Virtual lan vlan) not only facilitates network security and prevents network storms, but also improves network operation efficiency and solves many other problems. The popularization of layer-3 switches creates conditions for VLAN applications. In the process of upgrading the network, I also used VLAN technology to solve the problem of network expansion.
I. Network Environment
When establishing a LAN, the company uses Cisco 3662 as the router, and the center switch uses the third-layer function switch of CoreBuilder 3500 of 3Com. In the past, the number of computers in the LAN was relatively small. Recently, due to the expansion of the organization and business, only the computers in one building were connected to the two buildings. The IP address of the original CIDR block has been allocated, and the new computer must be assigned to the new CIDR block separately. However, it is still required that the computer in the new CIDR block can access each other with the computer in the original CIDR block.
To solve this problem, I think of VLAN technology. A VLAN is composed of devices in different physical LAN segments. Although the devices connected by a VLAN come from different CIDR blocks, they can communicate with each other directly, as if they are in the same CIDR block. The 3Com CoreBuilder 3500 Layer 3 switch used by the Unit supports Layer 3 forwarding, that is, the Cisco 3662 router used by VALN also supports VLAN technology, however, using a vro to implement a VLAN causes latency issues ). Therefore, I use the existing conditions to resize the network. The implementation process is as follows.
Ii. Dividing subnets
There are multiple implementation methods for dividing subnets. I use port-based VLAN Division, which is the simplest way to form a VLAN. In this method, the physical network segments belonging to different switch ports are divided into one VLAN. A VLAN corresponds to a real subset of the switch port. By using the network management software, different ports are allocated to the corresponding group according to the Port ID of the switch Port. All sites allocated to each CIDR Block of the same VLAN are in the same broadcast domain and can communicate directly. The communication between sites of different VLANs requires the support of routing.
The IP address used by the computer is a class C address, that is, 11.28.177. */24, name this CIDR block as a VLAN-1; the new CIDR block is also a class C address: 11.28.179. */24, CIDR block named VLAN-2.
The 3Com CoreBuilder 3500 switch is loaded with 2 6-port modules, and the 6 ports of the 1st modules and the 1, 2, and 3 Ports of the 2nd modules are allocated to the VLAN-1, the 2nd, 5, and 6 ports of the 4th modules are divided into VLAN-2. For details, see table 1.
| VLAN Division | |||
| VLAN name | Class C address | Port on the vswitch | VLAN interface IP Address |
| VLAN-1 | 11.28.177 .* | 1st module 1 ~ Port 6, module 2nd, 7 ~ Port 9 | 11.28.177.247 |
| VLAN-2 | 11.28.179 .* | 2nd modules 10 ~ Port 12 | 11.28.179.247 |
The Network Structure Topology after expansion is shown in the figure below.
3. Configure vswitches
1. Establish configuration methods
The 3Com CoreBuilder 3500 switch provides multiple configuration methods. I use the Terminal control port provided on the front panel of the switch to configure the switch, and connect one end of the Console line to the Terminal control port of the switch, connect the other end to the serial port of a computer, start the computer to enter Windows 9X or Windows 2000/XP, and start the Super Terminal Program. Note that the serial port attribute is set to: 9600 bits per second, 8 bits, no parity check, 1 Stop bits, and no data flow control.
2. log on to and go to the main menu
When the switch is powered on, the initialization information is displayed, as shown below:
Select access level (read, write, administer ):
You can log on with three types of permissions: Read-only, Write, and Administer. Enter Administer here to log on with the Administrator permission and enter the password to go to the main menu.
3. assign an IP address for changing hosts
Enter management/ip/interface/define from the main menu, enter the ip address allocated to the switch as 11.28.177.249, mask as 255.255.255.0, and type as System. The purpose of assigning an IP address to a vswitch is to make it easier to manage the vswitch. You can use the "telnet" command to log on to the vswitch and configure it.
4. Define two VLANs
Enter the bridge/vlan/from the main menu. You can run the "summary" command to view the defined VLAN. A default VLAN has been created in CoreBuilder 3500, it includes all ports, but does not include layer-3 switching, so you do not need to consider it. You can use the "define" command to define a new VLAN.
First define a VLAN name for the VLAN-1, and then use the same method to add the VLAN-2, but its included ports are 10, 11, 12, IP address changed to 11.28.179.0, mask unchanged, then, run the "summary" command to view the result as follows:
Index VID Type Origin Name Ports
1 1 system static default 1-12
2 2 open static vlan-1 1-9
3 3 open static vlan-2 10-12
5. Define the interface IP address of a VLAN
To implement communication between two VLANs, you must allocate an interface ip address for the VLAN, go to ip/interface/define from the main menu, and define the interface ip address of the VLAN, note that the allocated interface IP address must belong to the corresponding vlan cidr block. Otherwise, the definition fails. For example, the interface IP address is defined for the VLAN-1.
Select menu option (ip/interface): define
Enter IP address: 11.28.177.247
Enter subnet mask [255.0.0.0]: 255.255.255.0
Enter VLAN interface index {2-3 | ?} : 2
Define the interface IP address for the VLAN-2 in the same way.
Run the summary command to view the result:
Index Type IP address Subnet mask State VLAN index
1 VLAN 11.28.177.247 255.255.255.0 Up 2
2 VLAN 11.28.179.247 255.255.255.0 Up 3
As long as a computer is connected to a port in a VLAN, its VLAN status is UP.
6. Add routes between two VLANs
To achieve communication between two different VLANs, you must add routes between these two VLANs. You can enter ip/routing from the main menu and use the "enable" command to activate the routing function.
7. Add a default gateway for the vswitch
If the computer connected to the vswitch wants to access the computer and network device of other network segments other than the preceding two network segments, a default route must be assigned to the vswitch. Enter ip/route/in the main menu and enter the "default" command to define the default route. This address is the ip address of the router in the LAN.
Select menu option (ip/route): default
Enter gateway IP address: 11.28.177.254
So 11.28.177.0/24 CIDR block is inside the VLAN-1) the computer can access the computer and network equipment of other CIDR blocks, but 11.28.179.0/24 CIDR block is inside the VLAN-2) you must add a route to 11.28.179.0/24 in the vro 11.28.177.254. For example, use the following command on a Cisco 3662 router:
Ip route 11.28.179.0 255.255.255.0 11.28.177.247
4. Set a computer in a VLAN
In addition to the IP address of the CIDR Block, if you want to access computers and network devices of other VLANs or CIDR blocks, you must set the default gateway on the computer, the gateway is the interface address of the VLAN. For example, the computer in the VLAN-1, the gateway should be set to 11.28.177.247, mask is 255.255.255.0, the gateway in the VLAN-2 should be set to 11.28.179.247, mask is 255.255.255.0.
V. Notes
1. Note the differences between the IP addresses of vswitches and vrouters and the interface addresses of the two VLANs. See table 2. The mask is 255.255.255.0. In this article, the IP address of the switch and the IP address of the router in the VALN-1 network. The default gateway of the switch should be set to the IP address of the router, the route added to the VLAN-2 In the router should be the interface IP address of the VLAN-1, the default gateway in the computer in the VLAN-1 is set to the interface IP address of the VLAN-1, the interface IP address that is located on the computer in the VLAN-2, the default gateway is set to the VLAN-2.
| VLAN-related IP addresses | |
| Vswitch IP Address | 11.28.177.249 |
| VLAN-1 interface IP | 11.28.177.247 |
| VLAN-2 interface IP | 11.28.179.247 |
| Router IP | 11.28.177.254 |
2. The switch that determines mutual access between computers in the VLAN-1 and VLAN-2 VLANs is to see if the "ip/routing" command is activated.
3. When a computer in the VLAN-2 accesses a computer and network device of another CIDR block, you need to add a static route in the router, otherwise the VLAN-2 can only access a computer or network device in the VLAN-1.
Edit comment
Computer Networks are the foundation of enterprise informatization. With the development of enterprises, the enterprise's network also needs to be upgraded to meet new needs. During the upgrade and transformation process, we should try our best to give full play to the functions of the original equipment, instead of abandoning them, so as to protect the original investment of the enterprise. This article provides a good example.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
