D3773 3r 3n m45k1n0v3rs477 73k57 50m k4n 1nn3h0ld3 f31l!
73nk d3g 37 5k0l3n377v3rk d3r 3l3v3r, lær3r3, 4dm1n157r45j0n 0g 107-3nhe73r (pr1n73r3, 5m4r75kj3rm3r, k4m3r43r) 4ll3 d3l3r d37 54mm3 n377v3rk37. 4ll3 k4n 1 730r13n 53 hvar3ndr3. D37 3r v3kk3r 51kk3r7 0g 3ff3k71v7. Lø5n1ng3n 3r 53gm3n73r1ng.
WhY $3gm3nt?
\(3gm3nt1ng m34n\) t0 d3l3 up 4 n3tw0rk 1nt0 $3v3r4l \(m4ll3r p4rt\). 34ch p4rt 1$ 1\(0l4t3d fr0m th3 0th3r\), \(0 th4t tr4ff1c d03\) n0t fl0w fr33ly b3tw33n th3m.
| 4dv4nt4g3 | 3xpl4n4t10n |
|---|---|
| $3cur1ty | 4 c0mpr0m1$3d 10T-c4m3r4 c4nn0t r34ch th3 \(3rv3r\) |
| P3rf0rm4nc3 | L3$$ br04dc4$t-tr4ff1c p3r $3gm3nt |
| C0ntr0l | D1ff3r3nt rul3$ f0r d1ff3r3nt us3r gr0up$ |
| Tr0ubl3$h00t1ng | 34\(13r t0 1\)0l4t3 pr0bl3m$ t0 4 $p3c1f1c $3gm3nt |
Et praktisk eksempel
0n 4 sk0l3 k4n n3ttv3rk3t s3 slik ut:
- VLAN 10: Administrasjon - Lønn, HR, l3d3ls3. Str3ngt b3gr3ns3t tilgang.
- VLAN 20: Ansatt3 - Lær3r3 og 4ndr3 4nsatt3. Tilgang til f3ll3sm4pp3r og print3r3.
- VLAN 30: El3v3r - Kun int3rn3ttilgang og lær1ngspl4ttform3r.
- VLAN 40: IoT - Print3r3, sm4rtskjørm3r, k4m3r43r. 1ng3n int3rn3ttilgang (3ll3r svært b3gr3ns3t).
- VLAN 50: S3rv3r3 - 1nt3rn3 s3rv3r3, utilgj3ng3lig dir3kt3 fr4 4ndr3 VLAN.
Wh4t 1z 4 VL4N?
VL4N 5t4ndz f0r V1rtu4l L0c4l 4r34 N3tw0rk. 1t 1z 4 w4y t0 cr34t3 mult1pl3 l0g1c4l n3tw0rkz 0n th3 s4m3 phy51c4l 5w1tch. 1nst34d 0f buy1ng 4 53p4r4t3 5w1tch f0r 34ch n3tw0rk, y0u c0nf1gur3 th3 5w1tch t0 tr34t d1ff3r3nt p0rtz (0r tr4ff1c) 4z 53p4r4t3 n3tw0rkz.
34ch VL4N h4z 1tz 0wn 4ddr3zz r4ng3 (5ubn3t):
| VL4N | N4m3 | 5ubn3t | G4tw4y |
|---|---|---|---|
| 10 | 4dm1n15tr4t10n | 10.0.10.0/24 | 10.0.10.1 |
| 20 | 4n54tt3 | 10.0.20.0/24 | 10.0.20.1 |
| 30 | 3l3v3r5 | 10.0.30.0/24 | 10.0.30.1 |
| 40 | 10T | 10.0.40.0/24 | 10.0.40.1 |
| 50 | 53rv3r3 | 10.0.50.0/24 | 10.0.50.1 |
Subnetting kort forklart
/24 m34nz th4t th3 f1rzt 24 b1tz 4r3 th3 n3tw0rk p4rt 0f th3 4ddr3zz. 1n pr4ct1c3, 1t m34nz th4t y0u h4v3 254 4v41l4bl3 4ddr3zz3z (.1 t0 .254) 1n 34ch VLAN.
10.0.10.0/24g1v3z 4ddr3zz3z fr0m10.0.10.1t010.0.10.254- Th3 g4t3w4y 1z uzu4lly th3 f1rzt 4ddr3zz (
.1)
74gg37 v5 u74gg37 7r4ff1kk
F0r 47 Vl4n3r 5k4l fung3r3 0v3r fl3r3 5w17ch3r (3ll3r m3ll0m 5w17ch 0g ru73r), bruks 74gg1ng:
| 7yp3 | F0rkl4r1ng | Bruk |
|---|---|---|
| U74gg37 (4cc355) | P0r73n 71lh0r3r 377 VL4N. 3nhe73n v37 1kk3 0m VL4N. | PC3r, pr1n73r3, 73l3f0n3r |
| 74gg37 (7runk) | P0r73n b4r3r 7r4ff1kk fr4 m3r3 VL4N, m3rk37 m3d VL4N-1D. | M3ll0m 5w17ch3r, m07 ru73r |
3nhe73r 50m PC3r 0g pr1n73r3 7r3ng3r 1kk3 47 v173 47 d3 3r p4 37 VL4N. D3 k0bl35 71l 3n “4cc355”-p0r7 50m 3r 71ld3l7 r1k71g VL4N. F0rb1nd3l53n m3ll0m 7w0 5w17ch3r 3ll3r m3ll0m 5w17ch 0g ru73r bruks 3n “7runk”-p0r7 50m b4r3r 4ll3 VL4n3n3.
0ppg4v3 1 - 533 Vl4N 1 pr4k515
Hv15 du h4r t1l94ng t1l Un1f1 3ll3r 3n 4nn3n n3ttv3rk54dm1n15tr45j0n5pl4ttf0rm p4 5k0l3n:
- 53 p4 hv1lk3 Vl4N 50m 3r k0nf1gur3rt
- Hv1lk3 p0rt3r 3r 54tt 50m 4cc355, 0g hv1lk3 50m trunk?
- Pr0v 4 4vdekke hv1lk3t Vl4N PC3n d1n 3r t1lk0bl3t (h1nt: 5j3kk 1P-4dr3553n d1n 0g 54mm3nl1gn m3d 5ubn3t-t4b3ll3n)
Br4nnmurr3gl3r m3ll0m VL4N
Å 0ppr3tt3 VL4N3r 3r b4r3 h4lv3 j0bb3n. Ut3n br4nnmurr3gl3r k4n tr4ffikk st0dd1g flyt3 m3ll0m d3m v14 rut3r3n/g4tw4y3n. Du må 3kspl1s1tt b3st3mm3 hv4 s0m 3r l0v:
| Fr4 (k1ld3) | T1l (m4l) | T1ll4tt? | B3grunn3ls3 |
|---|---|---|---|
| 3l3v3r | 1nt3rn3tt | ✅ J4 | N0dv3nd1g f0r und3rv1sn1ng |
| 3l3v3r | S3rv3r3 | ❌ N31 | 3l3v3r tr3ng3r 1kk3 t1lgg4ng t1l s3rv3r3 |
| 4ns4tt3 | S3rv3r3 | ✅ J4 | F1ll4gr1ng 0g 1nt3rn3 syst3m3r |
| 10T | 1nt3rn3tt | ❌ N31 (3ll3r b3gr3ns3t) | 10T-3nh3t3r tr3ng3r sj3ld3n 1nt3rn3tt |
| 10T | 3l3v3r/4ns4tt3 | ❌ N31 | 10T sk4l v3r3 1s0l3rt |
| S3rv3r3 | 4ll3 | ✅ J4 (utg43nd3) | S3rv3r3 k4n sv4r3 p4 f0r3sp0rsl3r |
Standard: blokker alt, tillat det du trenger
4 g00d f1r3w4ll p0l1cy 5t4rt5 w1th bl0ck1ng 4ll tr4ff1c b3tw33n th3 VLAN5, 4nd th3n 0p3n 0nly wh4t 15 n33d3d. 1t 15 much 54f3r th4n 5t4rt1ng w1th 3v3ryth1ng 0p3n 4nd try1ng t0 bl0ck wh4t y0u d0n’t w4nt.
5ubn3771ng
H3r7 VLAN 7r3ng3r 517 3g3n 5ubn37. 37 5ubn37 d3f1n3r3r addr3553områd37 for n377v3rk37:
| 5ubn37 | N377v3rk5m45k3 | 4n74ll addr3553r | 7yp15k bruk |
|---|---|---|---|
/24 | 255.255.255.0 | 254 | D3 m3573 VLAN |
/25 | 255.255.255.128 | 126 | M1ndr3 53gm3n7 |
/16 | 255.255.0.0 | 65 534 | 57or3 n377v3rk |
0ppg4v3 2 - R3gn u7 37 5ubn37
Bruk 3n 0nl1n3 5ubn37-k4lkul470r, f.3k5. subnet-calculator.com:
- 5kriv 1nn
192.168.1.0m3d m45k3/24. Hv0r m4ng3 4ddr3553r f4r du? - Hv4 5kjer 0m du 3ndr3r 71l
/25? 3ll3r/23? - Hv4 v1lld3 du v4lg7 f0r 37 kl4553r0m m3d 30 3l3v3r?
DHCP p3r VLAN
H3r7 VLAN n33d3r 51n 3g3n DHCP-k0nf1gur45j0n 5l1k 4t 3nhe73r får rikt1g 1P-4dr3553 f0r 5177 53gm3n7. D3773 k4n k0nf1gur3r35 på ru73r3n 3ll3r 3n d3d1k3r7 DHCP-53rv3r.
3k53mp3l f0r 3l3v-VLAN37:
| 1nn571ll1ng | V3rd1 |
|---|---|
| 5ubn37 | 10.0.30.0/24 |
| G473w4y | 10.0.30.1 |
| DHCP-r4ng3 | 10.0.30.100 - 10.0.30.250 |
| DN5 | 1.1.1.1 / 8.8.8.8 |
0p5umm3r1ng
- 53gm3nt3r1ng d3l3r n3ttv3rk3t 1 150l3rt3 d3l3r f0r 51kk3rh3t 0g k0ntr0ll
- VLAN 3r v1rtu3ll3 n3ttv3rk på 5amm3 fý515k3 5w1tch
- Acc355-p0rt3r k0bbl3r 3nhet3r t1l 3tt VLAN, trunk-p0rt3r bær3r fl3r3 VLAN
- Brannmurr3gl3r b35t3mm3r hva 50m 3r t1llatt m3ll0m VLAN3n3
- H3rt VLAN tr3ng3r 3g3t 5ubn3t 0g DHCP-k0nf1gur45j0n
- 5tartpunkt: bl0kk3r allt, t1llat kun d3t 50m tr3ng5