VLANs and Trunks Packet Tracer 6.1 Activity

VLANs and Trunks – Activity Overview

In this graded Packet Tracer 6.1 activity you will configure two Cisco Catalyst 2960 switches with VLANs and Trunks. The tasks include named VLANs, a trunk between two switches, and a management IP address on each switch using switched virtual interfaces or SVIs. You will also need to configure hostnames on the switches and each PC, with an IP address and subnet mask.

VLANS and Trunks Packet Tracer diagram and physical topology

Instructions

1. Set the PC’s IP addresses based on the host address label and VLAN color code in the topology diagram
2. Assign the switch hostnames based on their labels.
3. Configure the switch VLAN numbers and VLAN names according to the diagram.
4. Configure Interface VLAN88 (SVI) addresses on both switches according to the diagram.
5. Change the switchports as access ports and assign them to VLANs according to the diagram.
6. Configure G0/1 as a Trunk. Allow the listed VLANs only across the trunk and configure the Native VLAN as shown
7. Shutdown the G0/2 interface.

Download

For this graded activity you will need Packet Tracer version 6.1 or higher.

VLANS-Switchports-Trunks-SVIs.zip

IOS CLI Commands for Switch S1

Switch> enable
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# vlan 10
S1(config-vlan)# name students
S1(config-vlan)# vlan 20
S1(config-vlan)# name faculty
S1(config-vlan)# vlan 30
S1(config-vlan)# name administration
S1(config-vlan)# vlan 88
S1(config-vlan)# name management
S1(config-vlan)# vlan 99
S1(config-vlan)# name native
S1(config-vlan)# exit
S1(config)# int range f0/1 – 8
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# int range f0/9 – 16
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 20
S1(config-if)# int range f0/17 – 23
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# int f0/24
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 88
S1(config-if)# int vlan 88
S1(config-if)# ip address 192.168.88.254 255.255.255.0
S1(config-if)# int g0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk allowed vlan 10,20,30,88,99
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# int g0/2
S1(config-if)# shut

Switch & VLAN Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge Overview

A Packet Tracer graded activity. It covers basic Cisco CCNA switch configurations, VLANs, native VLAN, trunk ports, port-security, and setting up secure remote administration with SSH. Great practice for the the Cisco CCNA!

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: BasicConfig-VLAN-Trunk-PortSec-SSH-challenge.zip

Activity Instructions

Configure the Network according to the Topology Diagram and Labels.
When you are finished, the PCs on the Student VLAN should be able to ping each other and so should the PCs on the Faculty VLAN. The Admin PC should be able to SSH into S1 and S2 from the command prompt (Eg. PC>ssh -l admin 192.168.99.2)

PCs
1. IP address (see topology),
2. subnet mask (see topology),
3. default gateway address (first usable address in network)

Cisco 2960 Switches: S1 & S2
1. name: S1, S2
2. enable password, md5 encrypted: class
3. domain name: danscourses.com
4. message of the day banner: Unauthorized access is prohibited!
5. console password: cisco
6. vty 0 15 password: cisco
7. Security RSA Key size: 1024
8. SSH version 2
9. vty: ssh only
10. VLAN 10: student
11. VLAN 20: faculty
12. VLAN 99: Mgt
13. Interface VLAN 99: S1-IP address 192.168.99.2, S2-IP address 192.168.99.3
14. Native VLAN 99
15. fa0/1 Trunk
16. fa0/2-0/13 access VLAN 10
17. fa0/14-0/24 access VLAN 20
18. Gi1/1 access VLAN 99
19. Encrypt all passwords
20. Save running-config to startup-config

Cisco 2960 Switch: S1 Only
1. Gi1/1 Switchport Port-Security, sticky, maximum 1 mac address, violation shutdown

VLANs & Voice PT Lab

Video Tutorials

In the following videos, I build off of previous Packet Tracer video tutorials (see VLANs & Trunking PT Lab) and add a trunk to a router, DHCP services, and a voice VLAN for VOIP phones. The tutorials should be easy to follow along with, if you have a current version of Packet Tracer, 5.3.2 or higher.

In this part, I configure a trunk to a router, subinterfaces, 802.1Q encapsulation, and a Voice VLAN

In this part, I configure DHCP services on the router, telephony services, and VOIP phones

Inter VLAN Routing

Overview

The ability to create VLANs and establish multiple networks on a switch is useless if you cannot allow the separate VLANs to communicate with each other. For separate VLANs to communicate you need to have routing, you accomplish this by adding a router or a layer 3 switch to the network. The Cisco CCNA curriculum expects you to know how to configure inter-vlan routing using a router connected to a switch through a trunked link. Configuring Layer 3 switching is a CCNP topic and not expected in the CCNA.

To configure a router for inter-vlan routing the router’s ethernet port needs to be converted to a trunked link. As a trunk, multiple VLANs (networks) can travel across the one ethernet port. To do this the ethernet port needs to use sub-interfaces in order to become the gateway for multiple networks. The sub-interfaces also need to have the 802.1Q trunking protocol enabled and the VLAN ID or number specified in the configuration. When multiple VLANs (networks) can communicate with the router over one trunked link the configuration is called “Router on a Stick.”

In the video tutorials, below I cover the entire process of configuring VLANs, switchports and a trunk on a switch, and inter-vlan routing on a router, using Cisco’s Packet Tracer program to simulate a real network environment.

Video Tutorials

In part 1, I discuss the need for VLANs and Inter-VLAN routing in a network

If you want to follow along in Packet Tracer with the parts 2 & 3. Click here to download the start file: inter-vlan-routing-start.zip

In part 2, I lay out the “Router on a Stick” topology and begin configuring the switch for VLANs

In part 3, I configure sub-interfaces, 802.1Q encapsulation with VLAN IDs, and the native VLAN on the router

Video Tutorials

In this video, I setup inter-VLAN routing by configuring the switch VLANs, switchports, and trunk, then I configure the router the subinterfaces on the router with IP addresses and the 802.1Q protocol.

In this video, I configure the router for inter-vlan routing

VLANs and Trunks

VLANs Overview

VLANs – A switches is used to set up a local area network (LAN). A VLAN stands for a virtual local area network. By default, all of the ports on a Cisco switch are part of the same default VLAN (VLAN1) and therefore the same network. A VLAN is a network and a network is a broadcast domain. If you configure various switch ports for separate VLANs, then the devices on those ports will belong to separate VLANs and therefore, will be segmented into separate broadcast domains and networks. This is effectively like dividing a switch into multiple switches. This is cost effective, because instead of having multiple switches, each for a different network, you can have one switch configured for multiple VLANs and you can assign the ports on that switch to belong to whatever VLAN you need the host to belong to.

VLAN Types

Data VLAN – A data VLAN carries only user data not management data, control data or voice data.

Default VLAN – On a Cisco switch the default VLAN is VLAN1. This means that by default, when a Cisco switch boots up for the first time all the ports are automatically assigned to the default VLAN, VLAN1. You cannot delete or rename VLAN1 but you can assign the ports on the switch to a different VLAN. It is considered best practice to make all of the user ports on the switch belong to a different default VLAN, one other than VLAN1. In this way, control data such as CDP and STP (spanning tree protocol) which are by default carried on VLAN1 would be on a separate VLAN from user data.

Native VLAN – The native VLAN, if not explicitly configured, will default to the default VLAN, (VLAN1). The Native VLAN is configured for an 802.1Q Trunk port. 802.1Q trunks carry traffic from multiple VLANs by tagging the traffic with VLAN identifiers (Tagged Traffic) which identifies which packets are associated with which VLANs, and they can also carry non VLAN traffic from legacy switches or non 802.1Q compliant switches (Untagged Traffic). The switch will place untagged traffic on the Native VLAN by using a PVID identifier. Native VLAN traffic is not tagged by the switch. It is a best practice to configure the Native VLAN to be different than VLAN1 and to configure it on both ends of the trunk.

Management VLAN – The management VLAN is any VLAN you configure to allow a host to connect to the switch and remotely manage it. The management VLAN will need to be configured with an IP address and subnet mask to allow a manager to connect to the switch by either a web interface (HTTP), Telnet, SSH, or SNMP.

VLAN ID Ranges

Normal Range

  • 1 to 1005
  • VLAN1 (default), created by default, cannot be deleted
  • VLAN1002-1005 (Token Ring and FDDI default), created by default and cannot be deleted
  • Stored in the VLAN.dat file in Flash memory

Extended Range

  • 1006 – 4094
  • Extended VLAN range used by ISPs
  • Stored in Running-Config

Trunks – If you have a switch that has ports variously configured on four different VLANs, then that switch has four different networks on it. When you connect that switch to a router or to another switch you will need four ethernet connections or links, one for each VLAN/network. A more cost effective way to connect a switch with multiple VLANs to a router or switch would be to configure a Trunk. A Trunk is a special kind of port configuration which allows multiple VLANs to travel over one link. This way multiple networks can travel over one trunk instead of wasting valuable ports to connect from switch to switch or switch to router. A Cisco trunk by default uses the 802.1Q protocol. The 802.1Q protocol places and strips VLAN tags on packets to identify which VLAN they belong to.

CLI Commands

switch#show vlan
switch#show interfaces trunk

switch(config)#vlan <vlan number>
switch(config-vlan)#name <vlan name>

switch(config)#interface fa0/x
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan <1-4096>

switch(config-if)#switchport mode trunk
switch(config-if)#switchport trunk allowed vlan <1-1005>
switch(config-if)#switchport trunk native vlan <1-1005>

Configuring VLANs and Trunks Video Tutorials

In the video tutorials below I demonstrate how to configure VLANs and Trunks on a Cisco switch using Packet Tracer.