Thursday, 19 October 2017

Virtual Local Area Network (VLAN)

Consider the scenario. You are working in a bank as a network engineer. The bank ask you to make a separate domain for the treasury department and finance department so they could not communicate with each other. Now, the treasury department consist of 10 users and the finance department consist of 5 users. Now to separate there domain you need to buy one switch for each department which will be expensive. Now instead of buying different switches from different department you can separate the department's domain using a single switch. The concept of separating  LAN's in a single domain is called Virtual Local Area Network (VLAN's).

Now open your Cisco Packet Tracer and connect 4 workstations with a switch using a straight cable. Consider 2 pc's of treasury department with interface fa0/1 and fa0/2 and 2 pc's of finance department with interface fa0/3 and fa0/4. Assign APIPA IP's to each pc. Click on the pc then go to the IP configuration and click on DHCP.




Now go to pc0 of treasury department's command prompt and write the command ping and the IP of PC 3 which is in finance department.It will give the reply because the treasury department and the finance department are on the same domain.




Now to separate these depart we will use VLAN's. Note that one vlan contains only one domain. Now go to the switch and create 2 VLAN.

Switch>en
Switch#config t
switch(config)#Vlan 2
switch(config-vlan)#name Vlan02
switch(config)#Vlan 3
switch(config-vlan)#name Vlan03

After you have created Vlan's we will go to the port(interface) config mode of those interfaces through which the pc's are connected. The treasury department port's are fa0/1 and fa0/2 and the finance department port's are fa0/3 and Fa0/4. Assign vlan 2 to treasury department and vlan 3 to finance department if you are assigning VLAN's to multiple ports then you don't have to access single port at a time to assign VLAN's. Instead use the "interface range" command to access multiple port and giving same configuration to all at a same time.

Switch>en
Switch#config t
switch(config)#
switch(config)#interface range fa0/1-fa0/2`
switch(config-if-range)#switchport mode access
switch(config-if-range)#switchport access vlan 2
switch(config)#interface range fa0/3-fa0/4
switch(config-if-range)#switchport mode access
switch(config-if-range)#switchport access vlan 3
switch(config-if-range)#exit

Now again go to pc01 and command prompt and ping pc03. This time the pc will not reply because it is on the separate domain.This means that you have configured the VLAN's correctly.remember all ports of the switch are already assigned to default VLAN which is VLAN 1.To see your VLAN status write the command on "show vlan brief" where you can see VLAN information.









                                                                                                                                                                     
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)