To create or configure a VLAN and associate switch ports, follow
these steps:

Step 1 Create the VLAN
Step 2
Verify the VLAN configuration
Step 3 Associate
switch ports with the VLAN
Step 4 Verify the
switch port configuration
Step 5 Test VLAN
connectivity
Step 6 Implement switch and VLAN
security measures
Figure
has the
steps, explained in greater detail:
1. Create or Configure a VLAN
Before assigning a switch port to a
specific VLAN, the VLAN may need to be created. The example below shows the
syntax for creating a VLAN using the IOS interface.
To create a VLAN or
enter vlan configuration mode, use the vlan command:

Switch(config)# vlan
vlan_id
2. Verify VLAN Configuration
Execute the show
vlan command from privileged EXEC mode. It displays information
about a particular VLAN.
The fields in
the show vlan command output are:

3. Associate Switch Ports with the VLAN
Switch ports that are to
function at Layer 2 and carry traffic for a single VLAN are configured as
access switch ports and are assigned an access VLAN.
To configure a Layer
2 switch port as an access port use:

Switch(config-if)#switchport mode
access
To assign the access port to a specific VLAN:

Switch(config-if)#switchport access vlanvlan_id
4. Verify Switch Port Configuration
The following commands are
useful for verifying that a switch port is configured as intended:

show interfacetype slot/port
switchport
show
running-config interfacetype slot/port
show vlan
Show
Running-Config interface
Switch#show
running-config interface fastethernet 5/6
Building
configuration...
!
Current configuration :33
bytes
interface FastEthernet 5/6
switchport
access vlan 200
switchport mode
access
end
5. Test VLAN Connectivity
After placing a device on the
configured switch port, these steps will help verify if the device is
connecting to the VLAN as intended:
Step 1 Ensure that
the connected device has a correctly configured IP address and a subnet mask
that places it on the same network as the default gateway.
Step 2 Ping the default gateway.
Step 3 If the ping to default gateway is successful, the
VLAN configuration and the IP address configuration have been
verified.
6. Implement Switch and VLAN Security
Measures
When implementing VLANs, there are a few measures that
should be considered to secure the VLAN and the switch itself. The security
policy of the organization will likely have more detailed recommendations, but
these can provide a foundation. Security will be covered in more detail in the
"Securing Your Multilayer Network to Minimize Service Loss and Data
Theft" module.
- Create a "parking-lot" VLAN with a VLAN ID other than VLAN1 and
place all unused switch ports in this VLAN. This VLAN may provide the user with
some minimal network connectivity. (Check on the security policy of your
organization before implementing.)
- Disable unused switch ports depending on the security policy of the
organization.