🚫 No routing
🚫 No trunk yet
🚫 No router config
Only VLAN creation + access ports
🔹 VLAN plan (lock this in)
| VLAN | Name | Purpose |
|---|---|---|
| 10 | USERS | HQ users (PCs on SW2) |
| 20 | SERVERS | HQ servers (SW3) |
| 30 | WIFI | HQ Wi-Fi |
🔹 STEP 24.1 — Create VLANs on DIST-SW1
Even though users aren’t connected here, VLANs must exist end-to-end.
On DIST-SW1 → CLI
enable
configure terminal
vlan 10
name USERS
vlan 20
name SERVERS
vlan 30
name WIFI
end
write memory
Verify
show vlan brief
You should see VLANs 10, 20, 30 listed.
🔹 STEP 24.2 — Create VLANs on HQ-SW2 (Users switch)
On HQ-SW2 → CLI
enable
configure terminal
vlan 10
name USERS
vlan 20
name SERVERS
vlan 30
name WIFI
end
write memory
Assign PC ports to VLAN 10
(Adjust port numbers if different)
configure terminal
interface range fastEthernet0/1 - 2
switchport mode access
switchport access vlan 10
end
write memory
Verify
show vlan brief
PC ports should appear under VLAN 10.
🔹 STEP 24.3 — Create VLANs on HQ-SW3 (Servers + Wi-Fi)
On HQ-SW3 → CLI
enable
configure terminal
vlan 10
name USERS
vlan 20
name SERVERS
vlan 30
name WIFI
end
write memory
Assign ports
Server port → VLAN 20
configure terminal
interface fastEthernet0/2
switchport mode access
switchport access vlan 20
end
Wi-Fi router port → VLAN 30
configure terminal
interface fastEthernet0/3
switchport mode access
switchport access vlan 30
end
write memory
🔹 What SHOULD happen now
- PCs in VLAN 10
- Server isolated in VLAN 20
- Wi-Fi isolated in VLAN 30
- PCs will NOT be able to ping router anymore ❌
👉 This is EXPECTED because:
- No trunk
- No inter-VLAN routing yet
🧠 Key concept to remember
VLANs isolate traffic at Layer 2. Routing is required to reconnect them.
You just intentionally broke connectivity — that’s how engineers learn.
