Introduction to Arista EOS VLAN Architecture
Arista EOS (Extensible Operating System) implements VLANs using IEEE 802.1Q tagging across all EOS-based platforms including the 7050, 7060, 7170, and 7280 series. EOS supports up to 4094 VLAN IDs per switch and decouples the control plane from the data plane, meaning VLAN state is preserved during in-service software upgrades (ISSU). This run book covers the full VLAN lifecycle on Arista EOS — from VLAN creation and access port assignment, through trunk configuration and VLAN pruning, to inter-VLAN routing using SVIs.
VLAN Creation and Management
VLANs must be created in the global VLAN database before being assigned to interfaces. Unlike Cisco IOS, there is no separate vlan.dat file on Arista EOS — the VLAN database is part of the running configuration and is persisted with write memory.
Create a Single VLAN
sw-infrarunbook-01# configure terminal
sw-infrarunbook-01(config)# vlan 10
sw-infrarunbook-01(config-vlan-10)# name infrarunbook-mgmt
sw-infrarunbook-01(config-vlan-10)# state active
sw-infrarunbook-01(config-vlan-10)# exit
Create Multiple VLANs in One Command
sw-infrarunbook-01(config)# vlan 10,20,30,40
sw-infrarunbook-01(config-vlan-10,20,30,40)# state active
sw-infrarunbook-01(config-vlan-10,20,30,40)# exit
Name VLANs Individually
sw-infrarunbook-01(config)# vlan 10
sw-infrarunbook-01(config-vlan-10)# name infrarunbook-mgmt
sw-infrarunbook-01(config)# vlan 20
sw-infrarunbook-01(config-vlan-20)# name infrarunbook-servers
sw-infrarunbook-01(config)# vlan 30
sw-infrarunbook-01(config-vlan-30)# name infrarunbook-storage
sw-infrarunbook-01(config)# vlan 40
sw-infrarunbook-01(config-vlan-40)# name infrarunbook-dmz
Suspend a VLAN Without Deleting It
sw-infrarunbook-01(config)# vlan 40
sw-infrarunbook-01(config-vlan-40)# state suspend
Delete a VLAN
sw-infrarunbook-01(config)# no vlan 40
Verify the VLAN Database
sw-infrarunbook-01# show vlan
sw-infrarunbook-01# show vlan brief
sw-infrarunbook-01# show vlan id 10
sw-infrarunbook-01# show vlan name infrarunbook-mgmt
Access Port Configuration
Access ports carry untagged traffic for a single VLAN and are used for end devices such as servers, workstations, and printers. On Arista EOS, interfaces default to Layer 2 switchport mode and the mode must be explicitly set — there is no DTP negotiation.
Configure a Single Access Port
sw-infrarunbook-01(config)# interface Ethernet1
sw-infrarunbook-01(config-if-Et1)# description Server-infrarunbook-web-01
sw-infrarunbook-01(config-if-Et1)# switchport mode access
sw-infrarunbook-01(config-if-Et1)# switchport access vlan 20
sw-infrarunbook-01(config-if-Et1)# spanning-tree portfast
sw-infrarunbook-01(config-if-Et1)# no shutdown
Configure Multiple Access Ports with Interface Range
sw-infrarunbook-01(config)# interface Ethernet1-8
sw-infrarunbook-01(config-if-Et1-8)# description Access-Servers-VLAN20
sw-infrarunbook-01(config-if-Et1-8)# switchport mode access
sw-infrarunbook-01(config-if-Et1-8)# switchport access vlan 20
sw-infrarunbook-01(config-if-Et1-8)# spanning-tree portfast
sw-infrarunbook-01(config-if-Et1-8)# no shutdown
Configure Voice VLAN on an Access Port
Arista EOS supports an auxiliary (voice) VLAN on access ports, allowing IP phones to use a tagged voice VLAN while the PC behind the phone receives untagged data VLAN traffic.
sw-infrarunbook-01(config)# interface Ethernet5
sw-infrarunbook-01(config-if-Et5)# description IP-Phone-infrarunbook-desk-01
sw-infrarunbook-01(config-if-Et5)# switchport mode access
sw-infrarunbook-01(config-if-Et5)# switchport access vlan 20
sw-infrarunbook-01(config-if-Et5)# switchport voice vlan 100
sw-infrarunbook-01(config-if-Et5)# spanning-tree portfast
sw-infrarunbook-01(config-if-Et5)# no shutdown
Verify Access Port Assignment
sw-infrarunbook-01# show interfaces Ethernet1 switchport
sw-infrarunbook-01# show vlan id 20
sw-infrarunbook-01# show mac address-table interface Ethernet1
Trunk Port Configuration
Trunk ports carry 802.1Q-tagged frames for multiple VLANs and are used for switch-to-switch uplinks, hypervisor connections (ESXi, KVM), and links to routers or firewalls. Arista EOS does not support DTP — trunk mode must be configured explicitly on both ends of the link.
Configure a Basic Trunk Port
sw-infrarunbook-01(config)# interface Ethernet49
sw-infrarunbook-01(config-if-Et49)# description Uplink-to-sw-infrarunbook-02
sw-infrarunbook-01(config-if-Et49)# switchport mode trunk
sw-infrarunbook-01(config-if-Et49)# no shutdown
Restrict Allowed VLANs on the Trunk
sw-infrarunbook-01(config-if-Et49)# switchport trunk allowed vlan 10,20,30,40
Add VLANs to an Existing Allowed List
sw-infrarunbook-01(config-if-Et49)# switchport trunk allowed vlan add 50,60
Remove Specific VLANs from Trunk
sw-infrarunbook-01(config-if-Et49)# switchport trunk allowed vlan remove 60
Allow All VLANs (Default Behaviour)
sw-infrarunbook-01(config-if-Et49)# switchport trunk allowed vlan all
Set Native VLAN on Trunk
sw-infrarunbook-01(config-if-Et49)# switchport trunk native vlan 999
Security note: Always set native VLAN to an unused VLAN ID such as 999. Never use VLAN 1 as native in production — it is susceptible to VLAN hopping attacks.
Verify Trunk Port
sw-infrarunbook-01# show interfaces Ethernet49 trunk
sw-infrarunbook-01# show interfaces Ethernet49 switchport
sw-infrarunbook-01# show interfaces trunk
Trunk Between Two Arista Switches — Full Example
The following is a complete trunk configuration between sw-infrarunbook-01 (distribution) and sw-infrarunbook-02 (access), allowing VLANs 10, 20, 30, and 40 with native VLAN 999.
sw-infrarunbook-01 (Distribution)
sw-infrarunbook-01(config)# interface Ethernet49
sw-infrarunbook-01(config-if-Et49)# description Downlink-to-sw-infrarunbook-02
sw-infrarunbook-01(config-if-Et49)# switchport mode trunk
sw-infrarunbook-01(config-if-Et49)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-01(config-if-Et49)# switchport trunk native vlan 999
sw-infrarunbook-01(config-if-Et49)# no shutdown
sw-infrarunbook-02 (Access)
sw-infrarunbook-02(config)# interface Ethernet49
sw-infrarunbook-02(config-if-Et49)# description Uplink-to-sw-infrarunbook-01
sw-infrarunbook-02(config-if-Et49)# switchport mode trunk
sw-infrarunbook-02(config-if-Et49)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-02(config-if-Et49)# switchport trunk native vlan 999
sw-infrarunbook-02(config-if-Et49)# no shutdown
Verify Trunk Adjacency
sw-infrarunbook-01# show lldp neighbors
sw-infrarunbook-01# show interfaces Ethernet49 trunk
sw-infrarunbook-01# show spanning-tree topology
VLAN on Port-Channel (LAG) Interfaces
When using Link Aggregation Groups (LAG / Port-Channel), VLAN configuration is applied to the Port-Channel interface — not the individual member interfaces. Member interfaces carry no VLAN-specific configuration.
