Bydefault, FE switch ports are Layer 2. The GE ports are 1000BaseT Layer 2. Traffic between different VLANs on a switch is routed through the router platform using the switched virtual interface (SVI). You can configure GE switch ports as Layer 2 ports by configuring the switchport command on interface gigabit ethernet x/y. By default, GE Asked 5 years, 9 months ago Viewed 6k times I'm trying to understand the specifics of trunking a VLAN on two switches. Say I have two switches, both hosting half of VLAN 3. Switch 1 Ports 0-5 on VLAN 3, Port 6 is Trunk Switch 2 Ports 0-5 on VLAN 3, Port 6 is Trunk Do the two switches know what the MAC addresses are of the devices connected to the other switch which are in the same VLAN, or do the switches just know that Port 6 is a VLAN 3 trunk and when they receive a broadcast frame, they just flood the frame to the trunk port with the VLAN tag and expect the switch on the other end to deal with it? Ron Maupin♦ gold badges113 silver badges190 bronze badges asked Sep 11, 2017 at 1511 When a frame enters a switch, the switch will take the source MAC address and update its MAC address table with the interface where the frame entered the switch. That interface can be an access or trunk interface. Broadcast or unknown unicast frames will be sent to all interfaces except the one where the frame entered the switch, including access and trunk interfaces. Known unicast frames will be sent to the switch interface indicated in the switch MAC address table, whether an access or trunk interface. answered Sep 11, 2017 at 1516 Ron Maupin♦Ron gold badges113 silver badges190 bronze badges 6 VLAN3 is just a subnet or another network. Say you have vlan 1 and vlan 3 is Each device in vlan 3 will get the IP. That IP is assigned to the MAC address of the end device This is held in the arp table on a layer 3 device. Only the switch, as it is a layer 2 device, only knows the MAC address of the devices directly attached to it. A Trunk port allows for multiple networks or VLANS to communicate over the same port, But without a layer 3 they cannot talk to one another. A broadcast will be sent to any device on that VLAN or network. It doens't care if it's on switch one or two. answered Sep 11, 2017 at 1518 3 There's 2 thing in your question. First if you consider a single vlan, the port 6 being a trunk is not mandatory, setting the port 6 of both switch as VLAN3 will work. A trunk port has interest when you have multiples vlan on a switch, this mean you have made partitions on your switch, port 1 to 5 on VLAN3, port 7 to 12 on VLAN 4 for example, and you configure your port 6 as trunk to transport vlan 3 and 4. You may achieve the same thing without a trunk port if you keep port 6 in vlan 3 and use port 12 in VLAN 4 to link the two switches for example. A switch records incoming mac address on a port, such that when a packet is directed to a mac address it know where to send it, when it don't know or if it's a broadcast it send it on all ports within the same vlan, trunk included and the switch receiving the packet will scan it's own table before forwarding the packet to the correct port if already know or on all port within the vlan if the mac address is unknown or broadcast. Mainly a vlan is a virtual switch within the switch and the trunk is an aggregation of "virtual ports" to transport multiple vlans on a single link trunk on multiple links are trunks made on port aggregation LACP and are another subject. answered Sep 11, 2017 at 1541 "Switch 2 Ports 0-5 on VLAN 3, Port 6 is Trunk" .. Switch 2 knows that Vlan 3 information on sw1 from switch 1 Port6 mac -address . Through this mac-address frame is forwarded to switch2 from switch 1 After frames is in switch 2 . Traffic will further checks for mac -address table in switch 2, with the reference to this mac -address table frame is forwarded on required interfàce where destination host is connected. answered Dec 10, 2020 at 1150 Sagar UragondaSagar Uragonda8371 gold badge15 silver badges73 bronze badges

Step1: Configure subinterfaces on R1 using the 802.1Q encapsulation. a. Create the subinterface G0/0.10. Set the encapsulation type to 802.1Q and assign VLAN 10 to the subinterface. Refer to the Address Table and assign the correct IP address to the subinterface. R1 (config)# int g0/0.10 R1 (config-subif)# encapsulation dot1Q 10 R1 (config

While echoing Ron and John's comments that there is no universal "best practice" here and there's only what's best for you, I'd like to propose an alternative solution that you haven't mentioned yet. EdgeRouter does support bonding/link aggregation using Link Aggregation Control Protocol LACP. However, in older EdgeRouters, this traffic was not eligible for offloading, which meant bonding for example 4 gigabit ports wouldn't result in 4Gbps of bandwidth. It would produce redundancy, but some bandwidth less than 4Gbps, possibly simply 1Gbps. However, according to this page, newer ER-X, ER-X-SFP, and EP-R6 EdgeRouters support offloading, so aggregating 4 gigabit ports should result in 4Gbps or very near it, allowing for some losses. So, in theory, if you had one of the newer EdgeRouters, and you didn't need certain mutually-exclusive protocols, and your network topology supported it, you could do the following Bond X ports on the router to support XGbps of bandwidth and also redundancy Bond X ports on the switch in the same way Connect X ethernet cables between the bonded router ports and the bonded switch ports Configure your VLANs on the single bonded interface on the router and switch I say this in a rather nebulous way; there are a lot of steps to this, clearly Through this configuration, all the VLANs would be able to take advantage of up to XGbps of bandwidth between the VLANs for allowed traffic, so that you wouldn't have saturated links using all 1Gbps and bottlenecked while other links used only a few Mbps and remained essentially unitized.

