Configuring a LAN with DHCP and VLANs – PART II

March 6, 2019 | Views: 672

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Ever heard about router on a stick? It literally does not mean that a router should be placed on a stick. It means that a router and switch are connected via a single physical interface configured as 802.1q trunk. The switch has multiple VLANs configured and the router is taking care of the routing between the different VLANs. To make it understand better, the following topology will be considered.

vlan_many

There are two objectives:

  1. All the hosts in different VLANs should receive an IP Address from the DHCP server.
  2. All the hosts in different VLANs should be reachable from each other.

Routing between VLANs (also called Inter-VLAN routing) is performed by the router connected to the trunk port on the switch. Three VLANs are configured on the switch – VLAN 10, 20 and 30. We will start initially with the switch configuration.

interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk

interface vlan10
exit
interface vlan20
exit
interface vlan30
exit

VLAN10 – Hosts 1 and 2
interface Ethernet0/1
switchport access vlan 10
switchport mode access
!
interface Ethernet0/2
switchport access vlan 10
switchport mode access

VLAN20 – Hosts 3 and 4
interface Ethernet0/3
switchport access vlan 20
switchport mode access
!
interface Ethernet1/0
switchport access vlan 20
switchport mode access

VLAN30 – Hosts 5 and 6
interface Ethernet1/1
switchport access vlan 30
switchport mode access
!
interface Ethernet1/2
switchport access vlan 30
switchport mode access

By default, all the VLANs on the switch are allowed on the trunk interface as confirmed by below output.

Switch#show interfaces trunk

Port      Mode      Encapsulation      Status      Native vlan
Et0/0      on              802.1q               trunking          1

Port       Vlans allowed on trunk
Et0/0      1-4094

Port       Vlans allowed and active in management domain
Et0/0      1,10,20,30

Port       Vlans in spanning tree forwarding state and not pruned
Et0/0      1,10,20,30

In order to receive an IP Address from the DHCP Server, a Cisco router is configured as a DHCP Server. A DHCP pool is defined on the Cisco router which assigns IP Addresses to the hosts from the pool defined. In order to configure multiple networks in the DHCP pool, the use of secondary command is mandatory. Otherwise, the router only accepts the last network command while erasing the previous ones.

ip dhcp pool MANY_VLAN
 network 192.168.10.0 255.255.255.0
 network 192.168.20.0 255.255.255.0 secondary
 network 192.168.30.0 255.255.255.0 secondary

In order to establish a trunk link with the switch, sub-interfaces for each VLAN are required to be configured on the router. An IP address is assigned to each sub-interface and the encapsulation is set to 802.1q. Keep in mind that the 802.1Q VLAN ID should match the VLAN IDs of the switch. For example,

encapsulation dot1Q <1-4094> <– Only 10,20,30 should only be configured under the sub-interfaces as these are the only VLANs configured on the switch.

The sub-interface can be defined any value in the range of <0-4294967295>. For example,

interface Ethernet0/0.<0-4294967295> <– This does not have to match the VLAN ID on the switch. However, the recommended way is to keep the sub-interface same as the dot1Q to remember easily.

interface Ethernet0/0
no ip address
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0

Once the router and switch configurations are completed, let’s move to each host one-by-one and enter the command ip dhcp to fetch an IP Address from the DHCP Server. The below picture shows the IP Addresses assigned to each hosts with reachability to all the other hosts in different VLANs.

pings

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 335 / December 14, 2019
How do I Get MTA Certified?
Views: 927 / December 12, 2019
How much does your PAM software really cost?
Views: 1380 / December 10, 2019
How Do I Get into Android Development?
Views: 1758 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel