3.3.12 Packet Tracer – VLAN Configuration | VLAN Setup & Troubleshooting

Virtual Local Area Networks (VLANs) are essential in networking for segmenting traffic, improving security, and reducing broadcast domains. In this Packet Tracer activity (3.3.12), we will configure VLANs on Cisco switches, assign VLANs to specific ports, and verify connectivity between devices. Understanding VLANs is crucial for network efficiency and is a fundamental topic in CCNA studies.

Addressing Table:

Device	Interface	IP Address	Subnet Mask	VLAN
PC1	NIC	172.17.10.21	255.255.255.0	10
PC2	NIC	172.17.10.22	255.255.255.0	20
PC3	NIC	172.17.10.23	255.255.255.0	30
PC4	NIC	172.17.10.24	255.255.255.0	10
PC5	NIC	172.17.10.25	255.255.255.0	20
PC6	NIC	172.17.10.26	255.255.255.0	30

Background

VLANs are helpful in the administration of logical groups, allowing members of a group to be easily moved, changed, or added. This activity focuses on creating and naming VLANs, and assigning access ports to specific VLANs.

Part 1: View the Default VLAN Configuration

Step 1: Display the current VLANs.

On S1, issue the command that displays all VLANs configured. By default, all interfaces are assigned to VLAN 1.

Solutions: To show all the configured VLANs, we need to use the "show vlan" command.

Step 2: Verify connectivity between PCs on the same network.

1. We can notice that each PC can ping the other PC that shares the same subnet.

PC1 can ping PC4
PC2 can ping PC5
PC3 can ping PC6

2. When pings to hosts on other networks fail (when cross-vlan).

PC1 (vlan 10) failed ping PC5 (vlan 20)
PC2 (vlan 20) failed ping PC6 (vlan 30)
PC3 (vlan 30) failed ping PC4 (vlan 10)

Question:

1. What benefits can VLANs provide to the network?

Answer: VLANs are used to isolate the network traffic, preventing unauthorized access to sensitive data and network resources.

Part 2: Configure VLANs

Step 1: Create and name VLANs on S1.

a. Create the following VLANs. Names are case-sensitive and must match the requirement exactly:

- VLAN 10: Faculty/Staff

S1#(config)# vlan 10
S1#(config-vlan)# name Faculty/Staff

b. Create the remaining VLANS.

- VLAN 20: Students

- VLAN 30: Guest(Default)

- VLAN 99: Management&Native

- VLAN 150: VOICE

Solutions:

S1(config-vlan)#vlan 20
S1(config-vlan)#name Students
S1(config-vlan)#vlan 30
S1(config-vlan)#name Guest(Default)
S1(config-vlan)#vlan 99
S1(config-vlan)#name Management&Native
S1(config-vlan)#vlan 150
S1(config-vlan)#name VOICE

Step 2: Verify the VLAN configuration.

Which command will only display the VLAN name, status, and associated ports on a switch?

Solutions:

S1#show vlan

Step 3: Create the VLANs on S2 and S3.

Use the same commands from Step 1 to create and name the same VLANs on S2 and S3.

Solutions:

1. Configuration on Switch 2 (S2):

S2(config)#vlan 10
S2(config-vlan)#name Faculty/Staff
S2(config-vlan)#vlan 20
S2(config-vlan)#name Students
S2(config-vlan)#vlan 30
S2(config-vlan)#name Guest(Default)
S2(config-vlan)#vlan 99
S2(config-vlan)#name Management&Native
S2(config-vlan)#vlan 150
S2(config-vlan)#name VOICE

2. Configuration on Switch 3 (S3):

S3(config)#vlan 10
S3(config-vlan)#name Faculty/Staff
S3(config-vlan)#vlan 20
S3(config-vlan)#name Students
S3(config-vlan)#vlan 30
S3(config-vlan)#name Guest(Default)
S3(config-vlan)#vlan 99
S3(config-vlan)#name Management&Native
S3(config-vlan)#vlan 150
S3(config-vlan)#name VOICE

Step 4: Verify the VLAN configuration.

Answer: Use the command "show vlan" on Switch 2 & Switch 3.

Part 3: Assign VLANs to Ports

Step 1: Assign VLANs to the active ports on S2.

a. Configure the interfaces as access ports and assign the VLANs as follows:

- VLAN 10: FastEthernet 0/11

Solutions:

S2(config)# interface f0/11
S2(config-if)# switchport mode access
S2(config-if)# switchport access vlan 10

b. Assign the remaining ports to the appropriate VLAN.

Solutions:

1. VLAN 20: FastEthernet 0/18

S2(config)#interface f0/18
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 20

2. VLAN 30: FastEthernet 0/6

S2(config)#interface f0/6
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 30

Step 2: Assign VLANs to the active ports on S3.

S3 uses the same VLAN access port assignments as S2. Configure the interfaces as access ports and assign the VLANs as follows:

Solutions:

1. VLAN 10: FastEthernet 0/11

S3(config)# interface f0/11
S3(config-if)# switchport mode access
S3(config-if)# switchport access vlan 10

2. VLAN 20: FastEthernet 0/18

S3(config)#interface f0/18
S3(config-if)#switchport mode access
S3(config-if)#switchport access vlan 20

3. VLAN 30: FastEthernet 0/6

S3(config)#interface f0/6
S3(config-if)#switchport mode access
S3(config-if)#switchport access vlan 30

Step 3: Assign the VOICE VLAN to FastEthernet 0/11 on S3.

As shown in the topology, the S3 FastEthernet 0/11 interface connects to a Cisco IP Phone and PC4. The IP phone contains an integrated three-port 10/100 switch. One port on the phone is labeled Switch and connects to F0/4. Another port on the phone is labeled PC and connects to PC4. The IP phone also has an internal port that connects to the IP phone functions.

The S3 F0/11 interface must be configured to support user traffic to PC4 using VLAN 10 and voice traffic to the IP phone using VLAN 150. The interface must also enable QoS and trust the Class of Service (CoS) values assigned by the IP phone. IP voice traffic requires a minimum amount of throughput to support acceptable voice communication quality. This command helps the switchport to provide this minimum amount of throughput.

Solutions:

S3(config)# interface f0/11
S3(config-if)# mls qos trust cos
S3(config-if)# switchport voice vlan 150

Step 4: Verify loss of connectivity.

Previously, PCs that shared the same network could ping each other successfully.

Study the output of from the following command on S2 and answer the following questions based on your knowledge of communication between VLANS. Pay close attention to the Gig0/1 port assignment.

Solutions:

S2# show vlan brief

2. Try pinging between PC1 and PC4.

Result:

Questions:

1. Although the access ports are assigned to the appropriate VLANs, were the pings successful? Explain.

Answer: We failed to ping between PC1 and PC4 because VLANs create separate broadcast domains, preventing devices in different VLANs from communicating directly unless additional network configurations are in place.

2. What could be done to resolve this issue?

Answer: We need to configure the switch-to-switch link as a trunk port (by using switchport mode trunk on Cisco devices). To ensure VLAN 10 is allowed on the trunk (e.g., switchport trunk allowed vlan 10). If cross-VLAN communication is needed, configure Inter-VLAN Routing using a router or Layer 3 switch. Without these configurations, PC1 and PC4 remain isolated within VLAN 10, and their packets do not traverse VLAN 1, leading to failed pings.

By following this Packet Tracer VLAN configuration guide, you have learned how to segment a network using VLANs, assign VLANs to switch ports, and enable trunking for inter-switch communication. Mastering these concepts is essential for effective network design and troubleshooting.