Wednesday, November 24, 2010

Super VLAN

Network Diagram

Figure 6 Network diagram for super VLAN configuration

Network Requirements

As shown in Figure 6, Switch A works at the distribution layer to distribute traffic for the numerous hosts attached to the access switches connected to Switch A. All the hosts are assigned IP addresses from network segment 10.0.0.0/24. Switch A connects to the external network through VLAN-interface 20.
For management sake, assign these hosts to three VLANs to prevent Layer 2 communication between the hosts in different VLANs.
To save IP address resources, use VLAN-interface 10 on Switch A as the gateway to the external network for all the hosts in the three VLANs rather than assigning subnets for the VLANs separately. In addition, to enable the hosts in different VLANs to communicate at Layer 3, ARP proxy is used.

Isolate-User-VLAN

Network Diagram

Figure 5 Network diagram for isolate-user-VLAN configuration

Network Requirements

Device B and Device C are located in two independent networks, each device configured with VLANs as required. Due to network design changes, you are required to use Device A to interconnect Device B and Device C. When doing that, consider the following:



For security sake, devices attached to Device B should not communicate directly with devices attached to Device C. However, because the VLANs on Device B and Device C overlap, Host A and Host C will be in the same VLAN after the network design changes, which can result in safety problems, as shown in Figure 5. To address the problem, you can use the isolate-user-VLAN function to make VLAN 2 and VLAN 3 on Device B and VLAN 3 and VLAN 4 on Device C become locally significant. On Device A, use VLAN 5 and VLAN 6 to isolate the two networks, without having to consider their respective internal VLAN configurations.



Configure VLAN interfaces on Device A for forwarding packets between the two networks at Layer 3.

Configuration Example

Configuration on Device B
#
vlan 2 to 3
#
vlan 5
 isolate-user-vlan enable
#
interface GigabitEthernet2/0/1
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 3 5 untagged
 port hybrid pvid vlan 3
#
interface GigabitEthernet2/0/2
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 2 5 untagged
 port hybrid pvid vlan 2
#
interface GigabitEthernet2/0/5
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 2 3 5 untagged
 port hybrid pvid vlan 5
#
isolate-user-vlan 5 secondary 2 3

Configuration on Device C
#
vlan 3 to 4
#
vlan 6
 isolate-user-vlan enable
#
interface GigabitEthernet2/0/3
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 3 6 untagged
 port hybrid pvid vlan 3
#
interface GigabitEthernet2/0/4
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 4 6 untagged
 port hybrid pvid vlan 4
#
interface GigabitEthernet2/0/5
 port link-type hybrid
 undo port hybrid vlan 1
 port hybrid vlan 3 4 6 untagged
 port hybrid pvid vlan 6
#
isolate-user-vlan 50 secondary 2 3

Configuration on Device A
#
vlan 5 to 6
#
interface Vlan-interface 5
 ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface 6
 ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet2/0/1
 port access vlan 5
#
interface GigabitEthernet2/0/2
 port access vlan 6

You might also like:

SATTA KING
free online proxy list pro
mixads
EBB Series economical bending beam Load Cell CAL-TEDS Plug & Play Smart load cell option is a AD9 connector with EEPROM attached to cable
Visit our website for more info.


NYC Car Service and Limousine Service in New York to JFK, LGA, EWR, LaGuardia and Newark Airport NJ

IP Subnet-Based VLAN

Network Diagram

Figure 4 Network diagram for IP subnet-based VLAN configuration

Network Requirements

As shown in Figure 4, hosts in the office area are configured on two network segments 192.168.5.0/24 and 10.200.50.0/24. Configure IP subnet-based VLANs on the switch to enable GigabitEthernet 1/0/1 of the switch to transmit packets received from different network segments in different VLANs to the corresponding gateways (Router A and Router B).
Packets from network segment 192.168.5.0/24 are transmitted in VLAN 100, and packets from network segment 10.200.50.0/24 are transmitted in VLAN 200.

