~/home / networking / projects / vlan-lab
// Networking — Project

🔌 Enterprise VLAN Lab

Multi-department enterprise network design with full VLAN segmentation, inter-VLAN routing, DHCP/DNS services, SSH hardening, and port security on Cisco switches.

Cisco IOS VLANs GNS3 Inter-VLAN Routing Port Security

📋 Project Overview

This enterprise VLAN lab simulates a real corporate network environment with multiple departments (HR, IT, Sales, Management) each isolated on their own VLAN while still allowing controlled inter-department communication through an L3 switch and access lists.

Designed and implemented on Cisco Packet Tracer and GNS3, then replicated on real Cisco hardware during the GDL Academy Enterprise Network Bootcamp.

🗺️ Network Topology

🖧 [ NETWORK_TOPOLOGY_DIAGRAM.png ]
  • 🔴 VLAN 10 — Management (192.168.10.0/24)
  • 🔵 VLAN 20 — IT Department (192.168.20.0/24)
  • 🟢 VLAN 30 — HR Department (192.168.30.0/24)
  • 🟡 VLAN 40 — Sales Department (192.168.40.0/24)
  • VLAN 99 — Native / Management VLAN

⚙️ Configuration Steps

  1. Created VLANs on the distribution layer Cisco switch with proper names and IDs.
  2. Configured access ports for each department's workstations with correct VLAN assignment.
  3. Set up trunk links between distribution and core switches passing all necessary VLANs.
  4. Configured SVIs (Switched Virtual Interfaces) on the L3 switch for inter-VLAN routing.
  5. Deployed DHCP server scopes for each VLAN with proper gateway/DNS settings.
  6. Applied ACLs to restrict HR from accessing IT server VLAN while allowing web traffic.
  7. Hardened management access: SSH only, disabled telnet, applied login banners.
  8. Configured port security: max 1 MAC, sticky learning, violation shutdown mode.

💾 Key Configuration Snippets

! ─── VLAN Creation ─────────────────────────────────────
vlan 10
 name MANAGEMENT
vlan 20
 name IT-DEPT
vlan 30
 name HR-DEPT
vlan 40
 name SALES-DEPT

! ─── Trunk Port Configuration ──────────────────────────
interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 10,20,30,40,99
 switchport trunk native vlan 99

! ─── SVI for Inter-VLAN Routing ─────────────────────────
interface Vlan20
 ip address 192.168.20.1 255.255.255.0
 no shutdown

! ─── DHCP Pool ───────────────────────────────────────────
ip dhcp pool VLAN20-IT
 network 192.168.20.0 255.255.255.0
 default-router 192.168.20.1
 dns-server 8.8.8.8
ip dhcp excluded-address 192.168.20.1 192.168.20.20

! ─── Port Security ───────────────────────────────────────
interface FastEthernet0/2
 switchport mode access
 switchport access vlan 20
 switchport port-security maximum 1
 switchport port-security mac-address sticky
 switchport port-security violation shutdown

! ─── SSH Hardening ───────────────────────────────────────
ip domain-name corp.local
crypto key generate rsa modulus 2048
ip ssh version 2
line vty 0 4
 transport input ssh
 login local

📸 Lab Screenshots

🖥️ [ PACKET_TRACER_TOPOLOGY.png ]
📡 [ VLAN_CONFIG_VERIFICATION.png ]
[ CONNECTIVITY_TEST_RESULTS.png ]
// Technologies
  • Cisco IOS (15.x)
  • GNS3 / Packet Tracer
  • Real Cisco Switches
  • Windows Server 2019
// Protocols Used
  • IEEE 802.1Q (VLANs)
  • VTP (VLAN Trunking Protocol)
  • STP / RSTP
  • DHCP / DNS
  • SSH v2
  • OSPF / Static Routes
// Skills Demonstrated
  • VLAN Design
  • Inter-VLAN Routing
  • ACL Configuration
  • Network Hardening
  • DHCP/DNS Setup
  • Port Security
← Back to Networking