When would you need this: When you want to perform routing between different VLANs.
Special Requirements: You have to make sure that your router support the frame tagging technology used between the switches.
Before jumping into the router configuration, you have to configure a port in the switch that will be connected to the router to be a trunk port. And keep remembering the VLAN tagging method that you configured the switch to use (ISL or 802.1Q, 802.10, or LANE).
What will be done in this procedure is creating logical interfaces inside the single physical interface that will be linking the switch to the router. These logical interfaces will be treated as separate interfaces in the routing decisions.
1. Remove the IP address from the physical interface, and turn it on,
Router(config-if)#no ip address
Router(config-if)#no shutdown
2. Create a logical interface to be assigned to one of the VLANs
Router(config-if)#int fastethernet 0/0.X
You can change the ‘fastethernet’ to the type you have and the ‘0/0’ with the interface number that you are using.
X represent the logical interface number (not number of logical interfaces). You can use any number here, but I think it is better to use the same number of the VLAN that you will assign to this logical interface. For example, for the logical interface that you will use for VLAN 5 use ‘int fastethernet 0/0.5'. This way, you will easily know which interface refers to which VLAN.
3. Assign the logical interface to a VLAN number
Router(config-subif)#encapsulation XXX Y
where XXX is the encapsulation type you are using for the VLANs (ex: isl or dot1q which is 802.1Q)
and Y is the VLAN number that this logical interface will be assigned to.
4. Assign an IP address to the logical interface
Router(config-subif)#ip address XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY
where XXX.XXX.XXX.XXX and YYY.YYY.YYY.YYY are the IP address and the subnet mask,respectively, you want to use. Remember to give the logical interface an IP address that is lying in the range of the available IP addresses in the VLAN you assigned it to. This interface will be the gateway to the hosts connected to this VLAN. This means that you should do the addressing of the logical interface, you do it exactly the way you do the physical interfaces usually.
Repeat the steps 2 to 4 for each VLAN that you want.
5. Configure static or dynamic routing in the way you need it. And treat the logical interfaces the exact same way you treat the physical interfaces when doing the routing.
If you like some VLANs (ie, networks) not to participate in the routing, you can either not include them in the routing protocol or not assign a logical interface for them.
6. Configure access-lists in the way you find appropriate to filter the traffic going from one VLAN to another and apply them to the logical interfaces the same way you apply them to physical interfaces.
Implementation notes:
1. If you plan to let routing updates go through the router from one VLAN to another, it is necessary to turn off split-horizon. Split-horizon technology forbids the update coming from one interface to go out the same interface. Slit-horizon can be turned off using the following command issued in the physical interface:
Router(config-if)#no ip split-horizon
2. Without the access-lists, there would not be much point of doing VLANs and inter-VLAN routing because without the VLANs everyone would be able to communicate with everyone else.
3. Most switches support trunks on FastEthernet or faster interfaces, and do not support the old Ethernet with 10Mbps.
Tidak ada komentar:
Posting Komentar