Block 2 Lab 1 — VLAN Fundamentals & Access Ports

Objectives

#	Objective
1	Create VLAN 10 (Sales) and VLAN 20 (Engineering) on SW1
2	Assign access ports to their correct VLANs
3	Verify VLAN assignment and port membership with show commands
4	Confirm intra-VLAN connectivity — PCs in same VLAN can ping
5	Confirm inter-VLAN isolation — PCs in different VLANs cannot ping
6	Troubleshoot a port assigned to the wrong VLAN
7	Knowledge check — VLAN fundamentals

Key Concepts

Concept	What it means
VLAN	Virtual LAN — logically partitions a switch into separate broadcast domains, even though devices share the same physical hardware.
Access port	A switch port that belongs to exactly one VLAN. Frames arrive and leave untagged. Used for end-device connections (PCs, printers).
Broadcast domain	The set of devices that receive a broadcast frame. VLANs define broadcast domain boundaries — broadcasts don't cross VLAN boundaries.
VLAN isolation	Devices in different VLANs cannot communicate at Layer 2. A Layer 3 device (router or L3 switch) is required to route between VLANs.
VLAN 1	The default VLAN. All ports start here. Best practice: move data ports off VLAN 1.

Topology

Device	IP Address	VLAN	SW1 Port
PC1-Sales	192.168.10.10/24	VLAN 10 (Sales)	Gi0/0
PC2-Sales	192.168.10.11/24	VLAN 10 (Sales)	Gi0/1
PC3-Eng	192.168.20.10/24	VLAN 20 (Engineering)	Gi0/2
PC4-Eng	192.168.20.11/24	VLAN 20 (Engineering)	Gi0/3

Key Commands — SW1

Command	Purpose
vlan 10	Create VLAN 10 (in global config mode)
name Sales	Name a VLAN (in vlan config mode)
interface Gi0/0	Enter interface config
switchport mode access	Set port as access port
switchport access vlan 10	Assign port to VLAN 10
show vlan brief	List all VLANs and member ports
show interfaces Gi0/0 switchport	Check access VLAN for a specific port
show mac address-table	See which MACs/VLANs are on which ports

Use Tab to complete commands · ↑ ↓ for history · Devices share the same switch — only VLANs separate them.

You must create the VLAN on the switch before assigning ports to it. Assigning a port to a non-existent VLAN still works on Cisco IOS but the VLAN will be inactive until created.

A VLAN creates a separate broadcast domain. Devices can only communicate at Layer 2 within the same VLAN. Inter-VLAN traffic requires a router.

What a broadcast domain means

Scenario	Result	Why
PC1-Sales pings PC2-Sales	✓ Works	Same VLAN 10 — same broadcast domain
PC3-Eng pings PC4-Eng	✓ Works	Same VLAN 20 — same broadcast domain
PC1-Sales pings PC3-Eng	✗ Blocked	Different VLANs — needs a router (Layer 3)
PC1-Sales pings PC4-Eng	✗ Blocked	Different VLANs — needs a router (Layer 3)

🗺 Network Topology

💻

PC1

no ip

VLAN ?

🔀

SW1

Gi0/0–1

💻

PC2

no ip

VLAN ?

── VLAN 10 · Sales ──

💻

PC3

no ip

VLAN ?

🔀

SW1

Gi0/2–3

💻

PC4

no ip

VLAN ?

── VLAN 20 · Engineering ──

PC1VLAN 1

PC2VLAN 1

PC3VLAN 1

PC4VLAN 1

Addressing Plan

Device	IP	VLAN
PC1	192.168.10.10	10
PC2	192.168.10.11	10
PC3	192.168.20.10	20
PC4	192.168.20.11	20

—

SW1>

📋 Tasks & Guide

← Back to Block 2 | ← Networking Mastery | ← BlockShell® Home

Lab Information

🏷️ VLAN Broadcast Domain View

—