Lab 16 .

VLAN
Topologi

Tabel Addressing
Device Interface IP Address Subnet Mask Default Gateway

R1 Fa0/0 192.168.1.254 255.255.255.0 N/A

Fa1/0 12.12.12.1 255.255.255.0 N/A
Lo1 172.16.1.1 255.255.255.0 N/A
Lo2 172.16.2.2 255.255.255.0 N/A
R2 Fa0/0 192.168.2.254 255.255.255.0 N/A
Fa1/0 12.12.12.2 255.255.255.0 N/A
Lo3 172.16.3.3 255.255.255.0 N/A
Lo4 172.16.4.4 255.255.255.0 N/A
S1 N/A VLAN 1 N/A N/A
S2 N/A VLAN 1 N/A N/A
Laptop1 NIC 192.168.1.1 255.255.255.0 192.168.1.254
Laptop3 NIC 192.168.1.3 255.255.255.0 192.168.1.254
Laptop2 NIC 192.168.2.1 255.255.255.0 192.168.2.254
Laptop4 NIC 192.168.2.3 255.255.255.0 192.168.2.254

Page 111
Tujuan
 Setting VLAN

Konsep Dasar
VLAN
 Membagi single broadcast domain menjadi beberapa broadcast domain
 Security layer 2
 Secara default semua port switch masuk VLAN 1
 VLAN 1 dikenal juga sebagai Administrative VLAN atau Management VLAN
 VLAN bisa dibuat dari nomor 2 – 1001
 VLAN hanya bisa dikonfigurasi pada Manageable Switch saja
 2 tipe VLAN :
o Static VLAN
o Dynamic VLAN
 VLAN meningkatkan security network
 VLAN meningkatkan jumlah broadcast domain dan menurunkan size broadcast domain

Static VLAN
 Static VLAN berdasarkan port
 Dilakukan secara manual untuk assign port ke VLAN
 Disebut juga sebagai Port-Based VLAN
 Satu port hanya bisa untuk satu VLAN

Dua cara membuat VLAN :

1. Membuat VLAN di config mode

Switch (config)# vlan <no>

Switch (config-vlan)# name <name>
Switch (config-vlan)# exit

Assign port di VLAN

Switch (config)# interface <interface type> <interface no.>

Switch (config-if)# switchport mode access
Switch (config-if)# switchport access vlan <no>

2. Membuat VLAN menggunakan command database

Switch (config)# vlan database

Switch (config-vlan)# vlan <vlan id> name <vlan name>
Switch (config-vlan)# exit

Assign port di VLAN

Switch (config)# interface <interface type> <interface no.>

Switch (config-if)# switchport mode access
Switch (config-if)# switchport access vlan <no>

Verifikasi VLAN

Switch # show vlan

Page 112
Dynamic VLAN
 Berdasarkan MAC address PC
 Switch secara otomatis assign port ke VLAN
 Masing-masing port bisa menjadi lebih dari satu member VLAN
 Untuk konfigurasi VLAN dibutuhkan software VMPS (VLAN Membership Policy Server)

Konfigurasi
Login console ke S1 atau S2 untuk mempraktikkan Lab 16-VLAN.

Sebelum impelementasi VLAN di S1 maupun S2, Laptop1 dan Laptop3 masih bisa saling Ping,
begitu juga Laptop2 dan Laptop4 karena masih dalam satu VLAN yang sama yaitu VLAN 1.

Tes Ping Laptop1 ke Laptop3

Laptop1>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::201:43FF:FE3A:AEC2

IP Address......................: 192.168.1.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.254

Laptop3>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::2D0:97FF:FE5C:503B

IP Address......................: 192.168.1.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.254

Laptop1>ping 192.168.1.3

Pinging 192.168.1.3 with 32 bytes of data:

Reply from 192.168.1.3: bytes=32 time=1ms TTL=128

Reply from 192.168.1.3: bytes=32 time=0ms TTL=128
Reply from 192.168.1.3: bytes=32 time=0ms TTL=128
Reply from 192.168.1.3: bytes=32 time=0ms TTL=128

Ping statistics for 192.168.1.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

Page 113
Tes Ping Laptop2 ke Laptop4
Laptop2>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::260:2FFF:FE42:A6D3

IP Address......................: 192.168.2.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.254

Laptop4>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::20A:F3FF:FE4B:1E76

IP Address......................: 192.168.2.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.254

Laptop2>ping 192.168.2.3

Pinging 192.168.2.3 with 32 bytes of data:

Reply from 192.168.2.3: bytes=32 time=63ms TTL=128

Reply from 192.168.2.3: bytes=32 time=8ms TTL=128
Reply from 192.168.2.3: bytes=32 time=0ms TTL=128
Reply from 192.168.2.3: bytes=32 time=0ms TTL=128

Ping statistics for 192.168.2.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 63ms, Average = 17ms

Tabel VLAN

Switch VLAN VLAN NAME Interface Network VLAN

VLAN 10 IT Fa0/1-Fa0/12 192.168.10.0/24

S1 VLAN 20 Admin Fa0/13-Fa0/24 192.168.20.0/24

Interface VLAN10 192.168.10.10

VLAN 10 IT Fa0/1-Fa0/12 192.168.10.0/24

S2 VLAN 20 Admin Fa0/13-Fa0/24 192.168.20.0/24

Interface VLAN10 192.168.10.10

Page 114
Setting VLAN di S1 dan S2 sesuai dengan tabel VLAN diatas dan setting IP address untuk
interface VLAN 10 agar S1 atau S2 dapat diremote melalui telnet.

Setting VLAN di S1

Tampilkan VLAN default di S1

S1#show vlan

VLAN Name Status Ports

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

1 enet 100001 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

Primary Secondary Type Ports

S1#

Command membuat VLAN di S1

S1(config)#
S1(config)#vlan 10
S1(config-vlan)#name IT
S1(config-vlan)#vlan 20
S1(config-vlan)#name Admin
S1(config-vlan)#
S1(config-vlan)#interface range fa0/1-12
S1(config-if-range)#switchport mode access
S1(config-if-range)#switchport access vlan 10
S1(config-if-range)#
S1(config-if-range)#interface range fa0/13-24
S1(config-if-range)#switchport mode access

Page 115
S1(config-if-range)#switchport access vlan 20
S1(config-if-range)#
S1(config-if-range)#end

Command setting IP address interface VLAN 10 di S1

S1(config)#
S1(config)#interface vlan 10
S1(config-if)#ip address 192.168.10.10 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#
S1(config-if)#ip default-gateway 192.168.10.254
S1(config)#

Note : ulangi langkah yang sama diatas untuk membuat VLAN dan Interface VLAN di S2

Verifikasi
Tampilkan show vlan brief setelah disetting VLAN di S1
S1#show vlan brief

VLAN Name Status Ports

1 default active
10 IT active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
20 Admin active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
S1#

Tampilkan show vlan brief setelah disetting VLAN di S2

S2#show vlan brief

VLAN Name Status Ports

1 default active
10 IT active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
20 Admin active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default active
1003 token-ring-default active

Page 116
1004 fddinet-default active
1005 trnet-default active
S2#
Dari hasil ouput show vlan brief diatas, kita terlah berhasil membuat VLAN 10 dan VLAN 20 di
S1 dan S2. Dengan status Active pada masing-masing VLAN dan interface VLAN sudah sesuai
dengan tabel VLAN yang diberikan.

Tampilkan show ip interface brief di S1

S1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual up up
…
FastEthernet0/24 unassigned YES manual up up
Vlan1 unassigned YES manual administratively down down
Vlan10 192.168.10.10 YES manual up up
S1#

Tampilkan show ip interface brief di S2

S2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual up up
…
FastEthernet0/24 unassigned YES manual up up
Vlan1 unassigned YES manual administratively down down
Vlan10 192.168.10.10 YES manual up up
S2#

Dari hasil output diatas, interface VLAN 10 telah berhasil disetting IP address. Langkah selanjutnya
meremote S1 dari Laptop1. Setting IP Laptop1 terlebih dahulu agar sesuai dengan network VLAN
10. IP address Laptop1 = 192.168.10.1/24. Diasumsikan switch telah disetting basic switch
configuration misalnya hostname, enable secret, telnet, dll, lihat solution Lab 15-Basic Switch
Configuration.

Laptop1>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::201:43FF:FE3A:AEC2

IP Address......................: 192.168.10.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.10.254

Page 117
Tes Ping dari Laptop1 ke S1
Laptop1>ping 192.168.10.10

Pinging 192.168.10.10 with 32 bytes of data:

Reply from 192.168.10.10: bytes=32 time=1ms TTL=255

Reply from 192.168.10.10: bytes=32 time=0ms TTL=255
Reply from 192.168.10.10: bytes=32 time=0ms TTL=255
Reply from 192.168.10.10: bytes=32 time=0ms TTL=255

Ping statistics for 192.168.10.10:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

Telnet dari Laptop1 ke S1

Laptop1>telnet 192.168.10.10
Trying 192.168.10.10 ...Open

User Access Verification

Password:
S1>enable
Password:
S1#

Note: ulangi langkah yang sama diatas untuk tes Ping dari Laptop2 ke S2 dan akses telnet
ke S2

Setelah selesai disetting VLAN, maka Laptop1 dan Laptop3 di S1, Laptop2 dan Laptop4 di S2 tidak
bisa melakukan Ping karena beda VLAN. Oleh karena itu untuk mengkoneksikan VLAN yang
berbeda membutuhkan device layer 3 yaitu router dan L3 switch.
 Laptop1 & Laptop2 menjadi member VLAN10
 Laptop3 & Laptop4 menjadi member VLAN 20

Tabel Addressing setelah VLAN disetting

Device Interface IP Address Subnet Mask Default Gateway

Laptop1 NIC 192.168.10.1 255.255.255.0 192.168.10.254

Laptop3 NIC 192.168.20.1 255.255.255.0 192.168.20.254
Laptop2 NIC 192.168.10.2 255.255.255.0 192.168.10.254
Laptop4 NIC 192.168.20.2 255.255.255.0 192.168.20.254

Dari tabel diatas ada yang memiliki network address yang sama, hal ini tidak menjadi masalah
karena VLAN terletak beda lokasi yang satu di Network A dan lainnya di Network B. Dan VLAN ini
tidak dikoneksikan menggunakan routing protocol sehingga tidak menyebabkan overlap network.

Page 118
Tes Ping dari Laptop1 ke Laptop3 setelah disetting VLAN di S1
Laptop1>ping 192.168.20.1

Pinging 192.168.20.1 with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.20.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Tes Ping gagal dari Laptop1 ke Laptop3 karena beda VLAN dan belum terdapat gateway diantara
masing-masing VLAN. Untuk mengatasi hal ini maka diperlukan InterVLAN menggunakan interface
physical router atau sub-interface router (Router-on-Stick).

Review
1. Command apa yang digunakan untuk menghapus VLAN di swith?
2. Hapus VLAN 1 di S1 maupun S2? Bagaimana hasilnya, berhasil atau tidak? Jelaskan?
3. Ubah interface router Fa0/0 R1 dan R2 menjadi 192.168.10.254, kemudian lakukan tes
Ping dari S1 dan S2? Bagaimana hasilnya? Jelaskan?

Page 119