Create Port-Channel and Configure as Trunk
sw-infrarunbook-01(config)# interface Port-Channel1
sw-infrarunbook-01(config-if-Po1)# description LAG-to-sw-infrarunbook-02
sw-infrarunbook-01(config-if-Po1)# switchport mode trunk
sw-infrarunbook-01(config-if-Po1)# switchport trunk allowed vlan 10,20,30,40
sw-infrarunbook-01(config-if-Po1)# switchport trunk native vlan 999
sw-infrarunbook-01(config)# interface Ethernet49,Ethernet50
sw-infrarunbook-01(config-if-Et49,Et50)# channel-group 1 mode active
sw-infrarunbook-01(config-if-Et49,Et50)# no shutdown
Verify Port-Channel
sw-infrarunbook-01# show port-channel 1
sw-infrarunbook-01# show interfaces Port-Channel1 trunk
Inter-VLAN Routing with SVIs
Arista EOS supports inter-VLAN routing using Switched Virtual Interfaces (SVIs). Each VLAN is assigned a Layer 3 interface (interface Vlan<id>) with an IP address. Packets between VLANs are routed in hardware at line rate. IP routing must be enabled globally before SVIs can forward traffic between VLANs.
Enable IP Routing
sw-infrarunbook-01(config)# ip routing
Create SVIs for Each VLAN
sw-infrarunbook-01(config)# interface Vlan10
sw-infrarunbook-01(config-if-Vl10)# description SVI-infrarunbook-mgmt
sw-infrarunbook-01(config-if-Vl10)# ip address 10.10.10.1/24
sw-infrarunbook-01(config-if-Vl10)# no shutdown
sw-infrarunbook-01(config)# interface Vlan20
sw-infrarunbook-01(config-if-Vl20)# description SVI-infrarunbook-servers
sw-infrarunbook-01(config-if-Vl20)# ip address 10.10.20.1/24
sw-infrarunbook-01(config-if-Vl20)# no shutdown
sw-infrarunbook-01(config)# interface Vlan30
sw-infrarunbook-01(config-if-Vl30)# description SVI-infrarunbook-storage
sw-infrarunbook-01(config-if-Vl30)# ip address 10.10.30.1/24
sw-infrarunbook-01(config-if-Vl30)# no shutdown
sw-infrarunbook-01(config)# interface Vlan40
sw-infrarunbook-01(config-if-Vl40)# description SVI-infrarunbook-dmz
sw-infrarunbook-01(config-if-Vl40)# ip address 172.16.40.1/24
sw-infrarunbook-01(config-if-Vl40)# no shutdown
Verify SVIs and Routing Table
sw-infrarunbook-01# show ip interface brief
sw-infrarunbook-01# show interfaces Vlan10
sw-infrarunbook-01# show ip route
sw-infrarunbook-01# ping 10.10.20.10 source Vlan10
Routed Ports
A routed port is a physical interface operating at Layer 3 without 802.1Q switching. Use routed ports for uplinks to routers, firewalls, or WAN devices that require a dedicated IP address on the physical interface.
Configure a Routed Port
sw-infrarunbook-01(config)# interface Ethernet50
sw-infrarunbook-01(config-if-Et50)# description Uplink-to-fw-infrarunbook-01
sw-infrarunbook-01(config-if-Et50)# no switchport
sw-infrarunbook-01(config-if-Et50)# ip address 10.0.0.2/30
sw-infrarunbook-01(config-if-Et50)# no shutdown
Revert a Routed Port Back to Switchport
sw-infrarunbook-01(config)# interface Ethernet50
sw-infrarunbook-01(config-if-Et50)# switchport
VLAN Pruning
VLAN pruning limits trunk allowed VLANs to only those required by downstream devices. This reduces unnecessary broadcast traffic and STP topology change scope.
