Goal
● Verify VLAN configuration and function
Requirements:
● Cisco switch configured with Lab 1-3, Lab 5 configurations
● 2 PCs with Ethernet ports, one with COM port. PCs should be configured with the IP addresses shown above.
● Cisco rollover cable
● 2 Ethernet cables
Review broadcast domain
● A broadcast is a data transmission to all devices that communicate at Layer 2, or the Datalink layer.
● All devices in a broadcast domain “hear” all broadcasts. (This explanation is very brief and incomplete. Insure that you fully understand broadcasts, broadcast domains, how bridges/switches process broadcasts.)
● A VLAN is a broadcast domain. It is a group of ports that can communicate at Layer 2, or will “hear” a broadcast from one of the devices connected to an interface in the same VLAN.
● Cisco switches initially have one VLAN, VLAN 1, and all ports are in VLAN 1. Creating new VLANs creates new broadcast domains.
In Lab 7, four new broadcast domains, or VLANs, were created:
● VLAN 200
● VLAN 201
● VLAN 202
● VLAN 203
VLAN 1, the default VLAN, still exists. VLAN 1 is automatically defined by the IOS, and cannot be deleted. It can be made irrelevant by assigning all ports to other VLANs, but it will still exist. Verify that the VLANs still exist from Lab 7, and the following port assignments have been made.
1. testlabsw1 # show vlan
VLAN Name Status Ports
---- -------------------------- --------- -------------------------------
1 default active Fa0/9, Fa0/10, Fa0/11, Fa0/12
200 Acct active Fa0/1, Fa0/5
201 Admin active Fa0/2, Fa0/6
202 Backbone active Fa0/3, Fa0/7
203 VLAN0203 active Fa0/4, Fa0/8
.
(lines omitted)
Testing the configuration
The test consists of using the ping command. The test has two parts:
● Test for a successful ping between the devices in the same VLAN
● Test for a failure to ping between the devices in different VLANs
It may sound strange to test for failure, or an unsuccessful ping, but it really isn’t. If you can ping between VLANs (200 to 201, for example), then either the configuration is wrong, or VLANs do not really create separate broadcast domains.
A final test step is to ping the switch interface VLAN 1 IP address (192.168.1.75) from each VLAN. Before beginning this exercise, display the status of the VLAN1 IP address:
labsw1# show interface vlan 1
Vlan1 is up, line protocol is down
.
.
(Interface VLAN 1 is not complete functional. Why not? Review Lab 2, step 22 and discussion.)
Before beginning these exercises, verify that the PCs are configured with the following IP addresses: PC1 – 192.168.1.2, PC2 – 192.168.1.3. Connect PC1 and PC2 to the switch interfaces as shown in the chart below, and ping from PC1 to PC2.
labsw1# clear mac-address-table
(Note: if you cannot ping from PC1 to PC2 after you move the connections to new interfaces in the same VLAN, use the clear mac-address-table dynamic command and test again. Just make sure that the interfaces are in the same VLAN.)
It is not necessary to issue every ping described in this section. However, it is important that you understand that pings are successful between computers in the same VLAN and unsuccessful between computers in different VLANs. If you like, chose a subset of the interfaces to perform the tests. It is also important to show the status of interface VLAN after each cable move and note when it goes "up, up" (More in Lab 9).
Ping
Interface Result
PC1 PC1 PC2 PC2 Ping VLAN1 Interface
Int VLAN Int VLAN Result Status VLAN1
------- ---- ------ ---- -------- ------- -------
Fa0/1 200 Fa0/5 200
Fa0/2 201 Fa0/5 200
Fa0/2 201 Fa0/6 201
Fa0/3 202 Fa0/6 201
Fa0/3 202 Fa0/7 202
Fa0/4 203 Fa0/7 202
Fa0/4 203 Fa0/12 1
Fa0/9 1 Fa0/12 1
Fa0/10 1 Fa0/12 1
Fa0/11 1 Fa0/12 1
The results of the testing should show that a ping test is successful when both devices are in the same VLAN, and unsuccessful when the devices are in different VLANs.
Why is a ping attempt to the IP address of interface VLAN 1 successful from ports Fa0/9 through Fa0/12, but unsuccessful from all other interfaces?
Two conditions must exist before the VLAN 1 IP address will respond to a ping.
- The VLAN 1 interface must be “up, up” before it will respond to a ping. Interface VLAN 1 remained in an “up, down” status until a physical interface associated with VLAN 1, Fa0/9 - Fa0/12, was active, or in “up, up” status. When a computer was connected to an interface in VLAN 1, a physical path to VLAN 1 was created, and VLAN 1 became “up, up” or active. The VLAN 1 interface became active in Step 8: however, it was not possible to ping the VLAN 1 IP address from Fa0/4. Only when PC1 was connected to Fa0/9, VLAN 1, was it possible to ping 192.168.1.75 from PC1.
- PC1 could successfully ping the VLAN 1 IP address after it was connected to an interface in VLAN 1: Fa0/9 – Fa0/12. The reason is a VLAN interface is associated with the VLAN that it is named for. VLAN 1 can only be contacted from an interface in VLAN 1. An interface in VLAN 200 cannot communicate with the VLAN 1 IP address. Interface VLAN 1 is a part of VLAN 1, and can only be contacted from one of the ports in VLAN 1: Fa0/9, Fa0/10, Fa0/11, Fa0/12.
