3.4.6 Lab – Configure VLANs and Trunking Answers

Objectives

Part 1: Construct the Network and Configure the Device's Basic Settings

Create VLANs and assign switch ports in Section 2.

Maintenance of VLAN Port Assignments and the VLAN Database

Configure an 802.1Q Trunk between the Switches in Section 4.

Section 5: Deletion of the VLAN Database

Context / Scenario

Modern switches use virtual local-area networks (VLANs) to enhance network performance by dividing huge Layer 2 broadcast domains into smaller ones. By regulating which hosts may interact, VLANs can also be employed as a security precaution. VLANs make it simpler to create a network to meet an organization's objectives.

VLAN trunks are used to connect VLANs on numerous devices. Trunks provide traffic from many VLANS to traverse over a single connection while maintaining VLAN identification and segmentation.

In this lab, you will create VLANs on both switches in the topology, assign VLANs to switch access ports, verify that VLANs are functioning as expected, and then create a VLAN trunk between the two switches to allow hosts in the same VLAN to communicate regardless of which switch the host is attached to.

Cisco Catalyst 2960 switches with Cisco IOS Release 15.2(2) are used in CCNA hands-on labs (lanbasek9 image). Other routers, switches, and versions of Cisco IOS may be used. Depending on the model and Cisco IOS version, the available commands and output may differ from what is shown in the labs. For the right interface IDs, see the Router Interface Summary Table at the conclusion of the lab.

Note: Ensure that any startup settings have been removed from the routers and switches. If you are uncertain contact your Answers.

Refer to the Answers Lab Manual for instructions on how to initialise and reload devices.

Essential Resources

2 Switches (Cisco 2960 equipped with Cisco IOS Release 15.2(2) lanbasek9 image or equivalent)

2 PCs (Windows with a terminal emulation application, such as Tera Term) (Windows with a terminal emulation program, such as Tera Term)

Console cables used to configure Cisco IOS devices using their console ports.

Ethernet wires as seen in the network topology

Instructions

Part 1: Construct the Network and Configure the Device's Basic Settings

In Part 1, you will establish the network topology and configure the PC hosts and switches with basic settings.

Step one is to cable the network according to the topology.

Connect the devices according to the topology diagram and with the appropriate cabling.

Configure basic settings for each switch in Step 2.

Console into the switch and activate EXEC mode with privileges.

Launch configuration display

switch> allow

Enter configuration mode.

switch# terminal configuration

A device name is assigned to the switch.

# hostname S1 switch(config)

switch(config.hostname)# hostname S2

Disable DNS lookup to prevent the router from misinterpreting instructions given improperly as host names.

S1(config)# no ip domain-lookup

S2(config)# no ip domain-lookup

Assign class as the encrypted password for the EXEC privilege.

S1(config)# activate secret class

S2(config)# activate secret class

Assign cisco as the password for the console and allow login.

S1(config)# line console 0

S1(config-line)# password cisco

S1(config-line)# login

S2(config)# line console 0

S2(config-line)# password cisco

S2(config-line)# login

Assign the password cisco to the vty and enable login.

S1(config)# vty 0 line 4

S1(config-line)# password cisco

S1(config-line)# login

S2(config)# vty 0 line 4

S2(config-line)# password cisco

S2(config-line)# login

Encrypt the passwords in plaintext.

S1(config)# password-encryption service

S2(config)# password-encryption service

Create a banner indicating that unauthorised access to the device is banned.

S1(config)# banner motd $ Restricted to Authorized Users $

S2(config)# banner motd $ Restricted to Authorized Users $

Configure on the switch the IP address provided in the Addressing Table for VLAN 1.

S1(config)# vlan 1 interface

# ip address 192.168.1.11 255.255.255.0 S1(config-if)

S1(config-if)# there is no shutdown

S1(config-if)# terminate

S2(config)# vlan 1 interface

# ip address 192.168.1.12 255.255.255.0 S2(config-if)

S2(config-if)# does not have a shutdown directive

S2(config-if)# end programme

Turn off any interfaces that will not be used.

S1(config)# range of interfaces f0/2-5, f7-24, and g0/1-2.

S1(config-if-range)# stop operation

S2(config)# range of interfaces f0/2-17, f18-24, and g0/1-2

S2(config-if-range)# stop operation

Place the time on the switch.

The time on S1# is 15:30:00 on 19 September 2019

The time on S2# is 15:30:00 on 19 September 2019

Save the settings currently in use to the startup configuration file.

S1# copy running-config startup-config

S2# duplicate operating-config startup-config

Close window for configuration

Configure PC hosts in Step 3.

Refer to the Addressing Table for details on PC host addresses.

Test connection in step 4.

Determine whether the PC hosts can ping each other.

Note: To ping across PCs, it may be required to deactivate the firewall on each PC.

Questions:

Can PC-A ping PC-B?

Yes

Can PC-A ping S1?

No

Can PC-B ping S2?

No

Launch configuration display

Can S1 ping S2?

Yes

If you answered no to any of the preceding questions, please explain why the pings failed.

When attempting to ping a device on a different subnet, the pings failed. A default gateway must exist to route traffic from one subnet to another for these pings to succeed.

Close window for configuration

Create VLANs and assign switch ports in Section 2.

In Part 2, Management, Operations, Parking Lot, and Native VLANs will be created on both switches. The VLANs are then assigned to the relevant interface. The show vlan command verifies the setup parameters.

Create VLANs on the switches in Step 1.

Launch configuration display

On S1, create the VLANs.

S1(config)# vlan 10

S1(config-vlan)# name Operations

S1(config-vlan)# vlan 20

S1(config-vlan)# name Parking Lot

S1(config-vlan)# vlan 99

S1(config-vlan)# name Management

S1(config-vlan)# vlan 1000

S1(config-vlan)# name Authentic

S1(config-vlan)# end

Create identical VLANs on S2

Show the VLANs on S1 using the show vlan short command.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

Gi0/1, Gi0/2

10Operationsactive

20Parking Lotactive

99Managementactive

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Questions:

What is the standard VLAN?

VLAN 1

Which ports are allocated to the VLAN by default?

By default, all switch ports are allocated to VLAN 1.

Assign VLANs to the right switch interfaces in Step 2.

Attribute VLANs to the S1 ports.

1)Assign PC-A to the VLAN for Operation.

S1(config)# f0/6 interface

S1(config-if)# access to switchport mode

S1(config-if)# access vlan 10 on switchport

2)Change the IP address VLAN 99 of the switch.

S1(config)# vlan 1 interface

S1(config-if)# no ip address

S1(config-if)# vlan 99 interface

# ip address 192.168.1.11 255.255.255.0 S1(config-if)

S1(config–if)# end

Execute the show vlan brief command and check that the right interfaces are allocated to the VLANs.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Gi0/1

Gi0/2

10OperationsactiveFa0/6

20Facultyactive

99Managementactive

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Issue the command display ip interface short.

S1# display IP interface summary

InterfaceIP-AddressOK? StatusProtocolMethod

Vlan1unassignedYES unsetupup

Vlan99192.168.1.11YES manual updown

FastEthernet0/1unassignedYES unsetupup

FastEthernet0/2unassignedYES deactivated administratively

FastEthernet0/3unassignedYES deactivated administratively

FastEthernet0/4unassignedYES deactivated administratively

FastEthernet0/5unassignedYES deactivated administratively

FastEthernet0/6unassignedYES unsetupup

FastEthernet0/7unassignedYES deactivated administratively

output withheld>

Question:

What is the current state of VLAN 99? Explain.

VLAN 99's state is up/down; it is up since the VLAN exists in the database, but it is down because it has not yet been allocated to an active port.

On S2, assign PC-B to the Operations VLAN.

S2(config)# f0/18 interface

S2(config-if)# access to switchport mode

S2(config-if)# access vlan 10 on switchport

Remove VLAN 1's IP address from S2.

S2(config)# vlan 1 interface

S2(config-if)# no ip address

Configure an IP address on S2 for VLAN 99 based on the Addressing Table.

S2(config–if)#vlan 99 interface

# ip address 192.168.1.12 255.255.255.0 S2(config-if)

Use the show vlan brief command to confirm that the right interfaces are allocated to the VLANs.

S2# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Gi0/1

Gi0/2

10OperationsactiveFa0/18

20Parking Lotactive

99Managementactive

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Questions:

Can S1 send a ping to S2? Explain.

No. VLAN 99 now contains the IP addresses of the switches. Traffic on VLAN 99 will not be sent on interface F0/1.

Close window for configuration

PC-A is capable of pinging PC-B? Explain.

No. Interface F0/1 is not allocated to VLAN 10, hence it will not carry VLAN 10 traffic.

Maintain VLAN Port Assignments and the VLAN Database in Section 3.

Part 3 entails modifying VLAN assignments to ports and removing VLANs from the VLAN database.

Assign a VLAN to multiple interfaces in Step 1.

Launch configuration display

Assign interfaces F0/11 - 24 to VLAN99 on switch S1.

S1(config)# interface range f0/11 through f24

S1(config-if-range)# access to switchport mode

S1(config-if-range)#access vlan 99 on switchport

S1(config-if–range)# end

To check VLAN allocations, use the show vlan brief command.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Gi0/1, Gi0/2

10OperationsactiveFa0/6

20Parking Lotactive

99ManagementactiveFa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Assign F0/11 and F0/21 to the VLAN 10 interface.

S1(config)# range of interfaces f0/11 to f0/21

S1(config-if-range)#access vlan 10 on switchport

S1(config-if–range)# end

Verify VLAN assignments for accuracy.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Gi0/1, Gi0/2

10Active Operations Fa0/6, Fa0/11, and Fa0/21

20Parking Lotactive

99ManagementactiveFa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/22, Fa0/23, Fa0/24

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Remove a VLAN assignment from an interface in Step 2.

Use the no switchport access vlan command to delete VLAN 99 from the F0/24 interface.

S1(config)# f0/24 interface

S1(config-if)# no access vlan on switchport S1

S1(config-if)# end

Confirm that the VLAN change was implemented.

Question:

Which VLAN does F0/24 currently belong to?

VLAN 1 is the standard VLAN.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/24, Gi0/1, Gi0/2

10Active Operations Fa0/6, Fa0/11, and Fa0/21

20Parking Lotactive

99ManagementactiveFa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/22, Fa0/23

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Remove a VLAN ID from the VLAN database in Step 3.

Add VLAN 30 to the F0/24 interface without using the global VLAN command.

S1(config)# f0/24 interface

S1(config-if)# access vlan 30 on switchport

% Access VLAN does not exist. Building vlan 30

Note: The vlan command is no longer required to add a VLAN to the database with modern switch hardware. When an unknown VLAN is assigned to a port, the VLAN is generated and added to the VLAN database.

Verify that the new VLAN is listed in the table of VLANs.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Gi0/1, Gi0/2

10Active Operations Fa0/6, Fa0/11, and Fa0/21

20Parking Lotactive

30VLAN0030activeFa0/24

99ManagementactiveFa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/22, Fa0/23

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Question:

What is VLAN 30's default name?

VLAN0030

To delete VLAN 30 from the VLAN database, use the no vlan 30 command.

S1(config)# no vlan 30

S1(config)# end

Enter the command display vlan brief. VLAN 30 was allocated F0/24.

Question:

After VLAN 30 is deleted from the VLAN database, to which VLAN is port F0/24 assigned? What happens to traffic intended for the host connected to the F0/24 subnet?

When a VLAN is deleted, all ports attached to it become dormant. Therefore, Port F0/24 remains linked with VLAN 30. However, VLAN 30 is now inactive due to its absence from the VLAN database. Additionally, no traffic will be transferred via the port.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Gi0/1, Gi0/2

10Active Operations Fa0/6, Fa0/11, and Fa0/21

20Parking Lotactive

99ManagementactiveFa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/22, Fa0/23

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

On interface F0/24, use the no switchport access vlan command.

S1(config)# f0/24 interface

S1(config-if)# no access vlan on switchport S1

S1(config-if)# end

Use the show vlan short command to identify which VLAN F0/24 belongs to.

Questions:

Which VLAN does F0/24 belong?

The VLAN by default, VLAN 1,

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/24, Gi0/1, Gi0/2

10Active Operations Fa0/6, Fa0/11, and Fa0/21

20Parking Lotactive

99ManagementactiveFa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/22, Fa0/23

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Before deleting a VLAN from the database, it is advised that you reassign all of the VLAN's ports.

Why should a port be reassigned to a different VLAN before deleting it from the VLAN database?

The interfaces allocated to a VLAN that is deleted from the VLAN database become dormant and unusable until they are reassigned to an other VLAN. This may be difficult to diagnose, since trunked interfaces do not appear in the port list (Part 4 contains more information about trunked interfaces).

Close window for configuration

Configure an 802.1Q trunk between the switches in Section 4.

In Part 4, you will setup interface F0/1 to use the Dynamic Trunking Protocol (DTP) so that it may negotiate trunk mode. After completing and validating this task, you will stop DTP on interface F0/1 and manually setup it as a trunk.

Step 1: Activate trunking on F0/1 using DTP.

Dynamic auto is the default DTP mode of a 2960 switch port. This permits the interface to convert the connection to a trunk if the adjacent interface is set to trunk or dynamic desired mode.

Launch configuration display

Configure S1's F0/1 to negotiate trunk mode.

S1(config)# f0/1 interface

S1(config-if)# dynamic switchport mode is desired

Line protocol on Interface FastEthernet0/1 changed state to up at 19 Sep 02:51:47.257 %LINEPROTO-5-UPDOWN

Line protocol on Interface Vlan99 has changed to the up state at 19 Sep 02:51:47.291.

Additionally, you should get connection status notifications on S2.

S2#

Interface FastEthernet0/1, changed status to up at 19 Sep 02:42:19.424 UTC: %LINK-3-UPDOWN

The status of the Line protocol on Interface Vlan99 has changed to up at 19:42:14.

Line protocol on Interface FastEthernet0/1 changed from down to up at 19:42:22.419 on September 19, 2002.

On S1 and S2, execute the show vlan short command. Interface F0/1 has been removed from VLAN 1. In the VLAN table, trunked interfaces are not mentioned.

S1# display vlan summary

VLAN NameStatusPorts

—- ——————————– ——— ——————————-

1defaultactiveFa0/2, Fa0/3, Fa0/4, Fa0/5

Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/24, Gi0/1, Gi0/2

10Active Operations Fa0/6, Fa0/11, and Fa0/21

20Parking Lotactive

99ManagementactiveFa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/22, Fa0/23

1000 Indigenous

1002 fddi-defaultact/unsup

1003 token-ring-defaultact/unsup

1004 fddinet-defaultact/unsup

1005 trnet-defaultact/unsup

Enter show interfaces trunk to see trunked interfaces. The mode on S1 is set to desired, while the mode on S2 is set to automatic.

S1# display trunk interfaces

vlan with PortModeEncapsulationStatusNative

Fa0/1desirable802.1qtrunking1

PortVLANs permitted on the trunk

Fa0/11-4094

PortVLANs permitted and operational in the management domain

Fa0/11,10,20,99,1000

PortVLANs in spanning tree forwarding state which have not been trimmed

Fa0/11,10,20,99,1000

S2# display trunk interfaces

vlan with PortModeEncapsulationStatusNative

Fa0/1auto802.1qtrunking1

PortVLANs permitted on the trunk

Fa0/11-4094

PortVLANs permitted and operational in the management domain

Fa0/11,10,20,99,1000

PortVLANs in spanning tree forwarding state which have not been trimmed

Fa0/11,10,20,99,1000

Note: All VLANs are permitted on a trunk by default. The switchport trunk command enables you to manage which VLANs may access the trunk. Keep the default settings for this lab, which enable all VLANs to transit F0/1.

Close window for configuration

Verify that VLAN traffic is being sent through trunk interface F0/1.

Questions:

Can S1 ping S2?

Yes

Can PC-A ping PC-B?

Yes

Can PC-A ping S1?

No

Can PC-B ping S2?

No

If you replied no to any of the above questions, please provide an explanation below.

Since the switches are in VLAN 99 and the PCs are in VLAN 10, pings between the VLANs failed.

Step 2: Configure manually trunk interface F0/1.

The switchport mode trunk command configures a port manually as a trunk. Both sides of the connection must execute this instruction.

Change the mode of the switchport on interface F0/1 to trunking. Ensure that this is performed on both switches.

Launch configuration display

S1(config)# f0/1 interface

S1(config-if)# trunk switchport mode

S2(config)# f0/1 interface

S2(config-if)# trunk switchport mode

Enter show interfaces trunk to see the trunk mode. Observe how the mode shifted from desired to active.

S2# display trunk interfaces

vlan with PortModeEncapsulationStatusNative

Fa0/1on802.1qtrunking1

PortVLANs permitted on the trunk

Fa0/11-4094

PortVLANs permitted and operational in the management domain

Fa0/11,10,20,99,1000

PortVLANs in spanning tree forwarding state which have not been trimmed

Fa0/11,10,20,99,1000

Change the native VLAN on the trunk configuration of both switches from VLAN 1 to VLAN 1000.

S1(config)# f0/1 interface

S1(config-if)# trunk native VLAN 1000 for switchport

S2(config)# f0/1 interface

S2(config-if)# trunk native VLAN 1000 for switchport

Enter the command show interfaces trunk to examine the trunk. Observe the revised Native VLAN details.

S2# display trunk interfaces

vlan with PortModeEncapsulationStatusNative

Fa0/1on802.1qtrunking1000

PortVLANs permitted on the trunk

Fa0/11-4094

PortVLANs permitted and operational in the management domain

Fa0/11,10,20,99,1000

PortVLANs in spanning tree forwarding state which have not been trimmed

Fa0/11,10,20,99,1000

Questions:

Why would you manually set an interface to trunk mode as opposed to utilising DTP?

Not every equipment utilises DTP. Using the switchport mode trunk command guarantees that the port will become a trunk regardless of the sort of device at the other end of the connection.

Why would you want to modify the native VLAN on a trunk?

Using the default VLAN, VLAN 1, as the native VLAN poses a security risk. All the numerous control protocols that are transmitted between switches are transferred over the native VLAN 1 untagged, and if default settings are utilised on user-connected ports, this information might be exposed.

Close window for configuration

Part 5: Eradicating the VLAN Database

In Part 5, you will erase the switch's VLAN Database. This must be performed when resetting a switch to its default settings.

Determine whether the VLAN database exists in the first step.

Launch configuration display

Execute the show flash command to check whether or not the vlan.dat file exists in flash.

S1# display flash:

Listing of flash:/

2–rwx59416Mar 1 1993 01:20:12 +00:00multiple-fs

3–rwx15186645Mar 1 1993 00:19:23 +00:00c2960-lanbasek9-mz.152-4.E8.bin

5–rwx796Sep 19 2019 02:48:04 +00:00vlan.dat

61028352 total bytes (33762304 bytes free)

Note: If flash contains the vlan.dat file, the VLAN database does not include its default values.

Delete the VLAN database in Step 2.

Execute the delete vlan.dat command to remove the vlan.dat file from flash and restore the VLAN database to its default configuration. You will be requested again for confirmation before the vlan.dat file is deleted. Enter twice each time.

S1# remove vlan.dat

Delete filename [vlan.dat]?

Delete flash:/vlan.dat? [confirm]

Execute show flash to confirm that the vlan.dat file has been removed.

S1# display flash:

Listing of flash:/

2–rwx59416Mar 1 1993 01:20:12 +00:00multiple-fs

3–rwx15186645Mar 1 1993 00:19:23 +00:00c2960-lanbasek9-mz.152-4.E8.bin

61028352 total bytes (33763840 bytes free)

Question:

What more commands are required to restore a switch to its factory settings?

After the remove vlan.dat command, the erase startup-config and reload commands must be performed to restore a switch to its factory defaults.

Close window for configuration

Reflection Questions

What is required for VLAN 10 hosts to interact with VLAN 99 hosts?

To support Inter-VLAN routing, a Layer 3 device is required to transport data between VLANs. Responses will vary.

What are some of the most important advantages that an organisation may get from the efficient usage of VLANs?

Answers may vary, but VLAN advantages include greater security, cost savings (efficient use of bandwidth and uplinks), higher performance (smaller broadcast domains), mitigation of broadcast storms, enhanced IT staff efficiency, and simplified project and application administration.

Device Configs – Final

Switch S1

Building configuration…

Current configuration : 2571 bytes

!

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname S1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$GCQG$N33u/asvJfEWsnrIHRWjM1

!

no aaa new-model

system mtu routing 1500

!

no ip domain-lookup

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport trunk native vlan 1000

switchport mode trunk

!

interface FastEthernet0/2

shutdown

!

interface FastEthernet0/3

shutdown

!

interface FastEthernet0/4

shutdown

!

interface FastEthernet0/5

shutdown

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

shutdown

!

interface FastEthernet0/8

shutdown

!

interface FastEthernet0/9

shutdown

!

interface FastEthernet0/10

shutdown

!

interface FastEthernet0/11

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/12

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/13

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/14

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/15

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/16

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/17

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/18

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/19

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/20

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/21

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/22

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/23

switchport access vlan 99

switchport mode access

shutdown

!

interface FastEthernet0/24

switchport mode access

shutdown

!

interface GigabitEthernet0/1

shutdown

!

interface GigabitEthernet0/2

shutdown

!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.1.11 255.255.255.0

!

ip http server

ip http secure-server

!

banner motd ^C Authorized Users Only! ^C

!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end

Switch S2

Building configuration…

Current configuration : 1875 bytes

!

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname S2

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$jTd.$1rhSHu68akU70GYYyc4Dy1

!

no aaa new-model

system mtu routing 1500

!

no ip domain-lookup

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport trunk native vlan 1000

switchport mode trunk

!

interface FastEthernet0/2

shutdown

!

interface FastEthernet0/3

shutdown

!

interface FastEthernet0/4

shutdown

!

interface FastEthernet0/5

shutdown

!

interface FastEthernet0/6

shutdown

!

interface FastEthernet0/7

shutdown

!

interface FastEthernet0/8

shutdown

!

interface FastEthernet0/9

shutdown

!

interface FastEthernet0/10

shutdown

!

interface FastEthernet0/11

shutdown

!

interface FastEthernet0/12

shutdown

!

interface FastEthernet0/13

shutdown

!

interface FastEthernet0/14

shutdown

!

interface FastEthernet0/15

shutdown

!

interface FastEthernet0/16

shutdown

!

interface FastEthernet0/17

shutdown

!

interface FastEthernet0/18

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/19

shutdown

!

interface FastEthernet0/20

shutdown

!

interface FastEthernet0/21

shutdown

!

interface FastEthernet0/22

shutdown

!

interface FastEthernet0/23

shutdown

!

interface FastEthernet0/24

shutdown

!

interface GigabitEthernet0/1

shutdown

!

Interface GigabitEthernet0/2

shutdown

!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.1.12 255.255.255.0

!

ip http server

ip http secure-server

!

banner motd ^C Authorized Users Only! ^C

!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end