How to configure VLAN on Cisco router using 802.1q encapsulation protocol

Hello everyone! Today, lets learn how to set up Vlan on Cisco switches and configure 802.1q on the router to enable inter-vlan routing.

For this exercise, I am going to be using a cisco 2811 router and catalyst 2960 switch. Before we go into the configuration proper, we need to know why we want to create Vlans on our switch. Normally, all ports on a switch all belong to one network and thus form a big broadcast domain. By creating vlans, we are breaking this broadcast domain into smaller ones thereby improving network security by isolating sensitive traffics from the rest as well as giving users the ability to access network resources based on logical grouping and not physical locations.

vlan on cisco

To create VLANs, we have to configure the switch first. Below are what we will do on the switch:

1 create vlans on the switch
2 assign switchports to vlans

 

You may also like:  Cisco ASA firewall initial configuration: IP address assignment, NAT and default routes.

 

So, lets do it. We are going to create three vlans as follows
Vlan 10….name IT
Vlan 20….name sales
Vlan 30….name Engineering

Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name IT
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name Sales
Switch(config-vlan)#vlan 30
Switch(config-vlan)#name Engineering
Switch(config-vlan)#exit
Switch(config)#int range f0/2 -6
Switch(config-if-range)#sw access vlan 10
Switch(config-if-range)#int range f0/7 -13
Switch(config-if-range)#sw access vlan 20
Switch(config-if-range)#int range f0/14 -21
Switch(config-if-range)#sw access vlan 30
Switch(config-if-range)#exit
Switch(config)#exit
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Switch#copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
Switch#

That is all you need to create vlans on the switch. Dont forget to configure the port that connects the switch to the router as a trunk port and also configure the the rest ports on the switch as access ports. Now to enable inter-vlan routing on the 2811 router, we enter the configurations below.

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#no ip add
Router(config-if)#no shut
Router(config-if)#int f0/0.10
Router(config-subif)#en dot1q 10
Router(config-subif)#ip add 192.168.1.1 255.255.255.224
Router(config-subif)#int f0/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up

Router(config-subif)#en dot1q 20
Router(config-subif)#ip add 192.168.1.33 255.255.255.224
Router(config-subif)#int f0/0.30
Router(config-subif)#
%LINK-5-CHANGED: Interface FastEthernet0/0.30, changed state to up
Router(config-subif)#en dot1q 30
Router(config-subif)#ip add 192.168.1.65 255.255.255.224
Router(config-subif)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console
copy run start
Destination filename [startup-config]?
Building configuration…
[OK]
Router#

Also see: Network Address Translation (NAT) configuration on a Cisco router, from start to finish.

Thats all you need to enable inter Vlan routing on a cisco router. It is important that the encapsulation number matches the vlan ID for which that sub-interface is being created.
Note: the block on 192.168.1.0 network was broken down into three subnets using a /27 subnet mask giving us the 192.168.1.0,192.168.1.32,192.168.1.64, etc subnets. These subnets can only provide 30 valid IPs and since we have given the first IP address in each subnet to the router’s sub-interface, we are left with 29 IPs. If you need more than that number of IPs, please you use a different subnetmask.
You can configure DHCP and NAT for each vlan for this to work well.
Dont forget to drop a comment or send a mail if you need any help on this and any other topic. Thanks!

Spread the love

2 thoughts on “How to configure VLAN on Cisco router using 802.1q encapsulation protocol”

  1. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.
    You obviously know what youre talking about, why waste your intelligence on just posting videos to your
    blog when you could be giving us something enlightening to read?

    Reply
    • Thanks for the observation but for every video I make, a blog post has already been made here on timigate for it. The videos are to guide those having difficulties following the steps. Thanks reading and please follow across all social media let's get ourselves ready for IoT.

      Reply

Leave a Comment