Inter-VLAN routing and ACLs - Packet Tracer
Inter-VLAN routing and ACLs - Packet Tracer
Embedded Files
This project demonstrates the design and configuration of a small office network using Cisco Packet Tracer. The lab focuses on VLAN segmentation, inter-VLAN routing, centralised DHCP, and the use of ACLs for access control.
Fig. 01 - Visualisation of topography design
Design
Design
The network was divided into two VLANs:
- VLAN 10: HR Department
- VLAN 20: Sales Department
A router-on-a-stick configuration was implemented to provide inter-VLAN routing via a single trunk link. A central DHCP server located in VLAN 10 provided IP addressing for both VLANs, with the router acting as a DHCP relay.
Configuration
Key configuration steps included:
- Configuring switch ports as Access (HR: VLAN 10, Sales: VLAN 20) and Trunk (router uplink).
- Creating router subinterfaces with 802.1Q encapsulation and IP addresses.
- Configuring DHCP pools on the DHCP server for VLAN 10 and VLAN 20.
- Applying IP helper-address on router subinterfaces to forward DHCP requests.
- Implementing ACLs to restrict cross-department file server access.
Fig. 02 - Router configuration confirmation
Fig. 03 - Final network topology with PC DHCP lease
Results
The configuration was validated as follows:
- HR PCs obtained IP addresses in the 192.168.10.0/24 range from the DHCP server.
- Sales PCs obtained IP addresses in the 192.168.20.0/24 range from the DHCP server.
- ACLs successfully prevented HR PCs from accessing the Sales file server and vice versa.
Due to Packet Tracer limitations, DHCP leases for VLAN10 did not display correctly in testing. In practice, this would be resolved using an ip helper-address configuration or router-based DHCP. However, with a static IP address assigned to HR PCs, we see that all hardware communicates as it should.
CMD prompt output from Sales PC 02
C:\>ipconfig
FastEthernet0 Connection:(default port)
Connection-specific DNS Suffix..:
Link-local IPv6 Address.........: FE80::2D0:FFFF:FEC7:ECBE
IPv6 Address....................: ::
IPv4 Address....................: 192.168.20.11
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.20.1
C:\>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\>ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\>ping 192.168.10.100
Pinging 192.168.10.100 with 32 bytes of data:
Reply from 192.168.20.1: Destination host unreachable.
Reply from 192.168.20.1: Destination host unreachable.
Reply from 192.168.20.1: Destination host unreachable.
Reply from 192.168.20.1: Destination host unreachable.
Ping statistics for 192.168.10.100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Page updated
Google Sites
Report abuse