Lab Manual - Virtual University of Pakistan



Lab ManualCS601 – Data CommunicationLAB No. 15Interfaces (Switch) configuration for VLAN Department of Computer Science, Virtual University of Pakistan LAB 15Lab Title: Interfaces (Switch) configuration for VLAN Tool: Cisco Packet Tracer, any version (7.1.1)Tool Download Link: Objective: To make students learn use of tool and basic configuration of VLAN on the tool.Lab instructionsThis lab will test your ability to configure VLAN settings on Cisco switch network interfaces using Packet Tracer 7.1.1.Pre-requisite Lab Topic Information:What is VLANS?VLAN a short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN.VLANs are configured through software rather than hardware, because VLANs are based on logical instead of physical connections, which make them extremely flexible.Why VLANs?If you want for example to separate the different departments of your enterprise into different IP sub networks, A group of devices on a LAN that are configured (using management software) so that they can communicate as if they were attached to the same wire, (VLANs) within the same switch, supporting traffic isolation between logically different networks.Types of VLANsVLANs are usually created by the network administrator, assigning each port of every switch to a VLAN. Depending on the network infrastructure and security policies, the assignment of VLANs can be implemented using two different methods: Static or Dynamic memberships - these two methods are also known as VLAN memberships. Static VLANsStatic VLAN membership is perhaps the most widely used method because of the relatively small administration overhead and security it provides. With Static VLANs, the administrator will assign each port of the switch to one VLAN. Once this is complete, they can simply connect each device or workstation to the appropriate port.The picture below depicts an illustration of the above, where 4 ports have been configured for 4 different VLANs:371475-63500 Figure: 1 Port Assigning to VLANThe picture shows a Cisco switch, where ports 1, 2, 7 and 10 have been configured and assigned to VLANs 1, 5, 2 and 3 respectively.Static VLANs are certainly more secure than traditional switches while also considerably easy to configure and monitor. As one would expect, all nodes belonging to a VLAN must also be part of the same logical network in order to communicate with one another.Dynamic VLANsDynamic VLANs were introduced to grant the flexibility and complexity that Static VLANs did not provide. Dynamic VLANs are quite rare because of their requirements and initial administrative overhead.Dynamic VLANs, as opposed to Static VLANs, do not require the administrator to individually configure each port, but instead, a central server called the VMPS (VLAN Member Policy Server). The VMPS is used to handle the on-the-spot port configuration of every switch participating on the VLAN network. 62865012255500 Figure: 2 Dynamic VLANThe diagram on the left shows us a VLAN capable switch that has been configured to support Dynamic VLANs. On port No.5, we have connected a simple switch (not VLAN aware) from which another 4 workstations are connected.Ports of VLANsThe Ports are actually the communication points on the switch, by default all the ports on the switch are known as switching ports.On a Cisco switch, ports are assigned to a single VLAN. These ports are referred to as access ports and provide a connection for end users or node devices, such as a router or server. By default all devices are assigned to VLAN 1, known as the default VLAN. After creating a VLAN, you can manually assign a port to that VLAN and it will be able to communicate only with or through other devices in the VLAN. Access PortAn "access port" is a type of connection on a switch that is used to connect a guest virtual machine that is VLAN unaware. This port provides the virtual machine with connectivity through a switch that is VLAN aware without requiring it to support VLAN tagging. Trunk PortA "trunk port" is a type of connection on a switch that is used to connect a guest virtual machine that is VLAN aware. Generally, all frames that flow through this port are VLAN tagged. The exception to this is when a trunk port is granted access to the untagged VLAN set (native VLAN ID).Protocols of VlansThe protocol most commonly used today in configuring virtual LANs is IEEE 802.1Q. The IEEE committee defined this method of multiplexing VLANs in an effort to provide multivendor VLAN support. Prior to the introduction of the 802.1Q standard, several proprietary protocols existed, such as Cisco's ISL (Inter-Switch Link) and 3Com's VLT (Virtual LAN Trunk). Cisco also implemented VLANs over FDDI by carrying VLAN information in an IEEE 802.10 frame header, contrary to the purpose of the IEEE 802.10 standard. Inter-Switch Link (ISL)Inter-Switch Link (ISL) is a Cisco proprietary protocol used to interconnect multiple switches and maintain VLAN information as traffic travels between switches on trunk links. This technology provides one method for multiplexing bridge groups (VLANs) over a high-speed backbone. It is defined for Fast Ethernet and Gigabit Ethernet, as is IEEE 802.1Q. ISL has been available on Cisco routers since Cisco IOS Software.As ISL is Cisco's propriety tagging method that’s why it only supports Cisco's equipment through Fast & Gigabit Ethernet links. ISL is an encapsulation protocol operates on trunk port used in Vlans to provide secure data transfer between two Vlans. IEEE 802.1Q The IEEE 802.1q tagging method is the most popular and a standard encapsulation as it allows the seamless integration of VLAN capable devices from all vendors who support the protocol. IEEE 802.1q is the default encapsulation set on the switches in order to provide secure data connection through trunk ports.The 802.1Q standard can create an interesting scenario on the network. Recalling that the maximum size for an Ethernet frame as specified by IEEE 802.3 is 1518 bytes, this means that if a maximum-sized Ethernet frame gets tagged, the frame size will be 1522 bytes, a number that violates the IEEE 802.3 standard. Practical Demonstration of the Concept (LAB) as Stated Configuration of VLANsThe configuration of switch involves logical segments of LAN, so that every department is spared in terms of communication to gain secure connection.ExampleConfiguring Layer 2 VLANs on Cisco switches. Up to 4094 VLANs can be configured on Cisco catalyst switches. By default, only VLAN 1 is configured on the switch and all the switching ports are the part of only one vlan. Let’s assume the following scenario:CS Department : IP Subnet 192.168.2.0/24 –> VLAN 2 Management Department: IP Subnet 192.168.3.0/24 –> VLAN 3 Accounts Department: IP Subnet 192.168.4.0/24 –> VLAN 4Different VLANs allows the network administrators to enforce traffic restrictions if needed between departments and have better control of internal hosts. If you have more than one switch connected and you want the same VLANs to belong across all switches, then a Trunk Port must be configured between the switches. 276225-6731000 Figure: 3 VLANs communicating through Trunk PortWe have three VLANs. VLAN 2,3, and 4. VLAN 4 belongs both to SWITCH 1 and SWITCH 2, therefore we need a Trunk Port between the two switches in order for hosts in VLAN4 in Switch 1 to be able to communicate with hosts in VLAN4 in Switch 2.The ports of the two switches shall be configured as following:1 Switch Port ConfigurationSwitch1Fe0/1–Fe0/2–>VLAN2 (CS) Fe0/10–Fe0/11–>VLAN4 (Accounts) Fe0/24 –> Trunk PortSwitch2:Fe0/1–Fe0/2–>VLAN3 (Management) Fe0/10–Fe0/11–>VLAN4 (Accounts) Fe0/24 –> Trunk Port1.1 Switch 1 Configuration:Create VLANs 2 and 4 in the switch database: Switch1# configure terminalSwitch1 (config) # vlan 2Switch1 (config-vlan) # name CSSwitch1 (config-vlan) # endSwitch1 (config) # vlan 4Switch1 (config-vlan) # name ManagementSwitch1 (config-vlan) # endAssign Ports Fe0/1 and Fe0/2 in VLAN 2Switch1 (config) # interface fastethernet0/1Switch1 (config-if) # switchport mode accessSwitch1 (config-if) # switchport access vlan 2Switch1 (config-if) # endSwitch1 (config) # interface fastethernet0/2Switch1 (config-if) # switchport mode accessSwitch1 (config-if) # switchport access vlan 2Switch1 (config-if) # end1028700-44767500Figure: 4 Fe0/1, Fe0/2 Assigned to VLAN2Assign Ports Fe0/10 and Fe0/11 in VLAN 4Switch1 (config) # interface fastethernet0/10Switch1 (config-if) # switchport access vlan 4Switch1 (config-if) # endSwitch1 (config) # interface fastethernet0/11Switch1 (config-if) # switchport mode accessSwitch1 (config-if) # switchport access vlan 4Switch1 (config-if) # end479425-39052500Figure: 5 Fe0/10, Fe0/11 Assigned to VLAN4Create Trunk Port Fe0/24Switch1 (config) # interface fastethernet0/24Switch1 (config-if) # switchport mode trunkSwitch1 (config-if) # switchport trunk encapsulation dot1qSwitch1 (config-if)# end609600-42862500 Figure: 6 Fe0/24 Assigned to VLAN2Similarly for Switch- 2, we create vlan and configure port as a part of that Vlan.The same VLANs are only able to communicate with each other with respect to ports, which also are the member of same VLAN communicating.Note that for communication between two access ports of two different switches, both the access ports must be the member of same Vlans.Mechanism to Conduct Lab: Students and teacher communicate through Skype/Adobe Connect. Students perform the task using the Packet Tracer Simulator.Outcome/Result:Students will be well capable after having comprehensive detailed lab to develop any kind of LAN network based on VLANS. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download