Config Lab: BIG VLAN & STP Lab 1

 In 200-301 V1 Ch10: RSTP and EtherChannel, 200-301 V1 Part 3: VLANs, STP, Config Lab CCNA Vol 1 Part 3
6

This lab is different. Instead of a focused lab about one main topic, this one covers several: VLANs, VLAN trunks, Spanning Tree, and EtherChannel. And most CCNA folks will take more than the usual 10-15 minutes to complete the lab from start to finish. So, instead of it being a “Config Lab”, maybe it’s a “BIG Config Lab”! Basically, it’s a lab about many of the topics found in my CCNA Volume 1 book, part 3. I designed it to be particularly useful for review after finishing Part 3 of the book. Enjoy!

Config-Lab-V2-w300
More about Config Labs

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Requirements

Configure the LAN switches so that the following works.

  1. Configure VLANs and access ports:
    1. Do not rely on VTP; disable VTP before adding any VLANs.
    2. Configure ports connected to PCs to always be access ports.
    3. Place the ports connected to A21 and B21 in VLAN 21.
    4. Place the ports connected to A31 and B31 in VLAN 31.
  2. Configure switch-to-switch trunking as follows:
    1. For each physical interface that connects to a neighboring switch, add a description that identifies the switch and interface ID on the neighboring switch. Example: “Dist2 G1/1/1 is the neighbor”. (Put the switch name and interface ID in the front, so the data is visible in commands that truncate it, like show interfaces status.)
    2. To make the lab more interesting, use as many combinations of VLAN trunking parameters that result in an operational trunk.
    3. Restrict VLAN traffic on the trunks to only those VLANs needed to support traffic for the PCs in the figure.
  3. EtherChannel (Optional) between Dist1 and Dist2:
    1. Packet Tracer (PT) supports EtherChannel, but configuring it, to the point where it works, requires patience, because PT gives incorrect and misleading error messages, and does not bring up the EtherChannel in cases where a real device would work.
    2. You can choose whether to shutdown one of the two links between Dist1 and Dist2, and just not use it, or to combine the two into an EtherChannel.
    3. If you configure the EtherChannel:
      1. Negotiate the channel using an IEEE standard protocol.
      2. Use port-channel #3.
      3. Once configured, your best option to get the EtherChannel working is to save you PT file (.pkt), exit PT, restart PT, and open the file again.
  4. Configure Spanning Tree as follows:
    1. Make all switches use Rapid PVST rather than PVST.
    2. Influence the Spanning Tree topology by making switch Dist1 the root switch in VLAN 21 and switch Dist2 the root switch in VLAN 31.
    3. Make the PC switch ports reach an STP forwarding state as quickly as possible after the PC powers on.
    4. Protect against users disconnecting the PCs in the figure, and replacing them with rogue LAN switches, using BPDU Guard. Use interface subcommands to enable this feature.

The lab has all relevant IP configuration settings pre-configured. Specifically, the one router includes a router-on-a-stick configuration so it will route between two subnets. The subnets, 10.1.21.0/24 and 10.1.31.0/24, include the four PCs. The PCs have configuration that places A21 and B21 into subnet 10.1.21.0/24, and A31 and B31 into subnet 10.1.31.0/24.

If you configure the requirements and the lab, save the lab, and re-open the configuration file, all four PCs should be able to ping each other.

Figure 1: Four Switches with Trunks

 

Initial Configuration

Examples 1, 2, 3, and 4 show the beginning configuration state of Dist1, Dist2, Access1, and Access2.

hostname Dist1
!
interface GigabitEthernet1/0/1
  description Trunk to R1
  switchport mode trunk

Example 1: Dist1 Config

 

hostname Dist2

Example 2: Dist2 Config

 

hostname Access1

Example 3: Access1 Config

 

hostname Access2

Example 4: Access2 Config

 

As a reminder, router R1 is pre-configured correctly to route between two subnets. You should not need to configure the router.

hostname R1
!
interface GigabitEthernet0/1
  no ip address
!
interface GigabitEthernet0/1.21
  encapsulation dot1Q 21
  ip address 10.1.21.254 255.255.255.0
!
interface GigabitEthernet0/1.31
  encapsulation dot1Q 31
  ip address 10.1.31.254 255.255.255.0

Example 5: R1 Config

Config Lab Intro Video

The above lab intro – the text, figures, and initial configuration – tells you all you need to know. But if you want a little more, with a little different slant on what to do in this lab, watch this lab intro video!

Answer Options - Click Tabs to Reveal

Option 1: Paper/Editor

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

Option 2: Cisco Packet Tracer

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Lab Configuration

Answers

 

 

Figure 1: Four Switches with Trunks

 

vtp mode transparent
!
vlan 21
vlan 31
!
spanning-tree mode rapid-pvst
spanning-tree vlan 21 root primary
spanning-tree vlan 31 root secondary
!
! Next interface connects to router R1
interface GigabitEthernet1/0/1
  description R1 G0/1 is the neighbor
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/1
  description Dist2 G1/1/2 is the neighbor
  channel-group 3 mode active
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/2
  description Dist2 G1/1/1 is the neighbor
  channel-group 3 mode active
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
! Note: Port-Channel3 created due to earlier channel-group commands
interface Port-Channel3
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/3
  description Access1 G1/1/1 is the neighbor
  switchport mode dynamic desirable
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/4
  description Access2 G1/1/1 is the neighbor
  switchport mode dynamic desirable
  switchport trunk allowed vlan 21,31

Example 5: Dist1 Config

 

vtp mode transparent
!
vlan 21
vlan 31
!
spanning-tree mode rapid-pvst
spanning-tree vlan 21 root secondary
spanning-tree vlan 31 root primary
!
interface GigabitEthernet1/1/1
  description Dist1 G1/1/2 is the neighbor
  channel-group 3 mode active
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/2
  description Dist1 G1/1/1 is the neighbor
  channel-group 3 mode active
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
! Note: Port-Channel3 created due to earlier channel-group commands
interface Port-Channel3
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/3
  description Access1 G1/1/2 is the neighbor
  switchport mode trunk
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/4
  description Access2 G1/1/2 is the neighbor
  switchport mode trunk
  switchport trunk allowed vlan 21,31

Example 6: Dist2 Config

 

vtp mode transparent
!
vlan 21
vlan 31
!
interface GigabitEthernet1/0/11
  switchport mode access
  switchport access vlan 21
  spanning-tree portfast
  spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
  switchport mode access
  switchport access vlan 31
  spanning-tree portfast
  spanning-tree bpduguard enable
!
interface GigabitEthernet1/1/1
  description Dist1 G1/1/3 is the neighbor
  switchport mode dynamic desirable
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/2
  description Dist2 G1/1/3 is the neighbor
  switchport mode dynamic desirable
  switchport trunk allowed vlan 21,31

Example 7: Access1 Config

 

vtp mode transparent
!
vlan 21
vlan 31
!
interface GigabitEthernet1/0/12
  switchport mode access
  switchport access vlan 21
  spanning-tree portfast
  spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
  switchport mode access
  switchport access vlan 31
  spanning-tree portfast
  spanning-tree bpduguard enable
!
interface GigabitEthernet1/1/1
  description Dist1 G1/1/4 is the neighbor
  switchport mode dynamic auto
  switchport trunk allowed vlan 21,31
!
interface GigabitEthernet1/1/2
  description Dist2 G1/1/4 is the neighbor
  switchport mode dynamic auto
  switchport trunk allowed vlan 21,31

Example 8: Access2 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Lab Commentary

Commentary

This is a BIG lab – it even has BIG in the title. So how do you sift through the configuration?

Here, in this commentary, I’ll break it down the commentary to match the four separate sections of the lab requirements at the top of the lab. If you prefer a deeper look, you can watch the lab review video, which does the same just in video form, with a little more detail about each step in the configuration process. The video also demonstrates getting the EtherChannel working (tricky in CPT), and demonstrates some of the verification steps.

On to the comments!

VLANs, Access Ports, and VTP

To avoid using VTP, you need to disable VTP on all the switches. That means either a vtp mode transparent or vtp mode off global config command. Turns out that CPT supports only the first of those, so that’s the one you would need to use.

With VTP disabled, you need to configure both the VLANs requested in lab (21 ans 31) on all four switches. You might have though you just needed them on the two access switches. However, for a switch to forward frames in a VLAN, the VLAN must be defined on the switch. So, on all four switches, you would need vlan 21 and vlan 31 commands.

The final tasks for this section of requirements happen on the access ports connected to the PCs. The job: make them act as access ports (switchport mode access), and assign the correct VLAN in each case (switchport access vlan 21, for example).

