Command Reference Guide

Administering Virtual LANs (VLANs)

A virtual LAN (VLAN) is a logical definition of a network work group. It is roughly equivalent to a broadcast domain. A VLAN interface is your system's point of attachment to a given VLAN. A VLAN and a VLAN interface are analogous to an IP subnetwork and an IP interface.

For more information about VLANs, see the Implementation Guide for your system.

Menu Structure

The commands that you can use depend on the system that you have, your level of access, and the types of modules and other hardware options that are configured for your system. The following diagram shows the complete list of commands for all systems. See the checklist at the beginning of each command description in this chapter for whether your system supports the command.

The bridge vlan stpMode command is available only when you enable allClosed mode on the CoreBuilder 3500 system or the CoreBuilder 9000 Layer 3 switching module. The command does not appear when you are using the default VLAN mode (allOpen) or when you use allClosed mode on a Layer 2 system or module.

bridge vlan summary

Displays a summary of VLAN information. In a summary report, the system displays the ports and protocols that are assigned to each VLAN.

Prompt	Description	Possible Values	[Default]
VLAN interface index	Index numbers of the VLAN interfaces for which you want summary information	One or more selectable VLAN interface index numbers all ? (for a list of selectable indexes)	1 (if you have only one VLAN)

Fields in the Bridge VLAN Summary Display

Field

Description

Index

System-assigned index number that identifies a VLAN. Statistics appear in the display for the VLAN that you specify.

Name

Character string of from 0 to 32 bytes that identifies the VLAN

Origin

For all platforms except the CoreBuilder 3500, the VLAN origin is always static, which indicates that the VLAN was created by the user. For the CoreBuilder 3500, the origin indicates whether the VLAN was created statically (static) or created dynamically from a GVRP update (GVRP). The GVRP state must be enabled both as a bridge-wide parameter and for the participating bridge ports as a bridge-port parameter.

Ports

Numbers (indexes) of the bridge ports that belong to the VLAN.
On the CoreBuilder 9000, the list of ports includes the front-panel ports and the appropriate backplane ports. Example: On a 12-port Layer 3 module, the list of ports includes ports 1 - 12 and port 13, which is the module's backplane port).

Type (VLAN mode)

Either allOpen or allClosed. VLANs in allOpen mode share a single address table for all configured VLANs; in allClosed mode, each VLAN has its own unique address table. Standard bridging rules apply based on the table addresses that are assigned to the specific VLAN.

VID

VLAN ID; the unique, user-defined integer that identifies this VLAN. It is used by management operations.

Field	Description
Index	System-assigned index number that identifies a VLAN. Statistics appear in the display for the VLAN that you specify.
Name	Character string of from `0` to `32` bytes that identifies the VLAN
Origin	For all platforms except the CoreBuilder 3500, the VLAN origin is always `static`, which indicates that the VLAN was created by the user. For the CoreBuilder 3500, the origin indicates whether the VLAN was created statically (`static)` or created dynamically from a GVRP update (`GVRP`). The GVRP state must be enabled both as a bridge-wide parameter and for the participating bridge ports as a bridge-port parameter.
Ports	Numbers (indexes) of the bridge ports that belong to the VLAN. On the CoreBuilder 9000, the list of ports includes the front-panel ports and the appropriate backplane ports. Example: On a 12-port Layer 3 module, the list of ports includes ports 1 - 12 and port 13, which is the module's backplane port).
Type (VLAN mode)	Either `allOpen` or `allClosed`. VLANs in allOpen mode share a single address table for all configured VLANs; in allClosed mode, each VLAN has its own unique address table. Standard bridging rules apply based on the table addresses that are assigned to the specific VLAN.
VID	VLAN ID; the unique, user-defined integer that identifies this VLAN. It is used by management operations.

bridge vlan detail

Displays per-port information such as tagging in addition to the VLAN summary information. For the CoreBuilder 3500 and the CoreBuilder 9000 Layer 3 switching modules, this command also displays VLAN statistics.

Valid Minimum Abbreviation

: b v det

Important Considerations

The VLAN ID (VID) is used as the 802.1Q tag if tagging is enabled for a port.
The VLAN statistics for the CoreBuilder 3500 and CoreBuilder 9000 Layer 3 switching modules are valid only under one of the following conditions:
- If the VLANs are defined for the same protocol type (or for the type called unspecified) and do not share any ports. Example: IP VLAN1 has ports 1 through 6 and IP VLAN2 has ports 7 through 12.
- If the VLANs are explicitly defined for different protocol types. In this case, the VLANs may share ports. Example: An IP VLAN and an IPX VLAN both use ports 2 through 4.
For the CoreBuilder 3500, the origin of the VLAN depends on whether you enable the GARP VLAN Registration Protocol (GVRP):
- GVRP is based on IEEE 802.1Q. It allows for dynamic port-based VLAN configuration.
- To use GVRP, you must both enable the GVRP state for the entire bridge and verify that the GVRP state is enabled for the bridge ports. By default, the GVRP state for the entire bridge is disabled and the GVRP state for all bridge ports is enabled.
For the CoreBuilder 3500, CoreBuilder 9400, SuperStack II Switch 3900, and SuperStack II Switch 9300, the system prompts you for a VLAN interface index before it displays the detail information.

