VLANs act as logical segmentation within our network, letting us group our device(s) based on their functionality or department requirements. In this lab, we’ll use the following VLANs:
- VLAN 10 – Management: This VLAN is dedicated to network infrastructure devices, allowing for secure and efficient management. We’ll give this network address 192.168.10.0/16
- VLAN 20 – Servers: All server-related traffic will be segregated into this VLAN to optimize server communication and enhance security. We’ll give this network address 192.168.20.0/16
- VLAN 30 – Desktop Clients: Desktop computers and workstations will reside in this VLAN, ensuring a separate broadcast domain for user devices. We’ll give this network address 192.168.30.0/16
- VLAN 40 – Wi-Fi Devices: Wireless devices, such as laptops and smartphones, will be isolated in this VLAN, providing enhanced security for the Wi-Fi network. We’ll give this network address 192.168.40.0/16
- VLAN 50 – Printers: Printers, scanners, and other printing devices will form their own VLAN, streamlining print-related traffic. We’ll give this network address 192.168.50.0/16
Entering Configuration Mode
Once logged in via terminal, enter privileged exec mode by typing:
configure terminal # Configuration ModeCreate the VLANs
Once we’ve entered configuraiton mode we can create each VLAN using the vlan command
vlan 10
name Management
vlan 20
name Servers
vlan 30
name DesktopClients
vlan 40
name WifiDevices
vlan 50
name PrintersAssign VLANs to our Interfaces
Now that we’ve created all our VLANs, we need to assign them the required interfaces
interface GigabitEthernet0/1 switchport mode access switchport access vlan 10 # Management interface
interface GigabitEthernet0/2 switchport mode access switchport access vlan 20 # Windows Server
interface GigabitEthernet0/3 switchport mode access switchport access vlan 20 # NAS / storage device
interface GigabitEthernet0/4 switchport mode access switchport access vlan 40 # Wi-fi endpoint
interface GigabitEthernet0/5 switchport mode access switchport access vlan 50 # Printer
interface GigabitEthernet0/10 switchport mode access switchport access vlan 30 # Desktop client
interface GigabitEthernet0/11 switchport mode access switchport access vlan 30 # Desktop client
interface GigabitEthernet0/12 switchport mode access switchport access vlan 30 # Desktop client
....Creating our VRF Instances
ip vrf Management
ip vrf Servers
ip vrf DesktopClients
ip vrf WifiDevices
ip vrf PrintersAssign Interfaces to VRFs
interface Vlan10
ip vrf forwarding Management
exit
interface Vlan20
ip vrf forwarding Servers
exit
interface Vlan30
ip vrf forwarding DesktopClients
exit
interface Vlan40
ip vrf forwarding WifiDevices
exit
interface Vlan50
ip vrf forwarding Printers
exitConfigure the Routing Protocols
inter-VRF routing, configure routing protocols within each VRF
router ospf 1
vrf Management
network 192.168.10.0 0.0.0.255 area 0
exit
router ospf 2
vrf Servers
network 192.168.20.0 0.0.0.255 area 0
exitVerify our configuration
Crosscheck our config to confirm everything is correct. Depending on your security requirements, you may need to run further checks to demonstrate your networks segmentation; we’re just keeping it simple in this case.
show vlan
show ip vrf
show interfaces statusSave our running config and export a backup
write memory