Yourrouter only knows about VLAN 1 from your switch because they are both on VLAN 1 so you also have to tell the router how to reach the other VLANs on your switch by setting static routes on your router for each of these VLANs. ip route 255.255.255. 10.0.1.1 for VLAN 2. ip route 10.0.3.0 255.255.255. 10.0.1.1 for VLAN 3.

Since you have not included the router model, I will assume it is a Cisco router, something like an ISR with a built-in switch module. Some Cisco routers can have a built-in or optional, add-on switch modules. The interfaces for this module are switch interfaces, not router interfaces. You need to create VLAN interfaces to link the layer-2 switch to the layer-3 router. You configure the switch interfaces the same way that you do for a layer-2 switch. They are switch interfaces, not router interfaces, so you cannot configure layer-3 on those interfaces. That is where the SVIs come in. You assign a VLAN to each switch interface, and create an SVI for each VLAN. The SVIs get configured with the layer-3 information for the VLAN. The layer-3 addresses configured on the SVIs will be the gateways for the VLANs. The router will also have some router interfaces that get configured for layer-3. Routers will, by default, route everything between its layer-3 interfaces, including SVIs configured for layer-3. Let's assume you have eight switch interfaces GigabitEthernet0 - 7, and two router interfaces GigabitEthernet8 - 9, like a Cisco 892 router. There are two connections to other routers, and there are four VLANs two switch interfaces on each VLAN. The first eight interfaces are switch interfaces, and they are configured like a layer-2 switch. The last two interfaces are router interfaces, and they are configured with layer-3. The four VLAN interfaces are configured as layer-3 interfaces. Routing between the VLANs and the router interfaces will happen, as long as they are configured for layer-3, and there are no other configurations to block, ACLs. The gateways for the VLANs will be the addresses configured on the VLAN interfaces. You could have something like this interface GigbitEthernet0 description VLAN 1 switchport access vlan 1 switchport mode access no shutdown ! interface GigbitEthernet1 description VLAN 1 switchport access vlan 1 switchport mode access no shutdown ! interface GigbitEthernet2 description VLAN 2 switchport access vlan 2 switchport mode access no shutdown ! interface GigbitEthernet3 description VLAN 2 switchport access vlan 2 switchport mode access no shutdown ! interface GigbitEthernet4 description VLAN 3 switchport access vlan 3 switchport mode access no shutdown ! interface GigbitEthernet5 description VLAN 3 switchport access vlan 3 switchport mode access no shutdown ! interface GigbitEthernet6 description VLAN 4 switchport access vlan 4 switchport mode access no shutdown ! interface GigbitEthernet7 description VLAN 4 switchport access vlan 4 switchport mode access no shutdown ! interface GigbitEthernet8 description Link to Router 2 ip address no ip redirects no ip unreachables no ip proxy-arp no shutdown ! interface GigbitEthernet9 description Link to Router 3 ip address no ip redirects no ip unreachables no ip proxy-arp no shutdown ! interface Vlan1 description VLAN1 ip address no ip redirects no ip unreachables no ip proxy-arp no shutdown ! interface Vlan2 description VLAN2 ip address no ip redirects no ip unreachables no ip proxy-arp no shutdown ! interface Vlan3 description VLAN3 ip address no ip redirects no ip unreachables no ip proxy-arp no shutdown ! interface Vlan4 description VLAN4 ip address no ip redirects no ip unreachables no ip proxy-arp no shutdown ! S8000will work if it is 1 VLAN per port and it cannot accept any tagged traffic, you may need a VLAN aware/managed switch for that. On this setup, We have 2 switches connected directly to a port-based VLAN and the S8000 can support it. e.g. Port 1 - VLAN 1 (Data) to Switch 1. Port 2 - VLAN 2 (Voice) to Switch 2 . Regards, A Virtual Local Area Network or VLAN is a way of partitioning computers on a network into cluster groups that serve a common business purpose. The LAN part indicates that we are partitioning physical hardware while the virtual part indicates we are using logic to accomplish it. In this article, we will see how you can create a VLAN and then configure it to allow data packets from another VLAN to cross over into it. Note while we have tried to make the whole exercise of setting up a VLAN as simple as possible, it is assumed that you, the reader, have a basic grasp of network configuration. We also assume that you have a working knowledge of the concepts, and purposes, of IP addresses, gateways, switches, and routers. In addition, you also need to know about navigating the interface and sub-interface configuration procedures on computers and networking devices. Step-by-step – How to set up a VLAN The best way to learn how to set up a VLAN – apart from going to networking school – is to actually do it in a practical exercise. And since we don’t all have routers and switches lying about, it would make sense to create our VLAN in a simulated environment. In this example, we will be using Cisco Packet Tracer to demonstrate how to set up our VLAN. It is one of the easiest, and most realistic, tools to use and allows for both GUI and CLI interfaces. This way you can see the commands that are being executed in real-time even though you are simply clicking and drag-and-dropping as you go about your configuration. The tool can be downloaded, set up, and verified by opening a learning account at Cisco Networking Academy. Don’t worry; you can simply sign up for the FREE Cisco Packet Tracer Course in order to gain full access to the design tool. Also, and apart from the ease-of-use, with Cisco being the market leader, we think this is the appropriate choice to demonstrate how to set up a VLAN. Of course, you can use any other similar tool – because the concept remains the same. A quick online search will show you there are applications – desktop as well browser-based – for every brand of network interface devices out there. Find and work with the one you are most comfortable with. Router-on-a-Stick – the explanation While there are many ways of setting up a VLAN or inter-VLAN, the architecture we will be creating will be making use of what is known as a Cisco Router on a Stick configuration. In this network configuration, our router will have a single physical or logical connection to our network. This router will help bridge the two VLANs – that cannot communicate with one another – by connecting to our switch via a single cable. Here’s how it works data packets that are sent out from a computer in the Accounting VLAN – and intended for a computer in the Logistics VLAN – will travel to the switch. The switch, upon recognizing the packets need to cross over to another VLAN, will forward the traffic to the router. The router, meanwhile, will have one physical interface a network cable, in our example that has been split into two logical sub-interfaces. The sub-interfaces will each be authorized to access one VLAN. When the data packets arrive at the router, they will be forwarded to the correct VLAN via the authorized sub-interface and then arrive at their intended destination. Our Router on a Stick VLAN setup, with inter-VLAN capabilities, will look like this Planning your tasks The whole task of creating our network architecture will be divided into four main categories where you will Connect all devices to form the correct architecture Configure interfaces so all the devices can “talk” to one another Create VLANs and assign computers to their respective VLANs Confirm correct configuration by demonstrating the computers cannot communicate beyond their VLAN So, without further ado, let’s start creating our VLAN. Remember, it will initially have a switch and four computers connected to it. You can bring the router into the design later if you choose to do so. Connect all devices Drag and drop a switch, a router, and four computers into the main design board. For our demo, we will be using a 2960 switch and a 2911 router. The switch will connect to four computers PC0, PC1, PC2, and PC3 using copper straight-through wire connections you will see the description of the hardware and connection types at the very bottom of the Tracer window. Next, connect the switch to each computer using the FastEthernet ports. Once all devices are connected you should have all-green traffic flowing between the devices. As the tool tries to emulate devices booting and connecting in the real world, it might take a minute or two. So don’t worry if the data flow indicators remain orange for a few seconds. If your connections and configurations are correct, it will all soon change to green. To make things easier to grasp, let’s mark the two computers on the left as belonging to the Accounting department blue and the other two as belonging to the Logistics departments red. Configure interfaces Now, let’s start assigning IP addresses so our computers can start communicating with one another. The IP assignments will look like this ACCT PC0 = ACCT PC1 = LOGS PC2 = LOGS PC3 = The default gateway for the computers is for the first two in Accounting, and for the last two computers in Logistics. You can access the configuration by going to the Desktop menu and then clicking on the IP Configuration window. Once you’re there, start filling in the configurations for all the computers When you are done, we can now move on to the switch. First, though, we need to remember that there will be two types of ports on our switch Access Ports these are the ports that will be used to allow everyday devices like computers and servers to connect to it; in our example, these are the FastEthernet 0/1, FastEthernet 1/1, FastEthernet 2/1, and FastEthernet 3/1 – one for each computer. Trunk Ports these are the ports that allow a switch to communicate with another switch – or in our example a VLAN-to-VLAN communication on the same switch via the router – to expand the network; we will use the GigaEthernet0/0 ports on both the connectivity devices. With that in mind, let’s move on to the fun part – configuring the switch to run our VLANs. Create VLANs and assign computers So, let’s create the VLANs first – they will be named ACCT VLAN 10 and LOGS VLAN 20. Go to the switch’s CLI to type in the commands Switchconfig terminal Switchconfigvlan 10 Switchconfig-vlanname ACCT Switchconfig-vlanvlan 20 Switchconfig-vlanname LOGS The commands in your CLI should look like this Or, if you’re not up to it, you can simply use the GUI to create the VLANs and still see the commands run as they are being executed below. Go to the Config-VLAN Database menu and ADD the VLANs by entering their numbers 10,20 and names ACCT, LOGS. Next, we need to assign each port, which the switch uses to connect the computers, to their respective VLANs. You can simply choose the interface and then check the box of the corresponding VLAN from the configuration menu on the right As you can see from the image above, you can alternatively go into the CLI interface of each port and use the command switchport access vlan 10 to perform the same task. Don’t worry; there is a shorter way of doing this in case there are a large number of ports to assign. For example, if you had 14 ports, the command would be Switchconfig-ifint range fa0/1-14 Switchconfig-if-rangeswitchport mode access The second command makes sure that the switch understands the ports are to be ACCESS ports and not TRUNK ports. Confirm correct configuration And that’s it; we have created two VLANs on the same switch. To test it, and confirm our configuration is correct, we can try pinging P1 and P3 from P0. The first ping should be fine while the second one should time out and lose all the packets How to set up an inter-VLAN Now, although we have divided the computers into two VLANs – as was required – it makes more sense that the two departments Accounting and Logistics would need to communicate with one another. This would be the norm in any real-life business environment. After all, logistics couldn’t be purchased or supplied without financial backing, right? So, we need to make sure that ACCT and LOGS are able to communicate – even if they are on separate VLANs. This means we need to create an inter-VLAN communication. Here’s how to go about it We will need the help of our router; it will act as a bridge between the two VLANS – so, go ahead and add a router to your design if you haven’t already done so. Jumping into the configuration, we must understand that we will use one port on the router for both VLANs’ communication by “splitting” it into two ports. Meanwhile, the switch will only use one TRUNK port to send and receive all communications to, and from, the router. So, going back to our router, we will split the GigabitEthernet0/0 interface into GigabitEthernet0/ for VLAN10 and GigabitEthernet0/ for VLAN20. We will then use the IEEE standard protocol for interconnecting switches, routers, and for defining VLAN topologies. Once done, these “sub-interfaces” – as they called – are then assigned to each VLAN that we want to connect or bridge. Finally, remember the gateways – and – we added to the computers’ configurations earlier? Well, these will be the new IP addresses of the split ports or sub-interfaces on the router. The CLI commands to create the sub-interfaces under the GigabitEthernet0/0 interface would be Router configinterface GigabitEthernet0/ Router config-subifencapsulation dot1q 10 Router config-subifip address Repeating it all for the second sub-interface and VLAN we get Router configinterface GigabitEthernet0/ Router config-subifencapsulation dot1q 20 Router config-subifip address Once you close the CLI, you can confirm your configuration is correct by simply moving the mouse over the router to see your work, which should look something like this Now, we know that we can only connect our sub-interfaces on the router to our switch via its trunk port – and so, we will need to create it now. All you need to do is go in the switch’s GigabitEthernet0/0 configuration and run switchport mode trunk. And there you have it; you have just created two VLANs that contain two computers each and which can still communicate with one another. You can prove this by pinging the first Logistics computer PC2 with IP address from the first Accounting computer PC0 with the IP address Great Success! Why set up a VLAN or inter-VLAN At this point, some of you may be wondering why we would need to go through this exercise and bother with VLANs or inter-VLANs at all. Well, there are many reasons, some of which are Security Breaking up a network into components ensures that only authorized users and devices can access a sub-network. You wouldn’t want your accountants to interfere with the work of your logistics department or vice versa. Safety In case there is a virus outbreak, only one subnet would be affected as the devices on one subnet wouldn’t be able to communicate – and thus transfer – the virus to another one. This way, clean-up procedures would be focused on that one subnet which also makes it easier to identify the culprit machine a lot faster. Ensures privacy by isolation If someone wanted to find out about your network’s architecture with the intent of attacking it, they would use a packet sniffer to map out your layout. With isolated sub-networks, the culprits would only be able to get a partial picture of your network thus denying them critical information about your vulnerabilities, for example. Eases network traffic Isolated sub-networks can keep traffic usage down by keeping resource-intensive processes limited to their own scope and not overwhelming the whole network. This means, just because IT is pushing critical updates to the accounting machines, doesn’t mean the logistics department has to face a network slowdown too. Traffic prioritization With businesses that have various types of data traffic the sensitive or resource-hogging packets VoIP, media, and large data transfers, for example can be assigned to a VLAN with larger broadband while those that only need the network to send out emails can be assigned to a VLAN with lesser bandwidth. Scalability When a business needs to scale-up the resources available to