Configuring VLANs

The Menu interface enables configuration and display of port-based VLANs only. The CLI configures and displays port-based and protocol-based VLANs.

In the factory default state, the switch is enabled for up to 16 VLANs, all ports belong to the default primary VLAN and are in the same broadcast/multicast domain. You can reconfigure the switch to support up to 512 VLANs.

Per-port static VLAN configuration options example

This example shows the options available to assign individual ports to a static VLAN.

GVRP, if configured, affects these options and the VLAN behavior on the switch.

Comparing per-port VLAN options with and without GVRP

Per-port VLAN configuration options

Parameter Effect on port participation in designated VLAN
Tagged Allows the port to join multiple VLANs.
Untagged
  • Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN.

  • A port can be an untagged member of only one port-based VLAN.

  • A port can be an untagged member of only one protocol-based VLAN for any given protocol type.

For example, if the switch is configured with the default VLAN plus three protocol-based VLANs that include IPX, then port 1 can be an untagged member of the default VLAN and one of the protocol-based VLANS.

No or Auto No:

When the switch is not GVRP-enabled; prevents the port from joining that VLAN.Auto: When GVRP is enabled on the switch; it allows the port to dynamically join any advertised VLAN that has the same VID.

Forbid Prevents the port from joining the VLAN, even if GVRP is enabled on the switch.

Using the Menu to configure port-based VLAN parameters


[NOTE: ]

NOTE: The Menu interface configures and displays only port-based VLANs. The CLI configures and displays port-based and protocol-based VLANs (see Using the CLI to configure port-based and protocol-based VLAN parameters.


In the factory default state, support is enabled for up to 256 VLANs. (You can reconfigure the switch to support up to 2048 (vids up to 4094) VLANs.) Also, in the default configuration, all ports on the switch belong to the default VLAN and are in the same broadcast/multicast domain. (The default VLAN is also the default Primary VLAN; see The primary VLAN.) In addition to the default VLAN, you can configure additional static VLANs by adding new VLAN names and VIDs, and then assigning one or more ports to each VLAN. (The maximum of 2048 VLANs includes the default VLAN, all additional static VLANs you configure, and any dynamic VLANs the switch creates if you enable GVRP; see GVRP.) Each port can be assigned to multiple VLANs by using VLAN tagging; see VLAN tagging rules.)

Changing VLAN support settings (Menu)

The following procedure provides instructions for changing the maximum number of VLANs to support, changing the primary VLAN selection and enabling or disabling dynamic VLANs.

  1. From the Main Menu select: 2. Switch Configuration —> 8. VLAN Menu … —> 1. VLAN Support

    You see the following screen:

    The default VLAN support screen

  2. Press E (for Edit) and then do one or more of the following:

    • To designate a different VLAN as the Primary VLAN, select the Primary VLAN field and use the space bar to select from the existing options. The Primary VLAN must be a static, port-based VLAN.

    • To enable or disable dynamic VLAgNs, select the GVRP Enabled field and use the Space bar to toggle between options. For GVRP information, see GVRP.


    [NOTE: ]

    NOTE: For optimal switch memory utilization, set the number of VLANs at the number you will likely be using or a few more. If you need more VLANs later, you can increase this number, but a switch reboot will be required at that time.


  3. Press Enter and then S to save the VLAN support configuration and return to the VLAN Menu screen.

    If you changed the value for Maximum VLANs to support, an asterisk appears next to the VLAN Support option; see VLAN menu screen indicating the need to reboot the switch.

    VLAN menu screen indicating the need to reboot the switch

    • If you changed the VLAN Support option, you must reboot the switch before the maximum VLANs change takes effect. You can go on to configure other VLAN parameters first, but you must reboot the switch when you finish.

    • If you did not change the VLAN Support option, a reboot is not necessary.

  4. Press 0 to return to the Main Menu.

Adding or editing VLAN names (Menu)

Use this procedure to add a new VLAN or to edit the name of an existing VLAN.

  1. From the Main Menu, select 2. Switch Configuration —> 8. VLAN Menu … —> 2. VLAN Names

    If multiple VLANs are not yet configured, you will see a screen similar to The default VLAN names screen.

    The default VLAN names screen

  2. Press A (for Add).

    You will be prompted for a new VLAN name and VLAN ID:

    802.1Q VLAN ID :
    1 Name : _
  3. Type a VID (VLAN ID number). This can be any number from 2 to 4094 that is not already being used by another VLAN (the switch reserves 1 for the default VLAN).


    [NOTE: ]

    NOTE: A VLAN must have the same VID in every switch in which you configure that same VLAN. GVRP dynamically extends VLANs with correct VID numbering to other switches; see GVRP .


  4. Press key to move the cursor to the Name line and enter the VLAN name, using up to 12 characters with no spaces. Press Enter.


    [NOTE: ]

    NOTE: Do not use the following characters in VLAN names: @, #:, $, ^, &, *, ( and ).


  5. Press S (for Save).

    The VLAN Names screen appears with the new VLAN listed.

    VLAN Names screen with a new VLAN added

  6. Repeat steps 2 through 5 to add more VLANs.

    You can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen. This includes any VLANs added dynamically due toGVRP operation.

Return to the VLAN Menu to assign ports to the new VLAN, as described in Adding or changing a VLAN port assignment (Menu).

Adding or changing a VLAN port assignment (Menu)

Ports not specifically assigned to a VLAN are automatically in the default VLAN.

  1. From the Main Menu select: 2. Switch Configuration —> 8. VLAN Menu … —> 3. VLAN Port Assignment

    You will see a screen similar to the following:

    Port-based VLAN port assignment screen in the menu interface


    [NOTE: ]

    NOTE: The "VLAN Port Assignment" screen displays up to 32 static, port-based VLANs in ascending order, by VID. If the switch configuration includes more than 32 such VLANs, use the following CLI command to list data on VLANs having VIDs numbered sequentially higher than the first 32.

    show vlans [ <vid> | ports [ <port-list> ]]


  2. To change a port's VLAN assignment:

    1. Press E (for Edit).

    2. Use the arrow keys to select a VLAN assignment you want to change.

    3. Press the Space bar to make your assignment selection (No, Tagged, Untagged , or Forbid. For information on VLAN tags, see 802.1Q VLAN tagging.

    4. If you are finished assigning ports to VLANs, press Enter and then S (for Save) to activate the changes and return to the Configuration menu. (The console then returns to the VLAN menu.)

  3. Return to the Main menu.


    [NOTE: ]

    NOTE: For GVRP Operation: If you enable GVRP on the switch, No converts to Auto, which allows the VLAN to dynamically join an advertised VLAN that has the same VID.

    Untagged VLANs

    Only one untagged VLAN is allowed per port. Also, there must be at least one VLAN assigned to each port. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN).


For ports A4 and A5 to belong to both DEFAULT_VLAN and VLAN-22 and ports A6 and A7 to belong only to VLAN-22, use the settings in The default VLAN names screen. This example assumes that the default GVRP setting is disabled and that you do not plan to enable GVRP later.

Displaying port-based VLAN assignments for specific ports

Using the CLI to configure port-based and protocol-based VLAN parameters

In the factory default state, all ports on the switch belong to the port-based default VLAN (DEFAULT_VLAN; VID=1) and are in the same broadcast/multicast domain.

The default VLAN is also the Primary VLAN. For more on this topic, see The primary VLAN.)

You can configure up to 255 additional static VLANs by adding new VLAN names and then assigning one or more ports to each VLAN.

The switch accepts a maximum of 2048 VLANs with VIDs numbered up to 4094. This must include the default VLAN and any dynamic VLANs the switch creates if you enable GVRP (see GVRP).


[NOTE: ]

NOTE: Each port can be assigned to multiple VLANs by using VLAN tagging. See VLAN tagging rules.


Creating a new static VLAN (port-based or protocol-based) (CLI)

The vlan <vid> command operates in the global configuration context to configure a static VLAN and/or take the CLI to a specified VLAN's context.

Syntax:

vlan vid | <ascii-name-string>

[no] vlan <vid>

If <vid> does not exist in the switch, this command creates a port-based VLAN with the specified <vid>

If the command does not include options, the CLI, moves to the newly created VLAN context.

If an optional name is not specified, the switch assigns a name in the default format VLAN n, where n is the <vid> assigned to the VLAN.

If the VLAN exists and you enter either the <vid> or the <ascii-name-string>,the CLI moves to the specified VLAN's context.

The no form of the command deletes the VLAN as follows:

If one or more ports belong only to the VLAN to be deleted, the CLI notifies you that these ports will be moved to the default VLAN and prompts you to continue the deletion. For member ports that also belong to another VLAN, there is no move prompt.

protocol [ ipx|ipv4|ipv6|arp|appletalk|sna|netbeui ]

Configures a static, protocol VLAN of the specified type.

