Lab Overview
This free CCNA lab is all about configuring VLANs. VLANs (virtual LANs) are a widely popular technology used in today’s networks. They help logically separate hosts in a single broadcast domain, such as on a switch, and break them up into smaller broadcast domains. Hosts on VLANs cannot communicate with each other without being routed, which is an added security benefit. VLANs are also great for grouping hosts regardless of location on a network. For example, if a company’s network has a VLAN for each department, PCs in those VLANs do not all have to be connected to the same switch. They could be spread all over an office building connected to different switches, but be logically connected within a VLAN.
In this lab, we will go over the following:
- Creating and naming VLANs
- Configuring switchports for access mode
- Assigning switchports to VLANs
I have provided Packet Tracer lab files to go with this post. If you already know how to configure VLANs, I would challenge you to attempt to complete the lab on your own. If you have trouble, feel free to come back and use this guide as a reference.
Let’s get started!
| Department | VLAN | Ports |
| Administration | 10 | 1-6 |
| Accounting | 20 | 7-12 |
| Sales | 30 | 13-18 |
| Support | 40 | 19-24 |
Objectives
- Create VLANs for each department and name them accordingly
- Configure switchports for access mode
- Assign ports to the correct VLANs as labelled
- Verify PCs can ping from department to department.
Note: Everything in this lab is configured except for the VLANs, VLAN names, switchport mode, and port assignment. VLAN routing is already configured and is not in the scope of this lab. PCs already have IP addressing and should be able to ping after configuring VLANs.
1. Creating VLANs
Creating VLANs is super simple. Before creating them, use the show vlan command on the switch to take a look at the VLAN database. You can see that there are no VLANs besides the default VLANs 1, 1002, 1003, 1004, and 1005. To create VLANs, go to global configuration mode and use the vlan command followed by a VLAN ID, which can be 1-4094 (excluding the defaults mentioned previously). You will now be in VLAN configuration mode (config-vlan). From here is where you can set a name for the VLAN. In the example below, I create VLAN 10 and name it “Administration.” Naming is not necessary but helps document what the VLAN is for.
S1(config)# vlan 10
S1(config-vlan)# name Administration
Repeat for each department.After creating the VLANs, use the show vlan (or do show vlan from config mode) command to verify they are in the VLAN database.
2. Configuring Switchports for Access Mode
Now that we have the VLANs created, we need to work with the ports on the switch. The first thing we have to do is configure them for access mode. This tells the switch that it is a port that an end device will connect to. Access ports are also assigned to a VLAN, and will only carry traffic for the VLAN it is assigned to. To configure switchports, we will need to enter interface configuration mode from global config mode. We can do this using the interface {interface} command. To configure more than one port at a time, we can use interface range {interfaces} instead. After in interface config mode, we need to use the switchport mode access command. This will set the switchports into access mode. In the example below, I configure the first six fastEthernet ports of the switch for access mode using the interface range command.
S1(config)# interface range fastEthernet 0/1-6
S1(config-if-range)# switchport mode access
Repeat for each range of ports.Note: You could use the command interface range to set all of the ports on the switch to access mode at the same time. For example, interface range fastEthernet 0/1-24.
3. Assigning Ports to VLANs
After putting the switchports into access mode, it is time to assign them to the VLANs they belong to. In the chart above and in the lab, I tell you what puts belong to what VLANs. To do this, we need to continue in the interface configuration mode. The command to assign a port to a VLAN is switchport access vlan {vlan-id}. In the example below, I assign ports 1-6 to VLAN 10. Repeat this command for each range of ports, assigning them to the appropriate VLAN according to the chart.
S1(config)# interface range fastEthernet 0/1-6
S1(config-if-range)# switchport access vlan 10
Repeat for each range of ports.To verify, use the show vlan command mentioned previously. You will be able to see the ports assigned to the VLANs.
4. Verify PCs can ping each other
Now that VLANs are configured, all PCs should be able to successfully ping each other. The first ping may drop, but the rest should be successful.
Thanks for Reading!
If you’ve gotten this far, thanks for reading. I hope this post has helped you understand how to configure VLANs. If you believe there is something wrong with the initial configuration, please contact me via my contact form to let me know.
Full Configuration
The full configurations for both labs can be found on my GitHub!