Config Lab: Basic VLANs

 In 200-301 V1 Ch08: Virtual LANs, 200-301 V1 Part 3: VLANs, STP, 200-301 V1 Parts, Config Lab, Config Lab CCNA Vol 1 Part 3, Hands-on

Configuring VLANs on access switches may be the most common repetitive configuration task in many networks. So what do you configure when adding new access devices to new VLANs? This lab gives you a chance to remember and exercise those commands.

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Requirements

In this lab, configure four interfaces to be in the two VLANs as shown in the figure. Make sure that the interfaces operate as access interfaces. The specific rules for this lab are:

  • Each interface should be configured in access mode in the correct VLAN.
  • Explicitly configure the VLANs instead of letting IOS create them automatically.
  • All the interfaces shown in Figure 1 are already working (that is, in an up/up state) at the beginning of the lab.

Figure 1: Small Network with Two VLANs

 

Initial Configuration

Example 1 shows the beginning configuration state of SW1.

interface GigabitEthernet1/0/1
 no shutdown
!
interface GigabitEthernet1/0/2
 no shutdown
!
interface GigabitEthernet1/0/3
 no shutdown
!
interface GigabitEthernet1/0/4
 no shutdown

Example 1: SW1 Config

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Network Device Info:

 

Device Lab Port  CML Port
SW1 G1/0/1 G0/1
SW1 G1/0/2 G0/2
SW1 G1/0/3 G1/1
SW1 G1/0/4 G1/2

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Answers


Figure 1: Small Network with Two VLANs

 

vlan 10
vlan 20
!
interface GigabitEthernet1/0/1
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet1/0/2
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet1/0/3
 switchport mode access
 switchport access vlan 20
!
interface GigabitEthernet1/0/4
 switchport mode access
 switchport access vlan 20

Example 2: SW1 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Commentary

Almost all switches (Cisco and other vendors) place interfaces into Virtual Local Area Network (VLAN) 1 by default. Using a default with all ports in one known VLAN helps you quickly place a new switch into a network, but that convention can also be a security risk. Any individual with physical access to one of these switches can connect to a switch port and gain access to the network. Many enterprises use a best practice to place all unused interfaces into an unused VLAN to prevent easy unauthorized access. Any user who connects to a formerly unused port connects to a VLAN that has been configured so that no traffic can enter or leave the VLAN.

For each interface, this lab asked you to perform two configuration tasks on each interface: to configure each interface to be in access mode and for each interface to be placed into their respective VLANs. Specifically, that PC1 and PC2 be placed into VLAN 10, and PC3 and PC4 be placed into VLAN 20.

Additionally, the lab’s wording asked you to explicitly create the VLANs – that is, to first configure the VLANs with the vlan 10 and vlan 20 commands. As it turns out, you could have omitted these two commands, and IOS would have automatically created them when you added the first switchport access vlan command for each VLAN.

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 None No known issues related to this lab.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. Test with IP pings once you complete the PC configurations as follows:
    1. Create configuration on PC1 and PC2 to place them in the same subnet.
    2. Ping PC2’s address from PC1, and vice versa. If the ping works, the ports must be in the same VLAN in this case.
    3. Likewise, configure PC3 and PC4 with IP addresses in a second subnet.
    4. Ping PC4’s address from PC3, and vice versa. If the ping works, the ports must be in the same VLAN in this case.
  2. Note that because this lab uses no routers or layer 3 switches or routers, the PCs in the same VLAN should be able to ping each other, but they should not be able to ping PCs in other VLANs.

More Labs with Related Content!

Config Lab: Trunking Puzzle 1
Config Lab: Trunking for Only Some VLANs
Subscribe
Notify of
guest

7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Vicente Torres

Hi, after doing this lab, I noticed that in packet tracer, an additional line was added after the access vlan and mode acccess config lines. A “switchport nonnegotiate”. So, each of the 4 interfaces showed this config (vlan 20 for the corresponding interfaces):

switchport access vlan 10
switchport mode access
switchport nonegotiate

Is this normal? or is it because of the simulator?

Byron Gardner

Hi I have seen the same issue on Packet Tracer Version 8.1.0.0722
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport nonegotiate

Junkee Shin

I also have the same issue on Packet Tracer Version 8.2.0
switchport access vlan 10
switchport mode access
switchport nonegotiate

Josh

Hi, I ran show int status after following the above configuration steps but only VLAN 1 was configured to each interface. Do you know why?

Also, can I ask what command can remove a VLAN from an interface if I accidentally add the wrong VLAN to an interface?

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

7
0
Would love your thoughts, please comment.x
()
x