If multiple protocols are configured in the VLAN, the no form removes the specified protocol

If a protocol VLAN is configured with only one protocol type and you use the no form of this command to remove that protocol, the switch changes the protocol VLAN to a port-based VLAN (if the VLAN does not have an untagged member port).

If an untagged member port exists on the protocol VLAN, you must either convert the port to a tagged member or remove the port from the VLAN before removing the last protocol type from the VLAN.


[NOTE: ]

NOTE: If you create an IPv4 protocol VLAN, you must assign the ARP protocol option to it to provide IP address resolution. Otherwise, IP packets are not deliverable. A Caution message appears in the CLI if you configure IPv4 in a protocol VLAN that does not already include the ARP protocol option. The same message appears if you add or delete another protocol in the same VLAN.


name <ascii-name-string>

When included in a vlan command to create a new static VLAN, this command specifies a non-default VLAN name. Also used to change the current name of an existing VLAN.


[NOTE: ]

NOTE: Avoid spaces and the following characters in the <ascii-name-string> entry: @, #:, $, ^, &, *, ( and). To include a blank space in a VLAN name, enclose the name in single or double quotes.


voice

Designates a VLAN for VoIP use. For more on this topic, see Using voice VLANs.


[NOTE: ]

NOTE: You can use these options from the configuration level by beginning the command with vlan <vid>, or from the context level of the specific VLAN by just entering the command option.


Creating a new port-based static VLAN

The following example shows how to create a new port-based, static VLAN with a VID of 100 using the following steps:

  1. To create the new VLAN, type the vlan 100 command.

  2. To show the VLANs currently configured in the switch, type the show vlans command.

If the Management VLAN field (Primary VLAN : DEFAULT_VLAN Management VLAN shown in the display information below) is empty, a Secure Management VLAN is not configured in the switch. For more information on configuring a secure management VLAN, see The secure Management VLAN.

switch(config)#: vlan 100
switch(config)#: show vlans

 Status and Counters - VLAN Information
 Maximum VLANs to support : 8
 Primary VLAN : DEFAULT_VLAN
 Management VLAN :

 VLAN ID Name                 Status       Voice Jumbo
 ------- -------------------- ------------ ----- -----
 1       DEFAULT_VLAN         Port-based   No    No
 100     VLAN100              Port-based   No    No

Changing the VLAN context level

To go to a different VLAN context level, such as to the default VLAN:

switch (vlan-100)#: vlan default_vlan switch(vlan-1) _

Configuring or changing static VLAN per-port settings (CLI)

Syntax:

[no] vlan <vid>

This command, used with the options listed below, changes the name of an existing static VLAN and the per-port VLAN membership settings.


[NOTE: ]

NOTE: You can use these options from the configuration level by beginning the command with vlan <vid>, or from the context level of the specific VLAN by just entering the command option.


tagged <port-list>

Configures the indicated port as Tagged for the specified VLAN. The no version sets the port to either No or (if GVRP is enabled) to Auto.

untagged <port-list>

Configures the indicated port as Untagged for the specified VLAN. The no version sets the port to either No or (if GVRP is enabled) to Auto.

forbid <port-list>

Used in port-based VLANs, configures <port-list> as forbidden, to become a member of the specified VLAN, as well as other actions. Does not operate with option not allowed protocol VLANs. The no version sets the port to either No or (if GVRP is enabled) to Auto. See GVRP.

auto <port-list>

Available if GVRP is enabled on the switch. Returns the per-port settings for the specified VLAN to Auto operation. Auto is the default per-port setting for a static VLAN if GVRP is running on the switch. For information on dynamic VLAN and GVRP operation, see GVRP.

Changing the VLAN name and set ports to tagged

Suppose that there is a VLAN named VLAN100 with a VID of 100 and all ports are set to No for this VLAN. To change the VLAN name to Blue_Team and set ports A1 - A5 to Tagged, use the following commands:

switch(config)#: vlan 100 name Blue_Team 
switch(config)#: vlan 100 tagged a1-a5

Moving the context level

To move to the vlan 100 context level and execute the same commands:

switch(config)#: vlan 100 
switch(vlan-100)#: name Blue_Team 
switch(vlan-100)#: tagged a1-a5

Changing tagged ports

Similarly, to change the tagged ports in the above examples to No (or Auto, if GVRP is enabled), use either of the following commands.

At the global config level, use:

switch(config)#: no vlan 100 tagged a1-a5

- or -

At the VLAN 100 context level, use:

switch(vlan-100)#: no tagged a1-a5

[NOTE: ]

NOTE: You cannot use these commands with dynamic VLANs. Attempting to do so displays the message VLAN already exists with no change.


Converting a dynamic VLAN to a static VLAN (CLI)

Syntax:

static-vlan <vlan-id>

Converts a dynamic, port-based VLAN membership to static, port-based VLAN membership (allows port-based VLANs only).

For this command,<vlan-id> refers to the VID of the dynamic VLAN membership. Use show vlan to help identify the VID.

This command requires that GVRP is running on the switch and a port is currently a dynamic member of the selected VLAN.

After you convert a dynamic VLAN to static, you must configure the switch's per-port participation in the VLAN in the same way that you would for any static VLAN. For GVRP and dynamic VLAN operation, see GVRP.

Converting a dynamic VLAN to a port-based static VLAN

Suppose a dynamic VLAN with a VID of 125 exists on the switch. The following command converts the VLAN to a port-based, static VLAN:

HP(config)#: static-vlan 125

Deleting a static VLAN (CLI)

Syntax:

no vlan <vid>


[CAUTION: ]

CAUTION: Before deleting a static VLAN, reassign all ports in the VLAN to another VLAN.


Deleting a static VLAN

Following VLAN Names screen with a new VLAN added, if ports B1-B5 belong to both VLAN 2 and VLAN 3 and ports B6-B10 belong to VLAN 3, deleting VLAN 3 causes the CLI to prompt you to approve moving ports B6 - B10 to VLAN 1 (the default VLAN). (Ports B1-B5 are not moved because they still belong to another VLAN.)

switch(config)#: no vlan 3
The following ports will be moved to the default VLAN:
B6-B10
Do you want to continue?
[y/n] Y
switch(config)#::

Deleting multiple VLANs

Enables the user to add or delete interfaces from multiple tagged or untagged VLANs or SVLANs using a single command. Interfaces can be added or deleted up to 256 VLANs at a time. If more than 256 VLANs are specified, an error displays. The forbid command option prevents specified ports from becoming members of specified VLANs or SVLANs when used with GVRP. The command is executed in the interface context.

Syntax

[no]interface <port-list> <tagged | untagged | forbid> <vlan | svlan <vlan-id-list>>

  • The specified interfaces are added to existing VLANs or SVLANs. If a VLAN or SVLAN does not exist, an error message displays.

  • The [no] option removes the specified interfaces from the specified VLANs or SVLANs.

  • The forbid option prevents an interface from becoming a member of the specified VLANs or SVLANs. It is executed in interface context.

Removing an interface from several VLANs

The vlan-id-list includes a comma-separated list of VLAN IDs and/or VLAN ID ranges.

To remove interface 1 from VLANs 1, 3, 5, 6, 7, 8, 9, 10

switch(config)#: no interface 1,6,7-10 tagged vlan 1,3,5-10

To specify that an interface cannot become a member of VLANs 4 and 5

switch(config)#: interface 2 forbid vlan 4-5

Using IP enable/disable for all VLANs

You can administratively disable the IP address on specified VLANs with static IP addresses without removing the Layer 3 configuration. The switch can be pre-configured as a backup router, then quickly transition from backup to active by re-enabling Layer 3 routing on one or more VLANs. While the switch is in “backup” mode, it will still be performing Layer 2 switching.

A MIB object will be toggled to make Layer 3 routing active or inactive on a VLAN.

Interaction with other features

This feature affects management access to the switch as follows:

  • IP—SNMP, Telnet, SSH, HTTP, TFTP, SCP, SFTP

  • Routing—RIP, OSPF, PIM, VRRP

When the disable layer3 command is configured on a VLAN, the behavior is as if no IP address were configured for that VLAN. There is no other change in behavior.

Syntax:

[no] disable layer3 vlan <vid> <vid range>

In config context, turns off Layer 3 routing for the specified VLAN or VLANs. When executed in vlan context, turns off Layer 3 routing for that VLAN.

The no form turns on Layer 3 routing for the specified VLAN or VLANs.

The show ip command displays disabled in the IP Config column if Layer 3 has been disabled, or if the VLAN has no IP configuration. You can tell which is the case by viewing the remaining columns; if there is no IP configuration, the remaining columns are blank.

