Posts

Showing posts from November, 2010

Super VLAN

Image
Network Diagram Figure 6  Network diagram for super VLAN configuration Network Requirements As shown in  Figure 6 , Switch A works at the distribution layer to distribute traffic for the numerous hosts attached to the access switches connected to Switch A. All the hosts are assigned IP addresses from network segment 10.0.0.0/24. Switch A connects to the external network through VLAN-interface 20. For management sake, assign these hosts to three VLANs to prevent Layer 2 communication between the hosts in different VLANs . To save IP address resources, use VLAN-interface 10 on Switch A as the gateway to the external network for all the hosts in the three VLANs rather than assigning subnets for the VLANs separately. In addition, to enable the hosts in different VLANs to communicate at Layer 3, ARP proxy is used.

Isolate-User-VLAN

Image
Network Diagram Figure 5  Network diagram for isolate-user-VLAN configuration Network Requirements Device B and Device C are located in two independent networks, each device configured with VLANs as required. Due to network design changes, you are required to use Device A to interconnect Device B and Device C. When doing that, consider the following: For security sake, devices attached to Device B should not communicate directly with devices attached to Device C. However, because the VLANs on Device B and Device C overlap, Host A and Host C will be in the same VLAN after the network design changes, which can result in safety problems, as shown in Figure 5. To address the problem, you can use the isolate-user-VLAN function to make VLAN 2 and VLAN 3 on Device B and VLAN 3 and VLAN 4 on Device C become locally significant. On Device A, use VLAN 5 and VLAN 6 to isolate the two networks, without having to consider their respective internal VLAN configurations.

IP Subnet-Based VLAN

Image
Network Diagram Figure 4  Network diagram for IP subnet-based VLAN configuration Network Requirements As shown in  Figure 4 , hosts in the office area are configured on two network segments 192.168.5.0/24 and 10.200.50.0/24. Configure IP subnet-based VLANs on the switch to enable GigabitEthernet 1/0/1 of the switch to transmit packets received from different network segments in different VLANs to the corresponding gateways (Router A and Router B). Packets from network segment 192.168.5.0/24 are transmitted in VLAN 100, and packets from network segment 10.200.50.0/24 are transmitted in VLAN 200. Configuration Example # vlan 100  ip-subnet-vlan 0 ip 192.168.5.0 255.255.255.0 # vlan 200  ip-subnet-vlan 0 ip 10.200.50.0 255.255.255.0 # interface GigabitEthernet1/0/1  port link-type hybrid  port hybrid vlan 1 100 200 untagged  port hybrid ip-subnet-vlan vlan 100  port hybrid ip-subnet-vlan vlan 200 # interface Ethernet1/0/11  port access vlan 200 # interface Ethernet1/0/12  port access vla

Protocol-Based VLAN

Image
Network Diagram Figure 3  Network diagram for protocol-based VLAN configuration Network Requirements As shown in  Figure 3 , configure protocol-based VLANs on the switch to satisfy the following requirements: l            IPv4 hosts in the office area and lab area can communicate with the IPv4 server; IPv6 hosts in the office area and lab area can communicate with the IPv6 server. l            The IPv4 server and IPv6 server are in different VLANs. l            IPv4 packets are isolated from IPv6 packets through VLANs. l            The IPv4 network uses VLAN 100, and IPv6 network uses VLAN 200. Configuration Example # vlan 100  protocol-vlan 0 ipv4 # vlan 200  protocol-vlan 0 ipv6             # interface GigabitEthernet1/0/1  port link-type hybrid  port hybrid vlan 1 100 200 untagged  port hybrid protocol-vlan vlan 100 0  port hybrid protocol-vlan vlan 200 0 # interface GigabitEthernet1/0/2  port link-type hybrid  port hybrid vlan 1 100 200 untagged  port hybrid protocol-vlan vlan 100

MAC-Based VLAN

Image
Network Diagram Figure 2  Network diagram for MAC-based VLAN configuration Network Requirements l            As shown in  Figure 2 , GigabitEthernet 1/0/1 of Switch A and GigabitEthernet 1/0/1 of Switch B are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meeting and each of them may be used in any of the two meeting rooms. l            Laptop 1 and Laptop 2 are owned by different departments. The two departments use VLAN 100 and VLAN 200 respectively. It is required that each Laptop could access only its corresponding server regardless of the meeting room it is used in. l            The MAC address of Laptop 1 is 000d-88f8-4e71, and that of Laptop 2 is 0014-222c-aa69. Configuration Example l            Configuration on Switch A #  mac-vlan mac-address 000d-88f8-4e71 vlan 100 priority 0  mac-vlan mac-address 0014-222c-aa69 vlan 200 priority 0 # vlan 100 # vlan 200 # # interface GigabitEthernet1/0/1  port link-type hybrid  port hybrid vlan 1 100 200 untagged  mac

Port-Based VLAN

Image
Network Diagram Figure 1  Network diagram for port-based VLAN configuration Network Requirements l            As shown in  Figure 1 , Switch A and Switch B connect to Host 1 and Server 1 of a department and Host 2 and Server 2 of another department. l            To isolate the communication between the two departments at Layer 2, assign Host 1 and Server 1 to VLAN 100 with the descriptive string being Dept1, and Host 2 and Server 2 to VLAN 200 with the descriptive string being Dept2. l            Configure VLAN interfaces for the two VLANs on Switch A for forwarding data from Host 1 to Server 2 at Layer 3. Configuration Example l            Configuration on Switch A # vlan 100  description dept1 # vlan 200  description dept2      # interface Vlan-interface 100  ip address 192.168.1.1 255.255.255.0 # interface Vlan-interface 200  ip address 192.168.2.1 255.255.255.0 # interface GigabitEthernet1/0/1  port access vlan 100 # interface GigabitEthernet1/0/2  port link-type trunk  port trunk