Options (3500, 9400, 3900, 9300)

Prompt

Description

Possible Values

[Default]

VLAN interface index

Index numbers of the VLAN interfaces for which you want detailed information

One or more selectable VLAN interface index numbers
all
? (for a list of selectable indexes)

1 (if you have only one VLAN)

Prompt	Description	Possible Values	[Default]
VLAN interface index	Index numbers of the VLAN interfaces for which you want detailed information	One or more selectable VLAN interface index numbers all ? (for a list of selectable indexes)	1 (if you have only one VLAN)

Fields in the Bridge VLAN Detail Display

Field	Description
Ignore STP mode (3500 and 9000 Layer 3)	Whether a VLAN can ignore STP blocked ports and let routing traffic pass through. Possible values: `enabled` and `disabled.`
Index	Assigned index number that identifies a VLAN. Statistics appear for the VLAN that you specify.
Layer 3 addresses (3500 and 9000 Layer 3)	Fields used to set up flood domains for overlapping IP VLAN subnetworks (network-based VLANs)
Name	Character string `0` to `32` bytes that identifies the VLAN
Origin	For all platforms except the CoreBuilder 3500, the VLAN origin is always `static`, which indicates that the VLAN was created by the user. For the CoreBuilder 3500, the origin indicates whether the VLAN was created statically (`static`) or created from a GVRP update (`GVRP`).
Ports/Port	Index numbers of the bridge ports that belong to each VLAN. In the second part of the detail display, the `Port` column lists the ports for the VLAN individually and indicates ports that are trunked or have tagging. On the CoreBuilder 9000, the list of ports includes the front-panel ports and the appropriate backplane ports. Example: On a 12-port Layer 3 module, the list of ports includes ports 1 - 12 and port 13, which is the module's backplane port.
Protocol (3500 and 9000 Layer 3)	Protocol suites for the VLAN
rxBcastBytes (3500 and 9000 Layer 3)	Number of received broadcast bytes
rxBcastFrames (3500 and 9000 Layer 3)	Number of received broadcast frames
rxMcastBytes (3500 and 9000 Layer 3)	Number of received multicast bytes
rxMcastFrames (3500 and 9000 Layer 3)	Number of received multicast frames
rxUcastBytes (3500 and 9000 Layer 3)	Number of received unicast bytes
rxUcastFrames (3500 and 9000 Layer 3)	Number of received unicast frames
Tag type (3500 and 9000 Layer 3)	Whether tagging is set to `none` or `802.1Q` (IEEE 802.1Q tagging)
txBcastBytes (3500 and 9000 Layer 3)	Number of transmitted broadcast bytes
txBcastFrames (3500 and 9000 Layer 3)	Number of transmitted broadcast frames
txMcastBytes (3500 and 9000 Layer 3)	Number of transmitted multicast bytes
txMcastFrames (3500 and 9000 Layer 3)	Number of transmitted multicast frames
Type (VLAN Mode)	Either `allOpen` or `allClosed`. VLANs in allOpen mode share a single address table for all configured VLANs. In allClosed mode, each VLAN has its own unique address table. Standard bridging rules apply based on the table addresses that are assigned to the specific VLAN.
VID	VLAN ID; the unique, user-defined integer that identifies this VLAN. It is used by management operations.

bridge vlan define (3500/9000 Layer 3)

For CoreBuilder 9000: Applies to Layer 3 switching modules only.

Creates a port-based, protocol-based, or network-based VLAN on the CoreBuilder 3500 system or a CoreBuilder 9000 Layer 3 module. When you statically configure a VLAN on the system, you assign it a VLAN ID (VID), a set of bridge ports, and, optionally, a protocol type and IEEE 802.1Q tagging. If you specify IP as the protocol, you can also specify a Layer 3 address.

For details about this command on the SuperStack II Switch 3900, the Switch 9300, the CoreBuilder 9400, and CoreBuilder 9000 Layer 2 modules, see "bridge vlan define (3900/9300/9400/ 9000 Layer 2)" next.

Valid Minimum Abbreviation

: b v def

Important Considerations

If you plan to use the trunking feature, define the appropriate trunks before you define your VLANs. See Chapter 11 for more information.
If you plan for your VLAN to include trunk ports, you must specify the anchor port (lowest-numbered port) that is associated with the trunk. For example, if ports 1 through 3 are associated with a trunk, specify 1 to define the VLAN to include all of the physical ports in the trunk (ports 1 through 3). If you have not defined trunks, specify one or more port numbers, or specify all to assign all ports to the VLAN interface.
If a port is shared by another VLAN, verify that if tagging is the only distinguishing characteristic between the VLANs, the specified tag type is not in conflict with the port's tag type in another VLAN (that is, there is only one port tagged none).
For the CoreBuilder 3500, if you want GVRP to dynamically create IEEE 802.1Q port-based VLANs, do not issue this command. Instead, verify that the GVRP state is enabled on both a bridge-wide basis and a bridge-port basis for the participating ports. You can use the commands bridge gvrpState (see Chapter 9) and bridge port gvrpState (see Chapter 10).
Whether you are bridging or routing, you can select more than one protocol suite per VLAN and specify one protocol at each of the prompts. Use the protocol type of unspecified to create a port-based VLAN.
For the CoreBuilder 3500, an additional IPX protocol type is available: IPX-802.2-SNAP
For the CoreBuilder 9000, keep the following considerations in mind:
For the CoreBuilder 3500, if you plan for your VLAN to include FDDI DAS ports, you must specify the lowest-numbered port in the DAS pair when defining the ports in the VLAN. See Chapter 8.
Specify ? to see the port summary (for example, to see whether ports are associated with a trunk), and then enter the appropriate port numbers.
The VID is used as the IEEE 802.1Q tag if tagging is enabled for a port.

Options

Prompt

Description

Possible Values

[Default]

VID

Unique, user-defined integer used by management operations

1 - 4094

Next available VID

Bridge ports

Index numbers of the bridge ports that belong to the VLAN. If you include trunked ports, specify the anchor port of the trunk. On the CoreBuilder 9000, the list of ports includes the front-panel ports and the module's backplane port.

One or more of the ports that are available to be assigned to the VLAN
all
? (for a list of selectable ports)

-

Protocol suite

One or more protocol suites that you want to specify for the VLAN

IP
IPX
Apple (for AppleTalk)
XNS
DECnet
SNA
Vines
X.25
NETBIOS
unspecified (port-based)
IPX-II
IPX-802.2
IPX-802.3
IPX-802.2-SNAP (3500)

unspecified (factory default)

Layer 3 address configuration (IP VLAN)

Whether you want to define Layer 3 information for the IP VLAN

y (yes)
n (no)

y

Layer 3 address and mask (IP VLAN)

Fields (IP network address and subnet mask) you can use to set up flood domains for overlapping IP VLAN subnetworks

Any valid IP network address and subnet mask

-

Per-port tagging

Whether you want to configure IEEE 802.1Q VLAN tagging. You are prompted to answer for each port that you selected.

y (yes)
n (no)

y

Tag type

Whether you want to configure no tagging or IEEE 802.1Q tagging (the VID) for each port.

none
802.1Q

none

VLAN name

Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.

Up to 32 ASCII characters or spaces

-

Prompt	Description	Possible Values	[Default]
VID	Unique, user-defined integer used by management operations	1 - 4094	Next available VID
Bridge ports	Index numbers of the bridge ports that belong to the VLAN. If you include trunked ports, specify the anchor port of the trunk. On the CoreBuilder 9000, the list of ports includes the front-panel ports and the module's backplane port.	One or more of the ports that are available to be assigned to the VLAN all ? (for a list of selectable ports)	-
Protocol suite	One or more protocol suites that you want to specify for the VLAN	IP IPX Apple (for AppleTalk) XNS DECnet SNA Vines X.25 NETBIOS unspecified (port-based) IPX-II IPX-802.2 IPX-802.3 IPX-802.2-SNAP (3500)	unspecified (factory default)
Layer 3 address configuration (IP VLAN)	Whether you want to define Layer 3 information for the IP VLAN	y (yes) n (no)	y
Layer 3 address and mask (IP VLAN)	Fields (IP network address and subnet mask) you can use to set up flood domains for overlapping IP VLAN subnetworks	Any valid IP network address and subnet mask	-
Per-port tagging	Whether you want to configure IEEE 802.1Q VLAN tagging. You are prompted to answer for each port that you selected.	y (yes) n (no)	y
Tag type	Whether you want to configure no tagging or IEEE 802.1Q tagging (the VID) for each port.	none 802.1Q	none
VLAN name	Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.	Up to 32 ASCII characters or spaces	-

Procedure

1 . Enter the VLAN identification (VID) number for this interface.

2 . Select the bridge ports.

3 . Select one or more protocol suites.

: If you select an IP protocol suite, proceed with step 4. If you did not choose an IP protocol suite for this interface, proceed to step 5.

4 . To specify Layer 3 address information for an IP VLAN:

: a . Enter y for Layer 3 addressing.
: b . Enter the Layer 3 network address.
: c . Enter the Layer 3 subnet mask. To accept the default or current value in brackets [ ], press Return or Enter.

: If you do not want Layer 3 addressing, enter n at step a.

5 . Specify whether you want per-port tagging (n or y). The default is y.

6 . If you specified per-port tagging, enter the tag type for the indicated port (none or 802.1Q).

7 . If you have defined more than one port, you are prompted again for a tag type for each port.

8 . Enter the VLAN name.

Bridge VLAN Define Example (9000 Layer 3)

This example shows the steps necessary to define a protocol-based VLAN for IPX 802.3 on a Layer 3 switching module. In this example, only the backplane port (port 13) of the module has IEEE 802.1Q tagging; the front-panel ports in this VLAN are not tagged. Because you have tagged the module's backplane port, you must also tag the corresponding switch fabric module port of the switch fabric module for that VLAN. (Use the EME to connect to the switch fabric module and configure the VLAN.)

: CB9000@slot2.1 [12-E/FEN-TX-L3] (bridge/vlan): define
: Enter VID (1-4094) [5]: 5
: Select bridge ports (1-13|all|?): 1-5,13
: Enter protocol suite
: (IP,IPX,Apple,XNS,DECnet,SNA,Vines,X25,NetBIOS,unspecified, IPX-II,IPX-802.2,IPX-802.3): IPX-802.3
: Enter protocol suite ('q' to quit) (IP,Apple,XNS,DECnet,SNA,Vines,X25,NetBIOS,IPX-II,IPX-802.2,IPX-802.3): q
: Configure per-port tagging? (n,y) [y]: y
: Enter port 1 tag type (none,802.1Q): none
: Enter port 2 tag type (none,802.1Q): none
: Enter port 3 tag type (none,802.1Q): none
: Enter port 4 tag type (none,802.1Q): none
: Enter port 5 tag type (none,802.1Q): none
: Enter port 13 tag type (none,802.1Q): 802.1Q
: Enter VLAN Name {?} [ ]: IPX1

Bridge VLAN Define Example (3500)

This example shows the steps necessary to define a network-based IP VLAN with a Layer 3 address and subnet mask, as well as IEEE 802.1Q tagging on some ports. This VLAN has trunk ports.

bridge vlan define (3900/9300/9400/ 9000 Layer 2)

Creates a port-based VLAN on standalone systems or the CoreBuilder 9000 Layer 2 modules. When you configure a port-based VLAN, you assign a VLAN ID (VID), a set of bridge ports, and, optionally, IEEE 802.1Q tagging.

For details about this command on the CoreBuilder 3500 and CoreBuilder 9000 Layer 3 modules, see "bridge vlan define (3500/9000 Layer 3)" earlier in this chapter.

Valid Minimum Abbreviation

: b v def

Important Considerations

On the SuperStack II Switch 3900 or 9300, you can define a maximum of 127 port-based VLANs on a single system.
By default, all ports are defined to be part of the default VLAN.
The VID is used as the IEEE 802.1Q tag for a port if tagging is enabled.
On the CoreBuilder 9000, the list of ports includes the front-panel ports and both backplane ports (even though only the lower-numbered backplane port is enabled by default). On the SuperStack II Switch 3900, the list of ports includes the 24 or 36 10/100 ports and any Gigabit Ethernet ports in use.
For the CoreBuilder 9000, keep the following considerations in mind:

Options

Prompt

Description

Possible Values

[Default]

VID

Unique, user-defined integer used by global management operations

1 - 4094

Next available VID

Bridge ports

Index numbers of the bridge ports that belong to the VLAN. If you include trunked ports, specify the anchor port of the trunk. See "Important Considerations" for information about the list of ports.

One or more of the ports that are available to be assigned to the VLAN
all
? (for a list of selectable ports)

-

Per-port tagging

Whether you want to configure 802.1Q VLAN tagging. You are prompted to answer for each port that you selected.

y (yes)
n (no)

y

Tag type

Whether you want no tagging or IEEE 802.1Q tagging (the VID). For a port shared by another VLAN, verify that the specified tag type is not in conflict with the port's tag type in another VLAN.

none
802.1Q

none

VLAN name

Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.

Up to 32 ASCII characters or spaces

-

Prompt	Description	Possible Values	[Default]
VID	Unique, user-defined integer used by global management operations	1 - 4094	Next available VID
Bridge ports	Index numbers of the bridge ports that belong to the VLAN. If you include trunked ports, specify the anchor port of the trunk. See "Important Considerations" for information about the list of ports.	One or more of the ports that are available to be assigned to the VLAN all ? (for a list of selectable ports)	-
Per-port tagging	Whether you want to configure 802.1Q VLAN tagging. You are prompted to answer for each port that you selected.	y (yes) n (no)	y
Tag type	Whether you want no tagging or IEEE 802.1Q tagging (the VID). For a port shared by another VLAN, verify that the specified tag type is not in conflict with the port's tag type in another VLAN.	none 802.1Q	none
VLAN name	Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.	Up to 32 ASCII characters or spaces	-

Procedure

Press Return or Enter to accept the default or existing values that appear in brackets [ ].

1 . Enter the VLAN identification (VID) number.

2 . Enter one or more port numbers. To assign all ports to the VLAN, enter all.

3 . Configure the per-port tagging.

4 . Enter the tag type for each port in the VLAN.

5 . Enter the VLAN name.

Bridge VLAN Define Example (9000 Layer 2)

This example shows a port-based VLAN that includes tagged front-panel ports and a tagged backplane port (port 21). These ports are tagged because they overlap with ports that belong to other VLANs:

Because the front-panel ports are tagged, any attached devices must be IEEE 802.1Q enabled.
Because the backplane port is tagged, the corresponding switch fabric module port must also be tagged in the VLAN definition on the switch fabric module. (You connect to the switch fabric module and define the VLAN to include the appropriate tagged switch fabric module port, based on the slot that contains the switching module.)

: CB9000@slot 10.1 [20-E/FEN-TX-L2] (bridge/vlan): define
: Enter VID (1-4094) [3]: 3
: Select bridge ports (1-22|all|?): 1-5,21
: Configure per-port tagging? (n,y) [y]: y
: Enter port 1 tag type (none,802.1Q): 802.1Q
: Enter port 2 tag type (none,802.1Q): 802.1Q
: Enter port 3 tag type (none,802.1Q): 802.1Q
: Enter port 4 tag type (none,802.1Q): 802.1Q
: Enter port 5 tag type (none,802.1Q): 802.1Q
: Enter port 21 tag type (none,802.1Q): 802.1Q
: Enter VLAN Name {?} [ ]: vlantag3

Bridge VLAN Define Example (3900)

This example shows a port-based VLAN that includes two untagged ports and a tagged port.

: Select menu option (bridge/vlan): define
: Enter VID (1-4094) [3]: 3
: Select bridge ports (1-27|all|?): 3-5
: Configure per-port tagging? (n,y) [y]: y
: Enter port 3 tag type (none, 802.1Q) [none]: none
: Enter port 4 tag type (none, 802.1Q) [none]: none
: Enter port 5 tag type (none, 802.1Q) [none]: 802.1Q
: Enter VLAN name {?} [ ]: Sales
bridge vlan modify (3500/9000 Layer 3)

For CoreBuilder 9000: Applies to Layer 3 switching modules only.

Changes an existing port-based, protocol-based, or network-based VLAN definition on the CoreBuilder 3500 system or CoreBuilder 9000 Layer 3 module.

To use this command on the SuperStack II Switch 3900 or Switch 9300, the CoreBuilder 9400, and CoreBuilder 9000 Layer 2 modules, see "bridge vlan modify (3900/9300/9400/ 9000 Layer 2)" next.

Valid Minimum Abbreviation

: b v modi

Important Considerations

Before you modify the port assignments for a VLAN, always enter ? to review the system port summary. If the VLAN includes trunk ports, you must specify the anchor (lowest numbered) port in each trunk. If there are no trunk ports, enter one or more port numbers, or enter all to assign all ports to the VLAN.
For the CoreBuilder 3500, if you want to modify your VLAN to include FDDI DAS ports, you must specify the lowest-numbered port in the DAS pair.
If you modify the tagging type of a backplane port on a switching module, make sure that you modify the tagging type of the corresponding port on the switch fabric module.
To modify a VLAN to support more than one protocol suite for the VLAN, specify one protocol at each of the prompts.
Select the bridge ports that you want to be part of the modified VLAN, or specify ? to display a port summary with the selectable bridge ports.
If tagging is enabled for a port, the software uses the VID as the 802.1Q tag.
If you modify the tagging for a port shared by another VLAN, and tagging is the only distinguishing characteristic between the VLANs, verify that the new tag type does not conflict with the port's tag type in another VLAN. (A shared port can use a tag type of none for only one of its VLANs; for all other VLANs to which it belongs, the shared port must use IEEE 802.1Q tagging.)

Options

Prompt

Description

Possible Values

[Default]

VLAN interface index

System-assigned index number that identifies a VLAN

Selectable VLAN index
all
? (for a list of selectable indexes)

1 (if you have only the default VLAN)

VID

Unique, user-defined integer used by global management operations

1 - 4094

Current VID

Bridge ports

Index numbers of the bridge ports that belong to the VLAN. To add trunked ports, specify the anchor port of the trunk.

One or more index numbers of the ports that are available to be assigned to the VLAN
all
? (for a list of selectable ports)

Current ports in the VLAN

Protocol suite

One or more protocol suites that you want to specify for the VLAN

IP
IPX
Apple (for AppleTalk)
XNS
DECnet
SNA
Vines
X.25
NETBIOS
unspecified
IPX-II
IPX-802.2
IPX-802.3
IPX-802.2-SNAP (3500 only)

Current protocol type

Modify Layer 3 address? (IP VLAN)

Whether you want to modify the Layer 3 information for the VLAN

y (yes)
n (no)

y

Layer 3 address and mask (IP VLAN)

Optional fields (IP network and mask) used to set up flood domains for overlapping IP VLAN subnetworks

Any valid IP network address and mask

Current address and mask

Per-port tagging

Whether you want to modify the per-port 802.1Q VLAN tagging. You are prompted to answer for each port that you specified.

y (yes)
n (no)

y

Tag type

Either no tagging or IEEE 802.1Q tagging (the VID)

none
802.1Q

Current tag type for each port

VLAN name

Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.

Up to 32 ASCII characters or spaces

Current name

Prompt	Description	Possible Values	[Default]
VLAN interface index	System-assigned index number that identifies a VLAN	Selectable VLAN index all ? (for a list of selectable indexes)	1 (if you have only the default VLAN)
VID	Unique, user-defined integer used by global management operations	1 - 4094	Current VID
Bridge ports	Index numbers of the bridge ports that belong to the VLAN. To add trunked ports, specify the anchor port of the trunk.	One or more index numbers of the ports that are available to be assigned to the VLAN all ? (for a list of selectable ports)	Current ports in the VLAN
Protocol suite	One or more protocol suites that you want to specify for the VLAN	IP IPX Apple (for AppleTalk) XNS DECnet SNA Vines X.25 NETBIOS unspecified IPX-II IPX-802.2 IPX-802.3 IPX-802.2-SNAP (3500 only)	Current protocol type
Modify Layer 3 address? (IP VLAN)	Whether you want to modify the Layer 3 information for the VLAN	y (yes) n (no)	y
Layer 3 address and mask (IP VLAN)	Optional fields (IP network and mask) used to set up flood domains for overlapping IP VLAN subnetworks	Any valid IP network address and mask	Current address and mask
Per-port tagging	Whether you want to modify the per-port 802.1Q VLAN tagging. You are prompted to answer for each port that you specified.	y (yes) n (no)	y
Tag type	Either no tagging or IEEE 802.1Q tagging (the VID)	none 802.1Q	Current tag type for each port
VLAN name	Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.	Up to 32 ASCII characters or spaces	Current name

Procedure

To modify information for a VLAN, follow these steps:

1 . Select the VLAN interface index.

2 . Enter the VLAN identification (VID) number.

3 . Specify the index numbers of the bridge ports.

4 . Specify one or more protocol suites.

: If you have selected the IP protocol suite, proceed with step 5. If you did not define an IP protocol suite for this VLAN, proceed to step 7.

5 . To modify the Layer 3 address information:

: a . Enter y to modify the Layer 3 addressing.
: b . Enter the Layer 3 network address.
: c . Enter the Layer 3 subnet mask. To accept the default or existing value in brackets [ ], press Return or Enter.

: If you do not want to modify the Layer 3 addressing, enter n

6 . Specify whether you want to modify per-port tagging.

7 . If you want to modify per-port tagging, enter the new tag type for the port (none or 802.1Q).

8 . If you have specified that you want to modify more than one port, enter a tag type for each port.

9 . Enter a new VLAN name or keep the current name.

: The VLAN name can include up to 32 ASCII characters, including spaces. If you include spaces, put quotation marks around the VLAN name.

Bridge VLAN Modify Example (9000 Layer 3)

This example shows the steps to modify the per-port tagging for a protocol-based VLAN on a Layer 3 module. In this example, front-panel port 5 is changed to have IEEE 802.1Q tagging, and its associated device is IEEE 802.1Q enabled.

: CB9000@slot2.1 [12-E/FEN-TX-L3] (bridge/vlan): modify
: Select VLAN interface index {1-5|?}: 5
: Enter VID (1-4094) [5]: 5
: Select bridge ports (1-13|all|?) [1-5,13]: 1-5,13
: Enter protocol suite
: (IP,IPX,Apple,XNS,DECnet,SNA,Vines,X25,NetBIOS,unspecified, IPX-II,IPX-802.2,IPX-802.3) [IPX-802.3]: IPX-802.3
: Enter protocol suite ('q' to quit) (IP,IPX, Apple, XNS, DECnet,SNA,Vines,X25,NetBIOS,IPX-II,IPX-802.2): q
: Modify per-port tagging? (n,y) [y]: y
: Enter port 1 tag type (none,802.1Q) [none]: none
: Enter port 2 tag type (none,802.1Q) [none]: none
: Enter port 3 tag type (none,802.1Q) [none]: none
: Enter port 4 tag type (none,802.1Q) [none]: none
: Enter port 5 tag type (none,802.1Q) [none]: 802.1Q
: Enter port 13 tag type (none,802.1Q) [802.1Q]: 802.1Q
: Enter VLAN Name {?} [IPX]: IPX1

Bridge VLAN Modify Example (3500)

This example shows the steps to modify the member ports and per-port tagging for an IP VLAN.

