00.32

Lab 8.4.5 Configuring and Verifying ACLs to filter Inter-VLAN Traffic

Sonya Leoni
06491/2008

Step 1: Connect the equipment
a. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using a straight-through cable.
b. Connect PCs with console cables to perform configurations on the router and switch.
c. Connect the host PCs with straight-through cables to the following switch ports: Host 1, to Fa0/2;
Host 2, to Fa0/5; Host 3, to Fa0/8.
Step 2: Perform basic configuration on Router 1
Step 3: Configure R1 to support inter-VLAN traffic
The FastEthernet 0/0 interface on R1 will be subinterfaced to route traffic from each of the three VLANs. Each subinterface IP address will become the default gateway for its designated VLAN.
Step 4: Perform basic configuration on Switch 1
Step 5: Create, name, and assign ports to three VLANs on S1
This network contains one VLAN for the server farm and two VLANs for user groups.
Why is it good practice to place the server farm in a separate VLAN?
Step 6: Create the trunk on S1
Enter the following command to establish interface Fa0/1 as a trunk port:
Step 7: Configure the hosts
Configure each host with the proper IP address, subnet mask, and default gateway according to the
addressing table.
Step 8: Verify that the network is functioning
a. From each attached host, ping the other two hosts and each of the router sub-interface IP addresses.
Were the pings successful? Jawaban: yes
If the answer is no, troubleshoot the router, switch and host configurations to find the error.
b. From the switch S1, ping the router default gateway 192.168.1.1.
Were the pings successful? Jawaban: yes
Step 9: Configure, apply, and test an Extended ACL to filter inter-VLAN traffic
Members of the Users1 VLAN should not be able to reach the server farm, but members of the other VLAN should be able to reach each other and the router. Users1 should be able to reach VLANs other than the server farm.
Step 10: Reflection
  1. Why is it good practice to perform and verify basic and VLAN-related configurations before creating and applying an ACL? Jawaban: Problems can be traced to the syntax and placement of the ACL.
  2. What results would have been produced if the ACL had been placed on subinterface FastEthernet 0/0.3 going out and PC2 pinged PC3?Jawaban: Because the ping packets would first be switched to FastEthernet 0/0.4 and then be forwarded out to the PC3, the ACL would have no effect. Pings from PC2 to the servers would succeed.


0 komentar: