ignore these VLANs in your configurations and documentation.

VLAN Database Storage (vlan.dat)

Explanation

VLAN information is stored in a separate database file called vlan.dat, located in switch flash memory.

  • Not stored in running-config
  • Not removed by erase startup-config
  • Persists after reload

Cisco Prompt Commands

vlan.dat file in flash memory

Enter dir flash:

NetsTuts_SW1#dir flash:
Directory of flash:/

    1  -rw-     4670455          <no date>  2960-lanbasek9-mz.150-2.SE4.bin
    2  -rw-         676          <no date>  vlan.dat

64016384 bytes total (59345253 bytes free)
NetsTuts_SW1#
VLAN database file (vlan.dat) stored in switch flash.

Actually, you are not seeing two outputs. You are seeing two files listed inside the flash memory.

When you run:

NetsTuts_SW1# dir flash:

IOS is simply saying: “Show me everything stored in flash memory.”

Line-by-Line Explanation

Command Prompt

NetsTuts_SW1# dir flash:
  • You are in privileged EXEC mode
  • flash: is the internal storage of the switch

Header

Directory of flash:/

Confirms you are viewing the root directory of flash.

File 1: IOS Image

1  -rw-     4670455          <no date>  2960-lanbasek9-mz.150-2.SE4.bin
Field Meaning
1 File index
-rw- Permissions (read/write)
4670455 File size (bytes)
<no date> No timestamp stored
2960-lanbasek9-mz.150-2.SE4.bin Cisco IOS image

👉 This is the operating system the switch boots from.

File 2: VLAN Database

2  -rw-         676          <no date>  vlan.dat
Field Meaning
2 File index
-rw- Permissions
676 Very small file size
<no date> No timestamp
vlan.dat VLAN information

👉 This file stores:

  • VLAN IDs
  • VLAN names

It is separate from the running-config.

Summary Line

64016384 bytes total (59345253 bytes free)
  • Total flash size: ~64 MB
  • Free space remaining: ~59 MB

Key Clarification

  • 🔹 These are not two outputs
  • 🔹 This is one command output listing two files

Think of it like running dir or ls on a PC:

  • You run the command once
  • It displays multiple files

Why <no date> Appears

Older switches or certain IOS versions:

  • Do not maintain timestamps in flash
  • Very common on Catalyst 2960

This behavior is normal and expected.

Exam / Interview Takeaway

Question: What does dir flash: show?

Correct Answer:

It displays the contents of the device’s flash memory, including the IOS image and files such as vlan.dat.

Delete VLANs


Delete a Single VLAN

NetsTuts_SW1(config)#
NetsTuts_SW1(config)#no vlan 10
NetsTuts_SW1(config)#
Enter no vlan and its number from the configuration mode.

Delete All VLANs

NetsTuts_SW1#delete flash:vlan.dat
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]

NetsTuts_SW1#reload
System configuration has been modified. Save? [yes/no]:no
Building configuration...
[OK]
Proceed with reload? [confirm]
Removing all VLANs by deleting vlan.dat and reloading.

VLAN Database Cleanup on Cisco Switches

A common task for network administrators is clearing the VLAN database from a Cisco switch. Here's a real example showing the correct commands and why choosing "no" when prompted to save is key.

What's happening:

  • Delete vlan.datRemoves the VLAN database file from flash memory.
  • ReloadReboots the switch to clear the active VLAN database from memory.
  • "Save? [yes/no]: no "Crucial step!" If you answer "yes", the switch recreates vlan.dat, undoing your deletion.
Important Notes:
  • Deleting vlan.dat only removes VLANs from the database, not from running config
  • If VLANs are in startup config, they'll reappear after reload
  • For complete VLAN removal:
    1. Remove VLANs from running config: no vlan [number]
    2. Save changes: write memory
    3. Then delete vlan.dat if no needed

Can be used both dir flash: or show flash to display information about files stored in the switch's flash memory.

TEST WHAT YOU LEARNED

1. Which VLAN ID range is available for creating VLANs on a Cisco switch?

Correct answer is C. The VLAN ID range available for creating VLANs on a Cisco switch is 1 - 4094.

2. Where does a Cisco switch store VLAN ID and name information by default?

Correct answer is C. Cisco switches store VLAN ID and name information by default in a separate vlan.dat file in flash memory.

3. What is the primary benefit of using VLANs in a network?

Correct answer is B. The primary benefit of using VLANs is to reduce broadcast traffic through logical segmentation of the network.

4. Which command correctly shows all VLANs with their names and port assignments?

Correct answer is D. The "show vlan brief" command displays all VLANs with their names and port assignments.

5. What is the status of legacy VLANs 1002-1005 on modern Cisco switches?

Correct answer is B. Legacy VLANs 1002-1005 are reserved, cannot be deleted, and exist for backward compatibility with older network technologies.

6. After creating VLAN 30, what additional command is needed to name it "SALES"?

Correct answer is A. After entering VLAN configuration mode for VLAN 30, use the "name SALES" command to assign the name.

7. What happens if you answer "yes" when prompted to save configuration after deleting vlan.dat and before reloading?

Correct answer is B. If you answer "yes" to save configuration, the switch recreates the vlan.dat file with any VLANs currently in the running configuration.

8. By default, all switch ports belong to which VLAN?

Correct answer is C. By default, all switch ports belong to VLAN 1, which is the default native VLAN.

9. What is the correct sequence to completely remove all VLAN configurations?

Correct answer is A. To completely remove all VLAN configurations, first remove VLANs from running config with "no vlan" commands, then delete vlan.dat, then reload the switch.

10. What does the "act/unsup" status indicate for legacy VLANs 1002-1005?

Correct answer is B. The "act/unsup" status means these legacy VLANs are active but unsupported on modern Ethernet switches (they were for older technologies like FDDI and Token Ring).
Back to Home