Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

CCENT Study Guide Chapter 12 Security.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Implementing Inter-VLAN Routing
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Washington School District Computer Network System Threaded Case Study Jim, Jeff, Pete, Adam, Chris  100X LAN Growth  2X WAN Growth  1.0 Mbps to any.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.
Access Lists Lists of conditions that control access.
Year 2 - Chapter 6/Cisco 3 - Module 6 ACLs. Objectives  Define and describe the purpose and operation of ACLs  Explain the processes involved in testing.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Networking Components
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Semester 3, v Chapter 3: Virtual LANs
© 2002, Cisco Systems, Inc. All rights reserved..
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
– Chapter 5 – Secure LAN Switching
1 Lecture #5 Access Control Lists (ACLs) Asst.Prof. Dr.Anan Phonphoem Department of Computer Engineering, Faculty of Engineering, Kasetsart University,
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
Access Control List ACL. Access Control List ACL.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Access Control Lists (ACLs)
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Chapter 8: Virtual LAN (VLAN)
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Access Control List (ACL)
Author: Bill Buchanan. 1. Broadcast: What is the MAC address of this network address? 2. Requested host: All the hosts read the broadcast and checks.
Instructor & Todd Lammle
ACLs ACLs are hard. Read, read, read. Practice, practice, practice ON TEST4.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
Access Control List ACL’s 5/26/ What Is an ACL? An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
Semester 3 Chapter 6 ACLs. Overview Router can provide basic traffic filtering capability Access Control Lists can prevent packets from passing through.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Page 1 Chapter 11 CCNA2 Chapter 11 Access Control Lists : Creating ACLs, using Wildcard Mask Bits, Standard and Extended ACLs.
1 Semester 3 Threaded Case Study Royal Palm A/3B Ip Siu Tik Tsang Man Wu Wai Hung Wong Lai Ting.
Sem 3 Access Control Lists. Summary of Access Lists Access lists perform serveral functions within a Cisco router, including: ** Implement security /
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
ACCESS CONTROL LIST.
Chapter 3 Managing IP Traffic. Objectives Upon completion of this chapter you will be able to perform the following tasks: Configure IP standard access.
Access Control Lists (ACL). Access-List Overview 4 A Filter through which all traffic must pass 4 Used to Permit or Deny Access to Network 4 Provides.
The Washington School District Mike, Mark, Joy, Armando, & Mona.
WEEK 11 – TOPOLOGIES, TCP/IP, SHARING & SECURITY IT1001- Personal Computer Hardware System & Operations.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.
Wild Stuff ExtendedACLGeneralACLStandardACL Got the Right Number?
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
ITE PC v4.0 Chapter 8 1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public  Networks are systems that are formed by links.  People use different.
Network Troubleshooting CT NWT NameTP No. Gan Pei ShanTP Tan Ming FattTP Elamparithi A/L ThuraisamyTP Tan Ken SingTP
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Lab 12 – Cisco Firewall.
TECH TIP – Videoconferencing settings for Apple AirPort Extreme wireless access point. SYMPTOM / ISSUE After connecting a set-top videoconferencing system.
CCENT Study Guide Chapter 12 Security.
Chapter 2: Basic Switching Concepts and Configuration
Pass4itsure Cisco Dumps
Access Control Lists CCNA 2 v3 – Module 11
Access Control Lists (ACLs)
Computer Networks Protocols
Presentation transcript:

Virtual Local Area Networks

Should I V-LAN? 1. Security V-LANs can restrict access to network resources

Should I V-LAN? Access Control Lists are used to direct the availability of information FacultyStudents Student Records

Faculty V-LAN Students V-LAN Student Records Access Permitted Access Denied

Should I V-LAN? 2. Broadcast Control for Increased Performance Reduce the size of your collision domains Limit broadcast traffic to similar users

Check Your Network for Broadcast Protocols TCP40% UDP10% ARP35% DHCP8% IPX5% SPX2%

One Broadcast Domain

V-LANs form Multiple Broadcast Domains

Should I V-LAN? 3. Network Monitoring Centrally configure devices in local areas Divide your users into logical groupings

Should I V-LAN? Your security will improve Your network performance will improve

How Many V-LANs? List Buildings Itemize Departments Remember BROADCAST CONTROL NC State

