5, Switch division VLAN configuration

Posted by kanenas.net on Fri, 24 Dec 2021 16:05:58 +0100

Experimental objectives:

  1. Understand the basic configuration of virtual LAN (VLAN)
  2. Master the configuration method of VLAN divided by port of general switch
  3. Master the configuration method of Tag VLAN

Experimental background:

The PCs of the finance department and the sales department in a company communicate through two switches. It is required that the PCs of the finance department and the sales department can communicate. However, for the sake of data security, the sales department and the finance department need to be isolated from each other. Now we need to make appropriate configuration on the switch to achieve this goal.

Technical principle:

  1. VALN refers to the logical division of a physical network segment into several virtual LANs. The biggest characteristic of VLAN is that it is not limited by physical location and can be divided flexibly. VLAN has all the characteristics of a physical network segment, and hosts in the same VLAN can communicate with each other, The mutual access between hosts of different valns must be forwarded through the routing equipment. Broadcast packets are only broadcast in this VLAN and cannot be transmitted to other VLANs.
  2. Port VLAN is one of the ways to realize VLAN. It uses the port of the switch to divide VLAN. A port can only belong to one VLAN.
  3. Tag VLAN is another type based on the switch port. It is mainly used for direct access between hosts in the same VLAN of the switch and isolation of hosts in different VLANs. Tag VLAN complies with IEEE802 According to the standard of 1q protocol, when using the port configured with tag VLAN for data transmission, it is necessary to add 8021 of 4 bytes in the data frame Q tag information is used to indicate which VLAN the data frame belongs to, so that the switch can filter the data frame standard after receiving it.

Experiment Description:

  1. In the same LAN, to realize that PC0 and PC2 are the same packet, PC1 and PC3 belong to the same packet, PC0 and PC1, PC2 and PC3 use the same switch respectively
  2. When the four PCs use the same gateway, the four PCs are divided into VLAN groups to realize the mutual isolation between the two groups

Experimental steps:

  1. Create a new Packet Tracer topology
  2. Partition VLAN
  3. Divide the ports into corresponding VLAN s
  4. Set Tag VLAN Trunk property
  5. test

Experimental equipment:

Switch_2960 2 sets; 4 pcs; Direct connection;

Configure PC:

PC1: 
IP: 192.168.1.2
Submark: 255.255.255.0
Gateway: 192.168.1.1

PC2: 
IP: 192.168.1.3
Submark: 255.255.255.0
Gateway: 192.168.1.1

PC3: 
IP: 192.168.1.4
Submark: 255.255.255.0
Gateway: 192.168.1.1

PC4: 
IP: 192.168.1.5
Submark: 255.255.255.0
Gateway: 192.168.1.1

Configure switch:

Switch>en
Switch#conf t
Switch(config)#vlan 2 / / add a new virtual port vlan 2 to the switch
Switch(config-vlan)#exit  
Switch(config)#vlan 3 / / add a new vlan 3
Switch(config-vlan)#exit
 
Switch(config)#interface f0/1 / / switch to fa 0/1 port and bind the port to vlan2
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
 
Switch(config)#interface f0/2 / / switch to fa 0/2 port and bind the port to vlan3
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit
 
Switch(config)#interface f0/24 / / switch to FA 0 / 24 (switch connection port in the example),
Switch(config-if)#switchport mode trunk / / and change its connection mode to trunk
Switch(config-if)#end
 
Switch#show vlan / / displays the vlan configuration of the switch

Configure switch 2: the configuration is the same as that of the above switch:

Switch>en
Switch#conf t
Switch(config)#vlan 2 / / add a new virtual port vlan 2 to the switch
Switch(config-vlan)#exit  
Switch(config)#vlan 3 / / add a new vlan 3
Switch(config-vlan)#exit
 
Switch(config)#interface f0/1 / / switch to fa 0/1 port and bind the port to vlan2
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
 
Switch(config)#interface f0/2 / / switch to fa 0/2 port and bind the port to vlan3
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit
 
Switch(config)#interface f0/24 / / switch to FA 0 / 24 (switch connection port in the example),
Switch(config-if)#switchport mode trunk / / and change its connection mode to trunk
Switch(config-if)#end
 
Switch#show vlan / / displays the vlan configuration of the switch

ping test:

  1. It is impossible to ping PC2 with PC1, and it is impossible to ping PC4 with PC3
  2. Using PC1 to ping PC3 is connected, and using PC2 to ping PC4 is connected

This experiment is the division of VLAN s to connect or isolate PC s in the same physical network segment

Topics: Cyber Security Network Protocol

Hot Topics

©2024 Programmer Think