VLANGlobal Config

vlan [id]

Creates or enters VLAN configuration mode for a specific VLAN ID on Cisco NX-OS.

Overview

The 'vlan' command is fundamental to VLAN configuration on Cisco NX-OS. VLANs (Virtual Local Area Networks) logically segment a physical network into multiple broadcast domains, improving security, performance, and manageability. On Nexus switches, the 'vlan' command in global configuration mode either creates a new VLAN or enters the configuration context for an existing VLAN. Once in VLAN configuration mode, you can set parameters such as the VLAN name, state (active or suspend), MTU, and private VLAN mode. This command is typically one of the first steps in provisioning network segments for tenants, storage, management, or other traffic types. In troubleshooting workflows, you use 'vlan' to ensure the VLAN exists before configuring SVIs (interface vlan) or assigning access ports. NX-OS differs from classic IOS in that VLANs are not automatically created when you configure an interface in a VLAN; you must explicitly create the VLAN first. Also, NX-OS supports VLAN ranges (e.g., 'vlan 100-110') for bulk creation. Understanding this command is essential for CCNP Data Center and enterprise network engineers working with Nexus platforms.

Syntax·Global Config
vlan {vlan-id | vlan-range}

When to Use This Command

  • Creating a new VLAN for a customer-facing segment in a data center.
  • Configuring VLAN parameters such as name, state, and MTU.
  • Bulk-creating VLANs for a new tenant deployment.
  • Entering VLAN configuration to apply private VLAN settings.

Parameters

ParameterSyntaxDescription
vlan-id1-4094Specifies a single VLAN ID to create or configure. The ID must be between 1 and 4094, excluding reserved VLANs (1002-1005) which cannot be deleted but can be configured.
vlan-rangevlan-id[-vlan-id]Specifies a range of VLAN IDs (e.g., 100-200). All VLANs in the range are created if they do not exist, and subsequent configuration commands apply to all VLANs in the range.

Command Examples

Create a single VLAN

vlan 100
Switch(config)# vlan 100
Switch(config-vlan)#

The command creates VLAN 100 and enters VLAN configuration mode. The prompt changes to indicate VLAN configuration context.

Create a range of VLANs

vlan 200-205
Switch(config)# vlan 200-205
Switch(config-vlan)#

Creates VLANs 200 through 205 (if they do not exist) and enters VLAN configuration mode for the range. Subsequent commands apply to all VLANs in the range.

Understanding the Output

The output of the 'vlan' command is minimal: it simply changes the CLI prompt to indicate that you are now in VLAN configuration mode. For a single VLAN, the prompt becomes 'Switch(config-vlan)#'. For a range, it remains 'Switch(config-vlan)#' but any configuration commands apply to all VLANs in the range. There is no explicit success message; the prompt change confirms entry. To verify VLAN creation, use 'show vlan id <vlan-id>' or 'show vlan brief'. A healthy VLAN will appear in the list with a state of 'active'. If a VLAN is not created, it will not appear in the output. Common issues include attempting to create VLAN 1 (which exists by default) or VLANs outside the allowed range (1-4094).

Configuration Scenarios

Creating VLANs for a Multi-Tenant Environment

A data center switch needs to support multiple tenants, each with their own VLAN. Tenant A uses VLAN 100, Tenant B uses VLAN 200.

Topology

[Nexus-1] -- trunk -- [Spine]

Steps

  1. 1.Enter global configuration mode.
  2. 2.Create VLAN 100 and assign a name.
  3. 3.Create VLAN 200 and assign a name.
  4. 4.Verify VLAN creation.
Configuration
! Enter global config
configure terminal
! Create VLAN 100
vlan 100
 name Tenant_A
 exit
! Create VLAN 200
vlan 200
 name Tenant_B
 exit

Verify: show vlan brief | include 100|200

Watch out: If you forget to exit VLAN configuration mode before creating another VLAN, you will be configuring the same VLAN. Always use 'exit' to return to global config.

Troubleshooting with This Command

When troubleshooting VLAN issues on Cisco NX-OS, the 'vlan' command is used to ensure the VLAN exists and to check its configuration. Start by verifying the VLAN exists with 'show vlan id <vlan-id>'. If the VLAN is missing, use 'vlan <id>' to create it. If the VLAN is present but not working, enter VLAN configuration mode to check parameters like state (should be 'active'), name, and MTU. A common issue is a VLAN being in 'suspend' state, which prevents traffic. Use 'state active' to re-enable it. Also, ensure that the VLAN is allowed on trunk ports with 'show interface trunk'. If a VLAN is not appearing in the trunk allowed list, use 'switchport trunk allowed vlan add <vlan-id>' on the interface. For VPC environments, verify VLAN consistency across both peers. The 'vlan' command itself does not provide diagnostic output, but it is the gateway to fixing misconfigurations. Always check that the VLAN is not part of a private VLAN primary/secondary misconfiguration, which can be seen with 'show vlan private-vlan'. In summary, the 'vlan' command is your first step in VLAN troubleshooting: create or enter the VLAN, verify its state, and then check related interface configurations.

CCNA Exam Tips

1.

Remember that VLAN 1 and VLANs 1002-1005 are reserved and cannot be deleted, but you can still enter their configuration mode.

2.

On NX-OS, VLAN configuration is stored in the running-config and must be saved to startup-config to persist.

3.

The 'vlan' command does not require the VLAN to be created first; it creates it if it does not exist.

Common Mistakes

Trying to delete VLAN 1 or reserved VLANs (1002-1005) – these are not allowed.

Forgetting that VLAN configuration mode is context-sensitive; commands like 'name' or 'state' only work within this mode.

Assuming VLANs are automatically created on all switches in a VPC domain – they must be created on each peer separately.

Platform Notes

On Cisco NX-OS, the 'vlan' command behaves similarly to Cisco IOS but with key differences. In IOS, VLANs are automatically created when you assign an access port to a VLAN that does not exist; in NX-OS, you must explicitly create the VLAN first. NX-OS also supports VLAN ranges (e.g., 'vlan 100-200') which IOS does not in global config mode (IOS uses 'vlan database' for ranges). Additionally, NX-OS does not have a 'vlan database' mode; all VLAN configuration is done in global config. On other platforms like Arista EOS, the command is identical. For Juniper Junos, VLANs are configured under 'set vlans <name> vlan-id <id>'. The NX-OS implementation is straightforward and consistent across Nexus 9000, 7000, and 3000 series, though some older platforms may have slight differences in default VLAN behavior. Always use 'show vlan' to verify after configuration.

Related Commands

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions