Reef Basics - Configuring VLANs on Cisco Switches and Routing Between them

How to Configure VLANs and Routing for Cisco 3850 (and Most Cisco Switches): Reef Telecom Guide

What Are VLANs?

  • VLANs (Virtual Local Area Networks) logically group devices to create separate networks—improving performance, security, and management.

  • Inter-VLAN routing allows devices in different VLANs to communicate via the switch’s routing capability (Layer 3).

Step 1: Create VLANs

  • vlan 10
    name OFFICE_DEVICES

  • vlan 20
    name GUEST_WIFI

Step 2: Assign IP Subnets to Each VLAN (SVI Creation)

  • interface vlan 10
    ip address 192.168.10.1 255.255.255.0
    no shutdown

  • interface vlan 20
    ip address 192.168.20.1 255.255.255.0
    no shutdown

Step 3: Assign Ports to VLANs

  • interface range GigabitEthernet1/0/1-10
    switchport mode access
    switchport access vlan 10
    spanning-tree portfast

  • interface range GigabitEthernet1/0/11-20
    switchport mode access
    switchport access vlan 20
    spanning-tree portfast

Step 4: Enable IP Routing on the Switch

  • ip routing

How It Works

  • Devices in VLAN 10 get IPs in 192.168.10.0/24.

  • Devices in VLAN 20 get IPs in 192.168.20.0/24.

  • The switch, with interfaces vlan 10 and vlan 20 configured and ip routing enabled, routes traffic between VLANs automatically.

  • Add a default router (gateway) for external traffic if needed.

Copy-Paste Config Example:


vlan 10
 name OFFICE_DEVICES
vlan 20
 name GUEST_WIFI

interface vlan 10
 ip address 192.168.10.1 255.255.255.0
 no shutdown

interface vlan 20
 ip address 192.168.20.1 255.255.255.0
 no shutdown

interface range GigabitEthernet1/0/1-10
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast

interface range GigabitEthernet1/0/11-20
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast

ip routing

 

FAQs & Pro Tips

  • Can I use this on a 2960, 9300, or 4500 series?
    Yes! While only Layer 3 switches support inter-VLAN routing, creating VLANs and assigning ports applies to almost all Cisco switches.

  • How do hosts get addresses?
    Use a DHCP server with scopes for each VLAN, or configure the switch as a DHCP helper.

  • Can I add more VLANs?
    Yes! Repeat the above process with new VLAN IDs and subnet ranges.

  • How do I block or restrict VLAN traffic?
    Apply ACLs (Access Control Lists) on VLAN interfaces (“SVIs”).

Show/Verification Commands

  • show vlan brief

  • show ip interface brief

  • show running-config

  • show interfaces status

For secure, scalable VLAN deployments, trust Reef Telecom—your Cisco networking experts!

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.