Configuration Example

#
vlan 100
 ip-subnet-vlan 0 ip 192.168.5.0 255.255.255.0
#
vlan 200
 ip-subnet-vlan 0 ip 10.200.50.0 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid vlan 1 100 200 untagged
 port hybrid ip-subnet-vlan vlan 100
 port hybrid ip-subnet-vlan vlan 200
#
interface Ethernet1/0/11
 port access vlan 200
#
interface Ethernet1/0/12
 port access vlan 100

Protocol-Based VLAN

Network Diagram

Figure 3 Network diagram for protocol-based VLAN configuration

Network Requirements

As shown in Figure 3, configure protocol-based VLANs on the switch to satisfy the following requirements:
l          IPv4 hosts in the office area and lab area can communicate with the IPv4 server; IPv6 hosts in the office area and lab area can communicate with the IPv6 server.
l          The IPv4 server and IPv6 server are in different VLANs.
l          IPv4 packets are isolated from IPv6 packets through VLANs.
l          The IPv4 network uses VLAN 100, and IPv6 network uses VLAN 200.

Configuration Example

#
vlan 100
 protocol-vlan 0 ipv4
#
vlan 200
 protocol-vlan 0 ipv6            
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid vlan 1 100 200 untagged
 port hybrid protocol-vlan vlan 100 0
 port hybrid protocol-vlan vlan 200 0
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid vlan 1 100 200 untagged
 port hybrid protocol-vlan vlan 100 0
 port hybrid protocol-vlan vlan 200 0
#
interface Ethernet1/0/11
 port access vlan 100
#
interface Ethernet1/0/12
 port access vlan 200

MAC-Based VLAN

Network Diagram

Figure 2 Network diagram for MAC-based VLAN configuration


Network Requirements

l          As shown in Figure 2, GigabitEthernet 1/0/1 of Switch A and GigabitEthernet 1/0/1 of Switch B are each connected to a meeting room. Laptop 1 and Laptop 2 are used for meeting and each of them may be used in any of the two meeting rooms.
l          Laptop 1 and Laptop 2 are owned by different departments. The two departments use VLAN 100 and VLAN 200 respectively. It is required that each Laptop could access only its corresponding server regardless of the meeting room it is used in.
l          The MAC address of Laptop 1 is 000d-88f8-4e71, and that of Laptop 2 is 0014-222c-aa69.

Configuration Example

l          Configuration on Switch A
#
 mac-vlan mac-address 000d-88f8-4e71 vlan 100 priority 0
 mac-vlan mac-address 0014-222c-aa69 vlan 200 priority 0
#
vlan 100
#
vlan 200
#
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid vlan 1 100 200 untagged
 mac-vlan enable
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk permit vlan 1 100 200
The configuration on Switch B is the same as that on Switch A.
l          Configuration on Core Switch
#
vlan 100
#
vlan 200
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/4
 port link-type trunk
 port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/13
 port access vlan 100
#
interface GigabitEthernet1/0/14
 port access vlan 200         

Port-Based VLAN

Network Diagram

Figure 1 Network diagram for port-based VLAN configuration

Network Requirements

l          As shown in Figure 1, Switch A and Switch B connect to Host 1 and Server 1 of a department and Host 2 and Server 2 of another department.
l          To isolate the communication between the two departments at Layer 2, assign Host 1 and Server 1 to VLAN 100 with the descriptive string being Dept1, and Host 2 and Server 2 to VLAN 200 with the descriptive string being Dept2.
l          Configure VLAN interfaces for the two VLANs on Switch A for forwarding data from Host 1 to Server 2 at Layer 3.

Configuration Example

l          Configuration on Switch A
#
vlan 100
 description dept1
#
vlan 200
 description dept2     
#
interface Vlan-interface 100
 ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface 200
 ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 port access vlan 100
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk permit vlan 1 100 200
l          Configuration on Switch B
#
vlan 100
 description dept1
#
vlan 200
 description dept2     
#
interface GigabitEthernet1/0/10
 port link-type trunk
 port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/11
 port access vlan 200
#
interface GigabitEthernet1/0/12
 port access vlan 200
#
interface GigabitEthernet1/0/13
 port access vlan 100

Search & Buy Amazon Products at discounted rate!!

Newsletter

Subscribe to AtoZ-networking Newsletter

Do you want to receive Linux FAQs, Microsoft FAQ, Solaris FAQ, detailed Networking tutorials and tips published at atoz-networking? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

Sign-up for the newsletter