Free CCNA | VLANs (Part 2) | Day 17 Lab | CCNA 200-301 Complete Course

Welcome to Jeremy’s IT Lab. This is a free, complete course for the CCNA. If you like these videos, please subscribe to follow along with the series.

Also, please like and leave a comment, and share the video to help spread this free series of videos. Thanks for your help. Also, remember to download this practice lab from the link in the description and try it out yourself in packet tracer.

If you want more labs like these, I highly recommend picking up Boson’s NetSim for the CCNA, click the link in the video description to check it out. It’s a network simulator like packet tracer, but it’s even more powerful, less limited, than packet tracer, and it includes plenty of pre-made labs with detailed instructions to help you practice and learn. I have collapsed all of the other sections here, network fundametnals, IP connectivity, IP services, and security fundamentals, but the labs that are relevant to what we’re studying now are here, in the network access section.

Configuring VLANs, VLANs, deleting VLANs, these two are about VTP, which will be covered in day 18’s lecture video, VLAN configuration, trunking. Stick around to the end of the video for a preview of a lab that is relevant to what we’re studying today. And once again, click the link in the description to purchase a copy of NetSim for CCNA.

I used NetSim for my CCNP, and NetSim alone was more than enough labbing pratice for me to pass all of my exams on the first try. Let’s go back to packet tracer. In this lab, we will configure VLANs, specifically VLAN trunking, as we covered in day 17’s lecture video.

This is the same network topology used in Day 17’s lecture video, only the IP addresses have been changed slightly. So, let’s get started with step 1. Step 1 says to configure the switch interfaces connected to PCs as access ports in the correct VLAN.

I’ll go on SW1 first. Enter privileged exec mode with ENABLE, then global config mode with CONFIGURE TERMINAL. So, there are two PC’s in VLAN10, let’s configure those first.

INTERFACE RANGE F0/1 to 2. SWITCHPORT MODE ACCESS. SWITCHPORT ACCESS VLAN 10.

And the switch creates VLAN10 for us. Okay, that’s all for these hosts. Next up, VLAN30.

INTERFACE RANGE F0/3 to 4. SWITCHPORT MODE ACCESS. SWITCHPORT ACCESS VLAN 30.

Once again, the switch creates the VLAN for us. Okay, that’s all for SW1 for now. Next let’s go on to SW2.

Enter privileged exec mode with ENABLE. Then global config mode with CONF T (CONFIGURE TERMINAL). I’ll configure VLAN20 first.

INTERFACE F0/1. SWITCHPORT MODE ACCESS. SWITCHPORT ACCESS VLAN 20.

Next, VLAN10. INTERFACE RANGE F0/2 to 3. SWITCHPORT MODE ACCESS.

SWITCHPORT ACCESS VLAN 10. Okay, step 1 is complete. Step 2 is to configure the connection between SW1 and SW2 as a trunk, and allow only the necessary VLANs.

We should configure an unused VLAN as the native VLAN, and also make sure all necessary VLANs exist on each switch. I’ll return to SW1 now. Okay, let’s configure the interface.

INTERFACE G0/1. If you remember from the lecture video, in some switches we have to use the SWITCHPORT TRUNK ENCAPSULATION DOT1Q command before configuring the interface as a trunk. Let’s see if we have to do that here.

SWITCHPORT TRUNK, then use the question mark. As you can see, there is no option for ENCAPSULATION. This isn’t a case of packet tracer not supporting the command, but rather it’s because this switch itself only supports DOT1Q encapsulation.

As I mentioned in the lecture video, modern switches often don’t support Cisco's ISL, since the industry standard DOT1Q is used almost exclusively. So, we can go straight to the next command. SWITCHPORT MODE TRUNK.

Now, let’s allow VLANs 10 and 30. SWITCHPORT TRUNK ALLOWED VLAN 10,30. Why don’t I need to allow VLAN20 on this trunk?

I already explained this in the lecture video, but it’s because no hosts in VLAN20 are connected to this switch. If PC5, in VLAN20, wants to reach any hosts here, its traffic will be sent to the router first, which will send it back to SW2 in VLAN10 or VLAN30, which will then send it over to SW1. Watch the lecture video again if you want a more detailed explanation.

Okay, finally let’s set the native VLAN to an unused VLAN. SWITCHPORT TRUNK NATIVE VLAN 1001. You can use anything here, just use an unused VLAN.

Now, do all of the necessary VLANs exist on this switch? Let’s check. DO SHOW VLAN BRIEF.

We have VLANs 10 and 30, looks good. We don’t need to create any more VLANs. Okay, now let’s go to SW2.

Interface G0/1. The configurations will be the same as on SW1. SWITCHPORT MODE TRUNK.

SWITCHPORT TRUNK ALLOWED VLAN 10,30. Again, VLAN20 doesn’t need to be allowed, there are no VLAN20 hosts connected to SW1, so SW2 doesn’t need to send VLAN20 traffic along this trunk. Okay, next set the native VLAN.

SWITCHPORT TRUNK NATIVE VLAN 1001. Okay, that’s all for the configuration of the trunk. Now, do all necessary VLANs exist on the switch?

DO SHOW VLAN BRIEF. We have VLANs 10 and 20. Let’s do another show command.

DO SHOW INTERFACES TRUNK. So, VLANs 10 and 30 are allowed on the trunk, which is good, however look under here. Vlans allowed and active in management domain displays only VLAN10.

That’s a problem, it means SW2 won’t actually receive VLAN30 traffic on this trunk. That’s because VLAN30 doesn’t exist yet on the switch. VLANs 10 and 20 were automatically created when we configured access ports in those VLANs, but VLAN 30 wasn’t created.

So, let’s make it. VLAN 30. exit.

DO SHOW INTERFACES TRUNK. Okay, now you can see that it appears here. That’s all for step 2.

Step 3 is to configure the connection between SW2 and R1 using router on a stick. Let’s quickly do the configuration here on SW2 first, it will be mostly the same as the G0/1 trunk, except we must allow all three VLANs. INTERFACE G0/2.

SWITCHPORT MODE TRUNK. SWITCHPORT TRUNK ALLOWED VLAN 10,20,30. SWITCHPORT TRUNK NATIVE VLAN 1001.

That’s all for the switch. Now let’s go on to R1. Enter privileged exec mode with ENABLE, then CONF T to enter global config mode.

First, let’s enable the physical interface. INTERFACE G0/0. NO SHUTDOWN.

As I have said many times before, Cisco router interfaces are disabled by default. Now let’s configure the VLAN10 subinterface. INTERFACE G0/0 DOT 10.

This subinterface number DOESNT have to match the VLAN number, but you really should make them match. Okay, let’s set the VLAN number itself. ENCAPSULATION DOT1Q 10.

Finally, the IP address, which should be the last usable address of the subnet, according to the instructions. IP ADDRESS 10. 0.

0. 62 255. 255.

255. 192. Okay, that’s it.

I get the question sometimes, why does the router address have to be the last usable address? Well, it doesn’t have to be, but you should have a system you use. Either the first usable address or the last usable address as the gateway address for the subnet, so there is consistency across the network.

Don’t just use a random address for the router, or it will be difficult to understand things in a large network. Okay, now let’s configure VLAN20’s subinterface. INTERFACE G0/0.

20. ENCAPSULATION DOT1Q 20. Once again, set the last usable address as the router’s address.

IP ADDRESS 10. 0. 0.

126 255. 255. 255.

192. Okay, finally is VLAN30's subinterface. INTERFACE G0/0.

30. ENCAPSULATION DOT1Q 30. IP ADDRESS 10.

0. 0. 190 255.

255. 255. 192, which is the last usable address of the VLAN30 subnet.

So, that’s all of the configurations for this lab. Next up is to test connectivity. If everything is configured correctly, each PC should be able to ping any other PC.

I’ll do some pings from PC7 to test. Let’s ping another PC in VLAN10, PC1. PING 10.

0. 0. 1.

Okay, no problems here. Let’s watch the ping in simulation mode. Okay, send that ping again.

PING 10. 0. 0.

1. As you can see, because PC1 is in the same VLAN, the same subnet, PC7 sends the frame directly to PC1, no need for inter-VLAN routing. Now let’s go back to realtime mode and try to ping PC5, in VLAN 20.

PING 10. 0. 0.

65. Okay, the ping works. Let’s take a look in simulation mode.

PING 10. 0. 0.

65. Notice that the ping has to travel to R1 first, before being sent back to SW2 and then to PC5, and the reply follows the same path. Okay, back to realtime mode, and finally we will ping PC3, in VLAN20.

PING 10. 0. 0.

129. Okay, the ping works, and once again let’s take a look at it in simulation mode. PING 10.

0. 0. 129.

Once again, the ping must go to R1 first to be routed, then goes to SW2 and SW1 before reaching PC3, and then it follows the same path back. Okay, that’s all for this lab. Okay, let's move on to the Boson NetSim preview.

I've selected one lab here, Inter-VLAN Routing 1. Click on the lab, and you get a little preview. And then click on 'load lab'.

And here is the lab. There's the objective here. The lab topology.

This is very much like the lab we just did. One router, two switches, and some PCs connected to each switch. There is a command summary which shows you all of the commands you need to know to complete the lab.

And these are all commands you already know. ENCAPSULATION DOT1Q, to set the VLAN on a router subinterface. Some SHOW commands.

SHOW MAC-ADDRESS-TABLE. SHOW RUNNING-CONFIG. SHOW VLAN BRIEF.

And SWITCHPORT commands, ACCESS VLAN, SWITCHPORT MODE. SWITCHPORT TRUNK ENCAPSULATION. And then next, the IP addresses on each device.

So, let's go to the lab tasks. There are three main tasks for this lab. Task 1, configure the switch and PC hosts.

Task 2, configure subinterfaces. And task 3, complete and verify connectivity. And each of these tasks has multiple sub-tasks, multiple steps.

So, for this preview let's just do task 1. This involves configuring basic network connectivity on Switch1, PC1 and PC2. So, in this lab PC1 and PC2 are connected to the same switch, but the users belong to different departments within the company.

So, your task is to assign the two PC hosts to separate VLANs within the network. Okay, so step 1, verify the current IP configurations on PC1 and PC2. Verify that they match the IP configurations listed in the IP addresses table.

So, this is the table. With PC1 and PC2's IP information. So, to check the configuration on each PC, you first have to go into the CLI.

You see, by default we are in Router1's CLI. To access the CLI of separate devices, here under 'devices' click on PC1. Click on console.

And let's open PC2, console. And also we will be using Switch1, so click on console here. Okay.

First let's go to PC1. To check the IP configuration on a PC, use this command. IPCONFIG /ALL.

So, here is the IP address. 192. 168.

100. 2. That is correct.

The subnet mask is correct, this is a /25 prefix length. And the default gateway is . 1, which is correct.

And that happens to be the IP address of R1's F0/0. 10 subinterface. So PC1's okay.

Let's check PC2. IPCONFIG /ALL. 192.

168. 100. 130 is correct.

Same, /25 subnet mask. The default gateway is . 129, which is correct, and this is the IP address on Router1's .

12 subinterface. Okay, so that's step 1. Step 2, configure Switch1 with the appropriate hostname.

Let's go to the CLI of Switch1. You can see it has the default hostname of 'Switch', so let's change that. ENABLE.

CONF T. HOSTNAME Switch1. There we go, the hostname has changed to Switch1.

Okay, each PC is a member of a different department and belongs in a different VLAN. PC1 belongs to VLAN10 and PC2 belongs to VLAN12. Do VLANs 10 and 20 exist on SW1?

So, you can check that with a command you already know, DO SHOW VLAN BRIEF. You can see all ports are in, sorry about that, in VLAN1 by default. And VLANs 10 and 12 do not exist.

So, we can go on to step 4, which says if the VLANs do not already exist, create VLAN10 and VLAN12. Let's do that. VLAN 10.

And then, without exiting from here, we can go straight to VLAN 12. EXIT. And then, hit the up arrow.

There we go, DO SHOW VLAN BRIEF. And you can see both VLANs were created, VLAN10 and VLAN12. Okay next up, step 5.

There is no documentation present about your network, so you must learn which ports PC1 and PC2 are connected to on Switch 1 before adding each PC to the appropriate VLAN. How would you go about discovering which port each PC is connected to? So, this might be a little bit of a challenge.

I'm gonna exit out of here. And then I'll go back to the PCs, PC1. So, what you have to look for here is the 'Physical Address'.

Physical address, what is that? Well, it's the MAC address of this PC. So, take note of these last four digits, 3538.

And now on Switch1, let's check the MAC address table. SHOW MAC-ADDRESS-TABLE. Now, notice here it's MAC hyphen ADDRESS hyphen TABLE.

On some newer devices you'll probably find it as SHOW MAC space ADDRESS hyphen TABLE, like this. Now, let's see if this switch supports the command. And, it does not.

So, 'invalid input'. So, on this switch we will use the SHOW MAC hyphen ADDRESS hyphen TABLE command. I think I mentioned that in one of my previous videos, that you might find it with or without a hyphen.

So, we were looking for 3538, and you can see the switch has learned it on port FastEthernet0/3. So, PC1 is connected to FastEthernet0/3. How about PC2?

Here is the physical address. Take note of the last four digits again, 6059. 6059, that is FastEthernet0/4.

And, just to check let's look at the diagram up here. Okay, so PC1 FastEthernet0/3, PC2 FastEthernet0/4, so we were correct. Okay, so add the PCs to the correct VLANs.

So, CONF T. PC1 is connected to FastEthernet0/3, so INTERFACE F0/3. SWITCHPORT MODE ACCESS.

SWITCHPORT ACCESS VLAN 10. Okay, now FastEthernet0/4. SWITCHPORT MODE ACCESS.

SWITCHPORT ACCESS VLAN 12. Okay, step 7, on Switch1 verify your configuration. I'll just get out of here.

Back to privileged exec mode. And do SHOW VLAN BRIEF. Okay, in VLAN10 we have FastEthernet0/3, which is connected to PC1, and in VLAN12 we have FastEthernet0/4, which is connected to PC2.

So, our configurations are correct. Okay, next, issue a ping from PC1 to PC2. Why does the ping fail?

So, we're expecting this to fail but let's do the ping anyway. PING 192. 168.

100. 130. So, these pings are gonna fail.

I'll just wait for a few to go through. Okay, so why are these pings failing? So, these two PCs are in separate VLANs, so they need something to do inter-VLAN routing for them.

And that would be Router1. But we haven't configured any inter-VLAN routing yet. So, for example on Switch1, let's see if we even have a trunk interface configured here on FastEthernet0/1.

SHOW INTERFACES TRUNK. No, we do not. You can see FastEthernet 2 is a trunk, connected to Switch2.

But FastEthernet0/1 is not a trunk. How about on R1, do we have any subinterfaces configured? SHOW IP INTERFACE BRIEF.

No, no subinterfaces configured. So, router-on-a-stick, our inter-VLAN routing, is not configured and that is why the pings failed. Okay, so there are two more tasks, configuring subinterfaces, complete and verify connectivity.

I'll let you guys do those on your own. And if you ever have any trouble, or want to check your solution, down here are complete lab solutions. So, for task 1 you can see the IPCONFIG /ALL command we used, configuring the hostname, this is SHOW VLAN, I used SHOW VLAN BRIEF, but SHOW VLAN is okay also.

Configuring the VLANs, and everything we just did, looking at the physical address, the MAC address. Okay, so once you're done the lab, click here, 'grade lab'. Now, we're not finished, so it's gonna tell us that we did not complete the lab, we didn't do it correctly, but that's okay.

There you go, 'you missed one or more commands in the lab. ' So, you can see here on Switch2, PC1, 2, 3, 4, their configurations are fine. That's because we didn't have to do any configurations on these.

But we're missing configurations on Router 1 and Switch1. So, these commands in red are commands that we missed. So we were gonna set the host name on Router1, configure subinterfaces.

How about on Switch1? Oh yeah, configuring FastEthernet0/1 as a trunk. Okay, so that's all for today's NetSim preview.

If you want to get a copy of NetSim and try this lab and many others on your own, follow the link in the description. Thank you for watching. Please subscribe to the channel, like the video, leave a comment, and share the video with anyone else studying for the CCNA.

If you want to leave a tip, check the links in the description. I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the Brave browser. That's all for now.