Lab 11: Broken Office Network Rescue
Companion lab to Understanding Switches — review and troubleshooting.
.pkt file as you work. This lab is entirely CLI-driven — no GUI Config tab for switch or router configuration.Overview
You have been called in to rescue the TechCo NZ office network. The previous admin built it but made several configuration mistakes. Your job is to first build and correctly configure the full network from scratch (reviewing all the key CLI commands as you go), then run a series of break-and-fix fault scenarios that mirror the kinds of mistakes the original admin made.
| Part | Mode | What you do | What you prove |
|---|---|---|---|
| 1 | Solo | Build the topology in Packet Tracer — devices, cables, port plan. | Physical layer is correct; all link lights green. |
| 2 | Solo | Configure VLANs 10 / 20 / 30 / 99 on SW1 and assign ports via IOS CLI. | show vlan brief shows correct VLAN-to-port mapping. |
| 3 | Solo | Configure the trunk port on SW1 and sub-interfaces on R1 for inter-VLAN routing. | PCs in different VLANs can ping each other and the server. |
| 4 | Solo | Configure DHCP pools and a DNS record on the server. | All PCs receive an IP automatically; ping company.local resolves. |
| 5 | Solo | Run a full connectivity checklist. | Every test passes before you move to faults. |
| 6 | Pairs | Take turns introducing and diagnosing 6 deliberate faults. | Can identify the symptom, run the right show command, and apply the fix. |
Prerequisites
- Cisco Packet Tracer 8.x installed and signed in.
- Completion of Labs 1–10 — this lab intentionally draws on every skill covered so far.
- For Part 6 (pairs): you will each need your own working copy of the finished network from Part 5.
- All VLAN and routing configuration must be done via the switch/router CLI — not the GUI Config tab.
IOS CLI Quick Reference
Use this table while working through the lab. Return to it when diagnosing faults in Part 6.
Switch Commands
| What you want | Command |
|---|---|
| Enter privileged mode | enable |
| Enter global config | configure terminal |
| Set hostname | hostname SW1 |
| Create a VLAN | vlan 10 then name Admin |
| Select one interface | interface Fa0/1 |
| Select a range | interface range Fa0/1-2 |
| Set as access port | switchport mode access |
| Assign VLAN to port | switchport access vlan 10 |
| Set as trunk port | switchport mode trunk |
| Exit one level | exit |
| Exit to privileged mode | end |
| Save running config | write memory |
| Show all VLANs + ports | show vlan brief |
| Show trunk interfaces | show interfaces trunk |
| Show one port detail | show interfaces Fa0/1 switchport |
| Show MAC address table | show mac-address-table |
| Show running config | show running-config |
Router Commands
| What you want | Command |
|---|---|
| Enable a physical interface | interface Fa0/0 then no shutdown |
| Create a sub-interface | interface Fa0/0.10 |
| Set 802.1Q encapsulation | encapsulation dot1Q 10 |
| Set IP address | ip address 192.168.10.1 255.255.255.0 |
| Bring up / shut down | no shutdown / shutdown |
| Show interface status | show ip interface brief |
| Show routing table | show ip route |
| Show running config | show running-config |
PC / Command Prompt
| What you want | Command |
|---|---|
| Show IP configuration | ipconfig or ipconfig /all |
| Test reachability | ping 192.168.10.1 |
| Trace the route | tracert 192.168.20.50 |
| Resolve a DNS name | ping company.local |
Network Plan
TechCo NZ has three departments and a management VLAN for server access.
