Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.

Published byKristian Jonathan Wade Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources."— Presentation transcript:

1 Virtual Local Area Networks

2 Should I V-LAN? 1. Security V-LANs can restrict access to network resources

3 Should I V-LAN? Access Control Lists are used to direct the availability of information FacultyStudents Student Records

4 Faculty V-LAN Students V-LAN Student Records Access Permitted Access Denied

5 Should I V-LAN? 2. Broadcast Control for Increased Performance Reduce the size of your collision domains Limit broadcast traffic to similar users

6 Check Your Network for Broadcast Protocols TCP40% UDP10% ARP35% DHCP8% IPX5% SPX2%

7 One Broadcast Domain

8 V-LANs form Multiple Broadcast Domains

9 Should I V-LAN? 3. Network Monitoring Centrally configure devices in local areas Divide your users into logical groupings

10 Should I V-LAN? Your security will improve Your network performance will improve

11 How Many V-LANs? List Buildings Itemize Departments Remember BROADCAST CONTROL NC State

12 How Many V-LANs? Building 1Building 2 Lab 1Wireless Lab Lab 2Faculty/Staff Building 3 LibraryLab 3 AdministrationFaculty/Staff

13 How Many V-LANs? When you’re done – Add 2 More 1.A Test V-LAN for your Test Lab 2.An “Internet Only” V-LAN for all unused ports plus V-LAN #1 will be your default V-LAN for your administrative purposes

14 How Many V-LANs? Building 1 – 18 V-LANs Building 2 – 6 V-LANs Building 3 – 7 V-LANs Building 4 – 4 V-LANs Building 5 – 2 V-LANs Building 6 – 7 V-LANs 3 Server VLANs Internet Only V-LAN Test V-LAN Adm. V-LAN Total - 50

15 Equipment/Server Concerns You will need a trustworthy Layer 3 main switch (example: Cisco 4506) Unmanaged switches and hubs can contain only 1 V-LAN Some protocols, such as IPX & Apple, require broadcasts. These will need to be addressed.

16 Equipment/Server Concerns Each V-LAN will need its own DHCP scope. DNS must be reachable by every V-LAN User applications cannot reside on a V-LAN that will be blocked You must know what is connected to every port on every switch.

17 How Do I Begin? Get details on your current setup - Conduct an audit of the ports on your switches

18 Create a Switch Audit Form Switch Loc.IP Address Manuf/Mod #Upload Port Port Information Port #Patch #User Loc User Name Printers Used VLAN # 1 2 3

19 Set Up a Schedule Week 1 – Audit Bldg. 1 Week 2 – Audit Bldg. 2 Week 3 – Audit Bldg. 3 Week 4 – Audit Bldg. 4 Week 5 – Audit Bldg. 5 Week 6 – Audit Bldg. 6 Week 7 – Write Configuration & Access Lists – Select IP Address for Users Week 8 - Implementation Add V-LANs to main switch & DHCP Scopes Set all ports on all switches Test PCs & Printers Change IP’s where needed You have a new network! Adhere to the schedule!!

20 How Do I Add V-LANs to the Switches? Add every V-LAN to the main switch Add to each switch the V-LANs it will need – With some manufacturers the secondary switches will automatically read the list from the main switch Set each port to the correct V-LAN

21 Secondary Switches contain the V- LANs they Service Main Switch contains all V-LANs Set each port to the correct V-LAN

22 Sample Script for Main Switch ena config t vlan 2 name Building1Lab1 exit vlan 3 name Building1Lab2 exit 1.Add the V-LAN 2.Name the V-LAN 3.Exit that V-LAN 4.Add another V-LAN

23 Sample Script for Main Switch 5.Enter the V-LAN as an Interface 6.Give a Description to the V-LAN 7.Give an IP Address to the V-LAN 8.Give a location for DHCP for the V-LAN 9.Turn the V-LAN on int vlan 1 description Bus Lab ip address 172.16.1.1 255.255.255.0 ip helper address 10.9.3.102 no shutdown exit int vlan 2

24 Remember... You must have a default IP Address for every V-LAN You must have a DHCP scope for every V-LAN

25 About those IP Addresses You will need an addressing scheme for your new network Choose it carefully so your V-LANs will be easy to identify Use a private address or a combination of private addresses – 10.0.0.0 – 172.16.0.0 – 192.168.0.0

26 About those IP Addresses 10.0.0.0 – 172.16.0.0 – 192.168.0.0 For convenience, subnet your address to make octet numbers a subnet Ex – 10.1.0.0, 10.2.0.0– 255.255.0.0 172.16.1.0, 172.16.2.0 – 255.255.255.0 You would instantly know that the first device was on V-LAN 1, the second device on V-LAN 2

27 Take it Slowly... Set all your switches and test your new network Give everyone full access until all the bugs have been fixed

28 When everything works, you’re ready to add the Security

29 Access Lists Access Lists are used for Security These Lists block or allow users to servers or network addresses Users can be blocked completely – or by protocols Ex – Students can be blocked from accessing a server with Telnet

30 Access Lists Specify the users you wish to block or allow by using a Wildcard Mask. This mask identifies which octets of the address are to be checked. 0 = match, 255 = ignore Example: 172.16.2.0 0.0.0.255 – Ignore last octet allow Addresses 172.16.2.0 – 172.16.2.255

31 Access Lists Permit the services users will need – DNS, HTTP, etc. Deny the services you want to block Apply the Access List to the correct V-LANs V-LANs without an Access List will have total access

32 Access List Example access-list 101 permit ip 172.16.0.0 0.0.255.255 host 10.0.0.1 – permits all users access to Firewall access-list 101 deny ip 172.16.5.0 0.0.0.255 host 10.0.0.2 – denies V-LAN #5 access to GroupWise Mail server

33 Access List Example access-list 101 permit tcp 172.16.0.0 0.0.255.255 host 10.0.0.3 eq http -Permits all hosts access to web server, but only for http int vlan 5 ip access-group 101 in – Applies access-list to VLAN #5

34 Enjoy Your New Network Security Multiple Broadcast Domains Easier Monitoring

Download ppt "Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
CCENT Study Guide Chapter 12 Security.

CCENT Study Guide Chapter 12 Security.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Washington School District Computer Network System Threaded Case Study Jim, Jeff, Pete, Adam, Chris  100X LAN Growth  2X WAN Growth  1.0 Mbps to any.

Washington School District Computer Network System Threaded Case Study Jim, Jeff, Pete, Adam, Chris  100X LAN Growth  2X WAN Growth  1.0 Mbps to any.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.

ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.
Access Lists Lists of conditions that control access.

Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.

Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Networking Components

Networking Components
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,


Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Similar presentations

Ads by Google