Displaying a VLAN disabled for Layer 3

switch(config)#: show ip

 Internet (IP) Service

  IP Routing : Disabled

  Default Gateway : 172.22.16.1
  Default TTL     : 64   
  Arp Age         : 20  
  Domain Suffix   :                               
  DNS server      :                                         

  VLAN                 | IP Config  IP Address      Subnet Mask     Proxy ARP
  -------------------- + ---------- --------------- --------------- ---------
  DEFAULT_VLAN         | DHCP/Bootp 172.22.18.100   255.255.248.0   No No
  VLAN3                | Disabled   172.17.17.17    255.255.255.0   No No
  VLAN6                | Disabled
  VLAN7                | Manual     10.7.7.1        255.255.255.0   No No

For IPv6, the Layer 3 Status field displays the status of Layer 3 on that VLAN.

Displaying IPv6 Layer 3 status for a VLAN

switch(config)#: show ipv6

 Internet (IPv6) Service

  IPv6 Routing    : Disabled
  Default Gateway :
  ND DAD          : Enabled
  DAD Attempts    : 3

  Vlan Name       : DEFAULT_VLAN
  IPv6 Status     : Disabled
  Layer 3 Status  : Enabled

  Vlan Name       : layer3_off_vlan
  IPv6 Status     : Disabled
  Layer 3 Status  : Disabled

  Address    |                                             Address
  Origin     | IPv6 Address/Prefix Length                  Status
---------- + ------------------------------------------- -----------
  manual     | abcd::1234/32                               tentative
  autoconfig | fe80::218:71ff:febd:ee00/64                 tentative

Interactions with DHCP

Disabling Layer 3 functionality and DHCP are mutually exclusive, with DHCP taking precedence over disable layer3 on a VLAN. The following interactions occur:

  • If the disable layer3 command is executed when DHCP is already configured, no disabling of the VLAN occurs. This error message displays: “Layer 3 cannot be disabled on a VLAN that has DHCP enabled.”

  • From the CLI: If disable layer3 is configured already and an attempt is made to configure DHCP, DHCP takes precedence and will be set. The warning message displays: “Layer 3 has also been enabled on this VLAN since it is required for DHCP.”

  • From the CLI: When disabling a range of VLAN IDs, this warning message displays: “Layer 3 will not be disabled for any LANs that have DHCP enabled.”

  • From SNMP: If the disable layer3 command is executed when DHCP is already configured, no disabling of the VLAN occurs. An INCONSISTENT_VALUE error is returned.

  • From SNMP: If disable layer3 is configured already and an attempt is made to configure DHCP, DHCP takes precedence and will be set.

Changing the Primary VLAN (CLI)

For more information on Primary VLANs, see The primary VLAN.

Syntax:

  1. To change the Primary VLAN (CLI), use the following command:

    primary-vlan vid <ascii-name-string>

    In the default VLAN configuration, the port-based default VLAN (DEFAULT_VLAN) is the Primary VLAN. This command reassigns the Primary VLAN function to an existing, port-based, static VLAN.

    The switch cannot reassign the Primary VLAN function to a protocol VLAN.

  2. If you reassign the Primary VLAN to a non-default VLAN, to delete the Primary VLAN from the switch, you must assign the Primary VLAN to another port-based static VLAN.

To identify the current Primary VLAN and list the available VLANs and their respective VIDs, use show vlans.

Reassigning, renaming and displaying the VLAN command sequence

The following example shows how to reassign the Primary VLAN to VLAN 22 (first command line), rename the VLAN 22-Primary (second command line) and then display the result (third command line):

switch(config)#: primary-vlan 22
switch(config)#: vlan 22 name 22-Primary
switch(config)#: show vlans

Status and Counters - VLAN Information
Maximum VLANs to support : 8
Primary VLAN : 22-Primary
Management VLAN :

VLAN ID Name                 Status       Voice Jumbo
------- -------------------- ------------ ----- -----
1       DEFAULT_VLAN         Static       No    No
22      22-Primary           Static       No    No

Configuring a secure Management VLAN (CLI)

Preparation

  1. Determine a VID and VLAN name suitable for your Management VLAN.

  2. Plan your topology to use switches that support Management VLANs. See The secure Management VLAN.

  3. Include only the following ports:

  4. Half-duplex repeaters dedicated to connecting management stations to the Management VLAN can also be included in this topology. Any device connected to a half-duplex repeater in the Management VLAN will also have Management VLAN access.

