VLAN Segmentation with Inter-VLAN Routing: A Simple STEP-BY-STEP guide using Cisco Packet Tracer

By Tega Akperiojire

Disclaimer: This article aims to provide a basic understanding of VLAN segmentation and inter-VLAN routing concepts. While other configurations may achieve similar results, this guide is designed to offer a step-by-step approach for learning.

Scenario: You have been hired as a Network Administrator by a small fintech company to setup their office network. The company’s network is divided into three departments: Admin, Sales, and IT. Each department requires its own VLAN to segregate network traffic for security and performance. Additionally, devices in each VLAN need to communicate with each other.

Task: You are to set up VLANs for each department and configure inter-VLAN routing to enable communication between them.

What is a VLAN?

A virtual local area network (VLAN) is a virtualized connection that connects multiple devices and network nodes from different LANs into one logical network.

Devices in the same VLAN can communicate with each other as if they were on the same physical network, regardless of their physical location.

STEP 1: Download Cisco Packet Tracer

Cisco packet tracer is a network simulation tool that provides network administrators a platform to configure and troubleshoot network configurations in a risk free environment

Kindly download the software if you haven't by clicking this link https://skillsforall.com/resources/lab-downloads?courseLang=en-US

And lets get rolling.. Its gonna be fun and lots of visuals to aid understanding.

Grab a coffee ☕ (Don't let it spill)😂

STEP 2: Network Topology

2.1: Open Cisco Packet Tracer

You should see a blank page like this

2.2 Add Network Devices and Identification with color codes

Network Devices are physical or logical devices that enable communication and interaction between different network segments. The following network devices were used

1. Cisco 2811 Router (1)

2. Cisco 2960 switch (1)

3. End Device - PC (9)

You can access the network devices at the bottom left corner. Just simply click on the desired device then paste it on the main interface

You can access the colors with the rectangular icon (🪟) on the secondary toolbar (above the logical and physical layer)

Admin: Green | Sales: Pink | IT: Blue

I loveee colors. It makes the work interesting for me

2.3. Connect Network Devices

This was done using copper straight cable by connecting Network devices using their respective ports.

A port is a virtual point where network connections start and end.

You can access this by clicking on this icon ⚡ and then access the choice of cable with this symbol indicated "/"

Ensure you have the port labels ticked on your packet tracer to enable you identify the port to which the connections were made

Voila!! 🤩🤩

We have our connections. All connections were made on the FastEthernet port.

STEP 3: Assign IP Addresses and Default gateways

An IP (Internet Protocol) Address is the unique identifier assigned to each device on a network to facilitate communication.

Without IP address your device does not exist on the network. This is usually configured on the end device.

A default gateway is the IP address of a router's interface that facilitates communication between different networks.

To help our understanding of Static IP Addressing is used the following steps were taken

3.1 Determine IP Address Class and Subnetting

A class C IP Address (Usually preferred for medium to small sized networks) and it ranges from 192.0.0.0 to 223.255.255.255.

This is the logical division of an IP Network For our topology each VLAN requires its own subnet (Admin, Sales and IT).

We’ll use a /24 subnet mask for each VLAN, which provides up to 254 usable IP addresses per subnet.

• VLAN 10 (Admin): 192.168.10.0/24

• VLAN 20 (Sales): 192.168.20.0/24

• VLAN 30 (IT): 192.168.30.0/24

3.2 Assign IP Addresses to End Devices - PCs

• VLAN 10 - Admin: Default gateway: 192.168.10.1 Subnet Mask: 255.255.255.0

Admin 1: 192.168.10.2

Admin 2: 192.168.10.3

Admin 3: 192.168.10.4

• VLAN 20 - Marketing: Default gateway: 192.168.20.1 Subnet Mask: 255.255.255.0

Sales 1: 192.168.20.2

Sales 2: 192.168.20.3

Sales 3: 192.168.20.4

• VLAN 30 - IT: Default gateway: 192.168.10.1 Subnet Mask: 255.255.255.0

IT 1: 192.168.30.2

IT 2: 192.168.30.3

IT 3: 192.168.30.4

To configure the above click on each PC go to DESKTOP >> IP CONFIGURATION

The following was done for all 9 PCs

🔔 I have specially named the PCs....

You've come this far.....Hang in there...We are almost there...

STEP 4: Configure VLANs on switch

Access the CLI (Command line interface) of the switch and create VLANs for each department

Switch> enable

Switch# configure terminal

Switch(config)# vlan 10

Switch(config-vlan)# name Admin

Switch(config-vlan)# exit

Switch(config)# vlan 20

Switch(config-vlan)# name Sales

Switch(config-vlan)# exit

Switch(config)# vlan 30

Switch(config-vlan)# name IT

Switch(config-vlan)# exit

STEP 5: Assign Ports for each VLAN

You have to take note of the port assigned to each PC from your switch and make the configuration. I made use of the following ports for each VLAN

VLAN 10 - fa0/2-4

VLAN 20 - fa0/7-9

VLAN 30 - fa0/12-14

CLI Command

Switch(config)# int fa0/2-4

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 10

Switch(config-if)# exit

Switch(config)# int fa0/7-9

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 20

Switch(config-if)# exit

Switch(config)# int fa0/12-14

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 30

Switch(config-if)# exit

STEP 6: Configure Trunk Port on Switch

What is a Trunk?

A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch.

Without trunking, the router cannot receive and route traffic between VLANs, so devices in different VLANs cannot communicate.

Switch(config)# int fa0/1

Switch(config-if)# switchport mode trunk

Switch(config-if)# switchport trunk allowed vlan 10,20,30

Switch(config-if)# exit

STEP 7: Configure Inter-VLAN Routing on the Router

Why Inter-VLAN Routing?

Inter-VLAN routing is the process of forwarding network traffic between different VLANs using a router or a Layer 3 switch. VLANs (Virtual Local Area Networks) create separate broadcast domains within a network, and inter-VLAN routing enables communication between these VLANs.

VLAN can communicate directly, but to communicate with devices in another VLAN, inter-VLAN routing is required. Without inter-VLAN routing, devices on different VLANs would be isolated from each other.

Router> enable

Router# configure terminal

Router(config)# int fa0/0

Router(config-if)# no shutdown

Router(config-if)# exit

Router(config)# int fa0/0.10

Router(config-subif)# encapsulation dot1Q 10

Router(config-subif)# ip address 192.168.10.1 255.255.255.0

Router(config-subif)# exit

Router(config)# int fa0/0.20

Router(config-subif)# encapsulation dot1Q 20

Router(config-subif)# ip address 192.168.20.1 255.255.255.0

Router(config-subif)# exit

Router(config)# int fa0/0.30

Router(config-subif)# encapsulation dot1Q 30

Router(config-subif)# ip address 192.168.30.1 255.255.255.0

Router(config-subif)# exit

You can verify your configuration using

Router# sh ip int brief

STEP 8: Verify Connectivity

Ping the device

To verify connectivity between VLANs use the ping command

PC in VLAN 10>

ping 192.168.20.2

ping 192.168.30.2

PC in VLAN 20>

ping 192.168.10.2

ping 192.168.30.2

PC in VLAN 30>

ping 192.168.20.2

ping 192.168.10.2

Yessssss you made it

Now you can proudly say you can configure a VLAN with Inter-VLAN routing.

Cheers 🍷🍷

Hope your coffee didn't spill 😂

THANKs for Reading.

Kindly share your thoughts in the comment section

Hope you got value?