Configuring Static VLAN

Static VLANs which are also known as port-based VLANs are created by manually assigning ports to a VLAN. When a device is connected to a port it automatically assumes the VLAN that the port is assigned to. The following configuration section elaborates on the creation of member ports: untagged ports and forbidden ports.

  1. Login into the device using either SSH or the console port. For instructions on this, refer to the Quick Start Guide.

    You should see a command prompt similar to the following.

    iSCom#
  2. Execute the following commands to assign member ports to VLAN 2.

    Type the following:

    iSCom# configure terminal
    iSCom(config)# vlan 2
    iSCom(config-vlan)# ports gigabitethernet 0/2-5 untagged gigabitethernet 0/3
    iSCom(config-vlan)# exit
    iSCom(config)# exit
    iSCom#

    Member ports represent the set of ports permanently assigned to the VLAN egress list. Frames belonging to the specified VLAN are forwarded to the ports in the egress list.

    If the port type is not explicitly specified as untagged, then all ports are configured to be of tagged port type allowing transmission of frames with the specified VLAN tag. The untagged setting allows the port to transmit the frames without a VLAN tag. This setting is used to configure a port connected to an end user device.

    In the above example, the packets for the interface gigabitethernet 0/3 are transmitted without the tag. On all other ports, the packets are transmitted with the tag.

    Type the following:

    show vlan id 2

    The following text should be displayed. 
    Vlan database
    -------------
    Vlan ID             : 2
    Member Ports        : Gi0/2, Gi0/3, Gi0/4, Gi0/5
    Untagged Ports      : Gi0/3
    Forbidden Ports     : None
    Name                :
    Status              : Permanent
    Egress Ethertype    : 0x8100
    Service Loopback Status   : Disabled
    ----------------------------------------------------
    iSCom#
  3. Configure port 1 as forbidden port.

    Type the following:

    iSCom# configure terminal
    iSCom(config)# vlan 2
    iSCom(config-if)# ports gigabitethernet 0/2-5 forbidden gigabitethernet 0/1
    iSCom(config)# end
    iSCom#

    Alternatively, the forbidden setting prevents the port from participating in the specified VLAN activity and ensures that, any dynamic requests for the port to join the VLAN will be ignored.

  4. View the VLAN information by executing the following commands.

    Type the following.

    iSCom# show vlan summary 
    Number of vlans : 2
    iSCom# show vlan
    Vlan database
    -------------
    Vlan ID             : 1
    Member Ports        : Gi0/1
    Untagged Ports      : Gi0/1
    Forbidden Ports     : None
    Name                :
    Status              : Permanent
    Egress Ethertype    : 0x8100
    Service Loopback Status   : Disabled
    ----------------------------------------------------
    Vlan ID             : 2
    Member Ports        : Gi0/2, Gi0/3, Gi0/4, Gi0/5
    Untagged Ports      : None
    Forbidden Ports     : Gi0/1
    Name                :
    Status              : Permanent
    Egress Ethertype    : 0x8100
    Service Loopback Status   : Disabled
    ----------------------------------------------------
    iSCom# show vlan id 2 
    Vlan database
    -------------
    Vlan ID             : 2
    Member Ports        : Gi0/2, Gi0/3, Gi0/4, Gi0/5
    Untagged Ports      : None
    Forbidden Ports     : Gi0/1
    Name                :
    Status              : Permanent
    Egress Ethertype    : 0x8100
    Service Loopback Status   : Disabled
    ----------------------------------------------------
Parent topic: VLAN Configuration