Network Device Configuration

VLAN
 VLANs (Virtual LANs)
• Is/are logical grouping of devices in the same broadcast
domain.
• usually configured on switches by placing some interfaces
into one broadcast domain and some interfaces into another.
• Each VLAN acts as a subgroup of the switch ports in an
Ethernet LAN.
• is a logical overlay network that groups together a subset of
devices that share a physical LAN, isolating the traffic for
each group.
• A VLAN is a logical partition/Physically separating of a
Layer 2 network that enable to use single network device.
 VLANs
• Multiple partitions can be created and multiple VLANs can co-
exist.
• The partitioning of the Layer 2 network takes place inside a
Layer 2 device, usually via a switch.
• Each VLAN is a broadcast domain that can span multiple
physical LAN segments.
• Hosts on the same VLAN are unaware of the VLAN’s
existence.
• allow an administrator to segment networks-based function,
project team, or application, without regard for the physical
location of the user or device.
• enable the implementation of access and security policies
according to specific groupings of users.
 VLANs
• A VLAN is a group of end stations in a switched network that is
logically segmented by function or application, without regard
to the physical locations of the users.
• VLANs have the same attributes as physical LANs, but you can
group end stations even if they are not physically located on the
same LAN segment.
• Any switch port can belong to a VLAN, and unicast, broadcast,
and multicast packets are forwarded and flooded only to end
stations in that VLAN.
• Each VLAN is considered as a logical network, and packets
destined for stations that do not belong to the VLAN must be
forwarded through a router.
 VLANs
• VLANs are usually associated with IP subnetworks.
• For example, all the end stations in a particular IP subnet
belong to the same VLAN.
• To communicate between VLANs, you must route the traffic.
• By default, a newly created VLAN is operational.
• To disable the VLAN use the shutdown command.
• We can configure VLANs to be in the active state, which is
passing traffic, or the suspended state, in which the VLANs
are not passing packets.
• By default, the VLANs are in the active state and pass traffic.
 Range ….
VLANs Numbers Ranges/used Usage/Benefits

1 Normal Cisco default. we can use this VLAN, but you cannot
modify or delete it.
2—1005 Normal we can create, use, modify, and delete these VLANs.
1006—4094 Extended You can create, name, and use these VLANs. You cannot
change the following parameters:
 State is always active.
 VLAN is always enabled.
 we cannot shut down these VLANs.

3968—4047 Internally Thèse 80 VLANs, plus VLAN 4094, are allocated for
and 4094 allocated internal use.
You cannot create, delete, or modify any VLANs within
the block reserved for internal use.
 VLANs Range
• VLANs 3968 to 4047 and 4094 are reserved for internal
use; these VLANs cannot be changed or used.
• The device supports up to 4094 VLANs in accordance with the IEEE
802.1Q standard in each VDC.
• The software organizes these VLANs into ranges, and we use each
range slightly differently.
 Cont….
• Cisco NX-OS allocates a group of 80 VLAN numbers
for those features, such as multicast and diagnostics,
that need to use internal VLANs for their operation.
• By default, the system allocates VLANs numbered
3968 to 4047 for internal use. VLAN 4094 is also
reserved for internal use by the switch.
• You cannot use, modify, or delete any of the VLANs in
the reserved group.
• You can display the VLANs that are allocated
internally and their associated use
 VLAN trunk
• A VLAN trunk is a point-to-point link that carries more than one
VLAN.
• Usually established between switches to support intra VLAN
communication.
• A VLAN trunk or trunk ports are not associated to any VLANs.
 Controlling Broadcast Domains with VLANs
• If a switch port receives a broadcast frame, it forwards it
out all ports except the originating port.
• Eventually the entire network receives the broadcast
because the network is one broadcast domain.
• VLANs can be used to limit the reach of broadcast frames
because each VLAN is a broadcast domain.
• VLANs help control the reach of broadcast frames and
their impact in the network.
VLAN Ranges on Catalyst Switches
VLANs are split into two categories:
Normal range VLANs
• VLAN numbers from 1 to 1,005
• Configurations stored in the vlan.dat (in the flash memory)
• IDs 1002 through 1005 are reserved for legacy Token Ring and Fiber
Distributed Data Interface (FDDI) VLANs, automatically created and
cannot be removed.
Extended Range VLANs
• VLAN numbers from 1,006 to 4,096
• Configurations stored in the running configuration (NVRAM)
• VLAN Trunking Protocol (VTP) does not learn extended VLANs
 The purpose of VLANs
• The basic reason for splitting a network into VLANs is to reduce
congestion on a large LAN.
• Initially LANs were very flat—all the workstations were connected to
a single piece of coaxial cable, or to sets of chained hubs. In a flat
LAN, every packet that any device puts onto the wire gets sent to
every other device on the LAN.
• As the number of workstations on the typical LAN grew, they started
to become hopelessly congested; there were just too many collisions,
because most of the time when a workstation tried to send a packet, it
would find that the wire was already occupied by a packet sent by
some other device.
 Benefits of VLAN
• Security => created virtually unaware of VLANs existence
• Cost reduction => use single Network Devices
• Better performance => reduce congestion
• Shrink broadcast domains =>use single domain
• Improved IT staff efficiency => administration and design
• Simpler project and application management
 Configuring Static VLANs
• On a Cisco switch, ports are assigned to a single VLAN.
• These ports are referred to as access ports and provide a connection
for end users or node devices, such as a router or server.
• By default, all devices are assigned to VLAN 1, known as the default
VLAN.
• To change the VLAN for a CISCO device, use the set vlan command,
followed by the VLAN number, and then the port or ports that should
be added to that VLAN.
• VLAN assignments such as this are considered static because they do
not change unless the administrator changes the VLAN configuration.
 Configuring Dynamic VLANs
• Although static VLANs are the most common form of port VLAN
assignments,
• it is possible to have the switch dynamically choose a VLAN based on
the MAC address of the device connected to a port.
• To achieve this, you must have a VTP database file, a VTP server, a VTP
client switch, and a dynamic port.
• After you have properly configured these components, a dynamic
port can choose the VLAN based on whichever device is connected to
that port.
• Configuring a VLAN based on ports allows PCs in the VLAN to
communicate with each other.
 VLAN Configuration Procedures
Pre-configuration Tasks
Before configuring a VLAN based on ports, task:
• Connecting ports and configuring physical parameters of the ports,
ensuring that the ports are physically Up.

separate physical LANs

assign to layer 2 Network Devices

access port and Trunk Port

 VLAN Sub mode and Configuration
• To configure or modify the VLAN for the following parameters, you
must be in the VLAN configuration submode:
• Name
• Shut down
• switch# configure terminal
• switch(config)# vlan 5
• switch(config-vlan)# name accounting
• switch(config-vlan)# state active
• switch(config-vlan)# no shutdown
 Adding Ports to a VLAN
• After completing the configuration of a VLAN, we assign ports to it.
• To add ports, perform this task:
• switch# configure terminal
• switch(config)# interface {ethernet slot/port | port-channel
number}
• switch(config-if)# switchport access vlan vlan-id
• switch# configure terminal
• switch(config)# interface ethernet 1/13
• switch(config-if)# switchport access vlan 5
 Automatic Discovery and Configuration Manager
• Configuration management is a process closely linked to change
management, which is also called configuration control.
• Any system that needs to be controlled closely and run with good
reliability, maintainability and performance benefits greatly from
configuration management of system information and system changes.
• Configuration management can extend life, reduce cost, reduce risk,
and even correct defects.
• It should be applied over the life cycle of a system in order to provide
visibility and control of its performance as well as its functional and
physical attributes.
 Wireless Mobility configuration menu
• A Mobility Domain enables users to roam geographically across the
system while maintaining data sessions and VLAN or subnet
membership, including IP address, regardless of connectivity to the
network backbone but connected.
• A Mobility Group is a group of Wireless LAN Controllers (WLCs) in
a network with the same Mobility Group name.
• These WLCs can dynamically share context and state of client devices,
WLC load information, and can forward data traffic among them,
which enables inter-controller wireless LAN roam and controller
redundancy.
 Summary Of VLAN
 VLAN configuration in network devices involves logically segmenting a
physical network into multiple broadcast domains, allowing for better
organization, security, and traffic management.
 VLAN stands for Virtual Local Area Network, a technology that allows
you to create multiple logical networks (broadcast domains) on top of a
single physical network infrastructure.
Logical Segmentation:
•Unlike traditional physical LANs where devices are grouped based on their
physical location, VLANs enable grouping devices based on their function,
department, or security requirements, regardless of their physical location.
 Summary…
Broadcast Domain Isolation:
 Each VLAN acts as an independent broadcast domain, meaning that
traffic within one VLAN is isolated from traffic in other VLANs.
Improved Network Management:
 VLANs simplify network management by allowing administrators to
apply policies and configurations to groups of devices, rather than
individual devices.
Enhanced Security:
 By isolating traffic, VLANs improve network security by reducing the
potential impact of security breaches or malware outbreaks.
 How VLANs Work
Switch Ports:
 VLANs are typically configured on switch ports, where each port is
assigned to a specific VLAN.
VLAN IDs:
 Each VLAN is identified by a unique VLAN ID, which is a number
between 1 and 4094.
Traffic Forwarding:
 When a packet is received on a switch port, the switch examines the
VLAN ID associated with the packet and forwards it only to the
ports belonging to the same VLAN.
 How VLANs Work….
Inter-VLAN Routing:
 To enable communication between different VLANs, a router or a
Layer 3 switch is required.
 Hosts in the same VLAN can communicate with each other using
Switch layer 2.
 Benefits of Using VLANs
Improved Security:
 VLANs isolate traffic, reducing the risk of security breaches and
malware spreading across the network.

Enhanced Network Management:

 VLANs simplify network management by allowing administrators to
apply policies and configurations to groups of devices.
 Benefit…
Optimized Network Performance:
 By isolating traffic, VLANs can improve network performance by
reducing broadcast traffic and congestion.
Increased Flexibility:
 VLANs provide flexibility in network design and deployment, allowing
for easy reconfiguration and expansion.
Simplified Network Segmentation:
 VLANs allow for easy segmentation of the network based on different
needs and requirements
Wireless Mobility configuration ….
• A Mobility Group is configured manually.
• The IP and MAC address of the Wireless LAN Controllers (WLCs)
that belong to the same Mobility Group are configured on each of the
WLCs individually.
• Mobility Groups can be configured either through the CLI or through
the GUI or with the Prime Infrastructure (PI).
• This alternative method comes in handy when a large number of
WLCs is deployed.
 Cisco Wireless LAN Controllers
wireless access point (WAP or AP)
• is a device that allows wireless communication devices to connect
to a wireless network using Wi-Fi, Bluetooth or related standards.
• It usually connects to a wired network, and can relay data
between the wireless devices and wired devices on the network.
Basic firewall
• A firewall is a part of a computer system or network that is
designed to block unauthorized access while permitting outward
communication.
• It is also a device or set of devices configured to permit, deny,
encrypt, decrypt, or proxy all computer traffic between different
security domains based upon a set of rules and other criteria.
 Cisco Wireless LAN Controllers…
Routers
• A router, like a switch forwards packets based on address.
• Usually, routers use the IP address to forward packets, which allows
the network to go across different protocols.
• Routers forward packets based on software while a switch (Layer 3 for
example) forwards using hardware called ASIC (Application Specific
Integrated Circuits).
• Routers support different WAN technologies but switches do not
 Cisco Wireless LAN Controllers….
VPN Gateway and Tunnels
• A VPN gateway is a network device that provides encryption and
authentication service to a multitude of hosts that connect to it.
• From the outside (internet), all communications addressed to inside hosts
flow through the gateway.
• There are two types of endpoint VPN tunnels:
• Computer to gateway =>For remote access: generally, set up for a
remote user to connect A corporate LAN
• Gateway to Gateway =>This is a typical enterprise-to-enterprise
configuration.
• The two gateways communicate with each other
Importance of Managing Network Devices
• Configuration Management
• Performance Management
• Fault Management
Common ways to analyze the configuration, Performance and
Faults on a Cisco Device
• CLI (Command Line Interface)
• SNMP (Simple Network Management Protocol)
• Cisco View
 CLI Configuration
Manager
Configuration Manager can be run from a command line because;
• to automate the configuration of the software.
• command-line version run for security reasons.
• to create a script to set up system and then allow a user to run script.
Cisco Command Line Interface (CLI):
• is the main interface where we will interact with Cisco IOS devices.
• is accessible directly via console cable or remotely via methods such
as Telnet/SSH.
VLAN Design
 VLAN Creation On switch0
• Switch>en • S1(config)#VLAN 30
• Switch#config t • S1(config-Vlan)#name CS
• Switch(config)#hostname S1 • S1(config-Vlan)#exit
• S1(config)#VLAN 20 • S1(config)# do sh VLAN
• S1(config-Vlan)#name IT
• S1(config-Vlan)#exit
 VLAN Creation On switch1
• Switch>en • S2(config)#VLAN 30
• Switch#config t • S2(config-Vlan)#name CS
• Switch(config)#hostname S2 • S2(config-Vlan)#exit
• S2(config)#VLAN 20 • S2(config)# do sh VLAN
• S2(config-Vlan)#name IT
• S2(config-Vlan)#exit
 Port Assignment
• Assignment of the ports to created VLANs.
• It makes the interested VLAN to access the data transmission
• Hosts on the same VLAN are unaware of the VLAN’s
existence.
• VLANs are usually associated with IP subnetworks.
• For example, all the end stations in a particular IP subnet
belong to the same VLAN.
• To communicate between VLANs, you must route the traffic.
• By default, a newly created VLAN is operational.
 Port assignment…on switch1
• S1(config)#int range Fa 0/1-2
• S1(config-if-range)#switchport mode access
• S1(config-if-range)#switchport access VLAN 20
• S1(config-if-range)#Exit
 Port assignment…on switch1
• S1(config)#int range Fa 0/3-4
• S1(config-if-range)#switchport mode access
• S1(config-if-range)#switchport access VLAN
30
• S1(config-if-range)#Exit
• S1(config)#do wr
• S1(config)#do sh VLAN
• S1(config)#exit
 Port assignment…on switch2
• S2(config)#int range Fa 0/1-2
• S2(config-if-range)#switchport mode access
• S2(config-if-range)#switchport access VLAN 20
• S2(config-if-range)#Exit
 Port assignment…on switch2
• S2(config)#int range Fa 0/3-4
• S2(config-if-range)#switchport mode access
• S2(config-if-range)#switchport access VLAN
30
• S2(config-if-range)#Exit
• S2(config)#do wr
• S2(config)#do sh VLAN
• S2(config)#exit
 VLAN trunk
• A VLAN trunk is a point-to-point link that carries more than one
VLAN.
• Usually established between switches to support intra VLAN
communication.
• A VLAN trunk or trunk ports are not associated to any VLANs.
• Only provides access services.
VLAN trunk….
Click on Fa on S1… to see it categories
• S1(config)#int Fa 0/5
• S1(config-if)# switchport mode trunk
• S1(config-if)# exit
• S1(config)# do wr
VLAN trunk….
Click on Fa on S1… to see it categories
• S2(config)#int Fa 0/1
• S2(config-if)# switchport mode trunk
• S2(config-if)# exit
• S2(config)# do wr
Ping hosts in VLAN
Ping hosts in VLAN
Reading Assignments and Project Work 15%
Network Device Configuration Like Switch and Router parallel
by renaming the devices with Group Name.
Subnet and Subnetting mask of class C network with IP address
192.168.24.0/27
Using VLANs to segment LANs and Configuration of switch
and Router on VLANs
 What is Remote access and how organization develop this type
of access? Define and configure Remotely Access Network.