| VLAN | Name | Network | Subnet Mask | Gateway (R1 sub-if) | DHCP Start |
|---|---|---|---|---|---|
| 10 | Admin | 192.168.10.0 | 255.255.255.0 | 192.168.10.1 | .50 – .100 |
| 20 | Sales | 192.168.20.0 | 255.255.255.0 | 192.168.20.1 | .50 – .100 |
| 30 | IT | 192.168.30.0 | 255.255.255.0 | 192.168.30.1 | .50 – .100 |
| 99 | Mgmt | 192.168.99.0 | 255.255.255.0 | 192.168.99.1 | Static only |
Server static IP: 192.168.99.10 | DNS name: company.local
Port Plan
| Switch Port | VLAN | Device |
|---|---|---|
Fa0/1 | 10 | Admin-PC1 |
Fa0/2 | 10 | Admin-PC2 |
Fa0/3 | 20 | Sales-PC1 |
Fa0/4 | 20 | Sales-PC2 |
Fa0/5 | 30 | IT-PC1 |
Fa0/6 | 30 | IT-PC2 |
Fa0/7 | 99 | DHCP-DNS-Server (static) |
Fa0/24 | Trunk | Router R1 — Fa0/0 |
Part 1 — Build the Topology
Time: ~20 min • Save as: Lab11_<yourname>.pkt
1.1 Add devices
- Open Packet Tracer → File → New.
- Add the following devices:
- 1 × 2960-24TT Switch — rename:
SW1 - 1 × 2811 Router — rename:
R1 - 6 × PC — rename:
Admin-PC1,Admin-PC2,Sales-PC1,Sales-PC2,IT-PC1,IT-PC2 - 1 × Server — rename:
DHCP-DNS-Server
- 1 × 2960-24TT Switch — rename:
1.2 Connect cables
Use Copper Straight-Through cables for all connections.
| From | To SW1 Port |
|---|---|
| Admin-PC1 | Fa0/1 |
| Admin-PC2 | Fa0/2 |
| Sales-PC1 | Fa0/3 |
| Sales-PC2 | Fa0/4 |
| IT-PC1 | Fa0/5 |
| IT-PC2 | Fa0/6 |
| DHCP-DNS-Server | Fa0/7 |
| R1 Fa0/0 | Fa0/24 |
Wait for all link lights to turn green before continuing.
1.3 Configure Server static IP
Click DHCP-DNS-Server → Desktop → IP Configuration → Static:
- IP Address:
192.168.99.10 - Subnet Mask:
255.255.255.0 - Default Gateway:
192.168.99.1
Part 2 — Configure VLANs on SW1
Time: ~20 min • All commands via the CLI tab on SW1.
2.1 Open the switch CLI
Click SW1 → CLI. Press Enter to dismiss the banner. You should see:
Switch>2.2 Create VLANs and assign access ports
Switch> enable
Switch# configure terminal
Switch(config)# hostname SW1
SW1(config)# vlan 10
SW1(config-vlan)# name Admin
SW1(config-vlan)# vlan 20
SW1(config-vlan)# name Sales
SW1(config-vlan)# vlan 30
SW1(config-vlan)# name IT
SW1(config-vlan)# vlan 99
SW1(config-vlan)# name Management
SW1(config-vlan)# exit
SW1(config)# interface range Fa0/1-2
SW1(config-if-range)# switchport mode access
SW1(config-if-range)# switchport access vlan 10
SW1(config-if-range)# exit
SW1(config)# interface range Fa0/3-4
SW1(config-if-range)# switchport mode access
SW1(config-if-range)# switchport access vlan 20
SW1(config-if-range)# exit
SW1(config)# interface range Fa0/5-6
SW1(config-if-range)# switchport mode access
SW1(config-if-range)# switchport access vlan 30
SW1(config-if-range)# exit
SW1(config)# interface Fa0/7
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 99
SW1(config-if)# exit
SW1(config)# end
SW1# write memory2.3 Verify VLAN configuration
SW1# show vlan briefExpected output: VLANs 10, 20, 30, 99 all show as active with the correct ports assigned.
show interfaces Fa0/X switchport for the specific port.Part 3 — Configure Trunk Port & Router Sub-Interfaces
Time: ~25 min • Two CLI sessions: one on SW1, one on R1.
3.1 Configure trunk on SW1 Fa0/24
SW1# configure terminal
SW1(config)# interface Fa0/24
SW1(config-if)# switchport mode trunk
SW1(config-if)# end
SW1# write memoryVerify the trunk:
SW1# show interfaces trunkYou should see Fa0/24 listed with VLANs 1, 10, 20, 30, 99 in the allowed and active column.
