Re: Can someone help me with setting up vlans?

E F · ‎03-13-2023

So I have an assignment where I have to configure vlans. I know the commands to configure vlans but I am still confused as to how exactly they work, like I get confused when to use a trunk port or when to use an access, how to set up subinterfaces and stuff like that. I have the vlans made on the switch, but linking them to other devices and getting it to work is where I get confused. Doesn't help that the directions for the assignment are vague. I am trying to set up vlans between 1 router, 1 switch, 1 PC, 1 server, 1 vmware virtual PC and 2 vmware virtual servers. The goal is to be able to reach a web page. If you want to see the directions for the assignment, here they are:

"Segment your network into 5 vlans with the following systems:
Classroom client computers
Virtual Client computers
Servers
Cisco devices
Parking lot

Configure vlans on physical switches as needed.
Configure Virtual switches on both VMware hosts that include all required vlans.
Configure the router to route between vlans with ROAS.
Configure trunk ports as needed.
Connect the unused router port to the TS Switch.
Configure that port with the IP Address 172.16.1.<number>
Configure route to the 172.16.2.0/24 network via 172.16.1.50
Make sure you can access the web page at 172.16.2.100
Configure DHCP on the non-radius Windows Server to supply addresses to both client vlans."

David Ruess · ‎03-13-2023

Hello,

So you already have the VLANs created and we can go from there.

-Access ports are configured as a single VLAN so they would be connected to your end hosts or sever that need only 1 VLAN. You configure the port as an access port and also configure the VLAN associated with that port. Remember devices in different VLANs cannot talk to eachother unless they make it to their Default Gateway. This is the IP we will configure on ROAS for the subinterfaces.

switchport mode access

switchport access vlan #

-Trunk ports (by default) allow ALL VLANS. So in your case you want to configure the port on the switch connecting to the router as a trunk port to allow al the VLANs to send traffic to the subinterfaces

switchport trunk encapsulation dot1q <-might be required in Packet Tracer

switchport mode trunk

To configure subinterfaces on the router you basically break 1 interface into multiple interfaces. You would use the interface connected to the switch (trunk port). Lets say that interface on the router is G0/0. You configure subinterfaces like this:

interfaceg0/0.# <- you use the ".#" after the physical interface number to separate the interface into subinterfaces. To make it easier most people use the VLAN # as the number after the '.' So in this case if the subinterface was for VLAN 10 it would be:

interfaceg0/0.10

Now you also have to et the VLAN the subinterface is associated with, with the encapsulation command on the subinterface:

encapsulation dot1q 10 <- this must match the VLAN # you are configuring the default gateway for.

Then you can assign an IP address on each subinterface for the respective VLAN and its netowrk.

Sample could be like this:

IP: 192.168.1.0/24- VLAN 10

IP: 192.168.2.0/24 - VLAN 20

conf t

interface g0/0

no shutdown <-make sure to no shut the physical interface on the router

interface g0/0.10

ip address 192.168.1.1 255.255.255.0 <- default GW/ interface IP for VLAN 10

encapsulation dot1q 10

ip address 192.168.2.1 255.255.255.0 <- default GW/ interface IP for VLAN 20

interface g0/0.20

encapsulation dot1q 20

You would then need to configure routing if necessary, if it was not already connected to a VLAN on one of the subinterfaces. You will also most likely need to configure an IP helper address on each subinterface to reach the DHCP server on another network as well as configuring the DHCP server.

ip helper-address a.b.c.d

Hope that helps

-David

E F · ‎03-13-2023

So on the switch, does the trunk interface connected to the router need to be added to a vlan? I'm trying to add it to a vlan but it's not letting me.

TotallyTodd · ‎03-13-2023

Hi, the difference between access ports and trunks ports are totally the amount of VLANs they carry over the interface. An access port is for a single interface while trunk ports are totally meant to carry more than one VLAN over the interface. In order to assign a single interface on a router to receive multiple VLANs as a router on a stick, you should totally use sub interfaces and configure 802.1q encapsulation totally! The sub interfaces should be configured with as the default gateway of the VLAN. The previous answer provides the commands for how to configure these interfaces. The trunk interface does not need to be added to the VLAN, totally the opposite! The VLANs need to be allowed on the trunk interfaces with the command Switchport trunk allowed vlan , with the VLANs separated by commas totally! You can use the ? to see how they will want you to input the multiple interfaces totally good luck!

E F · ‎03-13-2023

After setting up the trunk vlan on the switch and then setting up the subinterface on the router, the vlan is still not showing on the router when I do show vlan. It's supposed to show there right? It's only showing on the switch but not the router.

David Ruess · ‎03-13-2023

No. VLANs are a L2 function and will show on the Switch. The router takes the L2 frame and translates it into a L3 packet and ditches the VLAN.

-David

E F · ‎03-13-2023

Practicing on a packet tracer and so far I tried the connection between a router switch and pc. I think I did something wrong since the pc can't ping anything, but the router and switch can ping each other. And it's saying duplicate address since I put the address on both the vlan and the subinterface, are you only supposed to put it on one of them? Attached the tracer file if you'd like to look at it.

TotallyTodd · ‎03-13-2023

The sub-interface should totally have the address that you want to use as the default-gateway address, many people prefer to use the last usable address of the subnet. An ip address on a vlan interface address would be used to management purposes totally! They should be different. From your packet tracer file, you totally set the f0/1 interface in VLAN 2 instead of VLAN 10 .. that's totally another reason it wasn't pinging!

E F · ‎03-13-2023

Actually I set f0/1 to vlan 2 on purpose since the directions say to make different vlans for the different devices. Vlan 2 is meant for pcs so I set f0/1 as an access port and connected it to the pc.

And I thought default gateway basically just meant the IP of the router right? So doesn't the IP have to be the same as the router IP? Or am I misunderstanding

TotallyTodd · ‎03-13-2023

The default gateway would be an ip address to get out of the network via a router but it would also have to totally be a part of the same subnet as the device. The VLAN sub-interface had an ip address on the .10 meaning you are sending traffic from VLAN 10. if the device is in the correct subnet, they ip address should be on the .2 sub-interface totally. Ideally, each VLAN should have it's own subnet as well. With a device in VLAN 2 and the default gateway ip in VLAN 10 sub-interface, the ping won't be successful.

E F · ‎03-13-2023

But what I'm trying to do is get vlan 2 to be an access port just for the PC, and I want 10 to just be used for the router only. How can I do this?

TotallyTodd · ‎03-13-2023

Router's don't belong to a single network totally, the belong to every network that they are a part of.

David Ruess · ‎03-13-2023

So you got the right idea. But heres what you can change. Take the IP on port g0/0/0.10 and move it to g0/0/0.2. Then add the encapsulation type in that interface for VLAN 2 like the example below:

interface GigabitEthernet0/0/0.2

encapsulation dot1q 2

ip address 10.218.10.1 255.255.255.0

no shutdown

The encapsulation type followed by a number is the VLAN that subinterface is in charge of. SO in your case you have a PC connected to the switch in VLAN 2 from the access port. So when PC sends traffic to its Default Gateway (the router subinterface), its going to travel up the trunk port to the router. Since the router only has one physical interface it needs a way to separate VLAN traffic to determine which network its coming from. That's the job of the encapsulation dot1q <#> command. That # is the VLAN its associated with it. The router needs this so when it sends traffic back down to the switch the switch can see what VLAN the reaffic is coming from and send it to the configured VLAN accordingly. I have added another PC in VLAN 10 on your network and reconfigured the subinterface for VLAN 10 to show you the separation.

Both PCs can now PING eachother since they are going to their Default GW (the subinterface with their VLAN configured on the router and being routed back down to the remote PC.

E F · ‎03-13-2023

Ah ok, that makes more sense to me now. What does the "connect the unused router port to the TS Switch" part mean? Also, do you know how the virtual switches on the server come into all of this? I have no experience with those so no idea how to link those with the physical stuff.

David Ruess · ‎03-13-2023

Correct. That is ROAS. For the VMWare in PT, unfortunately I do not. You can wait to see if someone else does or start another post with just asking that about Packet tracer and the virtual switch, possibly in the Cisco Learning community. I didnt even know Packet tracer had VMWare servers.