Scribd
Upload
111 views

Practical 4 Security VLAN InterVLAN - 2

This document discusses configuring VLANs and inter-VLAN routing on a network. It defines VLANs as logical LANs that group hosts, and notes VLANs require a router or layer 3 switch to communicate. The topology shows 3 VLANs and a router. VLANs 100, 200, and 300 are created on Switch0 as the VTP server, which distributes them to Switches1 and 2 as clients. Connectivity is tested within and between VLANs. The router enables inter-VLAN routing using subinterfaces on Gig0/0/0 with IP addresses for each VLAN, acting as the default gateway for devices in those VLANs.

Uploaded by

Maurice
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
111 views

Practical 4 Security VLAN InterVLAN - 2

This document discusses configuring VLANs and inter-VLAN routing on a network. It defines VLANs as logical LANs that group hosts, and notes VLANs require a router or layer 3 switch to communicate. The topology shows 3 VLANs and a router. VLANs 100, 200, and 300 are created on Switch0 as the VTP server, which distributes them to Switches1 and 2 as clients. Connectivity is tested within and between VLANs. The router enables inter-VLAN routing using subinterfaces on Gig0/0/0 with IP addresses for each VLAN, acting as the default gateway for devices in those VLANs.

Uploaded by

Maurice
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Réseaux et Sécurité

(Network & Security)


GEII

Lab Session 4
(Security VLAN)

Definition

A Virtual LAN (VLAN) is simply a logical LAN. VLANs have similar characteristics with those of physical LANs,
only that with VLANs, you can logically group hosts even if they are physically located on separate LAN segments.

Working Principle

Each VLAN is treated as a separate subnet or broadcast domain. For this reason, to move packets from one VLAN to
another, we have to use a router or a layer 3 switch.

VLANs are configured on switches by placing some interfaces into one broadcast domain and some interfaces into
another. For this tutorial, we’ll configure 3 VLANs on a switch. We’ll then proceed and configure a router to enable
communication between the three VLANs.

Topology

Lecturer : Mr. P. Boncoeur Network & Security 1|Page


Réseaux et Sécurité
(Network & Security)
GEII

Part A : VTP (VLAN Trunk Protocol)

All VLANS will be configured on only 1 switch (Switch0). To use VTP, the main switch will act as SERVER and the other
switches will act as CLIENTS. After all configurations are done, the VLANS created on Switch0 will be distributed on all
switches that act as CLIENTS.

Section A : Configuration – Switch0 [VTP Server]

Create the following VLANs on this switch :


(i) VLAN 100 : IT
(ii) VLAN 200 : MANAGEMENT
(iii) VLAN 300 : ADMINISTRATION

The interfaces Gig1/0/1 and Gig 1/0/2 are connected to other switches (Switch1 and Switch2)
Change the configuration of both interfaces from ACCESS to TRUNK.

Since this switch is the SERVER, it needs to be configured as such.


Go the CLI of Switch0 and enter into Configuration Mode (similar to a router).
Enter the following commands :

(config)# vtp domain udm


(config)# vtp mode server

Section B : Configuration – Switch1 & Switch2 [VTP Clients]

Both switches have their interfaces Gig1/0/1 connected to switch Switch0. Change the configurations of both interfaces
from ACCESS to TRUNK.

Since both switches act as CLIENTS, they need to be configured as such.


Go the CLI of of both switches and enter into Configuration Mode.
Enter the following commands :

(config)# vtp domain udm


(config)# vtp mode client

Lecturer : Mr. P. Boncoeur Network & Security 2|Page


Réseaux et Sécurité
(Network & Security)
GEII

Result
Both switches : Switch1 and Switch2, now have the VLANS that were configured on Switch0.

Part B : Testing the VLANs

 Configure all end devices as shown in the topology.


 Check the connectivity between devices in the same VLAN and between different VLANs. Devices in same same
VLAN will be able to connect to each other, BUT no connection is allowed between VLANs.

Part C : Inter-VLAN Routing

Working Principle

The router is configured so that it will enable communication between the three VLANs via a single physical interface. The
single physical interface on the router is divided into logical interfaces (sub interfaces). Each sub-interface will then serve
as a default gateway for each of the VLANs. This scenario is called Router on a Stick (R.O.A.S) and will allow the VLANs to
communicate through the single physical interface.

IMPORTANT: No IP address is assigned to the router’s physical interface that we have subdivided into logical sub-
interfaces. We’ll instead assign IP addresses to the sub interfaces.

Section A : Configuration

The router will route traffic from/to all VLANS. Therefore, the connection between the router and the switch must be in
TRUNK mode.

Change the interface Gig1/0/24 of the switch from ACCESS to TRUNK.

These commands (Router) will :


(i) create sub interfaces.
(ii) assign IP address to each sub-interface.
(iii) make the connection in TRUNK mode (802.1Q).

Lecturer : Mr. P. Boncoeur Network & Security 3|Page


Réseaux et Sécurité
(Network & Security)
GEII

802.1Q
It is an open standard protocol developed by IEEE.
It inserts 4 byte tag in original Ethernet frame.
Over the time 802.1Q becomes more popular trunking protocols

Section B : Commands (Router)

Router(config)# int Gig0/0/0


Router(config-if)# no shutdown

Router(config-if)#int Gig0/0/0.100
Router(config-subif)# encapsulation dot1q 100
Router(config-subif)# ip add 192.168.1.1 255.255.255.0

Router(config-if)#int Gig0/0/0.200
Router(config-subif)# encapsulation dot1q 200
Router(config-subif)# ip add 192.168.2.1 255.255.255.0

Router(config-if)# int Gig0/0/0.300


Router(config-subif)# encapsulation dot1q 300
Router(config-subif)# ip add 192.168.3.1 255.255.255.0

Section C : Add the respective Default Gateway to each PC

VLAN 100 :
Default Gateway : 192.168.1.1

VLAN 200 :
Default Gateway : 192.168.2.1

VLAN 300 :
Default Gateway : 192.168.3.1

Result
End devices from all VLANs shoule be able to connect to each other.

Lecturer : Mr. P. Boncoeur Network & Security 4|Page

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy