Configurando vlans em switchs Cisco

Por /

A seguir vou relacionar os comandos básicos para trabalhar com VLANs em switchs Cisco.

1. Atribuindo um IP à VLAN para acesso remoto. Também é aconselhável configurar o default gateway.

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.5 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#end
Switch#
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#ip default-gateway 192.168.1.1
Switch(config)#end
Switch#

2. Criando uma nova VLAN e atribuindo portas a ela:

! Cria a VLAN 10, dá um nome a ela e atribui a porta f0/4 a ela
Switch#
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name Vendas
Switch(config-vlan)#exit
Switch(config)#interface f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#end
Switch#
! Atribui as portas g0/1 e g0/2 à VLAN 10
Switch#
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#interface range g0/1-2
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#end
Switch#

3. Verificar se tudo está ok:

Switch#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol 
FastEthernet0/1        unassigned      YES manual down                  down 
FastEthernet0/2        unassigned      YES manual down                  down 
[resultados do comando omitidos]
FastEthernet0/24       unassigned      YES manual down                  down 
GigabitEthernet0/1     unassigned      YES manual down                  down 
GigabitEthernet0/2     unassigned      YES manual down                  down 
Vlan1                  192.168.1.5     YES manual up                    down 
Vlan10                 unassigned      YES manual up                    down
Switch# 
Switch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24
10   Vendas                           active    Fa0/4, Gig0/1, Gig0/2

Considerando que não se deve usar a VLAN 1, por questões de segurança, a configuração ideal em uma rede com as VLANs 10, 20, 30 e 40 e a vlan fantasma 666, é a seguinte:

Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name Marketing
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name Financeiro
Switch(config-vlan)#vlan 30
Switch(config-vlan)#name TI
Switch(config-vlan)#vlan 40
Switch(config-vlan)#name Guest
Switch(config-vlan)#vlan 666
Switch(config-vlan)#name vlan_fantasma
Switch(config-vlan)#interface range F0/1-10
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range F0/11-14
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#interface range F0/15-16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 30
Switch(config-if-range)#exit
Switch(config)#interface range F0/17-24
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 40
Switch(config-if-range)#exit
Switch(config)#interface range GigabitEthernet 0/2
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 666
Switch(config-if-range)#shutdown

%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
Switch(config-if-range)#exit
Switch(config)#interface GigabitEthernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 666
Switch(config-if)#switchport trunk allowed vlan 10,20,30,40
Switch(config-if)#exit
Switch(config)#end
Switch#copy running-config startup-config
%SYS-5-CONFIG_I: Configured from console by console

Destination filename [startup-config]? 
Building configuration...
[OK]
Switch#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gig0/1
10   Marketing                        active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10
20   Financeiro                       active    Fa0/11, Fa0/12, Fa0/13, Fa0/14
30   TI                               active    Fa0/15, Fa0/16
40   Guest                            active    Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
666  vlan_fantasma                    active    Gig0/2

Os comandos acima criam as VLANs necessárias, atribuem as portas do switch a cada VLAN, derrubam a porta que não está sendo utilizada (G0/2) e configuram a porta G0/1 como trunk, permitindo somente as VLANs corretas.

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Rolar para cima