 

Switch-to-Switch Trunking

The first task in this section asked you to get familiar with the interfaces used in lab. The lab did not supply interface ID (IID) information, leaving that task to you. You can easily find the information using the CPT user interface. You can also collect the info using the show cdp neighbor command on the various devices. It also asked you to add description commands to the interfaces, describing the neighboring device’s name and IID. I asked for that in the lab just to give you an incentive to figure out all the IIDs.

Feel free to ignore the lab’s sample description commands, or to review all of them, depending on your interest level. Conveniently, if you did as suggested and placed the neighbor’s name and the IID as the first part of the description, you will see that information in the output of the show interfaces status command, under the “Name” heading, which makes it quite useful for easy reference.

For now, focusing on the uplinks (links between distribution and access switches), and ignoring the future EtherChannel between Dist1 and Dist2…

The lab asked you to use as many variations of combinations of the switchport mode command as possible which will also result in both switches operating as trunks. The lab does not dictate which trunks use which combination. There are five trunks to configure, and five working combinations. As long as you used all five combinations, I would consider it correct. They are:

  • trunk – trunk
  • trunk – dynamic desirable
  • trunk – dynamic auto
  • dynamic desirable – dynamic desirable
  • dynamic desirable – dynamic auto

The lab also asked you to allow traffic for only VLANs 21 and 31 to cross those trunks. CPT supports only one variation of the switchport trunk allowed vlan interface subcommand: The variation explicitly defining the entire list. In this case, you need switchport trunk allowed vlan 21,31.

 

Dist1 – Dist2 EtherChannel

Assuming you chose to implement the optional EtherChannel, first, let’s discuss how to configure it. You should always configure the physical interfaces with correct and matching settings BEFORE attempting to add the interfaces to an EtherChannel. Sure, you can deal with it if you forget, it’s just easier to get a consistent configuration beforehand. The switch checks several settings to ensure the local interfaces match before bundling those into the same EtherChannel, so it just makes sense to configure those consistently.

In this lab, so far, the only interface subcommands that would need to match are:

  • switchport mode (with whatever setting you chose)
  • switchport trunk allowed vlan 21,31

So, start with those on the two physical interfaces.

Then, on each physical interface, add the channel-group 3 mode active command. The first occurrence dynamically creates the port-channel interface and copies in the physical interface subcommands as well. Note that you can use different channel-group numbers on Dist1 and Dist2, but the lab suggested using #3.

Note that the active keyword implies using LACP, an IEEE standard. On one end, you must use “active” per the lab instructions. On the other, you could use either “active” or “passive”. (Active initiates the negotiation, passive participates if the other end initiates.)

That gets you through the configuration. However, CPT struggles to make an EtherChannel work after you configure it in config mode. So, you have to work around the problem by saving everything and restarting:

  1. Issue a copy running-config startup-config on all switches.
  2. In CPT, use file…save to save the .pkt file.
  3. Close the CPT app.
  4. Once fully closed, open CPT again.
  5. Open the .pkt file you just closed.
  6. Now verify whether your EtherChannel works.
  7. If you need to change the configuration, repeating this process may be more productive than hoping CPT will make the EtherChannel work without the extra effort.

 

Spanning Tree

The RSTP config focus on remembering the commands and the syntax, as none of the commands have tricky parameters or combinations of related commands. They are:

  1. To use RSTP on each switch, add the global config command spanning-tree mode rapid-pvst.
  2. To make Dist1 the root switch in VLAN 21, use global config command spanning-tree vlan 21 root primary on Dist1.
  3. To make Dist2 the root switch in VLAN 31, use global config command spanning-tree vlan 31 root primary on Dist2.
  4. The lab instructions asked for a subcommand, so to enable PortFast on those access ports connected to the PCs, use the spanning-tree portfast interface subcommand.
  5. The lab instructions asked for a subcommand, so to enable BPDU guard on those access ports connected to the PCs, use the spanning-tree bpduguard enable interface subcommand.