: Select menu option: bridge vlan modify
: Select VLAN interface index {1-2|?}: 2
: Enter VID (1-4094) [2]: 2
: Select bridge ports (1-4, 6, 9-13|all|?) [3,6,9]: 9,11
: Enter protocol suite
: (IP,IPX,Apple,XNS,DECnet,SNA,Vines,X25,NetBIOS,unspecified, IPX-II,IPX-802.2,IPX-802.3, IPX-802.2-SNAP) [IP]: IP
: Enter protocol suite ('q' to quit) (IPX,Apple,XNS,DECnet,SNA,Vines,X25,NetBIOS,IPX-II, IPX-802.2, IPX-802.3, IPX-802.2-SNAP): q
: Modify layer 3 address? (n,y) [y]:
: Enter layer 3 address [158.101.152.0]:
: Enter layer 3 mask [255.255.255.0]:
: Modify per-port tagging? (n,y) [y]: y
: Enter port 9 tag type (none,802.1Q) [none]: 802.1Q
: Enter port 11 tag type (none,802.1Q) [none]: 802.1Q
: Enter VLAN Name {?} [IP1]: IP1
bridge vlan modify (3900/9300/9400/ 9000 Layer 2)

Changes a port-based VLAN definition on the indicated system Layer 2 module. See "Important Considerations" for information on when changes take effect.

To use this command on the CoreBuilder 3500 or CoreBuilder 9000 Layer 3 modules, see the "bridge vlan modify (3500/9000 Layer 3)" earlier in this chapter.

Valid Minimum Abbreviation

: b v modi

Important Considerations

You do not need to reboot the system in order for the changes to take effect. However, depending on the number of VLANs that are affected, the system may take several minutes to return control to you.
If you modify the tagging type of a backplane port on a switching module, make sure that you modify the tagging type of the corresponding port on the switch fabric module.
If tagging is enabled for a port, the software uses the VID as the 802.1Q tag.
If you modify the tagging for a port shared by another VLAN, verify that the new tag type does not conflict with the port's tag type in another VLAN. (A shared port can use a tag type of none for only one of its VLANs; for all other VLANs to which it belongs, the shared port must use IEEE 802.1Q tagging.)

Options

Prompt	Description	Possible Values	[Default]
VLAN interface index	System-assigned index number that identifies a VLAN	Selectable VLAN index all ? (for a list of selectable indexes)	1 (if you have only the default VLAN)
VID	Unique, user-defined integer used by management operations	1 - 4094	Current VID
Bridge ports	Index numbers of the bridge ports that belong to the VLAN. To add trunked ports, specify the anchor port of the trunk.	One or more index numbers of the ports that are available to be assigned to the VLAN all ? (for a list of selectable ports)	Current ports in VLAN
Per-port tagging	Whether you want to configure 802.1Q VLAN tagging. You are prompted to answer for each port that you selected.	y (yes) n (no)	y
Tag type	Either no tagging or IEEE 802.1Q tagging (the VID)	none 802.1Q	Current tag type for each port
VLAN name	Unique, user-defined name that identifies members of the VLAN. If you use spaces, put quotation marks around the VLAN name.	Up to 32 ASCII characters or spaces	Current name

Procedure

1 . Enter the VLAN interface index.

2 . Enter a VLAN identification (VID) number or keep the default in brackets.

3 . Specify the index numbers of the bridge ports.

4 . Specify whether you want to modify per-port tagging.

5 . If you modify per-port tagging, enter the new tag type for the port (none or 802.1Q).

6 . If you have defined more than one port, enter a tag type for each port.

7 . Enter a new VLAN name or keep the current name.

: The VLAN name can include up to 32 ASCII characters, including spaces. If you include spaces, put quotation marks around the VLAN name.

Bridge VLAN Modify Example (9000 Layer 2)

This example shows the removal of two ports from a port-based VLAN that includes tagged front-panel ports and a tagged backplane port (port 21).

