The application of VLAN in network management
1. Preface The
computer network of Guangzhou Branch is part of the second phase of the "100 Networking" project of the Chinese Academy of Sciences. The network center equipment was installed and
operated in early 1998. With the development of user access and network applications, it is running, Encountered many problems in management. While there has been gradual improvement of network
distribution center equipment and servers and the establishment of appropriate management systems, some issues can be resolved and control, but to prevent a
few recalcitrant users often use unauthorized IP access problems can not be solved, network management personnel It takes a lot of energy for this. At that
time, I wanted to do IP-MAC binding on the border router, but because CSTNET considers the overall security of the network, the border router has the right to manage
Controlled by the hospital network center, Guangzhou branch network node is two, such as the IP-MAC binding on the border router, unfavorable
to network monitoring and management, a number of events that may occur can not respond quickly, so It is actually not feasible. Solving the
problem can only be started on the network center equipment of Guangzhou Branch.
Second, the network structure configuration and solution
Since 4500 is only equipped with high-speed port f0, the rest are asynchronous ports, so that the border routing Cisco 2514 can only access the Catalyst 3200,
and form a "flat structure" structure with all LANs, which causes inherent deficiencies to prevent IP theft problems .
From the analysis of the Catalyst 3200 virtual network function, it can be seen that in addition to the advantages of the virtual network function itself,
the high-speed ports of the Catalyst 3200 switch and Cisco 4500 router support ISL (InterSwitch Link) and VTP (VLAN TRUNK PROTOCOL),
which provides for enhanced network management. Strong technical guarantee. By setting the virtual network on the Catalyst 3200 port, and then according
to the principle of the physical location, working nature, and network communication load of the network users as much as possible, all network users are included in different
virtual subnets. Each subnet passes through the Catalyst 3200 and Cisco 4500. The high-speed port connection-routing, and then bind the IP-MAC to the
Cisco 4500 may achieve the intended purpose.
3. Configuration of virtual subnet VLAN
1) . Configuration of VLAN and VTP on Catalyst 3200 switch enters Catalyst 3200 console via hyper terminal
a). Set VLAN management domain and enter "SET VTP AND ...", select "VTP ADMINISTRATION"
CONFIGURATION "Set the VALN management domain name" GIETNET "; VTP mode is" SERVER ".
B). Set VLAN and TRUNK: Connect all subnet switches and HUBs to the 10MB or
100MB ports of the Catalyst 3200 , and assign VLANs according to the above principles , And divide these ports into virtual networks as follows:
This setting is to select "LOCAL VLAN PROT CONFIGURATION" from the CONFIGURATION of the console
, specify the VLAN and TRUNK port, and fill all 3 VLANs into the TRUNK port configuration sheet In the end, the
following is shown as
2). The setting of
the Cisco 4500 router "splits" the f0 port of the Cisco 4500 into the corresponding "sub-ports" according to the number of subnets. According to the ISL
(InterSwitch Link) number set by it , proceed with the corresponding subnet Logical connection. In this example, f0 is divided into f0.1,
f0.2, and f0.3 to connect to VLAN1, VLAN2, and VLAN3, and the configuration commands are as follows:
router # config t
router (config) #int f0.1
router (config-subif) #Description VLAN1_GIET
router (config-subif) #ip address 192.168.111.1 255.255.255.192
router (config-subif) #encapsulation isl 2
..
router (config) #int f0.2
router (config-subif) #Description VLAN2_gzbnic
router (config-subif) #ip addess 192.168.111.65 255.255.255.192
router (config-subif ) #encapsulation isl 3
..
Ctl Z
wr is
1. Preface The
computer network of Guangzhou Branch is part of the second phase of the "100 Networking" project of the Chinese Academy of Sciences. The network center equipment was installed and
operated in early 1998. With the development of user access and network applications, it is running, Encountered many problems in management. While there has been gradual improvement of network
distribution center equipment and servers and the establishment of appropriate management systems, some issues can be resolved and control, but to prevent a
few recalcitrant users often use unauthorized IP access problems can not be solved, network management personnel It takes a lot of energy for this. At that
time, I wanted to do IP-MAC binding on the border router, but because CSTNET considers the overall security of the network, the border router has the right to manage
Controlled by the hospital network center, Guangzhou branch network node is two, such as the IP-MAC binding on the border router, unfavorable
to network monitoring and management, a number of events that may occur can not respond quickly, so It is actually not feasible. Solving the
problem can only be started on the network center equipment of Guangzhou Branch.
Second, the network structure configuration and solution
Since 4500 is only equipped with high-speed port f0, the rest are asynchronous ports, so that the border routing Cisco 2514 can only access the Catalyst 3200,
and form a "flat structure" structure with all LANs, which causes inherent deficiencies to prevent IP theft problems .
From the analysis of the Catalyst 3200 virtual network function, it can be seen that in addition to the advantages of the virtual network function itself,
the high-speed ports of the Catalyst 3200 switch and Cisco 4500 router support ISL (InterSwitch Link) and VTP (VLAN TRUNK PROTOCOL),
which provides for enhanced network management. Strong technical guarantee. By setting the virtual network on the Catalyst 3200 port, and then according
to the principle of the physical location, working nature, and network communication load of the network users as much as possible, all network users are included in different
virtual subnets. Each subnet passes through the Catalyst 3200 and Cisco 4500. The high-speed port connection-routing, and then bind the IP-MAC to the
Cisco 4500 may achieve the intended purpose.
3. Configuration of virtual subnet VLAN
1) . Configuration of VLAN and VTP on Catalyst 3200 switch enters Catalyst 3200 console via hyper terminal
a). Set VLAN management domain and enter "SET VTP AND ...", select "VTP ADMINISTRATION"
CONFIGURATION "Set the VALN management domain name" GIETNET "; VTP mode is" SERVER ".
B). Set VLAN and TRUNK: Connect all subnet switches and HUBs to the 10MB or
100MB ports of the Catalyst 3200 , and assign VLANs according to the above principles , And divide these ports into virtual networks as follows:
This setting is to select "LOCAL VLAN PROT CONFIGURATION" from the CONFIGURATION of the console
, specify the VLAN and TRUNK port, and fill all 3 VLANs into the TRUNK port configuration sheet In the end, the
following is shown as
2). The setting of
the Cisco 4500 router "splits" the f0 port of the Cisco 4500 into the corresponding "sub-ports" according to the number of subnets. According to the ISL
(InterSwitch Link) number set by it , proceed with the corresponding subnet Logical connection. In this example, f0 is divided into f0.1,
f0.2, and f0.3 to connect to VLAN1, VLAN2, and VLAN3, and the configuration commands are as follows:
router # config t
router (config) #int f0.1
router (config-subif) #Description VLAN1_GIET
router (config-subif) #ip address 192.168.111.1 255.255.255.192
router (config-subif) #encapsulation isl 2
..
router (config) #int f0.2
router (config-subif) #Description VLAN2_gzbnic
router (config-subif) #ip addess 192.168.111.65 255.255.255.192
router (config-subif ) #encapsulation isl 3
..
Ctl Z
wr is