Table of contents
Why This Lab Matters (And Why You Should Care)
You’ve probably heard about VLANs a hundred times if you’re studying for your CCNA. But reading about VLANs and actually configuring them on a switch? That’s a whole different story.
This lab takes VLANs out of the textbook and into real life.
You’ll create VLANs, assign ports to specific VLANs, and see how VLANs control which devices can talk to each other. By the end, you’ll know exactly how VLAN segmentation works — and why it’s one of the most important tools in your networking toolbox.
If you want to walk into your first network admin job and actually know how to segment a switch like a pro, this is where you start.
Lab Summary
- Lab Name: VLAN Creation and Assignment
- Lab Difficulty: Intermediate
- Approximate Time: 30-40 minutes
- Preferred Image: iol-l2
- Book Reference: CCNA 200-301 Official Cert Guide, Volume 1 (2nd Edition) – Cisco Press
- Lab on: Chapter 4 – Using the Command-Line Interface
What You’ll Set Up
- A Cisco switch with multiple VLANs.
- Two PCs, each assigned to a different VLAN.
- Port assignments to control which device belongs to which VLAN.
This is core VLAN configuration — no fluff, just the essentials.
Topology Diagram
Below is the topology diagram for this lab setup:
Prerequisites
You’ll need:
- EVE-NG up and running.
- 1 iol-l2 switch image.
- 2 vPCS devices for PC1 & PC2.
- Basic understanding of what VLANs are and why they matter. addressing.
Implementation Steps
Step 1: Create VLANs on the Switch
Create two VLANs:
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name Sales
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name HR
Switch(config-vlan)#exit
Switch(config)#Why this step? Creating VLANs is how you split up the network into isolated sections. Think of VLANs like putting teams in different rooms — devices in VLAN 10 can’t just shout at devices in VLAN 20.
Step 2: Assign Ports to VLANs
1. Assign Ethernet0/0 to VLAN 10:
Switch(config)#interface ethernet0/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#2. Assign Ethernet0/1 to VLAN 20:
Switch(config)#interface ethernet0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#end
Switch#Why this step? Switch ports don’t magically know which VLAN they belong to. This step tells the switch which ports are part of Sales (VLAN 10) and which belong to HR (VLAN 20).
Step 3: Configure Host PCs
Assign IP addresses and default gateways to the PCs:
- PC1 (VLAN 10):
VPCS> ip 192.168.10.10/24
Checking for duplicate address...
VPCS> set pcname PC1
PC1>- PC2 (VLAN 20):
ip 192.168.20.10/24
set pcname PC2Why this step? Without proper IP configuration, devices within each VLAN can’t even find each other — let alone communicate.
Step 4: Verify VLAN Configuration
1. Display the VLAN configuration on the switch:
Switch#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/2, Et0/3
10 Sales active Et0/0
20 HR active Et0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup2. Verify port assignments for VLANs:
Switch#show interfaces status
Port Name Status Vlan Duplex Speed Type
Et0/0 connected 10 full auto 10/100/100 0BaseTX
Et0/1 connected 20 full auto 10/100/100 0BaseTX
Et0/2 connected 1 full auto 10/100/100 0BaseTX
Et0/3 connected 1 full auto 10/100/100 0BaseTXWhy this step? This is your proof of work. If your VLANs aren’t showing up correctly, or your ports are still in the default VLAN, your devices won’t communicate as expected.
Step 5: Test Connectivity Within VLANs
- From PC1, ping another device in VLAN 10 (if available).
- From PC2, ping another device in VLAN 20 (if available).
Why this step? This confirms that devices inside the same VLAN can communicate — a critical check to ensure your segmentation actually works.
Verification & Testing
1. VLAN Configuration Check:
- Verify the created VLANs and their associated ports:
show vlan brief2. Port Assignment Check:
- Ensure the correct ports are assigned to VLANs:
show interfaces status3. Ping Test:
- Verify connectivity between devices in the same VLAN.
Troubleshooting Tips
- Ping Fails Within VLAN:
- Verify the port is assigned to the correct VLAN.
- Check the IP configuration on the PCs.
- Ports Not Assigned:
- Recheck the port configuration using show interfaces status.
Key Commands
- Create VLAN:
vlan
name - Assign Port to VLAN:
interface
switchport mode access
switchport access vlan - Verify VLANs:
show vlan briefKey Takeaways
- VLANs separate traffic at Layer 2, improving security and performance.
- Correct port assignments and IP configuration are key to making VLANs work.
- Always verify VLANs and port status after configuring.
Real-world Application
- Department Isolation: Keep HR, Sales, and Finance separated at Layer 2.
- Security: Devices in different VLANs can’t communicate without routing.
- Network Optimization: VLANs limit broadcast traffic, boosting performance.
Common Pitfalls
- Forgetting to set the port to access mode.
- Assigning the wrong VLAN ID to a port.
- Misconfiguring IP addresses or using the wrong subnet.
Download This Lab’s Workbook & EVE-NG File
Want to keep this lab handy? Download the PDF workbook and the EVE-NG file right here:
Want 130+ More Labs Like This (Free for 14 Days)?
This lab is just 1 of over 130 hands-on labs inside the CCNA Full Pack.
You’ll get:
- Full access to every lab.
- 130+ workbooks.
- Pre-built EVE-NG files.
- 14 days of completely free access — no risk.
