Difference between revisions of "Hotel case study - VLANs"

From csn
Jump to navigation Jump to search
(Created page with "==VLANs and trunks== * Use VTP mode transparent as this will force EVE to save your VLAN information in the running configuration. * You should create and name one VLAN for ho...")
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==VLANs and trunks==
 
==VLANs and trunks==
* Use VTP mode transparent as this will force EVE to save your VLAN information in the running configuration.
+
'''Explanation'''<br>
* You should create and name one VLAN for hotel staff and a separate VLAN for Guests on each floor of the hotel.  This will require three VLANs at each site.
+
 
* Trunks should be implemented between the distribution and access switches to provide redundant connections.
+
'''What you need to do'''<br>
* The access switch port connecting to each PC should be placed in an appropriate VLAN.
+
* You should create and name one VLAN for hotel staff and a separate VLAN for Guests on each floor of the hotel.  This will require three VLANs at each site.
 +
* You should configure trunks between the access and distribution layer devices.
 +
* You should place the access layer ports used by the PCs in appropriate VLANs.
 +
 
 +
'''Where to configure this'''<br>
 +
VLANs define the security roles for devices at the access layer. The VLANs provide a separation of traffic that forms the basis of security at this layer. In order to provide connectivity between VLANs we need routing and that function is delivered by the distribution layer. Thus the VLANs need to be present on that layer as well. To carry VLAN information (tags) between the access and the distribution layer, our links need to be configured as trunks.
 +
 
 +
So every access layer and distribution layer device that deals with a particular VLAN needs to have that VLAN present and every link between the two layers needs to be a trunk. Often the VLAN and trunks will need to cover more links than are necessary for bare connectivity because we are also providing redundant paths for reliability.
 +
 
 +
'''How you will I know it is configured correctly'''<br>
 +
You can use the '''show vlan''' and '''show interfaces trunk''' commands to verify VLAN and trunk creation and the assignment of ports (interfaces) to VLANs.
 +
You can assign IP addresses to the hosts and verify that all hosts within a VLAN can ping each other.  Hosts in different VLANs should not be able to ping one-another even if they are in the same VLAN.
 +
 
 +
'''What questions could I see on the practical exam?'''<br>
 +
* You might need to assign a port to a new VLAN, simulating the reassignment of a location.
 +
* There could be a fault in the network, caused by a user being in the incorrect VLAN.
 +
* There could be a fault in the network, caused by a link not being a trunk.
 +
* There could be a fault in the network, caused by a VLAN not being present on a switch.

Latest revision as of 08:57, 8 March 2020

VLANs and trunks

Explanation

What you need to do

  • You should create and name one VLAN for hotel staff and a separate VLAN for Guests on each floor of the hotel. This will require three VLANs at each site.
  • You should configure trunks between the access and distribution layer devices.
  • You should place the access layer ports used by the PCs in appropriate VLANs.

Where to configure this
VLANs define the security roles for devices at the access layer. The VLANs provide a separation of traffic that forms the basis of security at this layer. In order to provide connectivity between VLANs we need routing and that function is delivered by the distribution layer. Thus the VLANs need to be present on that layer as well. To carry VLAN information (tags) between the access and the distribution layer, our links need to be configured as trunks.

So every access layer and distribution layer device that deals with a particular VLAN needs to have that VLAN present and every link between the two layers needs to be a trunk. Often the VLAN and trunks will need to cover more links than are necessary for bare connectivity because we are also providing redundant paths for reliability.

How you will I know it is configured correctly
You can use the show vlan and show interfaces trunk commands to verify VLAN and trunk creation and the assignment of ports (interfaces) to VLANs. You can assign IP addresses to the hosts and verify that all hosts within a VLAN can ping each other. Hosts in different VLANs should not be able to ping one-another even if they are in the same VLAN.

What questions could I see on the practical exam?

  • You might need to assign a port to a new VLAN, simulating the reassignment of a location.
  • There could be a fault in the network, caused by a user being in the incorrect VLAN.
  • There could be a fault in the network, caused by a link not being a trunk.
  • There could be a fault in the network, caused by a VLAN not being present on a switch.