Configure Port-Based VLANs
Network Requirements
- Server1 and PC1 are in the office network, while Server2 and PC2 are in the production network.
- You need to configure the port-based VLAN functions to isolate PC1 and PC2 so that PC1 can access only Server1 and PC2 can access only Server2.
Network Topology
Figure 3-2 Networking for Configuring Port-Based VLANs
Configuration Steps
Step 1: On Device1, configure VLANs, and configure the port link types of the ports.
#On Device1, create VLAN2 and VLAN3.
|
Device1#configure terminal
Device1(config)#vlan 2-3
|
#On Device1, configure the link type of ports gigabitethernet0/1 and gigabitethernet0/2 to Access. Configure gigabitethernet0/1 to allow services of VLAN2 to pass and configure gigabitethernet0/2 to allow services of VLAN3 to pass.
|
Device1(config)#interface gigabitethernet 0/1
Device1(config-if-gigabitethernet0/1)#switchport mode access
Device1(config-if-gigabitethernet0/1)#switchport access vlan 2
Device1(config-if-gigabitethernet0/1)#exit
Device1(config)#interface gigabitethernet0/2
Device1(config-if-gigabitethernet0/2)#switchport mode access
Device1(config-if-gigabitethernet0/2)#switchport access vlan 3
Device1(config-if-gigabitethernet0/2)#exit
|
#On Device1, configure the link type of port gigabitethernet0/3 to Trunk and allow services of VLAN2 and VLAN3 to pass.
|
Device1(config)#interface gigabitethernet 0/3
Device1(config-if-gigabitethernet0/3)#switchport mode trunk
Device1(config-if-gigabitethernet0/3)#switchport trunk allowed vlan add 2-3
Device1(config-if-gigabitethernet0/3)#exit
|
Step 2: On Device3, configure VLANs, and configure the port link types of the ports.
#On Device2, create VLAN2 and VLAN3.
|
Device2#configure terminal
Device2(config)#vlan 2-3
|
#On Device2, configure the link type of ports gigabitethernet0/1 and gigabitethernet0/2 to Access. Configure gigabitethernet0/1 to allow services of VLAN2 to pass and configure gigabitethernet0/2 to allow services of VLAN3 to pass.
|
Device2(config)#interface gigabitethernet 0/1
Device2(config-if-gigabitethernet0/1)#switchport mode access
Device2(config-if-gigabitethernet0/1)#switchport access vlan 2
Device2(config-if-gigabitethernet0/1)#exit
Device2(config)#interface gigabitethernet0/2
Device2(config-if-gigabitethernet0/2)#switchport mode access
Device2(config-if-gigabitethernet0/2)#switchport access vlan 3
Device2(config-if-gigabitethernet0/2)#exit
|
#On Device2, configure the link type of port gigabitethernet0/3 to Trunk and allow services of VLAN2 and VLAN3 to pass.
|
Device2(config)#interface gigabitethernet 0/3
Device2(config-if-gigabitethernet0/3)#switchport mode trunk
Device2(config-if-gigabitethernet0/3)#switchport trunk allowed vlan add 2-3
Device2(config-if-gigabitethernet0/3)#exit
|
Step 3: Check the result.
#Query the VLAN information on Device1.
Device1#show vlan 2
--- ---- ----------------------------- ------- ------- -----------
NO. VID VLAN-Name Owner Mode Interface
--- ---- ----------------------------- ------- ------- -----------
1 2 VLAN0002 static Tagged gi0/3
Untagged gi0/1
Device1#show vlan 3
--- ---- ----------------------------- ------- ------- -----------
NO. VID VLAN-Name Owner Mode Interface
--- ---- ----------------------------- ------- ------- -----------
1 3 VLAN0003 static Tagged gi0/3
Untagged gi0/2
#Query the VLAN information on Device2.
Device1#show vlan 2
--- ---- ----------------------------- ------- ------- -----------
NO. VID VLAN-Name Owner Mode Interface
--- ---- ----------------------------- ------- ------- -----------
1 2 VLAN0002 static Tagged gi0/3
Untagged gi0/1
Device1#show vlan 3
--- ---- ----------------------------- ------- ------- -----------
NO. VID VLAN-Name Owner Mode Interface
--- ---- ----------------------------- ------- ------- -----------
1 3 VLAN0003 static Tagged gi0/3
Untagged gi0/2
#PC1 and PC2 cannot communicate with each other, PC1 can access only Server1, and PC2 can access only Server2.
Switch
.png){kind=icon}
.png){kind=logo}