Known Packet Tracer Issues

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 Making many configuration changes may confuse Packet Tracer. If you see unexpected results during this lab, after configuring many config commands, the problem may be Packet Tracer, not your config. If so, exit Packet Tracer completely, saving your file. Then restart Packet Tracer, open the file, and test again.
2 EtherChannel configuration works best if you take a systematic approach. Physical interfaces need to have many parameters that match before that can be bundled in the same EtherChannel. Configure those settings before adding the channel-group interface subcomand to the physical interfaces. Also, consider shutting down the physical interfaces, then configuring all settings, and then when all physical interfaces are configured, issue a no shutdown, one interface at a time.
3 PT supports fewer switchport trunk allowed parameters Packet Tracer LAN switches do not support the related command, as seen in the answer section. Instead, if using PT, use the switchport trunk allowed vlan <list> command, where <list> is the list of VLANs to allow.
4 vlan 21,31 command not supported Packet Tracer does not support the use of the vlan 21,31 command or any variation with more than one VLAN listed in the command. Instead, use two separate vlan commands.
5 To change to another channel-group setting (auto, desirable, etc), first remove the existing command with no channel-group … command For example, if an interface has channel-group 20 mode auto command configured, issue a no channel-group 20 mode auto command to remove it before configuring another setting.
6 BPDU Guard verification requires the running-config The show spanning-tree interface gx/y/z detail command, on real gear, would reveal the presence of the requested PortFast and BPDU guard features. In PT, it does not show the line about BPDU guard. Instead, rely on show running-config.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software as real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without owning real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Verification Tips

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

First, test basic connectivity, to make sure the lab works.

  • A21 and B21 reside in VLAN 21, with A31 and B31 residing in VLAN 31. Pinging from A21 to B21, and from A31 to B31, tests connectivity within VLANs 21 and 31, respectively. Use CPT to discover the device IP addresses and ping the other devices!
  • For the PCs in different subnets to ping each other, they rely on the preconfigured router R1 to perform routing, using router-on-a-stick configuration that you may not have learned yet. That function requires configuration on both the router, as well as static trunking configuration on switch Dist1’s connected port, G1/0/1. It is ALL preconfigured. So, if the prior pings within the subnets work, pings between devices in different subnets should now also work. So try it! Ping between each of the four PCs.

Even if all the pings work, verify all the individual features work. You can work through all the lab requirements and think of related show commands. But here are a few suggestions:

  • VLANs 21 and 31 must exist on all four switches (show vlan brief)
  • All switch-to-switch links should be VLAN trunks (show interfaces trunk)
  • All trunk allowed VLAN lists should be limited to VLANs 21 and 31 (show interfaces trunk – look at the first of three lists of VLANs)
  • Check which switch is the root switch. On switch Dist1, look for the phrase “This bridge is the root” (show spanning-tree vlan 21), with similar output in Dist2 for VLAN 31.
  • Check the portfast and BPDU guard settings on the ports connected to the PCs (show spanning-tree interface gx/y/z detail)
  • As for the switch and interface connected at the other end of links, you can find that information from the PT user interface. You can also find it with the show cdp neighbor command, which lists the neighbor’s hostname on the left side of the output and the neighbor’s interface ID (Port ID) on the right side of the output.

Config Lab Review Video

Want to hear more about this lab’s solution? Check out the video to the left.

CML Free Edition: Migrating the Config Labs
BIG Subnet Design Exercise 1: Plan, Choose, and Configure IP Subnets and Addresses
Subscribe
Notify of
guest

6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Jeff

Hey Mr. Wendell! Thank you for this awesome lab, very helpful. I initially configured Etherchannel as ON and did have to save and reload the PT file as directed. After restart the port channel came up and I reconfigured as LACP without restarting again. I noticed the port channel automatically inherits switchport commands from its member interfaces without needing to explicitly configure any thing other than creating the interface.

1
Reply
Mizael

Greetings Mr Wendell!
Thanks a lot for this latest lab! It’s one thing to learn about each topic individually, however, labs like this really bring everything together, plus if something didn’t work as expected, it forces you to exercise those show commands to interpret and verify where the problem is. I really enjoyed this one, possibly my favorite practice lab so far! It’s very satisfying to see those PCs pinging each other at the end once all the config is correct!

0
Reply
Wendell Odom

You’re quite welcome, Mizael!!

0
Reply
Jeff McEntire

Hey Wendell, Wow! This lab really helped me to solidify my understanding and put the CLI commands into practice. Though the books are great, actually putting it all into practice helps me get it cemented in my head. Doing the labs are a must.

0
Reply
Wendell Odom

Thanks, Jeff! Glad you’re enjoying them so much.
Also, by the way, now that I approved a comment, your subsequent ones should appear without waiting for review. It’s a WordPress anti-spam feature. 🙂
Wendell

0
Reply
jmacmedia

Good evening Sir, thank you so much for all of the excellent labs. Your labs have helped me so much. Honestly, the labs are the secret sauce that gets the information to stick in my head.

0
Reply
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

6
0
Would love your thoughts, please comment.x
()
x