I’ll be honest — it wasn’t easy to put everything into words. I knew the concepts in my head, but when I tried to explain them line by line, the result was confusing…..
I’d write five lines of configs and then have to backtrack because I couldn’t even follow my own article a week later.
That’s when I thought…
Why not add flowcharts? If I’m struggling to explain it, chances are you’ll struggle to follow.
So instead of drowning in paragraphs, I broke it down visually. I created four flowcharts, just enough so you can get a good grasp of how the network fits together without overcomplicating things
How I Set the Stage….
The first step is a blank Packet Tracer canvas.
Press enter or click to view image in full size
The setup includes four PCs, one 2960 switch, and one 2911 router, all connected with straight-through cables. The connections are as follows….
Press enter or click to view image in full size
The first green lights are your first green flags. If anything stays amber or red, don’t hope it fixes itself. It won’t. Check the cable type, port status, and speed/duplex settings. Fix it now, not later.
VLAN Configuration on the Switch
Leaving all four PCs in the default VLAN is like putting Girl Friend and Your Ex-Girl Friend in the same room and then wondering why they are angry.
Broadcast storms aside, you lose segmentation, you lose control, and troubleshooting becomes vibes-based. So I split the network into two crisp lanes…..
Switch> enable
Switch# configure terminal
! Create VLANs
Switch(config)# vlan 10
Switch(config-vlan)# name SALES
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name ENGINEERING
Switch(config-vlan)# exit
! Assign access ports to VLANs
Switch(config)# interface range fastethernet 0/1-2
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 10
Switch(config-if-range)# exit
Switch(config)# interface range fastethernet 0/3-4
Switch(config-if-range)# switchport mode access
Switch(config-if-range)# switchport access vlan 20
Switch(config-if-range)# exit
! Configure trunk port
Switch(config)# interface fastethernet 0/24
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# end
! Save configuration
Switch# copy running-config startup-config
Access ports are the “rooms” (Fa0/1–2 in VLAN 10, Fa0/3–4 in VLAN 20). Fa0/24 is the “corridor” — a trunk that carries tagged traffic from both rooms to the router.
My flowchart here focuses on the hierarchy: create VLANs → assign access ports → make the trunk → allow only 10,20. Minimal surface area, maximum clarity.
**
Quick mental check I always do….**
Switch# show vlan brief
Switch# show interfaces trunk
If a PC in Sales can ping a PC in Engineering without the router, I’ve messed up the VLANs.
If the router sees nothing on a subinterface, the trunk isn’t tagging (or allowed VLANs are wrong).
Router-on-a-Stick — ( Think it like the translator in the middle )
The router is where the two worlds meet. Physically it’s one link, logically it’s multiple lanes. That’s why subinterfaces exist. I picture the router like a bouncer with two counters….
The command encapsulation dot1q .
Router> enable
Router# configure terminal
! Configure subinterface for VLAN 10
Router(config)# interface gigabitethernet 0/0/0.10
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
Router(config-subif)# exit
! Configure subinterface for VLAN 20
Router(config)# interface gigabitethernet 0/0/0.20
Router(config-subif)# encapsulation dot1q 20
Router(config-subif)# ip address 192.168.20.1 255.255.255.0
Router(config-subif)# exit
! Enable physical interface
Router(config)# interface gigabitethernet 0/0/0
Router(config-if)# no shutdown
Router(config-if)# end
! Verify configuration
Router# show ip interface brief
Without it, the router can’t tell which packet belongs to which VLAN. The flowchart here shows the relationship…..
Physical interface up → two subinterfaces → each with its own tag and gateway IP. Once I see both subinterfaces “up/up” in the status, I know inter-VLAN routing is ready.
Every clean network I’ve seen follows the rule “one VLAN, one subnet, one gateway.” You did exactly that with 192.168.10.0/24 and 192.168.20.0/24. Textbook good.
Make the router do the boring work (DHCP)
Static IPs are cute for a lab of one. For four (and growing), it’s just asking for conflicts. So I make the router the DHCP server for both VLANs. Two pools…
I always exclude the gateway addresses first so the pools don’t accidentally hand them out.
Router# configure terminal
! Exclude gateway addresses from DHCP pools
Router(config)# ip dhcp excluded-address 192.168.10.1
Router(config)# ip dhcp excluded-address 192.168.20.1
! Create DHCP pool for VLAN 10 (SALES)
Router(config)# ip dhcp pool SALES_POOL
Router(dhcp-config)# network 192.168.10.0 255.255.255.0
Router(dhcp-config)# default-router 192.168.10.1
Router(dhcp-config)# dns-server 8.8.8.8
Router(dhcp-config)# lease 7
Router(dhcp-config)# exit
! Create DHCP pool for VLAN 20 (ENGINEERING)
Router(config)# ip dhcp pool ENGINEERING_POOL
Router(dhcp-config)# network 192.168.20.0 255.255.255.0
Router(dhcp-config)# default-router 192.168.20.1
Router(dhcp-config)# dns-server 8.8.8.8
Router(dhcp-config)# lease 3
Router(dhcp-config)# end
! Verify DHCP configuration
Router# show ip dhcp pool
And yes, I like giving Engineering a shorter lease — devices churn more, VM labs spin up/down, and shorter leases reduce stale bindings. It’s a tiny choice that makes long-term ops nicer.
Add a second DNS (like 8.8.4.4). If the first resolver flakes, you won’t lose name resolution and assume the whole network is down.
“Helper address” — when you need it, when you don’t
This is a common trap. DHCP is broadcast. Broadcasts don’t cross VLANs. So usually, you put ip helper-address on each L3 interface to relay the request as unicast to the DHCP server.
Router# configure terminal
! Configure DHCP relay on subinterfaces
Router(config)# interface gigabitethernet 0/0/0.10
Router(config-subif)# ip helper-address 192.168.10.1
Router(config-subif)# exit
Router(config)# interface gigabitethernet 0/0/0.20
Router(config-subif)# ip helper-address 192.168.20.1
Router(config-subif)# end
! Verify helper addresses
Router# show running-config | include helper-address
But here’s the catch….
If the router itself is the DHCP server, it already hears the broadcast on each subinterface. There’s nowhere else to forward it. So helper addresses are optional here (not needed).
I still keep a flow segment explaining helper logic, because the moment you move DHCP to a dedicated server (say, an IT/Admin VLAN 30), you’ll need it on each user VLAN subinterface pointing to that server’s IP.
The four-step DHCP dance (watch it happen)
This is my favorite diagram because it gives the protocol a heartbeat….
If you want to be extra sure name resolution works, don’t stop at ping 8.8.8.8. Try ping google.com. If numbers work but names don’t, it’s a DNS issue, not connectivity.
Client side — Human loop
On each PC, I head to Desktop → IP Configuration → DHCP. Then I wait 10–20 seconds. Packet Tracer sometimes takes a breath here. If it stalls, I do a quick release/renew from the PC’s command prompt. No drama.
Expected first four leases:
PC0 → 192.168.10.2
PC1 → 192.168.10.3
PC2 → 192.168.20.2
PC3 → 192.168.20.3
If any PC lands in 169.254.x.x (APIPA), it never heard from DHCP. That usually means VLAN/trunk trouble, or the pool doesn’t match the subnet.
The verification ritual (don’t skip this)
I treat verification like a checklist so I don’t get emotionally attached to “it should work.
On the router — confirm subinterfaces are up, pools exist, bindings are being issued.
! Check DHCP pools
Router# show ip dhcp pool
! View current leases
Router# show ip dhcp binding
! Verify interface status
Router# show ip interface brief
On the switch — VLAN membership is correct, trunk is actually trunking, allowed VLANs include 10 and 20.
! Verify VLAN configuration
Switch# show vlan brief
! Check trunk status
Switch# show interfaces trunk
On the PCs — ipconfig /all shows correct IP, mask, gateway, DNS.
Check IP configuration
ipconfig /all
Test connectivity
ping 192.168.10.1 # Gateway
ping 192.168.20.2 # Cross-VLAN
ping 8.8.8.8 # Internet DNS
Green. Green. Green. Only then I breathe.
For Further Troubleshooting…And Refrence..
GitHub - nishanthabimanyu/Cisco-Packet-Tracer-Workbook-
Contribute to nishanthabimanyu/Cisco-Packet-Tracer-Workbook- development by creating an account on GitHub.
github.com
Press enter or click to view image in full size
If anything fails, go back and check configuration step by step. Common issues include missing ip helper-address commands, incorrect VLAN assignments on switch ports, or firewall rules blocking traffic.
And that’s it! you have successfully built a multi-VLAN network with DHCP services.
The entire process took me about 30 minutes, but the learning will last much longer. Remember to save your configuration with copy running-config startup-config on both switch and router!
Top comments (0)