Lab Manual

CS601 – Data Communication

LAB No. 15

Interfaces (Switch) configuration for VLAN

Department of Computer Science, Virtual University of Pakistan

 LAB 15

Lab Title: Interfaces (Switch) configuration for VLAN

Tool: Cisco Packet Tracer, any version (7.1.1)

Tool Download Link:

https://www.packettracernetwork.com/download/download-packet-tracer.html

Objective: To make students learn use of tool and basic configuration of VLAN on the tool.

Lab instructions
This lab will test your ability to configure VLAN settings on Cisco switch network interfaces
using Packet Tracer 7.1.1.

Pre-requisite Lab Topic Information:

What is VLANS?

VLAN a short for virtual LAN, a network of computers that behave as if they are connected to
the same wire even though they may actually be physically located on different segments of a
LAN.

VLANs are configured through software rather than hardware, because VLANs are based on
logical instead of physical connections, which make them extremely flexible.

Why VLANs?

If you want for example to separate the different departments of your enterprise into different IP
sub networks, A group of devices on a LAN that are configured (using management software) so
that they can communicate as if they were attached to the same wire, (VLANs) within the same
switch, supporting traffic isolation between logically different networks.

1|Page
Types of VLANs

VLANs are usually created by the network administrator, assigning each port of every switch to
a VLAN. Depending on the network infrastructure and security policies, the assignment of
VLANs can be implemented using two different methods: Static or Dynamic memberships -
these two methods are also known as VLAN memberships.

1- Static VLANs

Static VLAN membership is perhaps the most widely used method because of the relatively
small administration overhead and security it provides. With Static VLANs, the administrator
will assign each port of the switch to one VLAN. Once this is complete, they can simply connect
each device or workstation to the appropriate port.

The picture below depicts an illustration of the above, where 4 ports have been configured for 4
different VLANs:

Figure: 1 Port Assigning to VLAN

The picture shows a Cisco switch, where ports 1, 2, 7 and 10 have been configured and assigned
to VLANs 1, 5, 2 and 3 respectively.

2|Page
Static VLANs are certainly more secure than traditional switches while also considerably easy to
configure and monitor. As one would expect, all nodes belonging to a VLAN must also be part
of the same logical network in order to communicate with one another.

2- Dynamic VLANs

Dynamic VLANs were introduced to grant the flexibility and complexity that Static VLANs did
not provide. Dynamic VLANs are quite rare because of their requirements and initial
administrative overhead.

Dynamic VLANs, as opposed to Static VLANs, do not require the administrator to individually
configure each port, but instead, a central server called the VMPS (VLAN Member Policy
Server). The VMPS is used to handle the on-the-spot port configuration of every switch
participating on the VLAN network.

Figure: 2
Dynamic VLAN

3|Page
The diagram on the left shows us a VLAN capable switch that has been configured to support
Dynamic VLANs. On port No.5, we have connected a simple switch (not VLAN aware) from
which another 4 workstations are connected.

Ports of VLANs

The Ports are actually the communication points on the switch, by default all the ports on the
switch are known as switching ports.

On a Cisco switch, ports are assigned to a single VLAN. These ports are referred to as access
ports and provide a connection for end users or node devices, such as a router or server. By
default all devices are assigned to VLAN 1, known as the default VLAN. After creating a
VLAN, you can manually assign a port to that VLAN and it will be able to communicate only
with or through other devices in the VLAN.

1- Access Port

An "access port" is a type of connection on a switch that is used to connect a guest virtual
machine that is VLAN unaware. This port provides the virtual machine with connectivity
through a switch that is VLAN aware without requiring it to support VLAN tagging.

2- Trunk Port

A "trunk port" is a type of connection on a switch that is used to connect a guest virtual machine
that is VLAN aware. Generally, all frames that flow through this port are VLAN tagged. The
exception to this is when a trunk port is granted access to the untagged VLAN set (native VLAN
ID).

Protocols of Vlans

The protocol most commonly used today in configuring virtual LANs is IEEE 802.1Q. The IEEE
committee defined this method of multiplexing VLANs in an effort to provide multivendor
VLAN support. Prior to the introduction of the 802.1Q standard, several proprietary protocols
existed, such as Cisco's ISL (Inter-Switch Link) and 3Com's VLT (Virtual LAN Trunk). Cisco
also implemented VLANs over FDDI by carrying VLAN information in an IEEE 802.10 frame
header, contrary to the purpose of the IEEE 802.10 standard.
4|Page
 1- Inter-Switch Link (ISL)

Inter-Switch Link (ISL) is a Cisco proprietary protocol used to interconnect multiple switches
and maintain VLAN information as traffic travels between switches on trunk links. This
technology provides one method for multiplexing bridge groups (VLANs) over a high-speed
backbone. It is defined for Fast Ethernet and Gigabit Ethernet, as is IEEE 802.1Q. ISL has been
available on Cisco routers since Cisco IOS Software.

