1 00:00:00,000 --> 00:00:00,850 2 00:00:00,850 --> 00:00:03,890 To implement VLANs, we'd want to do three basic things. 3 00:00:03,890 --> 00:00:05,390 Number one-- plan it out. 4 00:00:05,390 --> 00:00:09,220 We identify which hosts or which devices we want in which VLANs. 5 00:00:09,220 --> 00:00:11,980 Secondly, implement the changes, and then third, 6 00:00:11,980 --> 00:00:14,027 verify that it works. 7 00:00:14,027 --> 00:00:15,610 So as part of our planning, let's take 8 00:00:15,610 --> 00:00:18,070 a close look at our existing topology right here. 9 00:00:18,070 --> 00:00:19,270 We have six hosts-- 10 00:00:19,270 --> 00:00:21,970 PC-1 all the way through PC-6. 11 00:00:21,970 --> 00:00:23,920 These numbers up here that start with 10 12 00:00:23,920 --> 00:00:26,920 are currently their IP addressing information 13 00:00:26,920 --> 00:00:28,070 for each one of them. 14 00:00:28,070 --> 00:00:30,880 So PC-1's IP address ends with dot 11. 15 00:00:30,880 --> 00:00:34,030 PC-2 is dot 22, et cetera, all the way through PC-6 16 00:00:34,030 --> 00:00:35,227 ending in dot 66. 17 00:00:35,227 --> 00:00:37,810 And regarding these hosts, their connectivity to the network-- 18 00:00:37,810 --> 00:00:40,210 their physical connectivity is through these switches-- 19 00:00:40,210 --> 00:00:42,220 switch number 1 and switch number 2. 20 00:00:42,220 --> 00:00:44,700 And currently, and by default in the Cisco Network, 21 00:00:44,700 --> 00:00:46,600 all the switchports are by default 22 00:00:46,600 --> 00:00:51,250 configured as being members of VLAN number 1. 23 00:00:51,250 --> 00:00:52,740 That's a little bit hard to read. 24 00:00:52,740 --> 00:00:54,410 Let me change the color there. 25 00:00:54,410 --> 00:00:56,860 So as part of our planning, let's decide that we want PC-1 26 00:00:56,860 --> 00:00:59,290 and PC-2 to be in their own VLAN-- 27 00:00:59,290 --> 00:01:01,730 their own layer two broadcast domain. 28 00:01:01,730 --> 00:01:04,209 So let's go ahead and put them into a new VLAN 29 00:01:04,209 --> 00:01:07,040 and we'll use VLAN 777. 30 00:01:07,040 --> 00:01:08,810 So we'll create that new VLAN and we'll 31 00:01:08,810 --> 00:01:12,970 assign Gig 0/1 and 0/2 to that VLAN, which will then 32 00:01:12,970 --> 00:01:17,050 cause PC-1 and PC-2 to be in that VLAN called 777, 33 00:01:17,050 --> 00:01:19,690 and we'll leave everybody else in the default 34 00:01:19,690 --> 00:01:21,820 VLAN of VLAN number 1. 35 00:01:21,820 --> 00:01:24,010 So after we make that change at the switchports, 36 00:01:24,010 --> 00:01:26,900 PC-1 and PC-2 will still be able to talk to each other, 37 00:01:26,900 --> 00:01:29,980 but they'll be isolated from the rest of the devices 38 00:01:29,980 --> 00:01:32,350 because the rest of the devices are in VLAN 1, 39 00:01:32,350 --> 00:01:34,690 while they'll be in VLAN 777. 40 00:01:34,690 --> 00:01:36,273 And for the demonstration, we're going 41 00:01:36,273 --> 00:01:37,981 to go ahead and walk through implementing 42 00:01:37,981 --> 00:01:39,820 this on a Cisco switch. 43 00:01:39,820 --> 00:01:42,520 Currently, all six PCs are in VLAN 1, 44 00:01:42,520 --> 00:01:45,400 and let's verify basic connectivity before we 45 00:01:45,400 --> 00:01:46,880 start making some changes. 46 00:01:46,880 --> 00:01:49,120 So here in PC-1, let's go ahead and ping out 47 00:01:49,120 --> 00:01:53,740 to PC-2, PC-3, PC-4, PC-5, and PC-6 just 48 00:01:53,740 --> 00:01:56,050 to verify that we have connectivity 49 00:01:56,050 --> 00:01:58,030 and that the network is currently functioning 50 00:01:58,030 --> 00:02:00,490 before we make any changes. 51 00:02:00,490 --> 00:02:02,410 [MUSIC PLAYING] 52 00:02:02,410 --> 00:02:11,060 53 00:02:11,060 --> 00:02:14,000 Great, so we verified some basic connectivity by doing a ping 54 00:02:14,000 --> 00:02:17,900 test from PC-1 to the other five PCs, 55 00:02:17,900 --> 00:02:21,470 and currently that's working, partly because every other PC 56 00:02:21,470 --> 00:02:23,180 is in the same exact VLAN-- 57 00:02:23,180 --> 00:02:25,580 VLAN number 1 by default. Next, let's 58 00:02:25,580 --> 00:02:28,640 go to the switch-- switch number 1 and take a look at it. 59 00:02:28,640 --> 00:02:31,340 Here on switch number 1, let's take a look at the defaults 60 00:02:31,340 --> 00:02:34,400 that we have in place before we start making some changes, 61 00:02:34,400 --> 00:02:37,960 and on a Cisco switch, we can use the command Show VLAN 62 00:02:37,960 --> 00:02:38,810 Brief. 63 00:02:38,810 --> 00:02:40,970 Take a look at the VLAN information. 64 00:02:40,970 --> 00:02:43,200 So over here on the right, we have a list of ports, 65 00:02:43,200 --> 00:02:45,800 and it's currently showing us here on switch 1 66 00:02:45,800 --> 00:02:49,640 that Gig 0/1, 0/2, 0/3, along with a few others, 67 00:02:49,640 --> 00:02:52,190 are all associated with this VLAN, VLAN 1, which 68 00:02:52,190 --> 00:02:53,070 is the default VLAN. 69 00:02:53,070 --> 00:02:54,528 And what we're going to do is we're 70 00:02:54,528 --> 00:02:57,200 going to take Gig 0/1 and 0/2, which 71 00:02:57,200 --> 00:02:59,270 is where PC-1 and PC-2 are connected, 72 00:02:59,270 --> 00:03:02,450 and we are going to first create VLAN 777, 73 00:03:02,450 --> 00:03:04,940 and then put those two individual ports 74 00:03:04,940 --> 00:03:06,560 in that separate VLAN. 75 00:03:06,560 --> 00:03:09,425 So we'll go into configuration mode on this switch, 76 00:03:09,425 --> 00:03:10,800 and the first thing we want to do 77 00:03:10,800 --> 00:03:14,180 is go ahead and create our new VLAN. 78 00:03:14,180 --> 00:03:18,410 So we'll create VLAN 777, and we'll also 79 00:03:18,410 --> 00:03:21,350 give it the name of Human Resources, 80 00:03:21,350 --> 00:03:23,600 that way when we see it, we can know what it is. 81 00:03:23,600 --> 00:03:26,870 Next, we'll exit out of VLAN configuration mode. 82 00:03:26,870 --> 00:03:29,000 We'll do a quick Show for the VLAN, 83 00:03:29,000 --> 00:03:30,500 just to make sure that it exists. 84 00:03:30,500 --> 00:03:31,880 Sure enough, there it is-- 85 00:03:31,880 --> 00:03:35,990 VLAN 777 named Human Resources, and at the moment, 86 00:03:35,990 --> 00:03:39,470 there are no ports assigned to it, and that's our next step. 87 00:03:39,470 --> 00:03:45,150 We want to assign ports Gig 0/1 and 0/2 to that specific VLAN. 88 00:03:45,150 --> 00:03:47,299 So we'll go into range configuration mode 89 00:03:47,299 --> 00:03:49,340 so we can put in the commands for those two ports 90 00:03:49,340 --> 00:03:52,760 at the same time, and we'll use the commands Switchport Mode 91 00:03:52,760 --> 00:03:54,680 Access, saying that we want these two 92 00:03:54,680 --> 00:03:58,300 ports to be access ports followed by switchport access 93 00:03:58,300 --> 00:04:02,210 VLAN and the number 777, which is the VLAN we 94 00:04:02,210 --> 00:04:03,316 want them to be a part of. 95 00:04:03,316 --> 00:04:04,940 And having done that, we'll type an End 96 00:04:04,940 --> 00:04:07,700 to go out of configuration mode, and let's do a quick Show 97 00:04:07,700 --> 00:04:09,670 command to verify our work. 98 00:04:09,670 --> 00:04:13,190 And we can do a Show VLAN Brief, and sure enough, 99 00:04:13,190 --> 00:04:18,470 we have VLAN 777, and now we have the two ports of Gig 0/1 100 00:04:18,470 --> 00:04:22,160 and 0/2 that are associated with that specific layer 101 00:04:22,160 --> 00:04:24,090 two broadcast domain. 102 00:04:24,090 --> 00:04:26,964 So our next step is to go ahead and test connectivity. 103 00:04:26,964 --> 00:04:28,130 We should have connectivity. 104 00:04:28,130 --> 00:04:29,700 In fact, let's go over to PC-1. 105 00:04:29,700 --> 00:04:33,040 So here on PC-1, we should have connectivity between PC-1 106 00:04:33,040 --> 00:04:37,220 and PC-2, so we'll test that with a ping, or to 10.0.0.22-- 107 00:04:37,220 --> 00:04:40,040 that is PC-2, and that continues to work. 108 00:04:40,040 --> 00:04:41,050 That's great. 109 00:04:41,050 --> 00:04:44,730 Next let's ping 10.0.0.33, which is PC-3. 110 00:04:44,730 --> 00:04:49,750 Now, because PC-1 is in VLAN 777 and the PC we're trying to ping 111 00:04:49,750 --> 00:04:52,350 is in a completely separate layer two broadcast 112 00:04:52,350 --> 00:04:55,190 domain or separate VLAN, there is no connectivity 113 00:04:55,190 --> 00:04:56,900 without some other network device 114 00:04:56,900 --> 00:04:59,030 that's going to move our traffic over there for us. 115 00:04:59,030 --> 00:05:02,450 So this ping command is not expected to work. 116 00:05:02,450 --> 00:05:04,040 And sure enough, it is timing out. 117 00:05:04,040 --> 00:05:05,090 It's not working. 118 00:05:05,090 --> 00:05:08,100 However, if we go to PC-3, here on PC-3, 119 00:05:08,100 --> 00:05:11,360 which is still in VLAN 1, if we try to ping other devices that 120 00:05:11,360 --> 00:05:15,410 are still in VLAN 1, like PC-4, PC-5, or PC-6, 121 00:05:15,410 --> 00:05:18,410 that should still work, because those four PCs are all 122 00:05:18,410 --> 00:05:19,980 in the same broadcast domain-- 123 00:05:19,980 --> 00:05:20,650 the same VLAN. 124 00:05:20,650 --> 00:05:24,200 So let's test it with a ping out to 10.0.0. 125 00:05:24,200 --> 00:05:26,840 and let's pick on 44, which is PC-4, 126 00:05:26,840 --> 00:05:30,960 and press Enter, and sure enough, that works great. 127 00:05:30,960 --> 00:05:36,420 But we won't be able to ping from PC-3 over to PC-1 or PC-2, 128 00:05:36,420 --> 00:05:38,910 once again because PC-3 is in a different layer 129 00:05:38,910 --> 00:05:42,210 two VLAN than PC-1 and PC-2. 130 00:05:42,210 --> 00:05:44,340 In this Nugget, we've planned, implemented, 131 00:05:44,340 --> 00:05:47,550 and verified both the creation of a new VLAN 132 00:05:47,550 --> 00:05:50,340 and assigning two switchports to that VLAN. 133 00:05:50,340 --> 00:05:52,680 I hope that this has been informative for you, 134 00:05:52,680 --> 00:05:56,210 and I'd like to thank you for viewing.