its computers it can reassign them to new VLANs. Their administrators simply create a new VLAN and then move the computers into them with ease. As we can see, VLANs help protect a network while also improving the performance of the data packets that travel around it. Static VLAN vs Dynamic VLAN We thought it would be worth mentioning that there are two types of VLANs that available for implementation Static VLAN This VLAN design depends on hardware to create the sub-networks. The computers are assigned to a specific port on a switch and plugged right in. If they need to move to another VLAN, the computers are simply unplugged from the old switch and plugged back into the new one. The problem with this is that anyone can move from one VLAN to another one by simply switching the ports they are connected to. This means administrators would require physical security methods or devices put in place to prevent such unauthorized accesses. Dynamic VLAN This is the VLAN we have just created in the exercise we did earlier. In this VLAN architecture, we have software VLANs where the administrators simply use logic to assign specific IP or MAC addresses to their respective VLANs. This means devices can be moved to any part of the business, and as soon as they connect to the network, they return to their pre-assigned VLANs. There is no need for additional configurations. If there is one drawback with this scenario, it can only be that the business would need to invest in an intelligent switch – a VLAN Management Policy Switch VMPS – which can be on the expensive side when compared to the traditional switch used in static VLANs. It can also be safely assumed here that businesses with a few computers and a smaller IT budget can choose to implement a static VLAN while those with a large number of devices and a need for more efficiency and security would be wise to invest in a dynamic VLAN. Conclusion We hope you have found all the information you needed to learn about how to set up a VLAN. We also hope that the exercise was easy to follow and that you can now go on to build upon the knowledge you have gained. Because, even as you continue to scale upwards, these basic steps remain the same – you simply continue to add hardware and configurations to the basics. VLAN FAQs What is a VLAN?A VLAN is a method that makes networks more efficient by reducing the scope of broadcast transmissions to just a section of the network. A broadcast goes to every part of the network, which can create a lot of traffic all over the system, including to areas that will never need to receive that broadcast or respond to it. Effectively, a VLAN divides up a network into is a VLAN different from a LAN?LAN stands for Local Area Network, which is the common name for a typical network inside an office. The virtual LAN VLAN creates sections of that LAN, which seem to be separate systems, even though they are actually all connected together. The segmentation of the LAN into VLANs happens at the Data Link Layer Layer 2, so it is implemented on switches and bridges. Routers are at the Network Layer Layer 3. They operate for the entire network but use software techniques to distinguish between VLAN sections. The router can bridge between these sections with inter-VLAN are the types of VLAN?There are five types of VLAN Default VLAN Switches have settings that can implement VLANs but these are all initially set to VLAN1. As all switches have the same VLAN, there is only one VLAN operating, which effectively means that the technology is disabled. Data VLAN Also known as a user VLAN, this strategy creates two groups one for users and one for devices. This ill only carry data. Voice VLAN Meant for the office telephone network and implemented with VoIP, this VLAN carries voice traffic. This traffic gets priority over data traffic to ensure a high quality of service. Management VLAN Accesses the management functions of a switch for tasks such as logging, and extracting activity and status data for system monitoring. When other VLANs are set up, the management VLAN should be left as VLAN1. Native VLAN Used for trunk ports that handle traffic from all VLANs, creating a common transmission channel that traffic can be split out of for individual VLANs.
Port1/0/2 handles traffic for both VLANs, while port 1/0/1 is a member of VLAN 2 only, and ports 1/0/3 and 1/0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram. This article applies to the following managed switches and their respective firmware
There are a couple of problems with your idea. You cannot get traffic from one VLAN to another VLAN without routing. Either you have a dedicated router, or a layer-3 switch, which is really a router, too. A layer-2 switch with separate VLANs and SVIs still cannot let hosts on one VLAN communicate with hosts on a different VLAN. Frames can be switched at layer-2 on the same VLAN, but you need to strip the frames to get to the packets to route them between VLANs. Switches are mostly limited to ethernet. Routers are used to connect different physical and data-link protocols, too. Some translating bridges can do some of that at layer-2. For example, WAPs translate layer-2 frames between ethernet and Wi-Fi, but only if they are on the same layer-2 LAN. Even layer-3 switches usually have fewer resources RAM, CPU, etc. than dedicated routers do, and dedicated routers often have special hardware that you do not normally find in switches.

Ihave some questions regarding routing of VLANs between sonicwall acting as router, and Unifi switches. In our design we have 2 interfaces from the sonicwall on the LAN side: X0 (untagged (native), 220 tagged, 230 tagged) "LAN" X1 (untagged (native)) "VOIP" In our current configuration to dell switching, there are two physical links from the

I want to connect two routers to a switch which will then be connected to a modem. Now as far as I know a switch does not do network translation and this won't work with one IP address. So I bought two addresses at my ISP. Attached is a simple schematic that explains what I want to do. Is there any additional configuration needed on either of the routers Linksys WRT54GL to make this work or will it "Just Work"? slhck222k70 gold badges603 silver badges590 bronze badges asked May 29, 2012 at 958 5 This should just work. But i would make sure router 1 and router 2 client sides are on different subnets. answered May 29, 2012 at 1005 SibsterSibster8144 silver badges8 bronze badges 1 EDIT Apparently I was wrong, you can get two different IP addresses while using one Modem to connect. When I tried doing it, it didn't work, so maybe it depends on the ISP or the modem, or maybe I didn't configure it properly... You can use the Routers to manage the clients in two subnets and configure the routers separately. For example, you can use one router to configure a Wireless network and the other to configure a LAN network. answered May 29, 2012 at 1104 ShaharShahar3461 gold badge4 silver badges14 bronze badges 3 it's just work... because switch is device to share connection. You must setting routing table and NAT for routers. in the computer client, you must fill gateway with IP address of router... answered May 31, 2012 at 946 This question is really an old question, Hope you have already solved it, but I have some ideas to share with you. You are talking about 2 physically separate routers connecting to PoE switch. Yes, that is possible. You create 2 vlans on the switch. Lets say you create vlan 100 and 200, then add port,lets say 10 to vlan 100 and port 20 to vlan 200. Now you have one PC connected to port 10 and one PC connected to port 20. And don't forget to assign the IP address. answered Jul 11, 2016 at 235 Mark TwainMark Twain2541 silver badge5 bronze badges

ConfigureVLAN on Cisco Switch. 1. Open the VLAN lab and create these three VLAN and named Marketing, Accounting, and Sales. So let's create them with the following commands. 2. First, change the switch name with " hostname " command. Switch>enable Switch#configure terminal Enter configuration commands, one per line.

Estou configurando a rede em um prédio onde funcionará alguns departamentos da Alura Financeiro e colocar os dois departamentos na mesma rede, porém com isso teríamos alguns problemasComo todos os computadores estariam se comunicando pela mesma via, ao mesmo tempo, a rede poderia ficar mais lenta;Um computador conseguiria "ver" o outro. Isso poderia fazer com que um usuário malicioso direcionasse algum tipo de ataque;Caso ocorresse algum tipo de problema em alguma parte da rede, ambos departamentos seriam temos que configurar duas redes diferentes, cada uma relacionada a um uma primeira abordagem, podemos configurar essas redes fisicamente separadas. Isto é, com um switch para cada departamento, assim como uma interface no roteador. Porém o custo disso seria mais elevado, já que precisaríamos de mais switches e de um roteador com mais maneira seria separar logicamente o switch e o roteador, pois dessa forma, além de separarmos a rede entre os departamentos, estamos economizando também. Esse tipo de configuração é conhecida como as VLansAs VLans, nada mais são do que redes locais Lan virtuais. Ou seja, são redes lógicas configuradas em um mesmo ativo de rede roteadores e switches, por exemplo. Com ela é possível dividir nossa rede em quantas partes precisarmos para o da divisão e economia da rede, temos as seguintes vantagens ao implantar esse tipo de redeMais desempenho, já que o domínio de broadcast fica dividido entre as redes;Mais segurança, apenas os computadores pertencentes a VLan podem "ver" um ao outro;Conseguimos isolar melhor os problemas, como as redes estão separadas, o problema de uma não afeta a agora que sabemos o que é uma VLan e como ela pode nos ajudar, como podemos implementá-la na nossa rede?Para isso vamos dar uma olhada na nossa rede e ver como ela está distribuída Como vimos, nossa rede tem dez máquinas, cinco do departamento Financeiro e cinco de Vendas. Temos também um switch que concentra nossa rede em um único ponto, seguido de um podiamos dividir a rede para que cada departamento faça parte de uma VLan diferente Tanto o nosso switch quanto o nosso roteador são da marca Cisco, em outras palavras, veremos como configurar VLans em dispositivos Cisco. Mas por onde vamos começar?Configurando o switchBem, como é nosso switch que ligará as máquinas, começaremos por nosso switch tem 24 portas e precisamos decidir a qual rede elas vão pertencer. Como são dez máquinas, podemos usar as cinco primeiras portas para uma rede e as cinco seguinte para outra. Deixando as outras livres no caso do números de computadores Uma boa prática é usar a última porta do switch para se conectar ao roteador, e deixar uma margem entre uma porta e outra para o caso da rede crescer. Por exemplo, deixar das portas 1 à 10 para uma VLan e da 11 à 20 para temos que conectar o switch ao roteador. Podemos usar uma das portas que sobraram, a onze, por primeiro passo para configurar o switch é acessar o modo de usuário privilegiado. Para isso temos que digitar, no terminal, o comando enable. Viram que o símbolo > mudou para ? Isso indica que estamos como usuário falar agora que ele será configurado configure via terminal terminal. Portanto configure terminal Notaram que antes da hashtag apareceu escrito config? Os switches e roteadores Cisco nos mostram em que modo estão. Neste caso no modo de podemos configurar nossas VLans, mas como identificá-las?Para isto, cada VLan deve possuir um número de identificação única. Esse número pode estar entre 2 à 1005. Já que nossos dois setores estão no térreo, vamos deixar os ids das VLans terminados em 0, assim saberemos o andar que elas estão. Assim nossa primeira VLan será 1, seguido do 0, ficando dizer ao switch que queremos criar uma vlan que tem o id igual a 10config vlan 10. Perceba que ao criar a VLan 10, o modo do switch mudou para o config-vlan. Ou seja, toda a configuração que fizermos servirá apenas para essa VLan. Sendo assim, para criarmos a outra VLan, precisamos sair do modo de configuração dessa que criamos. Para isso basta digitar exit e já saímos desse modo. Assim podemos criar nossa outra VLan. O comando é similar, basta substituir o número de identificaçãoconfig vlan 20. Maravilha! Criamos nossas duas VLans! Mas como podemos ter certeza que elas foram mesmo criadas?Podemos ver suas configurações com o comando show vlan no modo de usuário privilegiado. Para isso ou digitamos exit até voltarmos a esse ponto, ou então, utilizamos o atalho Ctrl+C, que retorna automaticamente a esse isso, conseguimos listar nossas VLans show vlan Viram? Nossas VLans foram criadas com os ids que informamos, mas que nomes são esses que foram atribuídos as VLans?Quando não informamos nenhum nome para as VLans, esses são atribuídos de maneira automática pelo sistema, neste o sistema nomeou VLAN seguido do id da esses nomes não possuem nenhum significado para nós, ou seja, seria mais intuitivo se fossem nomeados de acordo com o departamento, como Financeiro ou Vendas... Como podemos alterá-los?Alterando o nome das VLansPara alterar os nomes das VLans, temos que ir até seu modo de configuração. Como estamos no modo de usuário privilegiado, temos que digitar configure terminal. Em seguida, digitamos a VLan que queremos configurar, no caso vlan 10config vlan 10Neste modo, falamos que esta VLan terá o nome name, neste caso, FinanceiroSwitchconfig-vlanname Financeiro Para renomear a outra VLan, podemos fazer da mesma forma como fizemos anteriormente, a diferença é que entraremos no modo de configuração da vlan de id 20 Vamos listar as VLans novamente e ver se a alteração funcionou Nossas VLans já estão criadas e com um nome que nos mostra o lugar a que elas e essas outras VLans que estão aparecendo, para que são?Essas são outras VLans padrões usadas pelos roteadores e switches Cisco, sendo a VLan 1 a padrão. Como podemos ver, todas as portas do switch pertencem a para nossa configuração funcionar, as porta precisam estar pertencendo as nossas VLans, logo precisamos atribuir algumas dessas portas a nossa VLan… Como vamos fazer isso?Atribuindo as VLans às portas do switchPara isso, no modo de configuração, temos que acessar a porta que queremos configurar. Ou seja, vamos ter que acessar a interface de rede e atribuir uma VLan a queremos acessar uma interface do switch, digitamos interface seguido do seu tipo Ethernet, Fast Ethernet, no nosso caso é uma fastEthernet e a porta que queremos acessar, 0/1. Precisamos falar que essa porta está conectada a um computador. Isto é, que essa porta do switch switchport ficará no modo mode de acesso access a um dispositivo final computador, notebook, servidor....config-if switchport mode accessE também que essa porta switchport estará acessando a VLan 10 Com isso a porta 1 já está acessando a VLan 10, podemos configurar as outras da mesma maneira. Mas você pode se perguntar"Temos que configurar porta por porta?"Além do modo manual, conseguimos informar para o switch uma variação. Ou seja, um range de portas que terão a mesma dizer que as interfaces dentro da variação range, do tipo fastEthernet de 0/2 até - a porta fastEthernet 0/5config interface range fastEthernet 0/2 - fastEthernet 0/5Agora informamos que essas portas estão conectadas a um dispositivo final e que acessarão a VLan 10 Temos que fazer o mesmo com as portas que pertencerão a outra VLan Atribuímos nossas portas as suas respectivas VLans. Podemos conferir usando aquele comando já conhecido show vlan A configuração do switch foi finalizada. Agora precisamos configurar o roteador para permitir a comunicação da nossa o RoteadorAssim como no switch, temos que acessar o modo de usuário privilegiado enable, para começar nossa configuração. Em seguida digitamos configure terminal para dizer que ele será configurado Os roteadores Cisco vem com suas portas desabilitadas. Ou seja, para utilizá-las precisamos antes habilitá-las. Para isso, temos que acessar essa porta. Podemos fazer isso da mesma maneira que acessamos a porta do que desejamos acessar a interface do tipo fastEthernet, cada roteador tem uma forma de nomear suas porta, no nosso caso essa porta é a 0/0, mas poderia ser outro valor, como 2/1, por exemplo.config interface fastEthernet 0/0Já que queremos ligar essa interface, temos que falar para ela não no ficar desligada shutdown. Com isso nossa porta já está habilitada.config-if no shutdown Para que exista a comunicação entre os computadores da nossa rede, precisamos informar um endereço IP. Um para cada rede."Mas o switch só se conecta a uma porta no roteador, como vamos configurar dois endereços diferentes em um mesmo lugar?"Dividindo a interface do roteadorDa mesma forma que conseguimos dividir o switch, conseguimos dividir a interface do roteador em partes menores, criando subinterfaces que responderão a redes acessar essa subinterface, temos que informar a interface que queremos acessar config interface fastEthernet 0/0. E, para informar a subinterface, digitamos . ponto e o seu número, 10 por exemplo.config interface fastEthernet 0/ Precisamos informar que a subinterface 0/ neste caso está associada a uma VLan. Logo, precisamos dizer que ela está encapsulada encapsulation em uma VLan dot1Q seguido do id da VLan.config-subif encapsulation dot1Q 10 O próximo passo é informar o endereço IP dessa subinterface. Podemos informar qualquer endereço IP privado, no nosso caso, vamos utilizar para uma rede e para o que queremos informar é um endereço IP basta digitarmos ip address seguido do número e da máscaraconfig-subif ip address Vamos fazer o mesmo para a outra subinterface. Vamos acessá-la config interface fastEthernet 0/ que ela está associada a VLan 20 config-subif encapsulation dot1Q 10E terá como endereço IP config-subif ip address Endereços atribuídos. Como podemos ver se nossa configuração está funcionando? Testando! Vamos abrir o terminal em um computador de um setor e tentar pingar a máquina de um outro setor Hum… por quê não funcionou?Lembra do nosso switch? Nós atribuímos a cada porta uma rede distinta, certo? Logo as interfaces só se comunicam com a rede da qual fazem parte. Ou seja, a porta que conecta o switch ao roteador precisa transmitir os dados das duas VLans para ocorrer a comunicação. Como podemos fazer isso?Configurando uma porta trunk no switchUma interface que transmite os dados de todas as VLans é chamada de trunk. Para conseguirmos configurá-la temos que acessar o modo de configuração do switch. Precisamos acessar a interface que conecta ao roteador. No nosso caso essa é a interface 0/11config interface fastEthernet 0/11 Agora vamos falar que essa porta do switch switchport não está no modo mode de conexão a um dispositivo final, e sim em um modo em que junta todas as VLans trunk.config-if switchport mode trunk Vamos testar novamente e ver se nossas duas máquinas conseguem conversar entre si Sucesso! Agora temos duas redes separadas logicamente que conseguem se saber maisVeja que neste caso foi interessante juntar todas as VLans na porta trunk, porém existem casos em que nós precisamos isolar essas VLans escolhendo quais passarão pela porta trunk. Apesar de esse não ser a proposta desse post, você pode conferir aqui essa configuração..ConclusãoVimos nesse post o problema que tínhamos ao conectar duas redes distintas e como as VLans seriam uma solução. Vimos como configurá-las nos switches e nos roteadores fazendo existir comunicação entre de redes? Essa é só uma pequena parte de muitas outras. Aqui na Alura temos uma formação em redes de computadores onde você aprenderá sobre VLans, protocolos, como configurar listas de acesso, segurança e muito mais! hwN3Ne.
  • 4sr0llh5tm.pages.dev/199
  • 4sr0llh5tm.pages.dev/236
  • 4sr0llh5tm.pages.dev/349
  • 4sr0llh5tm.pages.dev/262
  • 4sr0llh5tm.pages.dev/234
  • 4sr0llh5tm.pages.dev/193
  • 4sr0llh5tm.pages.dev/229
  • 4sr0llh5tm.pages.dev/215
  • 4sr0llh5tm.pages.dev/166

    • vlan 2 switch 1 router