Config Lab: Layer 3 Switching 2
This next lab is one of the longer labs in this config lab series. The lab includes some simple tasks to configure 802.1Q trunking and to create VLANs. The big focus of the lab however is to enable layer 3 switching on two distribution switches using VLAN interfaces (that is, SVIs). The lab itself requires a few dozen configuration commands, so it will take a little longer than the usual 5-10 minutes. As always, it is best to try these after you have read about the topic in your study materials.
The Lab Exercise
Requirements
In this design, you will create the routing configuration required to support four user VLANs for PCs and two voice VLANs for IP phones. Two user data VLANs exist on switch Access1 (VLANs 10 and 20), and two user data VLANs exist on switch Access2 (VLANs 30 and 40). Additionally, all IP phones off switch Access1 should be assigned to voice VLAN 100, and all IP phones off switch Access 2 should be assigned to voice VLAN 200. The two distribution switches route between those VLANs, even using a link between the two switches to route packets between the distribution switches.
The specific rules for this lab are:
- Configure the access switches (Access1 and Access2):
- As layer 2 switches
- Create the necessary VLANs (data and voice) per the figure
- Assume VTP Transparent mode is in use on all switches
- Configure the ports on the bottom of the access switches (in the figure) to be access ports in the listed VLANs
- Configure trunks:
- Make the link from switch Dist1 to Access1 a manual 802.1Q trunk
- Make the link from switch Dist2 to Access2 a manual 802.1Q trunk
- (Do NOT make the Dist1 to Dist2 link a trunk)
- Configure the distribution switches (Dist1 and Dist2)
- As layer 3 switches
- Use SVIs for the switches’ layer 3 interfaces (that is, VLAN interfaces)
- Use the IP addresses listed in the figure
- Create the necessary VLANs (data and voice) per the figure
- Assume VTP transparent mode
- Use the IP addresses listed in the figure
- Configure the link between the distribution switches
- Do not trunk on this link
- Make this link an access link in VLAN 500
- Route between switches Dist1 and Dist2 over this link between the switches
- Enable all SVI/VLAN interfaces
- Note that OSPF and IPv4 routing have been pre-configured in preparation for your layer 3 switching configuration
Figure 1: Topology in Which to Add new IP Phones to Voice VLAN 100
Initial Configuration
Examples 1, 2, 3, and 4 show the beginning configuration state of Dist1, Dist2, Access1, and Access2.
hostname Dist1
!
ip routing
!
interface GigabitEthernet1/1/1
no shutdown
!
interface GigabitEthernet1/1/2
no shutdown
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
Example 1: Dist1 Config
hostname Dist2
!
ip routing
!
interface GigabitEthernet1/1/1
no shutdown
!
interface GigabitEthernet1/1/2
no shutdown
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
Example 2: Dist2 Config
hostname Access1
!
interface GigabitEthernet1/0/1
no shutdown
!
interface GigabitEthernet1/0/2
no shutdow
!
interface GigabitEthernet1/1/1
no shutdown
Example 3: Access1 Config
hostname Access2
!
interface GigabitEthernet1/0/1
no shutdown
!
interface GigabitEthernet1/0/2
no shutdow
!
interface GigabitEthernet1/1/1
no shutdownExample 4: Access2 Config
Answer Options - Click Tabs to Reveal
You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!
To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.
You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.
(Use this link for more information about Cisco Packet Tracer.)
Use this workflow to do the labs in Cisco Packet Tracer:
- Download the .pkt file linked below.
- Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
- Add your planned configuration to the lab.
- Test the configuration using some of the suggestions below.
You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.
If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:
- Download the CML file (filetype .yaml) linked below.
- Import the lab’s CML file into CML and then start the lab.
- Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
- Add your planned configuration to the lab.
- Test the configuration using some of the suggestions below.
Network Device Info:
This table lists the interfaces listed in the lab exercise documentation versus those used in the sample CML file.
| Device | Lab Port | CML Port |
| Dist1 | G1/1/1 | G0/1 |
| Dist1 | G1/1/2 | G0/2 |
| Dist2 | G1/1/1 | G0/1 |
| Dist2 | G1/1/2 | G0/2 |
| Access1 | G1/1/1 | G0/1 |
| Access1 | G1/0/1 | G0/3 |
| Access1 | G1/0/2 | G0/2 |
| Access2 | G1/1/1 | G0/1 |
| Access2 | G1/0/1 | G0/3 |
| Access2 | G1/0/2 | G0/2 |
Host device info:
This table lists host information pre-configured in CML, information that might not be required by the lab but may be useful to you.
| Device | IP Address | Gateway | User/password |
| PC1 | 172.16.1.50 | 172.16.1.1 | cisco/cisco |
| PC2 | 172.16.1.100 | 172.16.1.65 | cisco/cisco |
| PC3 | 172.16.1.150 | 172.16.1.129 | cisco/cisco |
| PC4 | 172.16.1.200 | 172.16.1.193 | cisco/cisco |
Lab Answers Below: Spoiler Alert
Lab Answers: Configuration (Click Tab to Reveal)
Answers
Figure 1: Topology in Which to Add new IP Phones to Voice VLAN 100
vlan 10,20,100,500
!
interface GigabitEthernet1/1/1
switchport access vlan 500
!
interface GigabitEthernet1/1/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan10
ip address 172.16.1.1 255.255.255.192
no shutdown
!
interface Vlan20
ip address 172.16.1.65 255.255.255.192
no shutdown
!
interface Vlan100
ip address 100.100.100.1 255.255.255.0
no shutdown
!
interface Vlan500
ip address 200.200.200.1 255.255.255.248
no shutdownExample 1: Dist1 Config
vlan 30,40,200,500
!
interface GigabitEthernet1/1/1
switchport access vlan 500
!
interface GigabitEthernet1/1/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan30
ip address 172.16.1.129 255.255.255.192
no shutdown
!
interface Vlan40
ip address 172.16.1.193 255.255.255.192
no shutdown
!
interface Vlan200
ip address 100.100.200.1 255.255.255.0
no shutdown
!
interface Vlan500
ip address 200.200.200.6 255.255.255.248
no shutdownExample 2: Dist2 Config
vlan 10,20,100
!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport voice vlan 100
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport voice vlan 100
!
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
Example 3: Access1 Config
vlan 30,40,200
!
interface GigabitEthernet1/0/1
switchport access vlan 40
switchport voice vlan 200
!
interface GigabitEthernet1/0/2
switchport access vlan 30
switchport voice vlan 200
!
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport mode trunkExample 4: Access2 Config
Commentary, Issues, and Verification Tips (Click Tabs to Reveal)
Commentary
Layer 3 switching has become the preferred method for layer 3 forwarding in LANs as compared with using routers. Layer 3 switching relies of LAN switching hardware that often performs both layer 2 and layer 3 forwarding at higher capacities (more messages per second) than comparable routers. Also, using layer 3 switches instead of routers avoids having to use the Router-on-a-Stick method required for routers, which sends packets over a link to a router and then back out that same physical link. As a result, many campus and data center networks are built with switches only, with routers sitting only at the edge of the WAN.
With this lab you were tasked with configuring switches as both layer 2 and layer 3, the access switches will utilize only their layer 2 features including their ability to handle a VoIP phone and a PC on the same switch port while their distribution counterparts will use both their layer 2 and layer 3 features and act as gateways for the attached PCs and VoIP phones.
Access Switch Configuration
To begin the discussion first consider access switch Access1. Access1 has three different interfaces, two of will be access ports that each connect to a phone and PC. The third interface will be a trunk port that connects back to the Dist1 switch. (Note that switch Access2 has the same basic requirements, just with different VLANs.)
Still focusing on switch Access1, to create the three VLANs use the vlan 10, vlan 20 and vlan 100 commands. (Alternately, create all three at once using the vlan 10,20,100 command as shown in Example 3.)
Next, still on Access1, you need to configure both the data and voice VLAN on ports G0/2 and G0/3. On G0/2, with its data VLAN 10, configure the switchport access vlan 10 to define the data VLAN, and then the switchport voice vlan 100 command to define the voice VLAN used by the phone. Similarly, on port G0/3, configure VLAN 20 as the data VLAN with the switchport access vlan 20 command, and that same voice VLAN with the switchport voice vlan 100 command.
Finally, even still on switch Access1, configure interface GigabitEthernet 0/1 as a trunk. To do that, use the switchport mode trunk command.
Switch Access2 needs the same configuration details, just with different VLAN numbers; refer to Example 4 for details.
Distribution Switch Configuration
The distribution switch configuration is a bit more complex as it uses trunks, access ports and layer 3 VLAN interfaces.
First, just sit back and think about the VLANs that the two distribution switches must configure. First, assuming that VTP transparent mode is used, the VLANs must be configured on each switch (that is, they will not be learned with VTP). Each distribution switch must know of VLAN 500, used on the access link between the two distribution switches. Then each distribution switches must know about the access VLANs used on the connected access switch, but not the opposite access switch. Table 1 lists the VLANs that each distribution switch must know and for which each switch will need a VLAN interface so it can route packets for the subnets on those VLANs.
| VLAN | Purpose | Subnet is Routed by Dist1? | Subnet is Routed by Dist2? |
| 10 | Data VLAN on Access1 | Yes | No |
| 20 | Data VLAN on Access1 | Yes | No |
| 100 | Voice VLAN on Access1 | Yes | No |
| 30 | Data VLAN on Access2 | No | Yes |
| 40 | Data VLAN on Access2 | No | Yes |
| 200 | Voice VLAN on Access2 | No | Yes |
| 500 | Link between Dist1 and Dist2 | Yes | Yes |
Table 1: VLANs and VLAN Interfaces that Dist1 and Dist2 Need to Support
The table spells out the details of the vlan and interface vlan command that both Dist1 and Dist2 need to configure and support. Both will need to configure four VLANs, as follows:
- Dist1: vlan 10, vlan 20, vlan 100 and vlan 500 commands
- Dist2: vlan 30, vlan 40, vlan 200 and vlan 500 commands
Additionally, each distribution switch needs a matching interface vlan vlan-id command. Then for each VLAN interface (four on each switch in this case), configure an IP address per the figure (for instance, ip address 172.16.1.1 255.255.255.192), and enable the interface (no shutdown). Examples 1 and 2 show those details.
Finally, each of the two distribution switches must also enable layer 3 switching. On some models of switches, the switch first requires that the switching ASIC be enabled to support IPv4 routing with a command like the sdm prefer command, followed by a reload exec command. (This lab does not show that part of the configuration, assuming that you are using a switch that is layer 3 capable by default.) The switch also needs to have IPv4 routing enabled, which requires the ip routing global configuration command. (That command is listed in the configuration in both Example 1 and Example 2.)
To configure interface GigabitEthernet0/1 into VLAN 500 use the switchport access vlan 500 command. To configure interface GigabitEthernet0/2 as a trunk using 802.1q encapsulation use the following commands: switchport trunk encapsulation dot1q and switchport mode trunk. Next you need to configure a VLAN interface for the four configured VLANs. To configure the interface for VLAN 10 use the interface vlan 10 command, to configure its IP address use the ip address 172.16.1.1 255.255.255.192 command. To configure the interface for VLAN 20 use the interface vlan 20 command, to configure its IP address use the ip address 172.16.1.65 255.255.255.192 command. To configure the interface for VLAN 100 use the interface vlan 100 command, to configure its IP address use the ip address 100.100.100.1 255.255.255.0 command. To configure the interface for VLAN 500 use the interface vlan 500 command, to configure its IP address use the ip address 200.200.200.1 255.255.255.0 command.
Dist2 has two different interfaces, one of its interfaces will be an access port that connects to Dist1 and the other will be a trunk port that connects back to the Access2 switch. To create the four VLANs use the vlan 30, vlan 40, vlan 200 and vlan 50 commands. To configure interface GigabitEthernet0/1 into VLAN 500 use the switchport access vlan 500 command. To configure interface GigabitEthernet0/2 as a trunk using 802.1q encapsulation use the following commands: switchport trunk encapsulation dot1q and switchport mode trunk. Next you need to configure a VLAN interface for the four configured VLANs. To configure the interface for VLAN 30 use the interface vlan 30 command, to configure its IP address use the ip address 172.16.1.129 255.255.255.192 command. To configure the interface for VLAN 40 use the interface vlan 40 command, to configure its IP address use the ip address 172.16.1.193 255.255.255.192 command. To configure the interface for VLAN 200 use the interface vlan 200 command, to configure its IP address use the ip address 100.100.200.1 255.255.255.0 command. To configure the interface for VLAN 500 use the interface vlan 500 command, to configure its IP address use the ip address 200.200.200.6 255.255.255.0 command.
Known Issues in this Lab
This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:
| # | Summary | Detail |
| 1 | Trunking encapsulation may need to be configured | Packet Tracer LAN switches operate like older Cisco switch generations in that they support both ISL and 802.1Q trunking. To make a trunk work in this lab, you may need to configure the switchport trunk encapsulation dot1q command on each switch interface. You also may not need the command, depending on the PT version and switch model used in PT. |
Why Would Cisco Packet Tracer Have Issues?
(Note: The below text is the same in every Config Lab.)
Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software as real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without owning real devices.
CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.
Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps.
On the distribution switches:
- Check that the VLANs have been created by using the show vlan brief command.
- Check that the VLAN interfaces were configured with the show ip interfaces brief and/or show running-config commands.
- Check that the trunks are operational using the show interfaces trunk command.
On the access switches:
- Check that the VLANs have been created and assigned properly using the show vlan brief command.
- Verify that the trunks are operational using the show interfaces trunk command.