The BHC Blog

"The Technical Blog of Blackhawk Consulting"

Home | About Us | Subscribe | Register For Free | Sign-In

Recent Posts
Blackberry M issing net_rim_crypto Fix for: An error caused a change in the current set of domain controllers. Fix for: LA Noire: The Launcher cannot query DirectX. Please update DirectX by installing the latest redistribution. Disable Windows 8 Interface Howto: Enable debugview for RM S 1.0 How to add a server to an ADRM S cluster with no SCP Some useful ADRM S blogs Black Screen of Death Server 2008 with Exchange What? 40:0eh 40:13h Outlook wont connect to Exchange: Disconnected

Topics
Hardware How To IT Security Linux M icrosoft RM S M icrosoft Windows M isc Uncategorized Web Design / SEO

Archives
November 2011 October 2011 September 2011 August 2011 July 2011

June 2011 April 2011 M arch 2011 February 2011 January 2011 September 2010 July 2010 June 2010 M ay 2010 October 2009 August 2009 June 2009 M ay 2009 April 2009 M arch 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008

Search
Enter Search Terms

Useful Information
About Us Visit Blackhawk Consulting Hire Blackhawk Consulting Newsletter Sign-up Contact Us Bookmark with Del.icio.us Digg this site

Recent Articles
Coming Soon ...

HOWTO: Create VLANs on a Cisco Switch

If you do not wish to setup the switch yourself or are looking for expert help, consider hiring Blackhawk Consulting to assist you with your switch and network needs. VLANs are Virtual LANs. They allow you to logically divide up your switched network to improve network speed, security, and reliability. If you have other Cisco equipment in your network, such as Cisco wireless access points or Cisco PIX firewalls, setting up your switch correctly will give you a big return as all the Cisco equipment is VLAN aware. What does this mean? it means you can have two networks shared out via wireless using one access point. It also means you can separate out sections of your network for servers, clients, VPN clients, etc.. which will greatly improve your network efficiency. Before you begin defining VLANs on your network, first decide what the purpose is for each VLAN. For example, lets say in we have two offices One in New York, and One in California. At each location we want to separate out Servers and clients. This means we have 4 categories: 1. 2. 3. 4. NY_Servers 10.100.0.0 / 255.255.0.0 NY_Clients 10.150.0.0 / 255.255.0.0 CA_Servers 10.200.0.0 / 255.255.0.0 CA_Clients. 10.250.0.0 / 255.255.0.0

In our example, we will set up each VLAN with the above ip configuration. The ip configuration tells the switch what network segments are where which will allow your switch to do routing between VLANs. S TEP 1: Login and S etup: 1. Login to enter Enable mode: > en Switch# 2. Enter Configure mode: Switch# conf t Switch (Config) # 3. Name each VLAN (The commands below name all 4 VLANs) Switch (Config) # vlan 2 Switch (Config-vlan) # name NY_Servers Switch (Config-vlan) # exit Switch (Config) # vlan 3 Switch (Config-vlan) # name NY_Clients Switch (Config-vlan) # exit Switch (Config) # vlan 4 Switch (Config-vlan) # name CA_Servers Switch (Config-vlan) # exit Switch (Config) # vlan 5 Switch (Config-vlan) # name CA_Clients

Switch (Config-vlan) # exit Switch (Config) # exit Switch # You have now successfully set-up the 4 VLANs.. Theyre not functional yet- but lets make sure our settings took 1. We are going to run a command that will show us what VLANs are currently configured: Switch # show VLAN Your output should look something like this: 1 default active Fa0/18, Fa0/20, Fa0/21, Fa0/22 Fa0/24, Gi0/1, Gi0/2 Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8

2 NY Servers active

3 NY Clients active Fa0/13, Fa0/14, Fa0/15, Fa0/16 4 CA_Servers active Fa0/17 5 CA_Clients active . If you see extra vlans you do not want simply follow the step below: Switch # conf t Switch (Config) # no vlan XX where XX is the vlan number you want to remove. Switch (Config) # exit Now run show vlan again and see if the vlan has been removed. S tep 2: Assign IP Address ranges to each VLAN Now that we have the basic VLAN infrastructure in place we need to assign gateways for each VLAN. The gateways will inform the switch what network segments each VLAN represents. In this case, we see that NY uses 10.100.x.x and 10.150.x.x for their network and CA uses 10.200.x.x and 10.250.x.x. In order to keep things simple, we will assume that the gateways are 10.x.x.1. 1. To assign networks to each VLAN: Switch # conf t Switch (config) # int vlan 2 Switch (config-if) # ip address 10.100.0.1 255.255.0.0 Switch (config-if) # exit Switch (config) # int vlan 3 Switch (config-if) # ip address 10.150.0.1 255.255.0.0 Switch (config-if) # exit

Switch (config) # int vlan 4 Switch (config-if) # ip address 10.200.0.1 255.255.0.0 Switch (config-if) # exit Switch (config) # int vlan 5 Switch (config-if) # ip address 10.250.0.1 255.255.0.0 Switch (config-if) # exit Switch (config) # exit Switch # We now have now told the switch what address range is used in each VLAN. At this point we have not created the VLANs and assigned address ranges to them. There are still three tasks left: 1. Assign ports to VLANs 2. enable IP Routing (if it is off) 3. and test. S tep 3: Assign ports to VLANs. The next step is to assign the physical ports on your switch to specific VLANs. In our example we will only assign the first 4 ports on the device; one to each VLAN. Switch # Conf t Switch (config) # int Fe 0/1 Switch (config-if) # switchport Switch (config-if) # switchport Switch (config-if) # exit Switch (config) # int Fe 0/2 Switch (config-if) # switchport Switch (config-if) # switchport Switch (config-if) # exit Switch (config) # int Fe 0/3 Switch (config-if) # switchport Switch (config-if) # switchport Switch (config-if) # exit Switch (config) # int Fe 0/4 Switch (config-if) # switchport Switch (config-if) # switchport Switch (config-if) # exit Switch (config) # exit Switch #

access vlan 2 mode access

access vlan 3 mode access

access vlan 4 mode access

access vlan 5 mode access

The result of the above commands is that each physical port on the switch has now been assigned to a specific VLAN. To verify this run show vlan and you will now see that ports 1-4 are now assigned to vlans 2-5. The final step is to ensure VLAN routing is turned on. To do this run the commands below:

Switch # conf t Switch (config) # ip routing Switch (config) # exit Switch # Theoretically now, assuming you have hit no problems and got no errors when entering commands, you are finished. It is very very important to save your changes now or they will be lost on reboot: Switch # copy run start Switch # S tep 5: Testing To test, simply plug a computer into each port, assign a valid ip on the subnet (ie if the subnet/vlan is 10.100.0.0 255.255.0.0 .. your pc would need to be 10.100.x.x / 255.255.0.0.) First test: See if you can ping your client from the switch using the ping command. You can run ping directly from the Cisco interface. Second test: See if you can ping the gateway from the client.. (ie client 10.100.x.x would ping 10.100.0.1) Third test: See if you can ping a gateway on another segment.. (ie Client 10.100.x.x would ping 10.200.x.1) Fourth test: See if you can ping a client on another segment.. (ie client on 10.100.x.x would ping a client on 10.200.x.x) If this works you are now finished. You now have successfully setup a basic Cisco Layer 3 Switch with VLANs and network routing. Be aware that this is just the very beginning of what your cisco device is capable of.. The advanced features using ACLs on the equipment can allow you to prevent traffic from one VLAN accessing another, can allow your firewall / VPN to assign VPN clients to a specific VLAN, can allow your Wireless access point to assign wireless clients to a specific VLAN, etc. etc. If you let me know of specific problems you have had or topics you would like more detail on, please just send a comment. If you do not wish to setup the switch yourself or are looking for expert help, consider hiring Blackhawk Consulting to assist you with your switch and network needs. _______________________________________ PLEASE HELP BY BOOKM ARKING OUR SITE...

Visit Blackhawk Consulting - IT Consulting at affordable rates