The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This article provides instructions on how to configure Virtual Local Area Network (VLAN) interface settings on an Sx350, SG350X, or SG550X Series Switch.
A VLAN allows you to logically segment a Local Area Network (LAN) into different broadcast domains. In scenarios where sensitive data may be broadcast on a network, VLANs can be created to enhance security by designating a broadcast to a specific VLAN. Only users that belong to a VLAN are able to access and manipulate the data on that VLAN. VLANs can also be used to enhance performance by reducing the need to send broadcasts and multicasts to unnecessary destinations.
You can create a VLAN, but this has no effect until the VLAN is attached to at least one port, either manually or dynamically. Ports must always belong to one or more VLANs.
Each VLAN must be configured with a unique VLAN ID (VID) with a value from 1 to 4094. The device reserves VID 4095 as the Discard VLAN. All packets classified to the Discard VLAN are discarded at ingress, and are not forwarded to a port.
Before proceeding with the steps below, make sure VLANs have been configured on the switch. To know how to configure VLAN settings on your switch, click here for instructions.
Step 1. Log in to the web-based utility and choose Advanced from the Display Mode drop-down list.
Step 2. Choose VLAN Management >Interface Settings.
Note: The available menu options may vary depending on the switch that you have. In this example, SG350X switch is used.
Step 3. To globally configure the Ethernet type used into a Service Provider Virtual Local Area Networks (S-VLANs) tag, choose from the following options:
Note: In this example, Dot1q - 8100 is chosen.
The configuration is applied to all network node interfaces (NNIs). All non-edge interfaces are considered as NNIs. The edge interface is an interface that has one of the following modes:
Note: For instructions on how to configure VLAN Mapping on the switch, click here.
Step 4. Click Apply.
Step 5. Choose an interface from the Interface Type drop-down list.
Note: In this example, Port of Unit 1 is chosen.
Step 6. Click Go to bring up a list of ports or LAGs on the interface.
Step 7. Click the radio button for the port or LAG you want to modify.
Note: In this example, GE2 is chosen.
Step 8. Scroll down the page then click Edit.
Step 9. (Optional) Click the radio button that corresponds to the desired Interface.
Note: In this example, port GE2 of Unit 1 is chosen.
Step 10. Click the radio button of your preferred Switchport Mode.
Note: In this example, Layer 2 is chosen.
Step 11. Choose the option that corresponds to the desired VLAN mode for the interface.
Note: In this example, Private VLAN - Host is chosen.
Step 12. (Optional) To change the global configuration of the Ethernet type used into an S-VLAN tag, choose from the following options:
Note: In this example, the Ethertype global configuration is retained.
Step 13. (Optional) Click the radio button that corresponds to the desired frame type that the interface can receive. Frames that are not this frame type are discarded at ingress.
Note: In this example, Admit Tagged Only is clicked.
Step 14. (Optional) Check Enable to enable ingress filtering on the interface. When ingress filtering is enabled, the interface discards all incoming frames that are classified as VLANs of which the interface is not a member.
Note: Ingress filtering is always enabled on access ports and trunk ports.
Step 15. (Optional) Choose the primary VLAN from the Private VLAN drop-down list. The primary VLAN is used to allow Layer 2 connectivity from promiscuous ports to isolated ports and to community ports.
Note: Alternatively, you can choose None if the interface is not in private VLAN mode. If None is chosen, skip to Step 18.
Step 16. (Optional) Choose an isolated or community VLAN for those hosts that only require a single secondary VLAN.
Note: The Secondary VLAN - Host drop-down list is only available if Private VLAN - Host is clicked in Step 11.
Note: In this example, VLAN 20 (I) is chosen.
Step 17. (Optional) For promiscuous ports, choose all secondary VLANs that are required for normal packet forwarding from the Available Secondary VLANs then click the > button. Promiscuous and trunk ports can be members in multiple VLANs.
Note: These areas are only available if Private VLAN - Promiscuous is clicked in Step 11.
Note: In this example, VLAN 20 (I) is moved to the Selected Secondary VLANs area.
Step 18. Click Apply then click Close.
Step 19. (Optional) Click Save to save settings to the startup configuration file.
You have now configured the VLAN interface settings on your Sx350, SG350X, or Sx550X Series Switch.
Other links you might find valuable