How to Use VLAN to build a network in a single-domain environment

I have been learning cisco devices for a while and have never used them in the work environment. I am using a silly switch and adding an FW to the Internet. Considering that the unit is a domain environment, A three-tier switch will be added to the data center next year, and a two-tier switch will be added to the factory. Therefore, a virtual machine will be used to complete VLAN-based experiments in a single-domain environment. This will lay a foundation for next year's network transformation. Therefore, we will complete an experiment on VLAN usage in a single-domain environment. The switch in this experiment is completed with the cisco IOS simulator 3640. In the figure, C1 C2 C3 uses the VM to install WIN 2003 and then bridge the 3640 to different virtual NICs. Complete this experiment. Compared with other experiments that use 2003 on cisco simulators and VMS separately, this experiment is more practical and closer to the working environment.

 

I. Experiment requirements: a virtual machine can simulate a cross-VLAN routing domain in a single-domain environment, and can use DHCP and DNS, email server, file server, and other office services provided by the server.

Ii. Experiment topology:

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'style = "border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 453 "src =" http://www.bkjia.com/uploads/allimg/131227/033R4A16-0.png "/>

Iii. Description: R1 in the figure uses a cisco 3640 simulator to simulate a layer-3 Switch. C1 C2 and C3 are connected to three virtual machines built using VMS respectively. The Active Directory of VM C3 installation is as follows, becomes a domain controller and is a DHCP server, DNS server, and exchange 2003 email server.

Add domains to C1 and C2 and use them properly

Interface connection. c1 connects to f0/0, belongs to vlan 2, c2 connects to f0/1, belongs to vlan3, c3 is a server, and f0/2 is connected to vlan4, c4 is a simulated vpcs host used to simulate external machines.

Address Configuration: vlan 2 192.168.10.10/25 vlan 3 192.168.10.130/25 vlan 4 192.168.11.10/25

The IP address of the Vpcs is 200.1.1.1/24, the gateway is the f0/3 interface of the vswitch, And the IP address of the f0/3 of the vswitch is 200.1.1.254.

The IP address of DC uses a fixed IP address, 192.168.11.2/25, and other machines use DHCP provided by DC to obtain the IP address.

Iv. Experiment steps

It is divided into two parts, one is the configuration of the IOS simulator, the 3640 is simulated into a layer-3 switch, the module uses the 16-port Fast Ethernet port

The second part is the configuration of 2003 on the VM. a dc is required to integrate the DNS service, and DHCP is installed to assign IP addresses of different subnets to clients with four different VLANs.

1. First configure the VLAN of the switch and add the VLAN

2. Configure different interfaces to different VLANs

3. Configure the VLAN address

4. Configure IP address help-address dhcp ip address

5. Configure the default route to reach the Internet

Interface Vlan2

Ip address 192.168.10.10 255.255.255.128

Ip helper-address 192.168.11.2

!

Interface Vlan3

Ip address 192.168.10.130 255.255.255.255.128

Ip helper-address 192.168.11.2

!

Interface Vlan4

Ip address 192.168.11.10 255.255.255.255.128

Ip helper-address 192.168.11.2

!

 

SW1 # show vlan-sw

SW1 # show vlan-switch

VLAN Name Status Ports

----------------------------------------------------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

2 cl1 active Fa0/0

3 cl2 active Fa0/1

4 server active Fa0/2

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

1. Use Dcpromo to add domain control and install the DNS server

2. Install the DHCP server on the domain controller and set three scopes that belong to different subnets to assign address pools and gateways and DNS servers for each scope.

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'style = "border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 495 "src =" http://www.bkjia.com/uploads/allimg/131227/033R45392-1.png "/>

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'style = "border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 453 "src =" http://www.bkjia.com/uploads/allimg/131227/033R42456-2.png "/>

3. Use the client to automatically obtain the IP address and add it to the domain to check whether the logon is normal.

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'style = "border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 522 "src =" http://www.bkjia.com/uploads/allimg/131227/033R4G46-3.png "/>

Tracert Internet IP 200.1.1.254 on CL2, and the data is sent

C: \ Documents ents and Settings \ Administrator. TEST & gt; tracert 200.1.1.1

Tracing route to 200.1.1.1 over a maximum of 30 hops

1 30 MS 20 MS 2 MS 192.168.10.130

2 40 MS 8 MS 11 MS 200.1.1.1

C: \ Documents ents and Settings \ Administrator. TEST & gt; tracert 200.1.1.254

Tracing route to 200.1.1.254 over a maximum of 30 hops

1 11 MS 5 MS 2 MS 200.1.1.254

Trace complete.

Finally, you can use the mail server and file server on the network to work after successful logon.

 

 

 

650) this. width = 650; "onclick = 'window. open (" http://blog.51cto.com/viewpic.php? Refimg = "+ this. src) 'style = "border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 428 "src =" http://www.bkjia.com/uploads/allimg/131227/033R41339-4.png "/>

 

Lab points:

1. to log on to the domain, you must correctly use the IP address and DNS server address provided by the server. To facilitate management, DHCP is installed on 2003. It is critical to allow the client to obtain ip addresses across VLANs. Configure ip help-address on the switch to forward broadcast packets to this address.

2. Configure different dhcp scopes for each vlan because the gateway addresses to be allocated are different.

3. if you add another FW in the experiment, the FW should have a back-pointing route. Therefore, you must plan the IP address in advance when planning the Intranet address. The IP address must be summarized.

4. In the experiment, if the server and client use the same VM master machine, the client needs to be re-encapsulated (sysprep ).

This article from the "God ce" blog, please be sure to keep this source http://liu008qing.blog.51cto.com/151315/440641