Home » Tools » VLAN Configuration & Trunking – How Two Switches Communicate in a Real Network (with Router & DHCP)

1️⃣ Lab Story – What Are We Building?

Title

“VLAN Configuration & Trunking – How Two Switches Communicate in a Real Network (with Router & DHCP)”

Learning Objectives

By the end of this lab, the viewer will:

  • Understand what a VLAN is and why we use it.
  • See how two switches share VLANs using a trunk link.
  • Configure access ports for HR, Admin, and IT departments.
  • Configure a router-on-a-stick to:
    • Act as the default gateway for all VLANs.
    • Provide DHCP addresses to all PCs in all VLANs.
    • Allow inter-VLAN communication (HR ↔ Admin ↔ IT).
  • Verify the setup using show commands and ping tests.

2️⃣ Lab Design & Topology

Devices

  • 2 × Cisco 2960 switches
    • SW-1 (left side)
    • SW-2 (right side)
  • 1 × Cisco router (e.g., 2911) – acts as router-on-a-stick and DHCP server
  • 5 × PCs
    • PC-HR-1, PC-HR-2 (HR dept)
    • PC-Admin-1, PC-Admin-2 (Admin dept)
    • PC-IT-1 (IT dept)

VLAN Plan

VLAN ID

Name

Where It Exists

Purpose

20

HR

SW-1 only

HR PCs

40

Admin

SW-1 & SW-2 (shared)

Admin PCs

50

NativeVLAN

SW-1 & SW-2

Native on trunks

80

IT

SW-2 + SW-1 (for trunk)

IT PC (on SW-2)

Explanation for viewers:

  • Each VLAN is a separate broadcast domain.
  • HR traffic is isolated in VLAN 20, Admin in VLAN 40, IT in VLAN 80.
  • VLAN 50 is used as native VLAN on trunks.

IP Addressing Plan (per VLAN)

Router will provide DHCP from these networks:

  • VLAN 20 – HR
    • Network: 192.168.20.0/24
    • Default Gateway: 192.168.20.1 (router subinterface)
  • VLAN 40 – Admin
    • Network: 192.168.40.0/24
    • Default Gateway: 192.168.40.1
  • VLAN 80 – IT
    • Network: 192.168.80.0/24
    • Default Gateway: 192.168.80.1

Physical & Logical Connections

Switch 1 (SW-1 – Cisco 2960)

  • Fa0/1 → PC-HR-1
  • Fa0/2 → PC-HR-2
  • Fa0/3 → PC-Admin-1
  • Gi0/1 → Trunk to SW-2 Gi0/1
  • Fa0/24 → Trunk to Router G0/0

Switch 2 (SW-2 – Cisco 2960)

  • Fa0/4 → PC-Admin-2
  • Fa0/5 → PC-IT-1
  • Gi0/1 → Trunk to SW-1 Gi0/1

Router (R1 – e.g., 2911)

  • G0/0 → Trunk to SW-1 Fa0/24
    (Will have subinterfaces G0/0.20, .40, .80)

Traffic Story You Can Explain

  • HR PCs (VLAN 20) can talk to each other.
  • Admin PCs (VLAN 40) are on different switches but same VLAN – they communicate over a trunk.
  • IT PC (VLAN 80) is on SW-2 only.
  • The router:
    • Gives IP addresses to all PCs via DHCP.
    • Routes traffic between VLANs (inter-VLAN routing).

3️⃣ Step-by-Step: Build the Environment in Packet Tracer

Step 1 – Place Devices

  1. Open Cisco Packet Tracer.
  2. From the bottom bar:
    • Go to Switches → drag 2 × 2960-24TT switches → name them SW-1 and SW-2.
    • Go to Routers → drag a 2911 (or similar) → name it R1.
    • Go to End Devices → drag 5 × PC-PT PCs → rename:
      • PC-HR-1
      • PC-HR-2
      • PC-Admin-1
      • PC-Admin-2
      • PC-IT-1

Step 2 – Connect the Devices (Cabling)

Use Copper Straight-Through cables for everything.

  1. PCs to SW-1
    • PC-HR-1 → SW-1 Fa0/1
    • PC-HR-2 → SW-1 Fa0/2
    • PC-Admin-1 → SW-1 Fa0/3
  2. PCs to SW-2
    • PC-Admin-2 → SW-2 Fa0/4
    • PC-IT-1 → SW-2 Fa0/5
  3. Trunk between switches
    • SW-1 Gi0/1 ↔ SW-2 Gi0/1 (use straight-through)
  4. Router to SW-1
    • R1 G0/0 ↔ SW-1 Fa0/24

Wait for all links to turn green.

4️⃣ Configure SW-1 (VLANs, Access Ports, Trunks)

Open SW-1 → CLI:

enable

configure terminal

hostname SW-1

4.1 Create VLANs 20, 40, 50, 80

vlan 20

 name HR

exit

vlan 40

 name Admin

exit

vlan 50

 name NativeVLAN

exit

vlan 80

 name IT

exit

4.2 Assign Access Ports for HR & Admin

! HR PCs on VLAN 20

interface range fa0/1 – 2

 switchport mode access

 switchport access vlan 20

 spanning-tree portfast

exit

 

! Admin PC on SW-1 (VLAN 40)

interface fa0/3

 switchport mode access

 switchport access vlan 40

 spanning-tree portfast

exit

4.3 Configure Trunk to SW-2 (Gi0/1)

interface gi0/1

 switchport mode trunk

 switchport trunk native vlan 50

 switchport trunk allowed vlan 40,50,80

 no shutdown

exit

We allow VLANs 40 & 80 (shared VLANs) plus the native VLAN 50 on the inter-switch trunk. HR (VLAN 20) stays local to SW-1.

4.4 Configure Trunk to Router (Fa0/24)

interface fa0/24

 switchport mode trunk

 switchport trunk native vlan 50

 switchport trunk allowed vlan 20,40,50,80

 no shutdown

exit

end

write memory

Here we include all user VLANs (20,40,80) so the router can act as gateway & DHCP for all.

5️⃣ Configure SW-2 (VLANs, Access Ports, Trunk)

Open SW-2 → CLI:

enable

configure terminal

hostname SW-2

5.1 Create VLANs Used on SW-2

vlan 40

 name Admin

exit

vlan 50

 name NativeVLAN

exit

vlan 80

 name IT

exit

5.2 Assign Access Ports

! Admin PC on SW-2 (VLAN 40)

interface fa0/4

 switchport mode access

 switchport access vlan 40

 spanning-tree portfast

exit

 

! IT PC on VLAN 80

interface fa0/5

 switchport mode access

 switchport access vlan 80

 spanning-tree portfast

exit

5.3 Configure Trunk to SW-1 (Gi0/1)

interface gi0/1

 switchport mode trunk

 switchport trunk native vlan 50

 switchport trunk allowed vlan 40,50,80

 no shutdown

exit

end

write memory

6️⃣ Configure the Router (R1) – Router-on-a-Stick + DHCP

Open R1 → CLI:

enable

configure terminal

hostname R1

6.1 Enable the Physical Interface

interface g0/0

 no shutdown

exit

6.2 Create Subinterfaces for Each VLAN

! VLAN 20 – HR

interface g0/0.20

 encapsulation dot1Q 20

 ip address 192.168.20.1 255.255.255.0

exit

 

! VLAN 40 – Admin

interface g0/0.40

 encapsulation dot1Q 40

 ip address 192.168.40.1 255.255.255.0

exit

 

! VLAN 80 – IT

interface g0/0.80

 encapsulation dot1Q 80

 ip address 192.168.80.1 255.255.255.0

exit

These subinterfaces are the default gateways for each VLAN.

6.3 Configure DHCP – Excluded Addresses

ip dhcp excluded-address 192.168.20.1 192.168.20.10

ip dhcp excluded-address 192.168.40.1 192.168.40.10

ip dhcp excluded-address 192.168.80.1 192.168.80.10

6.4 Create DHCP Pools

ip dhcp pool HR_VLAN20

 network 192.168.20.0 255.255.255.0

 default-router 192.168.20.1

 dns-server 8.8.8.8

exit

 

ip dhcp pool ADMIN_VLAN40

 network 192.168.40.0 255.255.255.0

 default-router 192.168.40.1

 dns-server 8.8.8.8

exit

 

ip dhcp pool IT_VLAN80

 network 192.168.80.0 255.255.255.0

 default-router 192.168.80.1

 dns-server 8.8.8.8

exit

 

end

write memory

7️⃣ Configure PCs to Use DHCP

For each PC (HR-1, HR-2, Admin-1, Admin-2, IT-1):

  1. Click the PC → Desktop tab → IP Configuration.
  2. Select DHCP.
  3. You should see:
    • HR PCs get 192.168.20.x /24, gateway 192.168.20.1.
    • Admin PCs get 192.168.40.x /24, gateway 192.168.40.1.
    • IT PC gets 192.168.80.x /24, gateway 192.168.80.1.

8️⃣ Verification & Demo Tests (for the end of your video)

On Switches

show vlan brief

show interfaces trunk

Explain:

  • Ports in correct VLANs.
  • Trunk ports with native VLAN 50 and allowed VLANs.

On Router

show ip interface brief

show ip dhcp binding

show ip dhcp pool

 

Scroll to Top