: CB9000@slot 10.1 [20-E/FEN-TX-L2] (bridge/vlan): modify
: Select VLAN interface index {1-3|?}: 3
: Enter VID (1-4095) [3]: 3
: Select bridge ports (1-22|all|?) [1-5,21]: 1-3,21
: Configure per-port tagging? (n,y) [y]: y
: Enter port 1 tag type (none,802.1Q) [802.1Q]: 802.1Q
: Enter port 2 tag type (none,802.1Q) [802.1Q]: 802.1Q
: Enter port 3 tag type (none,802.1Q) [802.1Q]: 802.1Q
: Enter port 21 tag type (none,802.1Q) [802.1Q]: 802.1Q
: Enter VLAN Name {?} [vlan3]: vlantag3

Bridge VLAN Modify Example (3900)

This example shows changes in the per-port tagging type.

: Select menu option (bridge/vlan): modify
: Select VLAN interface index {1-2|?}: 2
: Enter VID (1-4094) [2]:
: Select bridge ports (1-27|all|?) [2-6]:
: Modify per-port tagging? (n,y) [y]:
: Enter port 2 tag type (none,802.1Q) [none]: 802.1Q
: Enter port 3 tag type (none,802.1Q) [none]: 802.1Q
: Enter port 4 tag type (none,802.1Q) [none]: 802.1Q
: Enter port 5 tag type (none,802.1Q) [none]: 802.1Q
: Enter port 6 tag type (none,802.1Q) [none]: 802.1Q
: Enter VLAN name [v2]: v2mktg
bridge vlan remove

Deletes a VLAN definition.

Valid Minimum Abbreviation

: b v r

Important Consideration

When you remove a VLAN on a CoreBuilder 9000 Layer 2 or Layer 3 module, the system prompts you to verify that you want to wait the several minutes that it may take for the removal to be complete.

Options

Prompt

Description

Possible Values

[Default]

VLAN interface index

System-assigned index number that is associated with the VLAN

A selectable VLAN index
all
? (for a list of selectable indexes)

-

Continue verification (9000 Layer 2 and Layer 3

Whether you want to continue with the VLAN removal, even though the removal may take a few minutes to complete.

n (no)
y (yes)

y

Prompt	Description	Possible Values	[Default]
VLAN interface index	System-assigned index number that is associated with the VLAN	A selectable VLAN index all ? (for a list of selectable indexes)	-
Continue verification (9000 Layer 2 and Layer 3	Whether you want to continue with the VLAN removal, even though the removal may take a few minutes to complete.	n (no) y (yes)	y

Bridge VLAN Remove Example (3500)

bridge vlan mode

Determines whether data with a unicast MAC address can be forwarded between VLANs.

Valid Minimum Abbreviation

: b v mode

Important Considerations

Select a VLAN mode as follows:
- allOpen - Use this less restrictive mode if you do not have security issues concerning the forwarding of data between VLANs. It is the default VLAN mode for all VLANs that you create. It permits data with a unicast MAC address to be forwarded between VLANs. The allOpen mode implies that the system uses a single bridge address table for all of the VLANs on the system.
- allClosed - Use this restrictive mode if you are concerned about security between VLANs. Data cannot be forwarded between VLANs but can still be routed between VLANs. This mode implies that each VLAN that you create has its own address table.
For the CoreBuilder 3500 system and CoreBuilder 9000 Layer 3 modules, if you are using allClosed mode and STP (with multiple routes to a destination), you can also use the command "bridge vlan stpMode" to disable STP blocking for a specified VLAN.
For the CoreBuilder 9000, set a VLAN mode for each switching module and the switch fabric module.
Changing this mode removes all VLANs and redefines the default VLAN.
Before you issue this command to change the mode, you must remove all routing interfaces. If routing interfaces are defined, the system displays this message:
could not change configured VLAN mode - interface in use by client.

Options

Prompt

Description

Possible Values

[Default]

VLAN mode

Selected VLAN mode for the entire system

allOpen
allClosed

allOpen (factory default), or current value

Prompt	Description	Possible Values	[Default]
VLAN mode	Selected VLAN mode for the entire system	allOpen allClosed	allOpen (factory default), or current value

bridge vlan stpMode

For CoreBuilder 9000: Applies to Layer 3 switching modules only.

If allClosed mode is enabled, allows the system to ignore the Spanning Tree Protocol (STP) state for a specified VLAN interface or all interfaces.

Valid Minimum Abbreviation

: b v st

Important Considerations

This mode is valid only if the VLAN mode is set to allClosed.
To disable the STP state on a per-port basis with either allOpen or allClosed mode, use the command bridge port stpState. See Chapter 10.

Options

Prompt

Description

Possible Values

[Default]

VLAN interface index

System-assigned index number that is associated with the VLAN

Any selectable VLAN index number
all
? (for a list of selectable indexes)

-

STP state

Whether you want to ignore the STP state for the VLAN index

disabled
enabled

disabled

Prompt	Description	Possible Values	[Default]
VLAN interface index	System-assigned index number that is associated with the VLAN	Any selectable VLAN index number all ? (for a list of selectable indexes)	-
STP state	Whether you want to ignore the STP state for the VLAN index	disabled enabled	disabled