  5. Configure the Management VLAN on the selected switch ports.

  6. Test the Management VLAN from all of the management stations authorized to use it, including any SNMP-based network management stations. Also test any Management VLAN links between switches.


[NOTE: ]

NOTE: If you configure a Management VLAN on a switch using a Telnet connection through a port not in the Management VLAN, you will lose management contact with the switch if you log off your Telnet connection or execute write memory and reboot the switch.


Configuring an existing VLAN as the Management VLAN (CLI)

Syntax:

[no] management-vlan [ <vlan-id> | <vlan-name> ]

Configures an existing VLAN as the Management VLAN.

The no form disables the Management VLAN and returns the switch to its default management operation.

Default: Disabled. In this case, the VLAN returns to standard VLAN operation.

Switch configuration

You have configured a VLAN named My_VLAN with a VID of 100 and want to configure the switch to do the following:

  • Use My_VLAN as a Management VLAN (tagged, in this case) to connect port A1 on switch "A" to a management station. The management station includes a network interface card with 802.1Q tagged VLAN capability.

  • Use port A2 to extend the Management VLAN to port B1 which is already configured as a tagged member of My_VLAN, on an adjacent switch that supports the Management VLAN feature.

switch (config)#: management-vlan 100
switch (config)#: vlan 100 tagged a1
switch (config)#: vlan 100 tagged a2

Configuration Example

Obtaining an IP address using DHCP (CLI)

Use DHCP to obtain an IPv4 address for your Management VLAN or a client on that VLAN. The following examples illustrate when an IP address will be received from the DHCP server.

DHCP server on a Management VLAN

If Blue_VLAN is configured as the Management VLAN and the DHCP server is also on Blue_VLAN, Blue_VLAN receives an IP address. Because DHCP Relay does not forward onto or off the Management VLAN, devices on Red_VLAN cannot get an IP address from the DHCP server on Blue_VLAN (Management VLAN) and Red_VLAN does not receive an IP address.

DHCP server on a different VLAN from the Management VLAN

If Red_VLAN is configured as the Management VLAN and the DHCP server is on Blue_VLAN, Blue_VLAN receives an IP address but Red_VLAN does not.

No Management VLANs configured

If no Management VLAN is configured, both Blue_VLAN and Red_VLAN receive IP addresses.

A client on a different Management VLAN from the DHCP server

If Red_VLAN is configured as the Management VLAN and the client is on Red_VLAN, but the DHCP server is on Blue_VLAN, the client will not receive an IP address.

A DHCP server and client on the Management VLAN

If Blue_VLAN is configured as the Management VLAN, the client is on Blue_VLAN and the DHCP server is on Blue_VLAN, the client receives an IP address.

Obtaining the IP address for a host that is on a different VLAN than the DHCP server

In the following example, the host is on VLAN 20 and is connected on port number 2 of the switch. The DHCP server, however, is in VLAN 10 and is connected on port 10 of the switch.

Obtaining the IP address for a host that is on a different VLAN than the DHCP server

switch(config)#: vlan 10
name "VLAN 10"
untagged 10
ip address 10.1.1.2.255.255.0
exit
vlan 20
name "VLAN 20"
untagged 2
ip address 100.99.1.1 255.255.255.0
ip helper-address 10.1.1.1
exit

Disabling the Management feature (CLI)

You can disable the Secure Management feature without deleting the VLAN.

Disabling the secure management feature

The following commands disable the Secure Management feature in the above example:

switch (config)#: no management-vlan 100
switch (config)#: no management-vlan my_vlan

For more information, see The secure Management VLAN.

Changing the number of VLANs allowed on the switch (CLI)

Syntax:

The default VLAN number is 1.

max-vlans<1-512>

Default number of VLANs: 16

If GVRP is enabled, this setting includes any dynamic VLANs on the switch. As part of implementing a new setting, you must execute a write memory command to save the new value to the startup-config file and then reboot the switch.


[NOTE: ]

NOTE: If multiple VLANs exist on the switch, you cannot reset the maximum number of VLANs to a value smaller than the current number of VLANs.


The following example shows the command sequence for changing the number of VLANs allowed to 10. You can execute the commands to write memory and boot at another time.

Changing the number of allowed VLANs

switch(config)#: max-vlans 10
This command will take effect after saving the configuration 
and rebooting the system.
switch(config)#: write memory
switch(config)#: boot
Device will he rebooted, do you want to continue [y/n]? Y

Error Messages