3.2 Configure R1 sub-interfaces (inter-VLAN routing)
Click R1 → CLI:
Router> enable
Router# configure terminal
Router(config)# hostname R1
R1(config)# interface Fa0/0
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface Fa0/0.10
R1(config-subif)# encapsulation dot1Q 10
R1(config-subif)# ip address 192.168.10.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface Fa0/0.20
R1(config-subif)# encapsulation dot1Q 20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface Fa0/0.30
R1(config-subif)# encapsulation dot1Q 30
R1(config-subif)# ip address 192.168.30.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface Fa0/0.99
R1(config-subif)# encapsulation dot1Q 99
R1(config-subif)# ip address 192.168.99.1 255.255.255.0
R1(config-subif)# exit
R1(config)# end
R1# write memory3.3 Verify router interfaces
R1# show ip interface briefAll four sub-interfaces should show status up and protocol up with their correct IP addresses.
interface Fa0/0 itself has no shutdown applied. Sub-interfaces inherit the state of the parent interface.Part 4 — Configure DHCP & DNS on the Server
Time: ~15 min
4.1 Configure DHCP pools
Click DHCP-DNS-Server → Services → DHCP. Turn the service ON, then create three pools:
| Pool Name | Default Gateway | DNS Server | Start IP | Subnet Mask | Max |
|---|---|---|---|---|---|
| Admin_Pool | 192.168.10.1 | 192.168.99.10 | 192.168.10.50 | 255.255.255.0 | 50 |
| Sales_Pool | 192.168.20.1 | 192.168.99.10 | 192.168.20.50 | 255.255.255.0 | 50 |
| IT_Pool | 192.168.30.1 | 192.168.99.10 | 192.168.30.50 | 255.255.255.0 | 50 |
Click Add after entering each pool. Remove the default serverPool entry if it appears.
4.2 Configure DNS
Click DHCP-DNS-Server → Services → DNS. Turn the service ON, then add one record:
| Name | Type | Address |
|---|---|---|
company.local | A Record | 192.168.99.10 |
Click Add.
4.3 Set PCs to DHCP
On each of the 6 PCs: Desktop → IP Configuration → DHCP.
Each PC should receive an address in its VLAN's range:
- Admin-PC1 / PC2 →
192.168.10.50+ - Sales-PC1 / PC2 →
192.168.20.50+ - IT-PC1 / PC2 →
192.168.30.50+
Part 5 — Verify Full Connectivity
Complete every test before moving to Part 6. Do not proceed until all tests pass.
- Admin-PC1 →
ping Admin-PC2— same VLAN, should succeed ✅ - Sales-PC1 →
ping Sales-PC2— same VLAN, should succeed ✅ - IT-PC1 →
ping IT-PC2— same VLAN, should succeed ✅ - Admin-PC1 →
ping 192.168.20.50(Sales-PC1) — inter-VLAN, should succeed ✅ - Sales-PC1 →
ping 192.168.30.50(IT-PC1) — inter-VLAN, should succeed ✅ - Admin-PC1 →
ping 192.168.99.10(server) — should succeed ✅ - IT-PC1 →
ping company.local— DNS resolves to 192.168.99.10 ✅ - Run
show vlan briefon SW1 — all 4 VLANs show correct ports ✅ - Run
show ip interface briefon R1 — all 4 sub-interfaces up/up ✅
Part 6 — Break & Fix Fault Scenarios
Mode: Pairs. Student A introduces a fault (following the steps below) while Student B looks away. Student B then diagnoses and fixes the network using show commands and the CLI reference above. Then swap roles for the next fault. Record everything in the Fault Worksheet.
Wrong VLAN on a port
How to introduce it
SW1# configure terminal
SW1(config)# interface Fa0/3
SW1(config-if)# switchport access vlan 10
SW1(config-if)# endSymptom clue
Sales-PC1 receives an IP address but cannot ping Sales-PC2. Sales-PC2 cannot see Sales-PC1 at all.
