Implementing VLANs on a single switch
text
Experiment name
Implementing VLANs on a single switch
Purpose
Learn how to divide port-based VLANs on switches and how to
add ports to VLANs.
Experiment preparation
background description
Suppose a small business has two departments: the sales department and the technical department. Their computers are
connected to the same switch. For the sake of data security, the sales department and the technical department need to be
isolated from each other. Now, the switch needs to be properly configured to achieve this goal.
demand analysis
The port isolation of the switch is realized by dividing the Port VLAN, so that
the computers in the same VLAN can communicate with each other, but the computers in different VLANs cannot communicate directly.
Experimental topology
Preliminary knowledge
Basic configuration method of switch, working principle and configuration method of port-based VLAN
.
Experimental principle
VLAN (Virtual Local Area Network, virtual local area network) refers to the
logical division of a physical local area network into several virtual local area networks. The biggest feature of VLAN
is that it is not limited by physical location and can be divided flexibly. VLANs have
the characteristics of a physical local area network. Hosts in the same VLAN can directly
access each other, and the mutual access between hosts in different VLANs must be forwarded by routing devices. Broadcast
frames can only be propagated within this VLAN and cannot be transmitted to other VLANs.
Port Vlan is one of the ways to realize VLAN. It uses the port of switch to
divide VLAN. One port can only belong to one VLAN.
Experimental procedure
- Build the network topology according to Figure 1, and then log in to the switch.
- Configure the name of the switch
ruijie>enable
ruijie#configure terminal
ruijie(config)#hostname S1
- Divide VLANs on the switch and add ports
S1(config)#vlan 2
S1(config-vlan)#name xiaoshou
!创建销售部的 VLAN 2
S1(config-vlan)#vlan 3
S1(config-vlan)#name jishu
!创建技术部的 VLAN 3
S1(config-vlan)#exit
S1(config)#interface range fastEthernet 0/1-2
!将端口 Fa0/1、Fa0/2 划分到 VLAN 2
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 2
S1(config-if-range)#exit
S1(config)#interface range fastEthernet 0/3-5
!将端口 Fa0/3 ~ Fa0/5 划分到 VLAN 3
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 3
S1(config-if-range)#exit
- View VLAN configuration
S1#show vlan
- Verify the configuration Configure
the IP addresses of all hosts to the same network (eg 10.0.0.0/8) and
test with the ping command.
The correct result is that hosts 1 and 2 can ping each other, hosts 3, 4
, and 5 can ping each other; but hosts 1 and 2 and hosts 3, 4, and 5 cannot ping each other.
Precautions
1. All ports of the switch belong to ACCESS mode by default, and can be directly
added to a certain VLAN. Use the switchport mode access/trunk command to
change the VLAN mode of a port.
2. VLAN1 belongs to the default VLAN of the system and cannot be deleted.
3. To delete a VLAN, use the no command. Example: S1(config)#no vlan 2
4. When deleting a current VLAN, pay attention to add the ports belonging to this VLAN to
other VLANs first, and then delete the VLAN.