This is how your LAB will need to be configured. You can download this lab via Packet tracer here: Cisco Packet Tracer VLAN Lab.
There are a couple of definitions I think you should know:
Default Switch Behavior
The default behavior of a switch is to forward a broadcast out of every single port except the port on the switch that it came in on. Ie. The switch only has one broadcast domain by default… VLAN1
VLAN’s
VLAN’s allow you to breakup the switch into separate virtual local area networks. VLAN’s can help us save resources by:
- Limiting broadcasts… particularly the broadcasts to hosts that DO NOT need them. You do this by increasing the number of broadcast domains.
- Prevent broadcast storms that render a switch virtually useless
- Help you logically segment the LAN to increase security. ie. Separating departments on a LAN so “accounting users” will not talk with “building maintenance users”.
VLAN Commands
To Show the vlan’s on a given switch you want to use the command:
- show vlan brief
You will see that that default VLAN has already been created (VLAN1). There is also the special 1002-1005 VLAN’s created as well. You can create any VLAN in between 2-1001.
One thing that you might throw you for a loop the first time you see it is when you run the “show vlan” command and there are ports missing. This normally means that someone has setup a thing called trunking on the switch already. More on this later in the post.
First you should make sure all hosts can ping each other on the network.
To put a particular port into a VLAN you need to run several commands on the switch. Here are the commands to get all 4 ports configured as per our graphic.
First get into config mode and select the port:
- conf t
- int fast 0/1
Run the commands to put the port into “Access Mode” and tell the port what VLAN to it should be apart of. If there is no VLAN already created this command will actually automatically create that VLAN for you.
- switchport mode access
- switchport access vlan 2
You will need to do this for the rest of the ports as shown in the network layout graphic. An easy way to do this is by using the “up arrow” to repeat commands and change the characters that are different.
- int fast 0/2
- switchport mode access
- switchport access vlan 3
- int fast 0/3
- switchport mode access
- switchport access vlan 2
- int fast 0/4
- switchport mode access
- switchport access vlan 3
Run “show vlan brief” now to verify that commands were successful. You should now try and ping the different hosts. If you’ve set things up correctly “.1 and .3” should be able to ping each other. “.2 and .4” should be able to ping each other. No other pings should go through.
You might be wondering how we can get traffic to talk to each other on VLAN2 and VLAN3. To do this we need to work with a layer 3 switch. To do this we will need to use a technique called “router on a stick” or use a layer 3 switch instead of a Layer 2 switch. What makes a Layer 3 switch a Layer 3 switch is their ability to run routing protocols (ie. eigrp or ospf).
Supposedly the CCNA will not ask questions on the L3 switches so it’s important that you learn about “router on a stick”. I will eventually create a tutorial on “Router on a stick”.
Your switch will keep a separate switching table for each VLAN. To see this type the command:
- show mac-address-table dynamic vlan 2
So what happens if you have multiple switches. How do we deal with multiple VLANs? We deal with this with a technology called “Trunking”. Please see the next article on “How to setup Truking on a Cisco Switch”.
Leave a Reply