Objectives
Upon completion of this exercise, you will be able to:

• Cable a network according to the topology diagram
• Erase the startup configuration and reload a switch to the default state
• Perform basic configuration tasks on a switch
• Create VLANs
• Assign switch ports to a VLAN
• Add, move, and change ports
• Verify VLAN configuration
• Enable trunking on inter-switch connections
• Verify trunk configuration
• Save the VLAN configuration

Task 1: Prepare the Network

Step 1: Cable a network that is similar to the one in the topology diagram.
You can use any current switch in packet tracer as long as it has the required interfaces shown in the topology.

Step 2: Clear any existing configurations on the switches (S2 and S3), and initialize all ports in the shutdown
state.
Procedure to clear switch configurations.
Switch>enable
Switch#show flash
Switch#delete flash:vlan.dat @ delete vlan.dat
Delete filename [vlan.dat]? [Press Enter Key]
Delete flash:vlan.dat? [confirm] [ Reconfirm by pressing enter key]
Switch#erase startup-config @ erase start
Switch#reload

It is a good practice to disable any unused ports on the switches by putting them in shutdown. Disable all
ports on the switches:
Switch#config term
Switch(config)#interface range fa0/1-24
Switch(config-if-range)#shutdown
Switch(config-if-range)#interface range gi0/1-2
Switch(config-if-range)#shutdown

Task 2: Perform Basic Switch Configurations

Step 1: Configure the switches according to the following guidelines.
• Configure the switch hostname.
• Configure Banner Motd
We’ll start with the message of the day banner that will be presented to anyone accessing the router:

S1(config)#banner motd “Authorized users only, violators will be shot on sight!”

• Disable DNS lookup

S1(config)#no ip domain-lookup

• Configure an EXEC mode password of class.
Why is it not necessary to use the enable password class command? Because the enable secret is a more secure password to use on the router or switch.

R1(config)#enable secret class

• Configure a password of cisco for console connections.
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login

First, I use the password command to set a password. I also need to supply the login
command otherwise the switch will not ask for the password.

• Configure a password of cisco for vty connections.
A switch or router has several virtual lines that you can use for remote access. These
are called VTY (Virtual Terminal) lines. I can configure these using the line vty command.
In my example, I’m selecting VTY line 0 up to 4 so that‟s 5 virtual lines total.

S1(config)#line vty 0 4
S1(config-line)#password cisco
S1(config-line)#login
Noted: The configuration on S2 and S3 follow Step 1

Step 2: Re-enable the use of ports on S2 and S3.
S2(config-if-range)#int range fa0/6, fa0/11, fa0/18
S2(config-if-range)#switchport mode access
S2(config-if-range)#no shutdown

S3(config-if-range)#int range fa0/6, fa0/11, fa0/18
S3(config-if-range)#switchport mode access
S3(config-if-range)#no shutdown

Task 3: Configure and Activate Ethernet Interfaces
Step 1: Configure the PCs.
You can complete this exercise by configuring six PCs. Each VLAN will be assigned 2 PCs. Refer to the table above for PCs configuration.
Task 4: Configure VLANs on the Switch
Step 1: Create VLANs on switch S1.
Use the VLAN vlan-id command in global configuration mode to add a VLAN to switch S1. There are four VLANS configured for this lab: VLAN 10 (faculty/staff); VLAN 20 (students); VLAN 30 (guest); and VLAN 99 (management). After you create the VLAN, you will be in VLAN configuration mode, where you can assign a name to the VLAN with the name vlan name command.

S1(config)#vlan 10
S1(config-vlan)#name faculty/staff
S1(config-vlan)#vlan 20
S1(config-vlan)#name students
S1(config-vlan)#vlan 30
S1(config-vlan)#name guest
S1(config-vlan)#vlan 99
S1(config-vlan)#name management
S1(config-vlan)#end

Step 2: Verify that the VLANs have been created on S1.

Use the show vlan brief command to verify that the VLANs have been created.
S1#show vlan brief

VLAN Name Status Ports


1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
10 faculty/staff active
20 students active
30 guest active
99 management active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
S1#

Step 3: Configure and name VLANs on switches S2 and S3.

Create and name VLANs 10, 20, 30, and 99 on S2 and S3 using the commands from Step 1. Verify the
correct configuration with the show vlan brief command.

Step 4: Assign switch ports to VLANs on S2 and S3.
Refer to the port assignment table on page 1. Ports are assigned to VLANs in interface configuration mode, using the switchport access vlan vlan-id command. You can assign each port individually or you can use the interface range command to simplify this task, as shown here. The commands are shown for S3 only, but you should configure both S2 and S3 similarly. Save your configuration when done.

S3(config)#int range fa0/6-10
S3(config-if-range)#switchport access vlan 30
S3(config-if-range)#int range fa0/11-17
S3(config-if-range)#switchport access vlan 10
S3(config-if-range)#int range fa0/18-24
S3(config-if-range)#switchport access vlan 20
S3(config-if-range)#do wr
Building configuration…
[OK]
S3(config-if-range)#

Step 4: Determine which ports have been added.
Use the show vlan id vlan-number command on S2 to see which ports are assigned to VLAN 10.
Which ports are assigned to VLAN 10?
Ans: Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17

Note: The show vlan id vlan-name displays the same output.
You can also view VLAN assignment information using the show interfaces interface switchport command.

Step 5: Assign the management VLAN.
A management VLAN is any VLAN that you configure to access the management capabilities of a switch. VLAN 1 serves as the management VLAN if you did not specifically define another VLAN. You assign the management VLAN an IP address and subnet mask. A switch can be managed via HTTP, Telnet, SSH, or SNMP. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, VLAN 1 is a bad choice as the management VLAN. You do not want an arbitrary user who is connecting to a switch to default to the management VLAN. Recall that you configured the management VLAN as VLAN 99 earlier in this lab.
From interface configuration mode, use the ip address command to assign the management IP address

S1(config)#int vlan 99
S1(config-if)#ip add 172.17.99.11 255.255.255.0
S1(config-if)#no shutdown
S2(config)#int vlan 99
S2(config-if)#ip add 172.17.99.12 255.255.255.0
S2(config-if)#no shutdown
S3(config)#int vlan 99
S3(config-if)#ip add 172.17.99.13 255.255.255.0
S3(config-if)#no shutdown

Assigning a management address allows IP communication between the switches, and also allows any host connected to a port assigned to VLAN 99 to connect to the switches. Because VLAN 99 is configured as the management VLAN, any ports assigned to this VLAN are considered management ports and should be secured to control which devices can connect to these ports.

Step 6: Configure trunking and the native VLAN for the trunking ports on all switches.
Trunks are connections between the switches that allow the switches to exchange information for all VLANS. By default, a trunk port belongs to all VLANs, as opposed to an access port, which can only belong to a single VLAN. If the switch supports both ISL and 802.1Q VLAN encapsulation, the trunks must specify which method is being used. Because the 2960 switch only supports 802.1Q trunking, it is not specified in this lab.
A native VLAN is assigned to an 802.1Q trunk port. In the topology, the native VLAN is VLAN 99. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN.
Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN. One of the IEEE 802.1Q specifications for Native VLANs is to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. For the purposes of this lab, a native VLAN serves as a common identifier on opposing ends of a trunk link. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.
Use the interface range command in global configuration mode to simplify configuring trunking.

S1(config-if-range)#int range fa0/1-5
S1(config-if-range)#switchport mode trunk
S1(config-if-range)#switchport trunk native vlan 99
S1(config-if-range)#do wr
Building configuration…
[OK]
S2(config)#int range fa0/1-5
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#switchport trunk native vlan 99
S2(config-if-range)#no shutdown
S2(config-if-range)#do wr
Building configuration…
[OK]
S2(config-if-range)#
S3(config)#int range fa0/1-5
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#switchport trunk native vlan 99
S3(config-if-range)#do wr
Building configuration…
[OK]
S3(config-if-range)#

Verify that the trunks have been configured with the show interface trunk command.
S1(config-if-range)#
S1(config-if-range)#do show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 99

Port Vlans allowed on trunk
Fa0/1 1-1005

Port Vlans allowed and active in management domain
Fa0/1 1,10,20,30,99

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,99

S1(config-if-range)#

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,10,20,30,99
Fa0/2 1,10,20,30,99

Step 7: Verify that the switches can communicate.
From S1, ping the management address on both S2 and S3.

S1#ping 172.17.99.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.99.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

S1#ping 172.17.99.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.99.13, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms

Step 8: Ping several hosts from PC2.
Ping from host PC2 to host PC1 (172.17.10.21). Is the ping attempt successful?
Ping from host PC2 to the switch VLAN 99 IP address 172.17.99.12. Is the ping attempt successful?
Because these hosts are on different subnets and in different VLANs, they cannot communicate without a Layer 3 device to route between the separate subnetworks.

Ping from host PC2 to host PC5. Is the ping attempt successful?
Because PC2 is in the same VLAN and the same subnet as PC5, the ping is successful.

Step 9: Move PC1 into the same VLAN as PC2.
The port connected to PC2 (S2 Fa0/18) is assigned to VLAN 20, and the port connected to PC1 (S2 Fa0/11) is assigned to VLAN 10. Reassign the S2 Fa0/11 port to VLAN 20. You do not need to first remove a port from a VLAN to change its VLAN membership. After you reassign a port to a new VLAN, that port is automatically removed from its previous VLAN.

S2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

S2(config)#interface fastethernet 0/11
S2(config-if)#switchport access vlan 20
S2(config-if)#end

Ping from host PC2 to host PC1. Is the ping attempt successful?

Even though the ports used by PC1 and PC2 are in the same VLAN, they are still in different
subnetworks, so they cannot communicate directly.

By Admin

18 thoughts on “Basic VLAN Configuration”
  1. Hello there, I found your blog by the use of Google while looking for a related topic,
    your web site got here up, it seems to be great. I’ve bookmarked it in my
    google bookmarks.
    Hello there, simply turned into alert to your
    blog through Google, and found that it is really informative.
    I am going to be careful for brussels. I’ll be grateful if you
    proceed this in future. A lot of other folks will probably be benefited from your writing.
    Cheers!

  2. Hey! Do you use Twitter? I’d like to follow you if that would be okay.
    I’m undoubtedly enjoying your blog and look forward
    to new updates.

  3. My partner and I absolutely love your blog and find many of your post’s to be precisely what I’m looking for.
    Do you offer guest writers to write content for yourself?

    I wouldn’t mind composing a post or elaborating on a lot of the subjects you write in relation to here.
    Again, awesome website!

  4. Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something.
    I think that you could do with a few pics to
    drive the message home a bit, but instead of that, this is
    excellent blog. An excellent read. I will certainly be back.

  5. Admiring the persistence you put into your blog and in depth information you provide.
    It’s nice to come across a blog every once in a while that isn’t
    the same old rehashed information. Great read! I’ve saved
    your site and I’m including your RSS feeds to my
    Google account.

  6. Very good blog! Do you have any hints for aspiring writers?
    I’m hoping to start my own blog soon but I’m a little lost on everything.

    Would you advise starting with a free platform like WordPress
    or go for a paid option? There are so many options out there
    that I’m totally overwhelmed .. Any suggestions? Cheers!

  7. Greetings from Florida! I’m bored to tears at work so I decided to browse your website on my
    iphone during lunch break. I enjoy the information you
    provide here and can’t wait to take a look when I get home.

    I’m shocked at how fast your blog loaded on my cell phone ..
    I’m not even using WIFI, just 3G .. Anyhow, wonderful blog!

  8. Excellent post. I used to be checking constantly this blog and I’m inspired!
    Very useful info specifically the final phase 🙂 I care
    for such information a lot. I was seeking this particular information for a
    long time. Thanks and best of luck.

  9. I?m not that much of a internet reader to be honest but your sites really nice, keep it up!
    I’ll go ahead and bookmark your website to come back later.
    Cheers

  10. Hi, I do think this is a great web site. I stumbledupon it
    😉 I am going to come back yet again since i have book-marked
    it. Money and freedom is the best way to change, may you be
    rich and continue to help other people.

  11. I have been browsing online more than 2 hours today, yet I never found any interesting article like yours.
    It’s pretty worth enough for me. Personally, if all webmasters and bloggers made
    good content as you did, the net will be a lot more useful than ever before.

  12. Spot on with this write-up, I actually feel this web site needs far more attention. I’ll probably be back again to read more,
    thanks for the information!

  13. Hey there, I think your blog might be having browser compatibility issues.
    When I look at your blog in Safari, it looks fine but
    when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up!
    Other then that, awesome blog!

  14. We’re a group of volunteers and starting a new scheme in our community.
    Your web site offered us with valuable info to work on. You’ve done an impressive job and our whole community will be thankful to you.

Comments are closed.