VLANs and switchports in NetBase: designing a wiring closet from the UI

Routers grab most of the attention, but wiring-closet work is where a visual editor really pays for itself. Naming thirty VLANs, trunking the right ones on an uplink, enabling PortFast + BPDU Guard on every access port — the CLI dance here is tedious and error-prone. NetBase’s Switch editor makes it a point-and-click job and still renders the same IOS stanzas you’d type by hand.

• A NetBase project.
• A switch model in mind. The Model dropdown gates features — e.g. Layer 3 switches unlock SVIs, routing, and redistribution tabs.
• Optional: a connector if you want to push the design live at the end.

The VLAN editor (sidebar → VLAN) holds one list of VLAN IDs and names for the whole project. Every switch in the project picks VLANs from this list, which means a typo on switch A can’t silently disagree with switch B. Add the VLANs you need — data, voice, management, guest — and give them readable names. Every switch in the project will now see them in its dropdowns.

In /components/switch you’ll see a device tab (default S1). The section strip is longer than on a router because switches have more surface area:

• Basic, Interface, Layer 2 Interfaces (switchports), VLANs, Port Channels, STP, Access Edge, Port Security, DHCP Snooping, SPAN, plus the usual NTP / Syslog / SNMP blocks.

Most of the action for a wiring closet sits in Switchports, VLANs, and STP.

Inside the switch’s VLANs tab, pick from the project-wide VLAN list. Each selected VLAN renders as:

vlan 10
 name DATA

If you need an SVI for the VLAN (only on Layer 3 switches), tick Create SVI and fill in the IP / subnet — NetBase emits the matching interface Vlan10 block.

The Layer 2 Interfaces tab (Switchports under the hood) is a list of every port on the switch. Each row has:

• Interface — from the physical-port list available on the selected switch model.
• Mode — Access or Trunk. The rest of the row changes to match: Access shows Access VLAN + optional Voice/Guest VLANs, Trunk shows Native VLAN + Allowed VLANs.
• Access VLAN / Native VLAN — dropdowns populated from the VLANs you created in step 1, so typos are impossible.
• Allowed VLANs — free-text entry for trunks (10,20,30-39).
• Voice VLAN — optional.
• PortFast, BPDU Guard, Root Guard, Loop Guard, UDLD — toggles that emit the corresponding spanning-tree commands.
• Storm control — Broadcast / Multicast level + action.
• DHCP snooping trust, ARP inspection trust, IP source guard — tick them on uplinks, leave them off on user-facing ports.
• 802.1X (dot1x), MAB, Host mode, Auth violation — all the access-edge knobs.
• Shutdown — for ports that should stay down.

The result is a single card per port. Filling in a dozen of them takes about as long as typing them into a CLI once, but now you have a document you can diff, review, and share.

• STP — pick mode (rapid-pvst, mst), optional global PortFast-default / BPDU-guard-default, and per-VLAN priority/timers. MST instance + name fields are there too.
• DHCP snooping — enable globally, pick the VLANs it covers, pick the trusted ports, and set rate-limits.
• Port Security — maximum MAC addresses, violation action, sticky, per-port override.
• Access Edge — a catch-all for ip device tracking, DAI validate-src-mac / dst-mac / ip, errdisable recovery.

Each one has its own tab but they all read from the same devic tab so the generated config stays internally consistent.

Click Show config on any card. A typical access switch config renders as:

vlan 10
 name DATA
vlan 20
 name VOICE
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
!
interface GigabitEthernet1/0/1
 description user-port
 switchport mode access
 switchport access vlan 10
 switchport voice vlan 20
 spanning-tree portfast
 spanning-tree bpduguard enable
 storm-control broadcast level 1.00
 ip dhcp snooping limit rate 15
!
interface GigabitEthernet1/0/24
 description uplink
 switchport mode trunk
 switchport trunk native vlan 99
 switchport trunk allowed vlan 10,20,99
 spanning-tree guard root
 ip dhcp snooping trust

…and it’s the same generator that the Deploy button uses.

With a connector assigned to this switch (see the connector post for how to add one from the Connectors page), hit Deploy. The review modal shows a field-level diff and a line-level diff against the live running-config. Merge-mode only adds the missing lines, so adding a new VLAN or trunking an extra one on an uplink is always safe — no no vlan 10 side effects.

• Paste first, edit later. If a switch already has a config in production, paste show running-config into Import from running-config. NetBase’s Cisco parser splits it into the matching editor tabs (VLANs, switchports, STP) and gives you a three-way preview before committing.
• Duplicate tabs for cookie-cutter designs. Right-click a switch tab → Duplicate to create an identical copy. Swap the hostname, tweak one VLAN, and you’ve stamped out another access switch.
• Sanity-check trunks. Make a pseudo-failure: toggle “Mode” from trunk to access and watch the generated config. If you see what you expected, you’ll spot a real issue immediately.

Wiring-closet work has always been rote. NetBase doesn’t remove the rote part — it just automates it, validates it, and archives it.