VLAN

VLAN (Virtual Local Area Network) configuration enables logical network segmentation by creating isolated broadcast domains within a single physical infrastructure, supporting advanced features including private VLANs for additional security isolation, EVPN integration for overlay networking, and VXLAN Network Identifier (VNI) mapping for network virtualization. It provides comprehensive VLAN management capabilities including access control through VLAN access maps, traffic filtering, grouping for simplified management, and integration with spanning tree protocols and remote SPAN for monitoring. VLAN configuration is fundamental for network design, enabling multi-tenancy, security segmentation, broadcast domain control, and scalable network architecture in enterprise and data center environments.

Diagram

Classes

configuration (iosxe.devices)

vlan (iosxe.devices.configuration)

access_maps (iosxe.devices.configuration.vlan)

vlans (iosxe.devices.configuration.vlan)

filters (iosxe.devices.configuration.vlan)

groups (iosxe.devices.configuration.vlan)

VLANs segment a physical network into multiple logical broadcast domains, enhancing security, improving performance, and simplifying network management.

VLAN Parameters

• VLAN ID
• VLAN Name
• Shutdown state
• Private VLAN type (primary, community, isolated)
• Private VLAN association
• EVPN instance and VNI
• VXLAN Network Identifier (VNI)
• Access Maps (VLAN ACLs)
• Filters
• Groups
• Remote SPAN

You can use these VLAN parameters to define and manage logical network segments on your device. Customize VLAN IDs, names, private VLAN settings, and access control policies to fit your network’s segmentation, security, and operational needs. Adjusting these parameters lets you tailor traffic isolation and management for various network services and user groups.

Examples

vlan 10

• Creates VLAN 10.

name Sales

• Assigns the name “Sales” to the current VLAN.

interface GigabitEthernet0/1

• Enters interface configuration mode for GigabitEthernet0/1.

switchport mode access

• Configures the interface as an access port.

switchport access vlan 10

• Assigns the access port to VLAN 10.

vlan 51
 private-vlan community

• Configures VLAN 51 as a private VLAN community VLAN.

vlan 53
 private-vlan primary
 private-vlan association 51,52

• Configures VLAN 53 as a private VLAN primary and associates it with community VLAN 51 and isolated VLAN 52.

Sample Configuration

The following configuration describes how to set up VLANs on an IOS-XE device, including basic VLAN creation, naming, and advanced features like private VLANs, EVPN integration, and VXLAN VNI mapping for robust network segmentation.

vlan 10
 name Data
!
vlan 20
 name Voice
!
vlan 31
 evpn instance 1
 vni 4098
!
vlan 32
 vni 5000
!
vlan 51
 private-vlan community
!
vlan 52
 private-vlan isolated
!
vlan 53
 private-vlan primary
 private-vlan association 51,52
!
vlan 56
 remote-span
!
vlan access-map test_map1 10
 action drop
 match ip address 10
!
vlan access-map test_map2 20
 action forward
 match ip address v4acl1
!
vlan filter map1 vlan-list 101,201,301,401
!
vlan group test_group1 vlan-list 101,201,301,401

Example YAML Code

The following YAML code sets up VLANs on an IOS-XE device, defining various VLANs with their IDs, names, shutdown states, private VLAN configurations, EVPN/VXLAN parameters, and also includes examples for VLAN access maps, filters, and groups.

iosxe:
  devices:
    - name: Device1
      configuration:
        vlan:
          vlans:
            - id: 31
              name: vlan_31
              evpn_instance: 1
              evpn_instance_vni: 4098
              shutdown: False
            - id: 32
              vni: 5000
              shutdown: False
            - id: 33
              vni: 5001
              shutdown: False
            - id: 34
              access_vfi: test
              shutdown: False
            - id: 51
              private_vlan_community: true
              shutdown: False
            - id: 52
              private_vlan_isolated: true
              shutdown: False
            - id: 53
              private_vlan_primary: true
              shutdown: False
            - id: 54
              private_vlan_association: 55
              shutdown: False
            - id: 55
              shutdown: False
            - id: 56
              remote_span: true
              shutdown: False
          access_maps:
            - name: test_map1
              sequence: 10
              action: drop
              match_ipv4_addresses: ['10', '20']
            - name: test_map2
              sequence: 20
              action: forward
              match_ipv4_addresses: [v4acl1,v4acl2]
            - name: v6_test_map1
              sequence: 30
              action: drop
              match_ipv6_addresses: [v6acl1, v6acl2]
            - name: v6_test_map2
              sequence: 40
              action: forward
              match_ipv6_addresses: [v6acl3]
          filters:
            - word: map1
              vlan_lists: [101,201,301,401]
            - word: map2
              vlan_lists: [101]
          groups:
            - name: test_group1
              vlan_lists: [101,201,301,401]
            - name: test_group2
              vlan_lists: [101]