Cisco IOS Configuration for VLANs, AAA, and EtherChannel

Posted on May 21, 2026 in Computing and Communications

Router R1: DHCP and RADIUS Configuration

This section details the configuration for Router R1, including interface addressing, DHCP pools for laboratories, and RADIUS authentication.

enable
configure terminal
hostname R1

! Interface towards S1 (Laboratories LAN)
interface GigabitEthernet0/1
 ip address 192.168.10.1 255.255.255.0
 no shutdown

! Interface towards R2 (WAN link)
interface GigabitEthernet0/2
 ip address 10.10.10.1 255.255.255.0
 no shutdown

ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.10.100

ip dhcp pool LABORATORIOS
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8

aaa new-model
radius-server host 192.168.10.100 auth-port 1645 key psw

aaa authentication login default group radius local
aaa authorization exec default group radius local

! Backup local user
username admin privilege 15 secret psw

line console 0
 login authentication default

line vty 0 4
 login authentication default
 transport input telnet ssh

ip route 172.16.20.0 255.255.255.0 10.10.10.2

end
write memory

Router R2: DHCP and TACACS+ Configuration

The following commands configure Router R2 for the Aulas LAN, implementing TACACS+ security and static routing.

enable
configure terminal
hostname R2

! Interface towards S2 (Aulas LAN)
interface GigabitEthernet0/1
 ip address 172.16.20.1 255.255.255.0
 no shutdown

! Interface towards R1 (WAN link)
interface GigabitEthernet0/2
 ip address 10.10.10.2 255.255.255.0
 no shutdown

ip dhcp excluded-address 172.16.20.1 172.16.20.10
ip dhcp excluded-address 172.16.20.100

ip dhcp pool AULAS
 network 172.16.20.0 255.255.255.0
 default-router 172.16.20.1
 dns-server 8.8.8.8

aaa new-model
tacacs-server host 172.16.20.100 key psw

aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local

! Backup local user
username admin privilege 15 secret psw

line console 0
 login authentication default

line vty 0 4
 login authentication default
 transport input telnet ssh

ip route 192.168.10.0 255.255.255.0 10.10.10.1

end
write memory

Inter-VLAN Routing Configuration for R1

To facilitate communication between different network segments, subinterfaces are created on Router R1 using 802.1Q encapsulation.

enable
configure terminal
hostname R1

interface GigabitEthernet0/0
 no ip address
 no shutdown

! Subinterface for VLAN 30 - Laboratory
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0

! Subinterface for VLAN 50 - Aulas
interface GigabitEthernet0/0.50
 encapsulation dot1Q 50
 ip address 172.16.50.1 255.255.255.0

end
write memory

Switch S2: VLAN and EtherChannel Setup

Switch S2 manages the core VLAN structure and establishes PAgP and LACP EtherChannels for redundancy.

enable
configure terminal
hostname S2

! Create VLANs
vlan 30
 name LABORATORIO
vlan 50
 name AULAS

! EtherChannel S1-S2: PAgP (Port-channel 1)
! Fa0/6 and Fa0/7 towards S1
interface range FastEthernet0/6 - 7
 switchport mode trunk
 switchport trunk allowed vlan 30,50
 channel-group 1 mode desirable
 no shutdown

! EtherChannel S2-S3: LACP (Port-channel 2)
! Fa0/11, Fa0/12, Fa0/13 towards S3
interface range FastEthernet0/11 - 13
 switchport mode trunk
 switchport trunk allowed vlan 30,50
 channel-group 2 mode active
 no shutdown

! Uplink towards R1 (trunk)
interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 30,50
 no shutdown

end
write memory

Switch S1: VLAN 30 and PAgP Configuration

Configuration for Switch S1 includes access ports for VLAN 30 and a PAgP EtherChannel connection to Switch S2.

enable
configure terminal
hostname S1

! Create VLANs
vlan 30
 name LABORATORIO
vlan 50
 name AULAS

! EtherChannel S1-S2: PAgP (Port-channel 1)
! Fa0/6 and Fa0/7 towards S2
interface range FastEthernet0/6 - 7
 switchport mode trunk
 switchport trunk allowed vlan 30,50
 channel-group 1 mode auto
 no shutdown

! Access ports for PCs (VLAN 30)
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 30
 no shutdown

interface FastEthernet0/2
 switchport mode access
 switchport access vlan 30
 no shutdown

end
write memory

Switch S3: VLAN 50 and LACP Configuration

Switch S3 provides access for VLAN 50 and utilizes LACP for its EtherChannel link to Switch S2.

enable
configure terminal
hostname S3

! Create VLANs
vlan 30
 name LABORATORIO
vlan 50
 name AULAS

! EtherChannel S2-S3: LACP (Port-channel 2)
! Fa0/11, Fa0/12, Fa0/13 towards S2
interface range FastEthernet0/11 - 13
 switchport mode trunk
 switchport trunk allowed vlan 30,50
 channel-group 2 mode passive
 no shutdown

! Access ports for PCs (VLAN 50)
interface FastEthernet0/3
 switchport mode access
 switchport access vlan 50
 no shutdown

interface FastEthernet0/4
 switchport mode access
 switchport access vlan 50
 no shutdown

end
write memory