How Many V-LANs? Building 1Building 2 Lab 1Wireless Lab Lab 2Faculty/Staff Building 3 LibraryLab 3 AdministrationFaculty/Staff

How Many V-LANs? When you’re done – Add 2 More 1.A Test V-LAN for your Test Lab 2.An “Internet Only” V-LAN for all unused ports plus V-LAN #1 will be your default V-LAN for your administrative purposes

How Many V-LANs? Building 1 – 18 V-LANs Building 2 – 6 V-LANs Building 3 – 7 V-LANs Building 4 – 4 V-LANs Building 5 – 2 V-LANs Building 6 – 7 V-LANs 3 Server VLANs Internet Only V-LAN Test V-LAN Adm. V-LAN Total - 50

Equipment/Server Concerns You will need a trustworthy Layer 3 main switch (example: Cisco 4506) Unmanaged switches and hubs can contain only 1 V-LAN Some protocols, such as IPX & Apple, require broadcasts. These will need to be addressed.

Equipment/Server Concerns Each V-LAN will need its own DHCP scope. DNS must be reachable by every V-LAN User applications cannot reside on a V-LAN that will be blocked You must know what is connected to every port on every switch.

How Do I Begin? Get details on your current setup - Conduct an audit of the ports on your switches

Create a Switch Audit Form Switch Loc.IP Address Manuf/Mod #Upload Port Port Information Port #Patch #User Loc User Name Printers Used VLAN # 1 2 3

Set Up a Schedule Week 1 – Audit Bldg. 1 Week 2 – Audit Bldg. 2 Week 3 – Audit Bldg. 3 Week 4 – Audit Bldg. 4 Week 5 – Audit Bldg. 5 Week 6 – Audit Bldg. 6 Week 7 – Write Configuration & Access Lists – Select IP Address for Users Week 8 - Implementation Add V-LANs to main switch & DHCP Scopes Set all ports on all switches Test PCs & Printers Change IP’s where needed You have a new network! Adhere to the schedule!!

How Do I Add V-LANs to the Switches? Add every V-LAN to the main switch Add to each switch the V-LANs it will need – With some manufacturers the secondary switches will automatically read the list from the main switch Set each port to the correct V-LAN

Secondary Switches contain the V- LANs they Service Main Switch contains all V-LANs Set each port to the correct V-LAN

Sample Script for Main Switch ena config t vlan 2 name Building1Lab1 exit vlan 3 name Building1Lab2 exit 1.Add the V-LAN 2.Name the V-LAN 3.Exit that V-LAN 4.Add another V-LAN

Sample Script for Main Switch 5.Enter the V-LAN as an Interface 6.Give a Description to the V-LAN 7.Give an IP Address to the V-LAN 8.Give a location for DHCP for the V-LAN 9.Turn the V-LAN on int vlan 1 description Bus Lab ip address ip helper address no shutdown exit int vlan 2

Remember... You must have a default IP Address for every V-LAN You must have a DHCP scope for every V-LAN

About those IP Addresses You will need an addressing scheme for your new network Choose it carefully so your V-LANs will be easy to identify Use a private address or a combination of private addresses – – –

About those IP Addresses – – For convenience, subnet your address to make octet numbers a subnet Ex – , – , – You would instantly know that the first device was on V-LAN 1, the second device on V-LAN 2

Take it Slowly... Set all your switches and test your new network Give everyone full access until all the bugs have been fixed

When everything works, you’re ready to add the Security

Access Lists Access Lists are used for Security These Lists block or allow users to servers or network addresses Users can be blocked completely – or by protocols Ex – Students can be blocked from accessing a server with Telnet

Access Lists Specify the users you wish to block or allow by using a Wildcard Mask. This mask identifies which octets of the address are to be checked. 0 = match, 255 = ignore Example: – Ignore last octet allow Addresses –

Access Lists Permit the services users will need – DNS, HTTP, etc. Deny the services you want to block Apply the Access List to the correct V-LANs V-LANs without an Access List will have total access

Access List Example access-list 101 permit ip host – permits all users access to Firewall access-list 101 deny ip host – denies V-LAN #5 access to GroupWise Mail server

Access List Example access-list 101 permit tcp host eq http -Permits all hosts access to web server, but only for http int vlan 5 ip access-group 101 in – Applies access-list to VLAN #5

Enjoy Your New Network Security Multiple Broadcast Domains Easier Monitoring

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.