Objective

To design and validate a small-to-medium enterprise network that integrates VLAN segmentation, inter-VLAN routing, centralized DHCPv4, internal DNS, and NAT, simulating how these services interact in a real organizational environment rather than an isolated configurations.

Environmental Setup

• Cisco Packet Tracer

Steps Taken

1. I selected all network & end devices that I needed.

2. VLAN creation and assignment

   I configured the VLANs on the L2 switch for each departments and a dedicated server VLAN.

   VLAN 10 - Engineering dept

   VLAN 20 - Finance dept

   VLAN 30 - Server

   Then I assigned access ports to the VLANs and also configured a trunk port to carry the multiple VLANs, including the native VLAN to the L3 Switch.

   

   

3. Inter- VLAN Routing (L3 Switch)

   I enabled IP routing and IPv6 unicast-routing.

   

   Then, I created SVIs for each VLAN. Each SVI has their own default gateway.

   For VLAN 10, I configured IPv6 addr and I did the same for the server’s SVI (which will provide DNS info for the PCs in VLAN 10).

   VLAN 10 - 192.168.10.1 + 2001:db8:10::1/64

   VLAN 20 - 192.168.20.1

   VLAN 30 - 192.168.30.1 + 2001:db8:30::1/64

   

   I created a trunk port that connects to the L2 switch and also the port that connects to the main router.

   

   int g0/1 connects to the L2 switch and int g0/2 connects to the router.

   IPv6 (Stateless) Configuration

   I enabled IPv6 routing and I used SLAAC (”ip nd other-config-flag”) for address assignment. Although the stateless DHCPv6 server is limited in cisco packet tracer.

   

   <aside> 💡

   • For the L3 switch to support ipv6 routing, you must type this command first “sdm prefer dual-ipv4-and-ipv6 default”, then you save and reload.

     The command tells the switch to allocate hardware resources so that IPv4 and IPv6 routing can be used.

   • “no switchport” - converts the L2 port on the switch to an L3 port to support IP addr.

     Because the L3 switch is routing, and the port that must connect to the router must be a routed port, that’s why “no switchport” was typed, to aid all VLAN traffic exit.

   • Cisco packet tracer has limited capabilities for stateless DHCP (but for small setups it works i.e the server has to be on same network with the VLAN used for the end devices)

   • The native VLAN on both trunk ports must be the same. </aside>

4. Server Configuration

   I configured the server’s static IP configuration.

   

   Then, I configured the DHCP server - I created DHCP pool for each VLAN.

   

   This makes it possible for the PCs in each departments to auto receive their respective IP address from these pools, as long as the DHCP relay (ip helper-address) is configured on each SVI, which I did, except the server’s SVI.

   

   I assigned to the printer in VLAN20 a static IP from the reserved IP in the VLAN 20. That's why I started the IP allocation from 20.

   So from 2-19 are excluded from the pool.

   

5. DNS Configuration

   I configured the DNS zones - A, AAAA and CNAME records. This is to enable name resolution for this domain “inidevops.local”.

   

6. L3 switch ↔ Main Router

   I configured the interface g0/2 on the switch that connects to the main router. By default, the ports on an L3 switch is a switchport, to make it a routed port, it must be converted.

   Routed ports need ip address to carry all VLANs traffic to the main router for NAT. Just like in RoAS, the L2 switch, the port is configured to be a trunk port.

   However, switchports don’t support IP addr, they’re only used for access not routing, that’s why the conversion must be done.

   To convert this port, I used the following commands in the configure terminal:

   “int g0/2

   no sw

   ip addr 10.0.0.2 255.255.255.252”

   

   I configured an ip route on the L3 switch to tell the switch where to send unknown traffics (the main router).

   

7. The (main) router ↔ (ISP) router connection.

   I assigned to the interface g0/0 on the main router that connects with the L3 switch this default-gateway “10.0.0.1” and the interface g0/1 that connects to the router simulating an ISP has this default gateway “203.0.113.2”.

   

8. NAT Configuration

   I configured NAT rules on the main router, by defining the ACL to identify internal traffics that are allowed to be translated and I also implemented NAT overload (PAT) for outbound internet access.

   I configured the ip routes that tells the router (main) how to talk to the ISP router when it receives an outbound traffic from the internal networks and also routes on how to reach the exact PCs that send out the packet from their respective VLANs.

   

9. The ISP Router ↔ Main Router

   I configured the interface g0/0 on the router simulating the internet, to be able to receive traffic from the main router.

   

<aside> 💡

• NAT happens on the main router and the other router simulate the internet.
• NAT allows private IP hosts to access external networks.
• ip route 0.0.0.0 0.0.0.0 <ip of the router> - This tells the switch where the router is and when there’s any packet that’s not local, it sends it to the main router.
• ip route <src> <subnet> <dst>
• Make sure you turn on each service (DNS, DHCP) on the server that you configure.
• The router must know how to reach the VLANs, when there’s result for their request. so ip route <the VLAN’s default gateway> <subnet> <switch’s default gateway>
• “no shutdown” is used to activate interfaces, so that they can allow traffic pass through them and to always remain active. </aside>