Diagnostic commands
SW1# show vlan brief
SW1# show interfaces Fa0/3 switchportThe fix
SW1(config)# interface Fa0/3
SW1(config-if)# switchport access vlan 20
SW1(config-if)# end
SW1# write memoryTrunk port set to access mode
How to introduce it
SW1# configure terminal
SW1(config)# interface Fa0/24
SW1(config-if)# switchport mode access
SW1(config-if)# endSymptom clue
All PCs lose their DHCP addresses. Pings within the same VLAN still work, but inter-VLAN routing completely stops.
Diagnostic commands
SW1# show interfaces trunk
SW1# show interfaces Fa0/24 switchportThe fix
SW1(config)# interface Fa0/24
SW1(config-if)# switchport mode trunk
SW1(config-if)# end
SW1# write memoryRouter sub-interface with wrong IP
How to introduce it
R1# configure terminal
R1(config)# interface Fa0/0.20
R1(config-subif)# ip address 192.168.20.99 255.255.255.0
R1(config-subif)# endSymptom clue
Sales PCs receive a DHCP address and can ping each other, but cannot ping the gateway or any other VLAN. Admin and IT are unaffected.
Diagnostic commands
R1# show ip interface brief
R1# show running-configThen from Sales-PC1: ipconfig /all (check default gateway vs actual sub-interface IP)
The fix
R1(config)# interface Fa0/0.20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0
R1(config-subif)# end
R1# write memorySub-interface shut down
How to introduce it
R1# configure terminal
R1(config)# interface Fa0/0.30
R1(config-subif)# shutdown
R1(config-subif)# endSymptom clue
IT-PC1 and IT-PC2 cannot get a DHCP address. They fail to ping anything outside VLAN 30. Admin and Sales are completely unaffected.
Diagnostic commands
R1# show ip interface briefLook for Fa0/0.30 showing administratively down.
The fix
R1(config)# interface Fa0/0.30
R1(config-subif)# no shutdown
R1(config-subif)# end
R1# write memoryDHCP pool with wrong default gateway
How to introduce it
Click DHCP-DNS-Server → Services → DHCP. Select Admin_Pool, change the Default Gateway from 192.168.10.1 to 192.168.1.1, then click Save.
On Admin-PC1 and Admin-PC2: release and renew (Desktop → IP Config → Static then back to DHCP) to force a new lease.
Symptom clue
Admin PCs receive a DHCP address, but ping 192.168.20.50 (Sales) fails and ping 192.168.10.1 (gateway) fails. Same-VLAN pings work if both PCs have the bad gateway. Sales and IT are unaffected.
Diagnostic commands
On Admin-PC1: ipconfig /all — check the Default Gateway field in the output.
The fix
In the DHCP service, select Admin_Pool, change the Default Gateway back to 192.168.10.1, click Save. Renew IP on Admin PCs.
DNS service disabled
How to introduce it
Click DHCP-DNS-Server → Services → DNS. Toggle the service to OFF.
Symptom clue
All pings by IP address still work. But ping company.local from any PC returns Request timed out or Unknown host.
Diagnostic commands
Try both on any PC:
ping company.local
ping 192.168.99.10If the IP ping works but the name ping fails — the problem is DNS, not routing.
The fix
Toggle DNS service back to ON on the server.
Fault Worksheet
Complete this table as you work through Part 6. Write in your own words — a sentence or two is enough for each cell.
| # | Symptom you observed | Commands you ran | Root cause | Fix you applied |
|---|---|---|---|---|
| 1 | ||||
| 2 | ||||
| 3 | ||||
| 4 | ||||
| 5 | ||||
| 6 |
Reflection Questions
- In Fault 2, intra-VLAN pings still worked but inter-VLAN routing failed. Explain why — which device was bypassed, and which was affected?
- In Fault 3, you used
show ip interface briefon the router to find the problem. What specifically in that output told you something was wrong? - In Fault 5, the PC received a DHCP address but still couldn’t route traffic. What is the role of the default gateway, and why does a wrong gateway break inter-subnet communication?
- Faults 4 and 2 both caused DHCP failures for the same reason. What is that reason? (Hint: think about where DHCP requests travel.)
- Which
showcommand would you run first if a student said “my PC has no IP address”? Justify your choice.