3.3.12 Packet Tracer – VLAN Configuration
Packet Tracer is Cisco’s flagship network simulation tool, widely used by students and professionals to practice network design without investing in physical hardware. One of the most common tasks in a virtual lab is configuring Virtual LANs (VLANs) to segment broadcast domains, improve security, and optimize traffic. This guide walks you through the entire VLAN configuration process in Packet Tracer, from creating VLANs on a switch to assigning ports, configuring trunk links, and verifying connectivity. Whether you’re a beginner or refreshing your skills, the step‑by‑step instructions, key concepts, and troubleshooting tips will help you master VLANs in a virtual environment.
Introduction
A VLAN (Virtual Local Area Network) allows you to group ports on a switch into separate broadcast domains, regardless of their physical location. g.In Packet Tracer, VLANs are configured on Layer 2 switches (e., Cisco 2960, 3560) and can be extended across multiple switches using trunk links that carry traffic for all VLANs simultaneously.
- Segmentation: Isolate traffic for different departments or services.
- Security: Prevent unauthorized devices from accessing sensitive segments.
- Performance: Reduce broadcast storms and improve overall network efficiency.
Below is a detailed walkthrough of the VLAN configuration process in Packet Tracer, including how to create VLANs, assign ports, set up trunking, and verify the setup.
Step‑by‑Step VLAN Configuration in Packet Tracer
1. Set Up the Lab Environment
- Open Packet Tracer and create a new project.
- Add Devices:
- Switches: Drag at least two 2960 or 3560 switches (e.g., Switch1 and Switch2).
- PCs: Place a few PCs on each switch (e.g., PC1, PC2, PC3).
- Connect Devices:
- Use Copper Straight‑Through cables to connect PCs to switch ports.
- Use Copper Cross‑Over or Gigabit Ethernet cables to connect the two switches (e.g., Switch1‑Gig0/1 to Switch2‑Gig0/1).
2. Configure VLANs on the Switches
2.1 Create VLANs
Switch1> enable
Switch1# configure terminal
Switch1(config)# vlan 10
Switch1(config-vlan)# name Sales
Switch1(config-vlan)# exit
Switch1(config)# vlan 20
Switch1(config-vlan)# name Engineering
Switch1(config-vlan)# exit
Repeat the same on Switch2 to keep VLANs consistent across the network Nothing fancy..
2.2 Assign Ports to VLANs
Switch1(config)# interface FastEthernet0/1
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 10
Switch1(config-if)# exit
Switch1(config)# interface FastEthernet0/2
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport access vlan 20
Switch1(config-if)# exit
- FastEthernet0/1 hosts PC1 (Sales VLAN).
- FastEthernet0/2 hosts PC2 (Engineering VLAN).
Do the same on Switch2 for its connected PCs.
3. Configure Trunking Between Switches
A trunk link carries traffic for all VLANs between switches. Now, in Packet Tracer, use IEEE 802. 1Q encapsulation.
Switch1(config)# interface GigabitEthernet0/1
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation dot1q
Switch1(config-if)# switchport trunk allowed vlan 10,20
Switch1(config-if)# exit
Apply the same trunk configuration on Switch2’s corresponding interface.
4. Verify VLAN Configuration
4.1 Check VLAN Membership
Switch1# show vlan brief
You should see VLAN 10 and 20 listed, with the correct ports assigned.
4.2 Verify Trunk Status
Switch1# show interfaces trunk
The output should indicate that Gig0/1 is a trunk, allowing VLANs 10 and 20 It's one of those things that adds up..
4.3 Test Connectivity
- Ping within VLAN: From PC1 (Sales) to PC3 (also Sales). Should succeed.
- Ping across VLANs: From PC1 (Sales) to PC2 (Engineering). Should fail unless a router or Layer 3 switch is configured for inter‑VLAN routing.
Scientific Explanation of VLANs
What Happens Behind the Scenes?
- MAC Address Learning: When a frame arrives at a switch port, the switch records the source MAC address and the port in its MAC address table.
- VLAN Tagging: Frames destined for a VLAN other than the native VLAN are tagged with an 802.1Q header containing the VLAN ID.
- Trunking: On a trunk link, all tagged frames are forwarded between switches. The trunk interface learns which VLANs are allowed and drops frames from disallowed VLANs.
- Broadcast Domains: Each VLAN represents a separate broadcast domain. Broadcast frames are only forwarded within the same VLAN, not across trunks unless tagged.
Why Trunking Matters
Without trunking, VLANs on one switch cannot communicate with VLANs on another switch. Trunks enable logical separation while maintaining a single physical infrastructure.
Common Pitfalls and Troubleshooting
| Symptom | Likely Cause | Fix |
|---|---|---|
| PCs in the same VLAN cannot ping each other | Port not assigned to VLAN | Re‑configure port as access with the correct VLAN |
| PCs in different VLANs can ping each other | Trunk allowed all VLANs but native VLAN misconfigured | Ensure native VLAN matches on both ends |
| Trunk shows “not connected” | Cable type wrong (use crossover for older switches) | Switch to correct cable or enable auto‑MDI/MDIX |
VLAN not appearing in show vlan brief |
VLAN not created or misspelled | Use vlan <id> command and give it a name |
FAQ
Q1: How many VLANs can a Cisco 2960 support?
A: The 2960 supports up to 4094 VLANs, but practical limits are often set by the number of ports and memory constraints.
Q2: Can I create VLANs on a router?
A: Routers do not support VLANs directly on their interfaces. You need a Layer 3 switch or a router with sub‑interfaces configured with encapsulation dot1q.
Q3: What is the difference between an access port and a trunk port?
A: An access port carries traffic for a single VLAN and removes the 802.And 1Q tag before forwarding. A trunk port carries multiple VLANs, tagging frames with the VLAN ID The details matter here..
Q4: How do I set a native VLAN on a trunk?
A: Use switchport trunk native vlan <id> on the trunk interface. The native VLAN carries untagged frames.
Q5: Can I restrict which VLANs are allowed on a trunk?
A: Yes. That said, use switchport trunk allowed vlan <list> to specify allowed VLAN IDs. Frames for other VLANs will be dropped.
Conclusion
Configuring VLANs in Packet Tracer mirrors real‑world Cisco switch operations, providing a risk‑free environment to practice segmentation, security, and traffic management. By mastering the steps—creating VLANs, assigning ports, setting up trunk links, and verifying the configuration—you build a solid foundation for more advanced network designs, such as inter‑VLAN routing, VLAN pruning, and port security. But whether you’re preparing for a certification exam or designing a test network, the skills gained here translate directly to physical Cisco devices and real‑world deployments. Happy simulating!