Pruned Trunk to Access Switch (VLANs 10 and 20 Only)
sw-infrarunbook-01(config)# interface Ethernet10
sw-infrarunbook-01(config-if-Et10)# description Downlink-sw-infrarunbook-access-01
sw-infrarunbook-01(config-if-Et10)# switchport mode trunk
sw-infrarunbook-01(config-if-Et10)# switchport trunk allowed vlan 10,20
sw-infrarunbook-01(config-if-Et10)# switchport trunk native vlan 999
sw-infrarunbook-01(config-if-Et10)# no shutdown
Saving Configuration
! Save running config to startup config
sw-infrarunbook-01# write memory
! Alternative syntax
sw-infrarunbook-01# copy running-config startup-config
! Verify saved config
sw-infrarunbook-01# show startup-config | section vlan
sw-infrarunbook-01# show running-config interfaces
Troubleshooting Reference
- show vlan — verify VLAN exists in the database and is in active state
- show interfaces Ethernet1 switchport — check switchport mode and VLAN assignment
- show interfaces trunk — list all trunks with allowed, active in STP, and forwarding VLAN columns
- show mac address-table vlan 20 — verify MAC address learning on a VLAN
- show ip interface brief — confirm SVI state is up/up before expecting routing to work
- show ip route — confirm connected routes for each SVI subnet are in the routing table
- ping 10.10.20.10 source Vlan10 — test inter-VLAN reachability from the switch itself
- show spanning-tree vlan 10 — check STP state per VLAN and identify any blocked ports
- show lldp neighbors — verify physical adjacency to connected switches
- show logging last 50 — check for link-state or STP topology change events
Frequently Asked Questions
Does Arista EOS support ISL trunking?
No. Arista EOS supports only IEEE 802.1Q trunking. ISL (Inter-Switch Link) is a proprietary Cisco protocol and is not implemented on any Arista platform.
What is the default native VLAN on an Arista trunk port?
The default native VLAN on Arista EOS trunk interfaces is VLAN 1. Best practice is to change this to an unused VLAN ID such as 999 on all trunk ports to prevent VLAN hopping attacks.
Does Arista EOS support DTP (Dynamic Trunking Protocol)?
No. Arista EOS does not implement DTP. Trunk mode must be explicitly configured with switchport mode trunk on both ends of the link. This eliminates the risk of unintended trunk negotiation.
How do I add VLANs to a trunk without replacing the existing allowed list?
Use switchport trunk allowed vlan add <vlan-list>. This appends to the existing list without replacing it. Similarly, switchport trunk allowed vlan remove <vlan-list> removes specific VLANs without affecting the rest of the allowed list.
Why is my SVI showing as down/down on Arista EOS?
An SVI comes up only when at least one port assigned to that VLAN is in a forwarding state. Verify the VLAN exists in the database (show vlan), at least one access or trunk port carrying that VLAN is physically up, and no shutdown is configured on the SVI.
How many VLANs does Arista EOS support?
Arista EOS supports up to 4094 VLANs per switch (IDs 1 through 4094). VLAN 1 is the default VLAN and cannot be deleted. The actual scalable VLAN count depends on the hardware platform and the features enabled.
Does Arista EOS support VTP?
No. Arista EOS does not support VTP (VLAN Trunking Protocol). VLANs must be configured individually on each switch or managed centrally using Arista CloudVision (CVP) or automation tools such as Ansible, Terraform, or NAPALM.
What is the difference between switchport mode access and switchport mode trunk on Arista?
Access mode assigns the port to exactly one VLAN and forwards untagged frames. Trunk mode carries 802.1Q-tagged frames for multiple VLANs. Arista EOS has no dynamic (auto/desirable) mode — port mode is always configured explicitly.
How do I verify which VLANs are actually forwarding on a trunk?
Use show interfaces Ethernet<id> trunk. The output shows three columns: VLANs allowed on trunk, VLANs allowed and active in spanning tree, and VLANs in STP forwarding state and not pruned. Only VLANs in the third column are actively forwarding traffic.
Can I configure VLAN names on Arista EOS?
Yes. Use vlan <id> followed by name <name> in VLAN configuration mode. VLAN names are local to each switch and are not propagated automatically — Arista does not support VTP.
How do I configure inter-VLAN routing on Arista EOS without an external router?
Enable ip routing globally and create an SVI for each VLAN using interface Vlan<id> with an IP address assigned and no shutdown. Arista EOS performs inter-VLAN routing in hardware at line rate — no external router is required.
What happens to VLAN configuration after a reload on Arista EOS?
VLAN configuration is stored in the running-config. Always run write memory before reloading to persist VLAN and interface configuration to the startup-config. Unlike Cisco IOS, Arista EOS has no separate vlan.dat file — all configuration is unified in the EOS config store.
