Networking 

8. Small office configuration scenario with VLAN and internet access nr. 2

milan.ciljak
image_pdfimage_print

Small office network in our scenario separate hosts on 3 VLAN (1, 2 and 3). Because one part of network is really old we can here found shared segment with old L1 hub. Redundant link in switched topology introduced between S2 and S3 must be monitored with STP. 

Scenario consist of:

  • PPP link with CHAP authentication between Office and ISP router

              Office part of config:

                username ISP password 0 ciscochap
                interface Serial0/0/0
                ip address 198.160.131.13 255.255.255.252
                encapsulation ppp
                ppp authentication chap

             ISP part of config:
                 username Office password 0 ciscochap

                  interface Serial0/0/0
                  ip address 198.160.131.14 255.255.255.252
                  encapsulation ppp
                  ppp authentication chap
                  clock rate 2000000
 
  • NAT with PAT on S0/0/0 for inside hosts internet access
     ip access-list standard NAT
     permit 192.168.1.0 0.0.0.255
     ip nat inside source list NAT interface Serial0/0/0 overload
     
  • static NAT for local server 
     ip nat inside source static 192.168.1.130 200.0.0.1 
  • DHCP for appropriate LAN clients
     DHCP excluded address
              192.168.1.1, .129, .130, .193,
    ip dhcp excluded-address 192.168.1.1
    ip dhcp excluded-address 192.168.1.129
    ip dhcp excluded-address 192.168.1.130
    ip dhcp excluded-address 192.168.1.193
    ip dhcp excluded-address 192.168.1.131
    ip dhcp excluded-address 192.168.1.132
    ip dhcp excluded-address 192.168.1.133
    !
    ip dhcp pool VLAN3
     network 192.168.1.128 255.255.255.192
     default-router 192.168.1.129
     dns-server 192.168.1.130
    ip dhcp pool VLAN2
     network 192.168.1.0 255.255.255.128
     default-router 192.168.1.1
     dns-server 192.168.1.130
    ip dhcp pool VLAN1
     network 192.168.1.192 255.255.255.224
     default-router 192.168.1.193
     dns-server 192.168.1.130
     
  • router on a stick inter VLAN communication on Office router
    interface FastEthernet0/0
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/0.1
     encapsulation dot1Q 1
     ip address 192.168.1.193 255.255.255.224
     ip nat inside
    !
    interface FastEthernet0/0.2
     encapsulation dot1Q 2
     ip address 192.168.1.1 255.255.255.128
     ip nat inside
    !
    interface FastEthernet0/0.3
     encapsulation dot1Q 3 native
     ip address 192.168.1.129 255.255.255.192
     ip nat inside
     
  • S3 rootBridge selection for STP
        spanning-tree vlan 1-3 priority 4096
     
  • VTP configuration with S1 acting as VTP Server propagating VLAN configuration to entire network
       VTP domain: office
       VTP pass: cisco123
       VTP-server – S1, VTP-Client S2, S3
     
  • subnetting with VLSM
      192.168.1.129/26 VLAN 3 Admin&Native
      192.168.1.1/25     VLAN 2 Staff
      192.168.1.193/27 VLAN 1 Guest – default cant be renamed
     

Preconfigured scenario can be obtained from here (PKT 5.2 or above you need). Topology diagram for scenario is

Share the article via the network
Translate »