VLAN (Virtual Local Area Network) mak mekanizmu ida ne'ebé uza atu kria grupu hosi dispositivu sira iha rede lokal hanesan ne'e hanesan atu hetan kontrolu kompletu kona-ba komunikasaun entre grupu hirak ne'e. VLAN kria segregasaun lógika entre rede físika, permitindu ita atu hatama múltiplu grupo hosi dispositivu sira iha mesma infrastrutura físika.
Nune'e, iha konseitu VLAN, grupu hosi dispositivu sira ne'ebé konektadu ba switch sira ne'ebé uza VLAN bele komunika hanesan se sira iha rede físika boot liu. VLAN bele kontribui ho flexibilidade, seguransa, no efisiénsia iha rede. Ne'ebé, iha aspeitu hanesan:
Flexibilidade: VLAN permite ita atu redefine hela estrutura rede iha maneira mekanizmu ida ne'ebé menus invazivu. Ita bele troka, aumenta, oho muda, ka halo kria fasilmente VLAN sira depende ba nesesidade rede nian.
Seguransa: VLAN fornese nível boot seguransa ba rede. Ho kria VLAN, ita bele limita komunikasaun entre grupu hosi dispositivu sira. Ne'e hatudu katak se atake boot akontese iha ida hosi VLAN, bele limita efeitu boot liu hosi propagasaun ba grupu sira seluk.
Efisiénsia: VLAN bele aumenta efisiénsia hosi rede. Ho hatene, VLAN bele kria segmentasaun boot iha rede, ne'ebé hatudu atu aumenta rendimentu boot liu hosi limita kuantidade boot tráfiku ne'ebé sai ba kada segmentu.
Iha prátika, para kria VLAN iha switch, ita tenke halo kona-ba hirak ne'ebé hanesan:
Kriasaun VLAN: Ita presiza halo kriasaun hosi VLAN sira iha switch. Kada VLAN tenke hetan identifikasaun únika, normalmente ho númeru ID.
Assigna Porta ba VLAN: Kada porta iha switch tenke assigna ba ida deit VLAN. Ne'e signifika katak dispositivu sira ne'ebé konektadu ba porta ne'ebé assigna ba VLAN sei mak halo parte hosi VLAN ida ne'ebé mak ne'e asigna ba.
Configurasaun Trunking (se aplikavel): Se ita uza múltiplu switch sira ne'ebé konektadu ba roteador ka ne'ebé hatudu konexo entre VLAN sira, presiza hatudu konfigurasaun trunking atu asegura komunikasaun entre switch sira no mantén informasaun VLAN.
VLAN sei fornese boot flexibilidade no kontrol ba komunikasaun iha rede lokal. Aprende kona-ba VLAN sei ajuda ita atu desenha no implementa rede ne'ebé mais seguru, efisiente, no fasil atu administra.
Atu kompriende liu tan mai ita koko fahe tok rede ida iha topologi iha kraik ne;e
Iha Topologi ida ne;e ita koko fahe Vlan iha Edificio ida ka Univerisdade ida,
=========================================
# Konfigurasun iha Router mak hanesan tuir mai neé:=========================================
hostname Rtr-Core
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
enable password 7 0822455D0A16
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 20.20.20.1
ip dhcp excluded-address 30.30.30.1
ip dhcp excluded-address 40.40.40.1
!
ip dhcp pool Docente
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 172.16.1.2
ip dhcp pool Administrasaun
network 20.20.20.0 255.255.255.0
default-router 20.20.20.1
dns-server 172.16.1.2
ip dhcp pool Estudante
network 30.30.30.0 255.255.255.0
default-router 30.30.30.1
dns-server 172.16.1.2
ip dhcp pool Guest
network 40.40.40.0 255.255.255.0
default-router 40.40.40.1
dns-server 172.16.1.2
!
!
username cisco privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
interface GigabitEthernet6/0
ip address 172.16.1.1 255.255.255.248
ip access-group 120 out
duplex auto
speed auto
!
!
interface GigabitEthernet7/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.240
!
interface GigabitEthernet7/0.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet7/0.20
encapsulation dot1Q 20
ip address 20.20.20.1 255.255.255.0
!
interface GigabitEthernet7/0.30
encapsulation dot1Q 30
ip address 30.30.30.1 255.255.255.0
!
interface GigabitEthernet7/0.40
encapsulation dot1Q 40
ip address 40.40.40.1 255.255.255.0
!
ip classless
!
ip flow-export version 9
!
!
access-list 120 deny ip 40.40.40.0 0.0.0.255 host 172.16.1.2
access-list 120 deny ip 40.40.40.0 0.0.0.255 host 172.16.1.3
access-list 120 deny ip 40.40.40.0 0.0.0.255 host 172.16.1.4
access-list 120 permit ip any any
!
banner login ^CCCC15c0
*******************************************************
Bem vindo iha Timor Leste - favor log out antes atu sai...obrigado barak-Jorge Mally soares
*******************************************************
^C
!
!
line con 0
exec-timeout 5 0
login
privilege level 15
!
line aux 0
!
line vty 0 4
access-class 5 in
exec-timeout 5 0
login
transport input telnet
privilege level 15
!
!
end
==========================================
# Tuir mai ita konfigura fali Swt-Core
=========================================
hostname swt-Core
!
enable password 7 0822455D0A16
!
username cisco privilege 1 password 7 0822455D0A16
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/5
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/6
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/7
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.2 255.255.255.240
!
!
!
!
line con 0
!
line vty 0 4
password 7 0822455D0A16
login
transport input telnet
line vty 5 15
password 7 0822455D0A16
login
transport input telnet
!
!
end
==========================================
# Tuir mai ita konfigura fali Swt-Docente
==========================================
hostname swt-Docente
!
enable password 7 0822455D0A16
!
username cisco privilege 1 password 7 0822455D0A16
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.3 255.255.255.240
!
!
line con 0
!
line vty 0 4
password 7 0822455D0A16
login
transport input telnet
line vty 5 15
password 7 0822455D0A16
login
transport input telnet
!
!
end
==========================================
# Tuir mai ita konfigura fali Swt-Administrasaun
==========================================
hostname swt-Administrasaun
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.4 255.255.255.240
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
==========================================
# Tuir mai ita konfigura fali Swt-Estudante
==========================================
hostname swt-Estudantes
!
enable password 7 0822455D0A16
!
username cisco privilege 1 password 7 0822455D0A16
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,30
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.5 255.255.255.240
!
!
line con 0
!
line vty 0 4
password 7 0822455D0A16
login
transport input telnet
line vty 5 15
password 7 0822455D0A16
login
transport input telnet
!
!
end
==========================================
# Tuir mai ita konfigura fali Swt-Guest
==========================================
hostname swt-Guest
!
enable password 7 0822455D0A16
!
!
username cisco privilege 1 password 7 0822455D0A16
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,10,20,30,40
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.6 255.255.255.240
!
!
line con 0
!
line vty 0 4
password 7 0822455D0A16
login
transport input telnet
line vty 5 15
password 7 0822455D0A16
login
transport input telnet
!
!
end
==========================================
# Tuir mai ita konfiguraServer
=========================================
DNS Server ip = 172.16.1.2
File Server ip = 172.16.1.3
Mail-Server ip = 172.16.1.4
Admintrator =172.16.1.5
--------------------------------
Iha Konfigurasaun ne;ebe ita halo ne;e, Kliente sira ida-idak nia grupo ne;e sei hetan ip automatika (dynamic ip ) tamba ita konfigura ona DCHP iha router Core, atu aumenta tan deit host sira hanesan Printer, Access Point ka Wiffi Router diak liu tau ip statico deit ne;e para ip ne;e permanente ona, sequando ita tau ip estatiko iha printer ka Access point hotu tiha keta haluha konfigura ka excluded nia ip iha router para ip ne;e la bele hetan confitu ka conflict ip.
atu aumenta tan konaba grupo ida guest ne;e vlan 40
iha konfigurasaun ne;e iha guest ita la fo permisaun ba grupo ida ne;e atu accessu ba ita nia server hotu hanesan Dns-server, file server, mail server e Adminitrator, tamba ita konfigura ona access list iha router.
ex:
koko test pin husi grupo guest ===>>>172.16.1.2
sekuando ping Reply from 40.40.40.1 : destination host unreachable katak nia la iha koneksaun ka labele asesu ba ita nia server,
koko loke web browser iha grupo guest ====>http://www.timorleste.tl / 172.16.1.2
imagen letet hatudo katak la iha permisaun ba quest atu assesu ba ita nia server ka www.timorleste.tl
koko test ping husi grupo Docente ==>> ping 172.16.1.2
koko loke web browser husi grupo Docente : http//:www.timorleste.tl
kehaluha koko test ping husig grupo estudante ho grupo administrasaun nian, para ita bele hatene konfigurasaun ne;e los ka lae.
Autentikasaun iha router e switch
enable : cisco
password : cisco
ita nia materia edisaun ida ne;e to iha ne;e deit
hamutuk ita dezemvolve cisco iha Timor Leste.
