vlan [id]
Creates or enters VLAN configuration mode for a specific VLAN ID on Cisco NX-OS.
Overview
The 'vlan' command is fundamental to VLAN configuration on Cisco NX-OS. VLANs (Virtual Local Area Networks) logically segment a physical network into multiple broadcast domains, improving security, performance, and manageability. On Nexus switches, the 'vlan' command in global configuration mode either creates a new VLAN or enters the configuration context for an existing VLAN. Once in VLAN configuration mode, you can set parameters such as the VLAN name, state (active or suspend), MTU, and private VLAN mode. This command is typically one of the first steps in provisioning network segments for tenants, storage, management, or other traffic types. In troubleshooting workflows, you use 'vlan' to ensure the VLAN exists before configuring SVIs (interface vlan) or assigning access ports. NX-OS differs from classic IOS in that VLANs are not automatically created when you configure an interface in a VLAN; you must explicitly create the VLAN first. Also, NX-OS supports VLAN ranges (e.g., 'vlan 100-110') for bulk creation. Understanding this command is essential for CCNP Data Center and enterprise network engineers working with Nexus platforms.
vlan {vlan-id | vlan-range}When to Use This Command
- Creating a new VLAN for a customer-facing segment in a data center.
- Configuring VLAN parameters such as name, state, and MTU.
- Bulk-creating VLANs for a new tenant deployment.
- Entering VLAN configuration to apply private VLAN settings.
Parameters
| Parameter | Syntax | Description |
|---|---|---|
| vlan-id | 1-4094 | Specifies a single VLAN ID to create or configure. The ID must be between 1 and 4094, excluding reserved VLANs (1002-1005) which cannot be deleted but can be configured. |
| vlan-range | vlan-id[-vlan-id] | Specifies a range of VLAN IDs (e.g., 100-200). All VLANs in the range are created if they do not exist, and subsequent configuration commands apply to all VLANs in the range. |
Command Examples
Create a single VLAN
vlan 100Switch(config)# vlan 100 Switch(config-vlan)#
The command creates VLAN 100 and enters VLAN configuration mode. The prompt changes to indicate VLAN configuration context.
Create a range of VLANs
vlan 200-205Switch(config)# vlan 200-205 Switch(config-vlan)#
Creates VLANs 200 through 205 (if they do not exist) and enters VLAN configuration mode for the range. Subsequent commands apply to all VLANs in the range.
Understanding the Output
The output of the 'vlan' command is minimal: it simply changes the CLI prompt to indicate that you are now in VLAN configuration mode. For a single VLAN, the prompt becomes 'Switch(config-vlan)#'. For a range, it remains 'Switch(config-vlan)#' but any configuration commands apply to all VLANs in the range. There is no explicit success message; the prompt change confirms entry. To verify VLAN creation, use 'show vlan id <vlan-id>' or 'show vlan brief'. A healthy VLAN will appear in the list with a state of 'active'. If a VLAN is not created, it will not appear in the output. Common issues include attempting to create VLAN 1 (which exists by default) or VLANs outside the allowed range (1-4094).
Configuration Scenarios
Creating VLANs for a Multi-Tenant Environment
A data center switch needs to support multiple tenants, each with their own VLAN. Tenant A uses VLAN 100, Tenant B uses VLAN 200.
Topology
[Nexus-1] -- trunk -- [Spine]Steps
- 1.Enter global configuration mode.
- 2.Create VLAN 100 and assign a name.
- 3.Create VLAN 200 and assign a name.
- 4.Verify VLAN creation.
! Enter global config configure terminal ! Create VLAN 100 vlan 100 name Tenant_A exit ! Create VLAN 200 vlan 200 name Tenant_B exit
Verify: show vlan brief | include 100|200
Watch out: If you forget to exit VLAN configuration mode before creating another VLAN, you will be configuring the same VLAN. Always use 'exit' to return to global config.
Troubleshooting with This Command
When troubleshooting VLAN issues on Cisco NX-OS, the 'vlan' command is used to ensure the VLAN exists and to check its configuration. Start by verifying the VLAN exists with 'show vlan id <vlan-id>'. If the VLAN is missing, use 'vlan <id>' to create it. If the VLAN is present but not working, enter VLAN configuration mode to check parameters like state (should be 'active'), name, and MTU. A common issue is a VLAN being in 'suspend' state, which prevents traffic. Use 'state active' to re-enable it. Also, ensure that the VLAN is allowed on trunk ports with 'show interface trunk'. If a VLAN is not appearing in the trunk allowed list, use 'switchport trunk allowed vlan add <vlan-id>' on the interface. For VPC environments, verify VLAN consistency across both peers. The 'vlan' command itself does not provide diagnostic output, but it is the gateway to fixing misconfigurations. Always check that the VLAN is not part of a private VLAN primary/secondary misconfiguration, which can be seen with 'show vlan private-vlan'. In summary, the 'vlan' command is your first step in VLAN troubleshooting: create or enter the VLAN, verify its state, and then check related interface configurations.
CCNA Exam Tips
Remember that VLAN 1 and VLANs 1002-1005 are reserved and cannot be deleted, but you can still enter their configuration mode.
On NX-OS, VLAN configuration is stored in the running-config and must be saved to startup-config to persist.
The 'vlan' command does not require the VLAN to be created first; it creates it if it does not exist.
Common Mistakes
Trying to delete VLAN 1 or reserved VLANs (1002-1005) – these are not allowed.
Forgetting that VLAN configuration mode is context-sensitive; commands like 'name' or 'state' only work within this mode.
Assuming VLANs are automatically created on all switches in a VPC domain – they must be created on each peer separately.
Platform Notes
On Cisco NX-OS, the 'vlan' command behaves similarly to Cisco IOS but with key differences. In IOS, VLANs are automatically created when you assign an access port to a VLAN that does not exist; in NX-OS, you must explicitly create the VLAN first. NX-OS also supports VLAN ranges (e.g., 'vlan 100-200') which IOS does not in global config mode (IOS uses 'vlan database' for ranges). Additionally, NX-OS does not have a 'vlan database' mode; all VLAN configuration is done in global config. On other platforms like Arista EOS, the command is identical. For Juniper Junos, VLANs are configured under 'set vlans <name> vlan-id <id>'. The NX-OS implementation is straightforward and consistent across Nexus 9000, 7000, and 3000 series, though some older platforms may have slight differences in default VLAN behavior. Always use 'show vlan' to verify after configuration.
Related Commands
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions