Config Lab: Layer 3 Switching 2

Wendell Odom
By Wendell Odom September 17, 2021 13:05

This next lab is one of the longer labs in this config lab series. The lab includes some simple tasks to configure 802.1Q trunking and to create VLANs. The big focus of the lab however is to enable layer 3 switching on two distribution switches using VLAN interfaces (that is, SVIs). The lab itself requires a few dozen configuration commands, so it will take a little longer than the usual 5-10 minutes. As always, it is best to try these after you have read about the topic in your study materials.

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Requirements

In this design, you will create the routing configuration required to support four user VLANs for PCs and two voice VLANs for IP phones. Two user data VLANs exist on switch Access1 (VLANs 10 and 20), and two user data VLANs exist on switch Access2 (VLANs 30 and 40). Additionally, all IP phones off switch Access1 should be assigned to voice VLAN 100, and all IP phones off switch Access 2 should be assigned to voice VLAN 200. The two distribution switches route between those VLANs, even using a link between the two switches to route packets between the distribution switches.

The specific rules for this lab are:

  • Configure the access switches (Access1 and Access2):
    • As layer 2 switches
    • Create the necessary VLANs (data and voice) per the figure
    • Assume VTP Transparent mode is in use on all switches
    • Configure the ports on the bottom of the access switches (in the figure) to be access ports in the listed VLANs
  • Configure trunks:
    • Make the link from switch Dist1 to Access1 a manual 802.1Q trunk
    • Make the link from switch Dist2 to Access2 a manual 802.1Q trunk
    • (Do NOT make the Dist1 to Dist2 link a trunk)
  • Configure the distribution switches (Dist1 and Dist2)
    • As layer 3 switches
    • Use SVIs for the switches’ layer 3 interfaces (that is, VLAN interfaces)
    • Use the IP addresses listed in the figure
    • Create the necessary VLANs (data and voice) per the figure
    • Assume VTP transparent mode
    • Use the IP addresses listed in the figure
  • Configure the link between the distribution switches
    • Do not trunk on this link
    • Make this link an access link in VLAN 500
    • Route between switches Dist1 and Dist2 over this link between the switches
  • Enable all SVI/VLAN interfaces
  • Note that OSPF and IPv4 routing have been pre-configured in preparation for your layer 3 switching configuration

Figure 1: Topology in Which to Add new IP Phones to Voice VLAN 100

 

Initial Configuration

Examples 1, 2, 3, and 4 show the beginning configuration state of Dist1, Dist2, Access1, and Access2.

 

Example 1: Dist1 Config

 

Example 2: Dist2 Config

 

Example 3: Access1 Config

 

Example 4: Access2 Config

Answer Options - Click Tabs to Reveal

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Network Device Info:

This table lists the interfaces listed in the lab exercise documentation versus those used in the sample CML file.

Device Lab Port  CML Port
Dist1 G1/1/1 G0/1
Dist1 G1/1/2 G0/2
Dist2 G1/1/1 G0/1
Dist2 G1/1/2 G0/2
Access1 G1/1/1 G0/1
Access1 G1/0/1 G0/3
Access1 G1/0/2 G0/2
Access2 G1/1/1 G0/1
Access2 G1/0/1 G0/3
Access2 G1/0/2 G0/2

 

Host device info:

This table lists host information pre-configured in CML, information that might not be required by the lab but may be useful to you.

Device IP Address Gateway User/password
PC1 172.16.1.50 172.16.1.1 cisco/cisco
PC2 172.16.1.100 172.16.1.65 cisco/cisco
PC3 172.16.1.150 172.16.1.129 cisco/cisco
PC4 172.16.1.200 172.16.1.193 cisco/cisco

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Answers

Figure 1: Topology in Which to Add new IP Phones to Voice VLAN 100

 

Example 1: Dist1 Config

 

Example 2: Dist2 Config

 

Example 3: Access1 Config

 

Example 4: Access2 Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Commentary

Layer 3 switching has become the preferred method for layer 3 forwarding in LANs as compared with using routers. Layer 3 switching relies of LAN switching hardware that often performs both layer 2 and layer 3 forwarding at higher capacities (more messages per second) than comparable routers. Also, using layer 3 switches instead of routers avoids having to use the Router-on-a-Stick method required for routers, which sends packets over a link to a router and then back out that same physical link. As a result, many campus and data center networks are built with switches only, with routers sitting only at the edge of the WAN.

With this lab you were tasked with configuring switches as both layer 2 and layer 3, the access switches will utilize only their layer 2 features including their ability to handle a VoIP phone and a PC on the same switch port while their distribution counterparts will use both their layer 2 and layer 3 features and act as gateways for the attached PCs and VoIP phones.

Access Switch Configuration

To begin the discussion first consider access switch Access1. Access1 has three different interfaces, two of will be access ports that each connect to a phone and PC. The third interface will be a trunk port that connects back to the Dist1 switch. (Note that switch Access2 has the same basic requirements, just with different VLANs.)

Still focusing on switch Access1, to create the three VLANs use the vlan 10, vlan 20 and vlan 100 commands. (Alternately, create all three at once using the vlan 10,20,100 command as shown in Example 3.)

Next, still on Access1, you need to configure both the data and voice VLAN on ports G0/2 and G0/3. On G0/2, with its data VLAN 10, configure the switchport access vlan 10 to define the data VLAN, and then the switchport voice vlan 100 command to define the voice VLAN used by the phone. Similarly, on port G0/3, configure VLAN 20 as the data VLAN with the switchport access vlan 20 command, and that same voice VLAN with the switchport voice vlan 100 command.

Finally, even still on switch Access1, configure interface GigabitEthernet 0/1 as a trunk. To do that, use the switchport mode trunk command.

Switch Access2 needs the same configuration details, just with different VLAN numbers; refer to Example 4 for details.

Distribution Switch Configuration

The distribution switch configuration is a bit more complex as it uses trunks, access ports and layer 3 VLAN interfaces.

First, just sit back and think about the VLANs that the two distribution switches must configure. First, assuming that VTP transparent mode is used, the VLANs must be configured on each switch (that is, they will not be learned with VTP). Each distribution switch must know of VLAN 500, used on the access link between the two distribution switches. Then each distribution switches must know about the access VLANs used on the connected access switch, but not the opposite access switch. Table 1 lists the VLANs that each distribution switch must know and for which each switch will need a VLAN interface so it can route packets for the subnets on those VLANs.

VLAN Purpose Subnet is Routed by Dist1? Subnet is Routed by Dist2?
10 Data VLAN on Access1 Yes No
20 Data VLAN on Access1 Yes No
100 Voice VLAN on Access1 Yes No
30 Data VLAN on Access2 No Yes
40 Data VLAN on Access2 No Yes
200 Voice VLAN on Access2 No Yes
500 Link between Dist1 and Dist2 Yes Yes

 

Table 1: VLANs and VLAN Interfaces that Dist1 and Dist2 Need to Support

 

The table spells out the details of the vlan and interface vlan command that both Dist1 and Dist2 need to configure and support. Both will need to configure four VLANs, as follows:

  • Dist1: vlan 10, vlan 20, vlan 100 and vlan 500 commands
  • Dist2: vlan 30, vlan 40, vlan 200 and vlan 500 commands

 

Additionally, each distribution switch needs a matching interface vlan vlan-id command. Then for each VLAN interface (four on each switch in this case), configure an IP address per the figure (for instance, ip address 172.16.1.1 255.255.255.192), and enable the interface (no shutdown). Examples 1 and 2 show those details.

Finally, each of the two distribution switches must also enable layer 3 switching. On some models of switches, the switch first requires that the switching ASIC be enabled to support IPv4 routing with a command like the sdm prefer command, followed by a reload exec command. (This lab does not show that part of the configuration, assuming that you are using a switch that is layer 3 capable by default.) The switch also needs to have IPv4 routing enabled, which requires the ip routing global configuration command. (That command is listed in the configuration in both Example 1 and Example 2.)

To configure interface GigabitEthernet0/1 into VLAN 500 use the switchport access vlan 500 command. To configure interface GigabitEthernet0/2 as a trunk using 802.1q encapsulation use the following commands: switchport trunk encapsulation dot1q and switchport mode trunk. Next you need to configure a VLAN interface for the four configured VLANs. To configure  the interface for VLAN 10 use the interface vlan 10 command, to configure its IP address use the ip address 172.16.1.1 255.255.255.192 command. To configure the interface for VLAN 20 use the interface vlan 20 command, to configure its IP address use the ip address 172.16.1.65 255.255.255.192 command. To configure the interface for VLAN 100 use the interface vlan 100 command, to configure its IP address use the ip address 100.100.100.1 255.255.255.0 command.  To configure the interface for VLAN 500 use the interface vlan 500 command, to configure its IP address use the ip address 200.200.200.1 255.255.255.0 command.

Dist2 has two different interfaces, one of its interfaces will be an access port that connects to Dist1 and the other will be a trunk port that connects back to the Access2 switch. To create the four VLANs use the vlan 30, vlan 40, vlan 200 and vlan 50 commands. To configure interface GigabitEthernet0/1 into VLAN 500 use the switchport access vlan 500 command. To configure interface GigabitEthernet0/2 as a trunk using 802.1q encapsulation use the following commands: switchport trunk encapsulation dot1q and switchport mode trunk. Next you need to configure a VLAN interface for the four configured VLANs. To configure  the interface for VLAN 30 use the interface vlan 30 command, to configure its IP address use the ip address 172.16.1.129 255.255.255.192 command. To configure the interface for VLAN 40 use the interface vlan 40 command, to configure its IP address use the ip address 172.16.1.193 255.255.255.192 command. To configure the interface for VLAN 200 use the interface vlan 200 command, to configure its IP address use the ip address 100.100.200.1 255.255.255.0 command. To configure the interface for VLAN 500 use the interface vlan 500 command, to configure its IP address use the ip address 200.200.200.6 255.255.255.0 command.

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 Trunking encapsulation may need to be configured Packet Tracer LAN switches operate like older Cisco switch generations in that they support both ISL and 802.1Q trunking. To make a trunk work in this lab, you may need to configure the switchport trunk encapsulation dot1q command on each switch interface. You also may not need the command, depending on the PT version and switch model used in PT.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software as real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without owning real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

On the distribution switches:

  1. Check that the VLANs have been created by using the show vlan brief command.
  2. Check that the VLAN interfaces were configured with the show ip interfaces brief and/or show running-config commands.
  3. Check that the trunks are operational using the show interfaces trunk command.

On the access switches:

  1. Check that the VLANs have been created and assigned properly using the show vlan brief command.
  2. Verify that the trunks are operational using the show interfaces trunk command.

More Labs with Related Content!

Config Lab: Layer 3 Switching 1
Config Lab: Layer 3 Switching w/ SVIs
Wendell Odom
By Wendell Odom September 17, 2021 13:05
Write a comment

6 Comments

  1. Kam November 27, 10:52

    Hi Wendell! Thanks for writing excellent book on CCNA as well as for all these practice labs.
    One question: Is it required to add the following two commands for Layer 3 switch interfaces when trunking with the layer 2 switch?
    switchport trunk encapsulation dot1q
    switchport mode trunk
    Doesn’t the Layer 3 switch automatically make the interface trunk with the command, for example:
    interface Vlan10
    ip address 172.16.1.1 255.255.255.192
    no shutdown
    I tried both ways with and without “switchport trunk encapsulation dot1q
    switchport mode trunk” in Packet Tracer and it works both the times. So, I was wondering what is the correct configuration?

    Reply to this comment
    • certskills November 30, 13:57

      Hi Kam,
      You’re welcome! Glad you’re enjoying the content.
      On your question, first, note that the inital configs and answer configs showed the incorrect interface IDs in comparison to the figure and .pkt file. I just updated the post to reflect the correct interfaces. FYI.

      However, I think you had already overcome that issue because that’s not what you asked about. So, on that point: The link from Dist1 to Access 1 must operate as a trunk. Likewise, the Dist2 to Access2 link must operate as a trunk. Given that, you said you configured without two commands (switchport mode trunk, switchport trunk encapsulation dot1q), but where? EG, if on the Dist1 to Access1 link, you omitted those commands on one side, but configured them on the other, both ends will trunk.

      The key is the “show interface g1/1/1 switchport” command, or “show interface g1/1/1 trunk”, or similar depending on the switch. That shows the admin and operational trunking state. Both ends of the link must show it operating as a trunk, otherwise the pings should fail.

      I did a little testing in Packet Tracer, just to see if there wasn’t a packet tracer issue going on. With those config commands omitted on one end of the link, both ends trunked. With the commands omitted on both ends, the link was not operating as a trunk. Also, pings from PC to PC worked when operating as a trunk, and failed when not.

      Hope this helps…
      WEndell

      Reply to this comment
  2. Aaron February 3, 02:25

    Hi, im confused… the following command doesn’t exist on Access 1 switch?? “switchport trunk encapsulation dot1q” Is this correct? Cheer Aaron

    Reply to this comment
    • certskills February 3, 15:10

      Hi Aaron,
      Yeah, that command is correct, but it is confusing.
      First, I just opened the .pkt file for this lab, and on Access1, issued:
      Config t
      int g1/1/1
      switchport trunk mode dot1q
      … and it works.

      However, to help clear up the larger questions, I’ve added something to the “Known Packet Tracer Issues” tab. In short, on real modern Cisco switches, this command is not needed, because the switches support only 802.1Q and not the older ISL trunking protocol. However, PT, on some switches and at different versions of the PT code, still require the command. So I try and leave notes to help you with doing the labs in Packet Tracer. Which creates a bit of a mess.
      Hope this helps…

      Reply to this comment
  3. Punya Athma April 27, 07:51

    Hi,

    Good day,

    In this particular Lab Exercise, titled, as, “Config Lab : Layer 3 Switching 2”, and in some other labs too;

    Somtimes, the IP Addresses and default-gateway Addresses for the PCs, not given. In this event is it left to the student to configure correct IP Addresses, and, default-gateway addresses for these PCs for the purpose of sending Pings to verify the Exercise once it was completed??

    The next issue is VoIP:

    Honestly, though it might be easy and very simple, I have just the basic knowledge about the Modes Operandi of any VoIP.
    In this Exercise, is it needed to configure IP Addresses for these VoIP phones, and, in that event also can the student configure the correct IP Addresses??
    In the P/Tcr topology of this Exercise once the mouse clicked over the VoIP icon, similar to a PC or a network device, the front and rear sides of VoIP pops up.
    However more instructions are needed about the configuration of these phones.

    Furthermore, is there any aspect of default-gateway for the VoIP, similar as PCs??

    Reply to this comment
  4. certskills May 12, 08:48

    Punya,
    1) On the default gateway and IP address config on the PCs in a lab, couple of thoughts. I think it’s a great review exercise to have CCNA students set the IP address and default gateway as it reviews subnetting skills. So yes, we leave some of those unset. But if you notice any, and want to leave me a comment on them, I could at least make a list, in case I decide to pre-configure them.

    2) The lab is narrowly focused, on purpose, on the switch config, and not on the phone config. CCNA covers only the switch config in relation to making the phones work. So that lab doesn’t list additional tasks.

    But to answer your question, the phones use DHCP to lease an IP address, learn the default gateway, and to also find details about how to download a config file from the UCM. That config file (specific to that phone) includes phone config, like extension, programmable buttons, and the like. But for IP, it works like a PC in terms of address/mask and gateway.

    Hope this helps,
    Wendell

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories