Create department VLAN for Jan16 company
1.Project background
Jan16 The company currently has a financial department, a technical department and a business department. For data security reasons, the computers in each department need to be isolated and only allow internal communication between departments. The company topology is shown in Figure 1, and the specific requirements are as follows:
····(1) The company's LAN uses a 24-port Layer 2 switch for interconnection, including 4 computers in the Finance Department, connected to the G0/0/1-4 port; 9 computers in the Technology Department, connected to the G0/ 0/5-12 and G0/0/20 ports; 8 computers in the business department are connected to G0/0/15-19 and G0/0/21-23 ports.
····(2) For security reasons, corresponding VLANs need to be created for each department in the switch to avoid communication between departments.
····(3) All computers use the 10.0.1.0/24 network segment. The IP addresses of each department and the port information of the access switch are as shown in the topology.
Figure 1 Network topology diagram
By default, all ports of a Layer 2 switch are in VLAN1. All computers in this project use the 10.0.1.0/24 network segment, and each computer can communicate directly. In order to achieve isolation between departments, a VLAN needs to be created on the switch and the ports of the computers in each department are assigned to the corresponding VLANs. This project will create VLAN10, VLAN20, and VLAN30 for computer interconnection in the Finance Department, Technology Department, and Business Department respectively.
The configuration steps are as follows:
(1) Create VLAN
(2) Assign the port to the corresponding VLAN
(3) The project plan for configuring the IP addresses of computers in each department is as follows:
Table 1 VLAN planning table
| VLAN ID |
IP address range |
use |
| VLAN10 |
10.0.1.1-4/24 |
Finance Department |
| VLAN20 |
10.0.1.11-19/24 |
Technology Department |
| VLAN30 |
10.0.1.21-28/24 |
Business Unit |
Table 2 Port planning table
| Local device |
The port number |
port type |
Belongs to VLAN |
Peer device |
| SW1 |
G0/0/1-4 |
access |
Vlan10 |
Finance Department PC |
| SW1 |
G0/0/5-12、 G0/0/20 |
access |
Vlan20 |
Technical Department PC |
| SW1 |
G0/0/15-19、 G0/0/21-23 |
access |
Vlan30 |
Business Department PC |
Table 3 IP address planning table
| computer |
IP address |
| Finance Department-PC1 |
10.0.1.1/24 |
| Finance Department-PC2 |
10.0.1.2/24 |
| Technology Department-PC1 |
10.0.1.11/24 |
| Technology Department-PC2 |
10.0.1.12/24 |
| Business Department-PC1 |
10.0.1.21/24 |
| Business Department-PC2 |
10.0.1.22/24 |
3. Project implementation
(1) Create VLAN
Create corresponding VLANs for each department.
|
<Huawei>system-view |
//Screenplay
system-view
sysname SW1
vlan 10
vlan 20
vlan 30
quit(2) Assign the port to the corresponding VLAN
Group the ports used by computers in each department into port groups by department, uniformly convert the port types to ACCESS mode, set the port PVID, and divide the ports into corresponding VLANs[SW1]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
[SW1-port-group]port link-type access
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-port-group]port default vlan 10
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/3]port default vlan 10
[SW1-GigabitEthernet0/0/4]port default vlan 10
[SW1-port-group]quit
[SW1]port-group group-member GigabitEthernet 0/0/5 to GigabitEthernet 0/0/12
[SW1-port-group]port link-type access
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/6]port link-type access
[SW1-GigabitEthernet0/0/7]port link-type access
[SW1-GigabitEthernet0/0/8]port link-type access
[SW1-GigabitEthernet0/0/9]port link-type access
[SW1-GigabitEthernet0/0/10]port link-type access
[SW1-GigabitEthernet0/0/11]port link-type access
[SW1-GigabitEthernet0/0/12]port link-type access
[SW1-port-group]port default vlan 20
[SW1-GigabitEthernet0/0/5]port default vlan 20
[SW1-GigabitEthernet0/0/6]port default vlan 20
[SW1-GigabitEthernet0/0/7]port default vlan 20
[SW1-GigabitEthernet0/0/8]port default vlan 20
[SW1-GigabitEthernet0/0/9]port default vlan 20
[SW1-GigabitEthernet0/0/10]port default vlan 20
[SW1-GigabitEthernet0/0/11]port default vlan 20
[SW1-GigabitEthernet0/0/12]port default vlan 20
[SW1-port-group]quit
[SW1]interface GigabitEthernet 0/0/20
[SW1-GigabitEthernet0/0/20]port link-type access
[SW1-GigabitEthernet0/0/20]port default vlan 20
[SW1-GigabitEthernet0/0/20]quit
[SW1]port-group group-member GigabitEthernet 0/0/15 to GigabitEthernet 0/0/19 Gi
gabitEthernet 0/0/21 to GigabitEthernet 0/0/23
[SW1-port-group]port link-type access
[SW1-GigabitEthernet0/0/15]port link-type access
[SW1-GigabitEthernet0/0/16]port link-type access
[SW1-GigabitEthernet0/0/17]port link-type access
[SW1-GigabitEthernet0/0/18]port link-type access
[SW1-GigabitEthernet0/0/19]port link-type access
[SW1-GigabitEthernet0/0/21]port link-type access
[SW1-GigabitEthernet0/0/22]port link-type access
[SW1-GigabitEthernet0/0/23]port link-type access
[SW1-port-group]port default vlan 30
[SW1-GigabitEthernet0/0/15]port default vlan 30
[SW1-GigabitEthernet0/0/16]port default vlan 30
[SW1-GigabitEthernet0/0/17]port default vlan 30
[SW1-GigabitEthernet0/0/18]port default vlan 30
[SW1-GigabitEthernet0/0/19]port default vlan 30
[SW1-GigabitEthernet0/0/21]port default vlan 30
[SW1-GigabitEthernet0/0/22]port default vlan 30
[SW1-GigabitEthernet0/0/23]port default vlan 30
[SW1-port-group]quit
[SW1]
port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
port link-type access
port default vlan 10
quit
port-group group-member GigabitEthernet 0/0/5 to GigabitEthernet 0/0/12
port link-type access
port default vlan 20
quit
interface GigabitEthernet 0/0/20
port link-type access
port default vlan 20
quit
port-group group-member GigabitEthernet 0/0/15 to GigabitEthernet 0/0/19 GigabitEthernet 0/0/21 to GigabitEthernet 0/0/23
port link-type access
port default vlan 30
quit
//Screenplay
quit
save
Y
(3) Configure the IP addresses of computers in each department
Figure 2 Finance Department-PC1 IP configuration diagram
Figure 3 Finance Department-PC2 IP configuration diagram
Figure 4 Technology Department-PC1 IP configuration diagram
Figure 5 Business Department-PC1 IP configuration diagram
4.Project verification
(1) Verify the VLAN configuration of the switch
[SW1]display vlan
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------VID Type Ports
------------------------------------------------------------------------------- ---------------------------------
1 common UT:GE0/0/13(D) GE0/0/1 (U) GE0/0/24(D)10 common UT:GE0/0/1(U) GE0/0/2(D) GE0/0/3(D) GE0/0/4(D) 20 common UT:GE0/0/5(U) GE0/
2 0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/ 12(D)
GE0/0/20(D)30 common UT:GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D)
GE0/0/19(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
[SW1]
(2) Test the interoperability of computers in various departments
Use the Ping command to test the internal communication of each department.
Use the Finance Department computer to ping the department's computer:
PC>ping 10.0.1.2
Ping 10.0.1.2: 32 data bytes, Press Ctrl_C to break
From 10.0.1.2: bytes=32 seq=1 ttl=128 time=31 ms
From 10.0.1.2: bytes=32 seq=2 ttl=128 time=63 ms
From 10.0.1.2: bytes=32 seq=3 ttl=128 time=47 ms
From 10.0.1.2: bytes=32 seq=4 ttl=128 time=63 ms
From 10.0.1.2: bytes=32 seq=5 ttl=128 time=46 ms--- 10.0.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/50/63 msPC>
Use the Finance Department computer to ping the Technology Department computer:
PC>ping 10.0.1.11
Ping 10.0.1.11: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable--- 10.0.1.11 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet lossPC>
Use the finance department computer to ping the business department computer:
PC>ping 10.0.1.21
Ping 10.0.1.21: 32 data bytes, Press Ctrl_C to break
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable
From 10.0.1.1: Destination host unreachable--- 10.0.1.21 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet lossPC>
It can be seen that after adding ports to different VLANs, computers in the same VLAN can communicate with each other, but computers in different VLANs cannot communicate with each other.