As ISL is Cisco's propriety tagging method that’s why it only supports Cisco's equipment
through Fast & Gigabit Ethernet links. ISL is an encapsulation protocol operates on trunk port
used in Vlans to provide secure data transfer between two Vlans.

2- IEEE 802.1Q

The IEEE 802.1q tagging method is the most popular and a standard encapsulation as it allows
the seamless integration of VLAN capable devices from all vendors who support the protocol.
IEEE 802.1q is the default encapsulation set on the switches in order to provide secure data
connection through trunk ports.

The 802.1Q standard can create an interesting scenario on the network. Recalling that the
maximum size for an Ethernet frame as specified by IEEE 802.3 is 1518 bytes, this means that if
a maximum-sized Ethernet frame gets tagged, the frame size will be 1522 bytes, a number that
violates the IEEE 802.3 standard.

Practical Demonstration of the Concept (LAB) as Stated

Configuration of VLANs

The configuration of switch involves logical segments of LAN, so that every department is
spared in terms of communication to gain secure connection.

5|Page
Example

Configuring Layer 2 VLANs on Cisco switches. Up to 4094 VLANs can be configured on Cisco
catalyst switches. By default, only VLAN 1 is configured on the switch and all the switching
ports are the part of only one vlan. Let’s assume the following scenario:

 CS Department : IP Subnet 192.168.2.0/24 –> VLAN 2

 Management Department: IP Subnet 192.168.3.0/24 –> VLAN 3

 Accounts Department: IP Subnet 192.168.4.0/24 –> VLAN 4

Different VLANs allows the network administrators to enforce traffic restrictions if needed
between departments and have better control of internal hosts. If you have more than one
switch connected and you want the same VLANs to belong across all switches, then a Trunk
Port must be configured between the switches.

Figure: 3 VLANs
communicating through Trunk Port

6|Page
We have three VLANs. VLAN 2,3, and 4. VLAN 4 belongs both to SWITCH 1 and SWITCH 2,
therefore we need a Trunk Port between the two switches in order for hosts in VLAN4 in Switch
1 to be able to communicate with hosts in VLAN4 in Switch 2.

The ports of the two switches shall be configured as following:

1 Switch Port Configuration

Switch1
Fe0/1–Fe0/2–>VLAN2 (CS)
Fe0/10–Fe0/11–>VLAN4 (Accounts)
Fe0/24 –> Trunk Port

Switch2:
Fe0/1–Fe0/2–>VLAN3 (Management)
Fe0/10–Fe0/11–>VLAN4 (Accounts)
Fe0/24 –> Trunk Port

1.1 Switch 1 Configuration:

Create VLANs 2 and 4 in the switch database:

Switch1# configure terminal

Switch1 (config) # vlan 2
Switch1 (config-vlan) # name CS
Switch1 (config-vlan) # end
Switch1 (config) # vlan 4
Switch1 (config-vlan) # name Management
Switch1 (config-vlan) # end

Assign Ports Fe0/1 and Fe0/2 in VLAN 2

Switch1 (config) # interface fastethernet0/1

7|Page
Switch1 (config-if) # switchport mode access
Switch1 (config-if) # switchport access vlan 2
Switch1 (config-if) # end
Switch1 (config) # interface fastethernet0/2
Switch1 (config-if) # switchport mode access
Switch1 (config-if) # switchport access vlan 2
Switch1 (config-if) # end

Figure: 4 Fe0/1, Fe0/2 Assigned to VLAN2

Assign Ports Fe0/10 and Fe0/11 in VLAN 4

Switch1 (config) # interface fastethernet0/10

Switch1 (config-if) # switchport access vlan 4
Switch1 (config-if) # end
Switch1 (config) # interface fastethernet0/11

8|Page
Switch1 (config-if) # switchport mode access
Switch1 (config-if) # switchport access vlan 4
Switch1 (config-if) # end

Figure: 5 Fe0/10, Fe0/11 Assigned to VLAN4

Create Trunk Port Fe0/24

Switch1 (config) # interface fastethernet0/24

Switch1 (config-if) # switchport mode trunk
Switch1 (config-if) # switchport trunk
encapsulation dot1q
Switch1 (config-if)# end

9|Page
 Figure: 6 Fe0/24 Assigned to
VLAN2

Similarly for Switch- 2, we create vlan and configure port as a part of that Vlan.
The same VLANs are only able to communicate with each other with respect to ports, which also
are the member of same VLAN communicating.

Note that for communication between two access ports of two different switches, both the access
ports must be the member of same Vlans.

Mechanism to Conduct Lab:

Students and teacher communicate through Skype/Adobe Connect. Students perform the task
using the Packet Tracer Simulator.

Outcome/Result:

Students will be well capable after having comprehensive detailed lab to develop any kind of
LAN network based on VLANS.

10 | P a g e