Inter-VLAN:
It allows the users from one VLAN to access resources of
other VLANs.
Requirements:
- Need at-least one router
- Every VLAN must have a default gateway
Inter-VLAN Routing Methods:
- Separate physical gateway on router
- Using sub-interface
- Using Layer3 switch
Inter-VLAN routing using separate interface:
Lab:
Inter-VLAN routing using sub-interface:
Lab:
Inter-VLAN routing using Multi-Layer Switching:
- Need at-least one Multi-layer switche
- Gateway using SVI(Switch Virtual Interface) interfaces
- Enable IP routing on switch
Lab:
Native VLAN:
- If a packet is received on a dot1q link, that does not
have VLAN tagged, it assumes that it belongs to native VLAN
- Default native vlan is VLAN 1
Native VLAN best practices:
- Best practice is to configure the Native VLAN ID to
VLAN 666 and to ensure that this VLAN is not used anywhere in the network
- No ports should be assigned to the native VLAN
- An attacker who attempts to use the VLAN hopping attack
will end up in a dead VLAN that has no hosts to leverage
Lab:
