Virtual Networking. Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces.

Slides:



Advertisements
Similar presentations
LAN Segmentation Virtual LAN (VLAN).
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Application Guide For Mesh AP – MAP-3120
RIP V1 W.lilakiatsakun.
Virtual LANs.
VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.
Switching Topic 4 Inter-VLAN routing. Agenda Routing process Routing VLANs – Traditional model – Router-on-a-stick – Multilayer switches EtherChannel.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
VLANs Virtual LANs CIS 278.
Module 5: Configuring Access for Remote Clients and Networks.
Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.
Introduction to Fortinet Unified Threat Management
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Course 301 – Secured Network Deployment and IPSec VPN
Fortinet Single Sign On
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Advanced Computer Networks
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
VLAN Trunking Protocol
VLAN Trunking Protocol (VTP)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Chapter 8: Virtual LAN (VLAN)
CCNA 3 Week 9 VLAN Trunking. Copyright © 2005 University of Bolton Origins Dates back to radio and telephone Trunk carries multiple channels over a single.
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs.
Chapter 6 1 Chap 6 – Implement Inter-VLAN Routing Learning Objectives Explain to the satisfaction of a qualified instructor how network traffic is routed.
Course 301 – Secured Network Deployment and IPSec VPN
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Routing and Routing Protocols
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
Switching Topic 2 VLANs.
Virtual LAN (VLAN) W.lilakiatsakun. VLAN Overview (1) A VLAN allows a network administrator to create groups of logically networked devices that act as.
Virtual Local Area Networks (VLANs) Part II
Configuring VLAN Chapter 14 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Understand basic concept of VLAN  Configure.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
VLANs Last Update Copyright Kenneth M. Chipps Ph.D.
W&L Page 1 CCNA CCNA Training 2.5 Describe how VLANs create logically separate networks and the need for routing between them Jose Luis.
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Presented BY Kanav Dev Singh B.Tech I.T (8 Th sem)
LAN Switching Virtual LANs. Virtual LAN Concepts A LAN includes all devices in the same broadcast domain. A broadcast domain includes the set of all LAN-connected.
Networks and Security Great Demo
Chapter 6 Thanks to the instructors at St. Clair College in Windsor, Ontario.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
Virtual Local Area Networks In Security By Mark Reed.
Module 3: Enabling Access to Internet Resources
Alcatel-Lucent Security Products Configuration Example Series
Chapter 11 VLANs and Inter-VLAN Routing
Virtual Local Area Networks (VLANs) Part I
Chapter 5: Inter-VLAN Routing
Virtual LANs.
Ethernet : Framing and Addressing
Virtual Local Area Network
Routing and Switching Essentials v6.0
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
CCNA 3 v3 JEOPARDY Module 8 CCNA3 v3 Module 8 K. Martin.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Chapter 2: Scaling VLANs
Presentation transcript:

Virtual Networking

Module Objectives By the end of this module participants will be able to: Understand the use of virtual LANs Create VLAN subinterfaces on the FortiGate unit Understand the use of virtual domains Create virtual domains Create administrators specific to virtual domains Create inter-VDOM links

Virtual Local Area Networks (VLAN) Click here to read more about virtual LANs VLANs Physical interfaces

Virtual Local Area Networks (VLAN) Click here to read more about virtual LANs VLANs Physical interfaces VLANs increase the number of network interfaces beyond the physical connections on the FortiGate unit VLANs can be used to logically distribute devices on a LAN into smaller broadcast domains Uses VLAN tags

VLAN tags Destination MAC Source MAC TypeDataCRC 32 Ethernet frame 6 bytes 2 bytes bytes4 bytes Destination MAC Source MAC TypeDataCRC 32 Ethernet frame using VLAN tags Type 8100 Tag Control Info 2 bytes User Priority Field Canonical Format Indicator VLAN Identifier Click here to read more about VLAN tags

VLAN tags Destination MAC Source MAC TypeDataCRC 32 Ethernet frame 6 bytes 2 bytes bytes4 bytes Destination MAC Source MAC TypeDataCRC 32 Ethernet frame using VLAN tags Type 8100 Tag Control Info 2 bytes User Priority Field Canonical Format Indicator VLAN Identifier A four-byte extension to the Ethernet frame is used to define VLANs Applied by switches and routers to every packet sent and received by the devices Workstations and desktop computers are not an active part of the VLAN process VLAN tagging and removal is done after the packet has left the computer Click here to read more about VLAN tags

VLAN Scenario Headquarters Branch office Retail office Accounting computer

VLAN Scenario Headquarters Branch office Retail office Accounting computer In this scenario, computers located in different buildings need to communicate with each other frequently with high security VLANs allow data to be sent between specific computers in different locations as if they were on the same physical subnet

VLANs on a FortiGate Unit Destination MAC Source MAC TypeDataCRC 32 Type 8100 Tag Control Info VLAN A VLAN B

VLANs on a FortiGate Unit Destination MAC Source MAC TypeDataCRC 32 Type 8100 Tag Control Info VLAN A VLAN B The FortiGate unit acts as a layer-3 device when in default NAT/Route mode Can add, read, remove or modify VLAN tags Device can change the VLAN tag if appropriate and send the data frame out on a different VLAN

VLANs on a FortiGate Unit VLAN 100 Branch office VLAN 200 Headquarters VLAN 300 Tag: VLAN 100 Tag: VLAN 300 Router A Router B Subnet 1 Subnet 2

Virtual Domains Click here to read more about FortiGate virtual domains Domain ADomain BDomain C One physical FortiGate deviceMultiple virtual FortiGate devices

Virtual Domains Acme Co.ABC Inc.XYZ Ltd. Own network interfaces Own routing requirements Own firewall policies Own protection rules Packets confined to this VDOM

Virtual Domains Acme Co.ABC Inc.XYZ Ltd. Own network interfaces Own routing requirements Own firewall policies Own protection rules Packets confined to this VDOM Logically, virtual domains behave like separate FortiGate units By default, a FortiGate unit can support a maximum of 10 virtual domains Certain models allow the purchase of additional VDOM licenses to increase number

VDOM Settings Domain A Global settings Settings affect all configured domains: Hostname DNS settings System time Firmware versions …

VDOM Settings Domain A Global settings VDOM settings Settings affect specific VDOM only: Operating mode Router settings Firewall settings UTM settings …

Enabling Virtual Domains

When VDOMs enabled: Global and per-VDOM configurations are separated Only the admin account can view or configure global options Only the admin account can access all VDOM configurations Regular administrators can only configure the VDOM to which they are assigned

Switching Between Virtual Domains

Admin can switch between VDOMs configured on the FortiGate unit in addition to accessing the Global Configuration Regular administrators are confined to their own VDOMs

VDOM Resource Limits Accounting Global resource limits VDOM resource limits

VDOM Resource Limits Accounting VDOM resource limits Global resources limits affect resources available to the FortiGate device VDOM resource limits affect resources available for each VDOM Resource limits vary by device model

Per-VDOM Configurations Accounting Full Config VDOM Config

Per-VDOM Configurations Accounting Full Config VDOM Config Administrators can back up and restore the entire device configuration or VDOM-specific configurations VDOM configurations are stored as separate configuration files VDOM configurations can be synched between HA devices

Virtual Domains Administrators Domain ADomain BDomain C

Virtual Domains Administrators Domain ADomain BDomain C super_admin profile

Virtual Domains Administrators Domain ADomain BDomain C super_admin profile Virtual domains can be managed using either one common administrator or multiple separate administrators for each VDOM Administrators assigned the super_admin profile can manage all VDOMs on the FortiGate device Can also create other administrator accounts and assign them to VDOMs

Inter-VDOM Links Domain ADomain BDomain C Click here to read more about inter-VDOM links

Inter-VDOM Links Domain ADomain BDomain C Click here to read more about inter-VDOM links Inter-VDOM links allow VDOMs to communicate internally without using additional physical interfaces Communication no longer has to leave on a physical interface and re-enter the FortiGate device on another physical interface Firewall policies need to be in place for traffic to be allowed to pass through any interface Whether it be physical or virtual

Inter-VDOM Links

Management VDOM Management traffic leaves through management VDOM DNS Logging to FortiAnalyzer or syslog FortiGuard Alerts s NTP SNMP traps Quarantine Management VDOM must have access to Internet Default management VDOM is root

Independent VDOM Configuration Internet VDOM 1VDOM 2VDOM 3 Network 1Network 2 Network 3 Internet

Independent VDOM Configuration Internet VDOM 1VDOM 2VDOM 3 Network 1Network 2 Network 3 An Independent VDOM configuration uses multiple VDOMs that are completely separate from each other No communication between VDOMs Each VDOM can administer the VDOM- dependent settings of their own VDOM only Internet

Management VDOM Configuration Network 1Network 2 Network 3 Management VDOM Internet VDOM 1VDOM 2VDOM 3

Management VDOM Configuration Network 1Network 2 Network 3 Management VDOM Internet VDOM 1VDOM 2VDOM 3 The root VDOM is the management VDOM and the other VDOMs are connected to it with inter-VDOM links Only the management VDOM is connected to the Internet All external traffic is routed through the management VDOM

Meshed VDOM Configuration Network 1Network 2 Management VDOM Internet VDOM 1VDOM 2

Meshed VDOM Configuration Network 1Network 2 Management VDOM Internet VDOM 1VDOM 2 The Meshed VDOM configuration has VDOMs inter-connected with other VDOMs These configurations can become complex very quickly

Classroom Lab Topology

Lab - Initial Setup Initial configuration Accessing Web Config Click here for step-by-step instructions on completing this lab Lab - Virtual Domains Creating a new VDOM Creating an administrative account Creating inter-VDOM links Creating firewall policies Accessing the services VDOM Click here for step-by-step instructions on completing this lab Click here for instructions on accessing the virtual lab environment Labs

Student Resources Click hereClick here to view the list of resources used in this module

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.