Sistemi e reti

Switch multilayer

A cura dell’Ing. Claudio Traini

Esempio di utilizzo per la gestione di VLAN

Architettura della rete

Apparati impiegati

Cisco router 2900 series – Model 2901

Cisco switch Catalyst 3560 – Multilayer 24 port PoE

Apparati impiegati

Apparati impiegati

Apparati impiegati

Cisco Catalyst 3560X Standalone 24-Port Switch

Cisco Catalyst 3560-X Series primary features:

• 24 and 48 10/100/1000 PoE+, non-PoE models, and 12 and 24 GE SFP port models• 24 and 48 10/100/1000 UPOE-capable models with Energy Efficient Ethernet (EEE) support• Four optional uplink network modules with GE or 10GE ports• Industry first PoE+ with 30W power on all ports in 1 rack unit (RU) form factor• Dual redundant, modular power supplies and fans• Media Access Control Security (MACsec) hardware-based encryption• Flexible NetFlow and switch-to-switch hardware encryption with the Service Module uplink• Open Shortest Path First (OSPF) for routed access in IP Base image• IPv4 and IPv6 routing• Multicast routing• Advanced quality of service (QoS)

Forwarding Rate: 65.5 mppsSwitching Fabric: 160 GbpsPrice: 2.400 / 4.300 $

Cisco Catalyst 3560X Standalone 24-Port Switch

Scenario

Router – configurazione

Router – configurazione

Configurazione switch

interface GigabitEthernet0/1no switchportip address 192.168.1.2 255.255.255.0duplex autospeed auto

ip routing

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Interfaccia Gigabit Ethernet 0/1

Abilitiamo il routing

Configurazione switch

Definiamo le tre VLAN

Configurazione switch

Definiamo le tre VLAN – comandi CLI equivalenti

interface Vlan10ip address 192.168.10.1 255.255.255.0ip access-group LAN1 in

interface Vlan20ip address 192.168.20.1 255.255.255.0

interface Vlan30ip address 192.168.30.1 255.255.255.0

ACL per isolare la VLAN 10dalle altre vlan presenti

Configurazione switchConfiguriamo le porte in base alla VLAN di appartenenza

interface FastEthernet0/1switchport access vlan 10

interface FastEthernet0/2switchport access vlan 10

interface FastEthernet0/3switchport access vlan 10

interface FastEthernet0/4switchport access vlan 20

interface FastEthernet0/5switchport access vlan 20

…………………………………………………………….

Configurazione switchConfiguriamo i pool DHCP per le tre VLAN

ip dhcp excluded-address 192.168.10.1ip dhcp excluded-address 192.168.20.1ip dhcp excluded-address 192.168.30.1

ip dhcp pool vlan10network 192.168.10.0 255.255.255.0default-router 192.168.10.1dns-server 8.8.8.8

ip dhcp pool vlan20network 192.168.20.0 255.255.255.0default-router 192.168.20.1dns-server 8.8.8.8

ip dhcp pool vlan30network 192.168.30.0 255.255.255.0default-router 192.168.30.1dns-server 8.8.8.8

IP address riservati alle vlancostituenti I loro rispettivi gateway

Pool d’indirizzi

Configurazione switchACL per impedire il traffico tra la VLAN 10 e le restanti vlan

ip access-list extended LAN1permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255

Nome ACL di tipo extended

Azione Protocollo interessato

Sorgente del trafficoDestinazione del traffico