In this network topology, when DW-HYPERV-01(192.168.101.11/24) ping DW-HYPERV-02(192.168.101.130/24) on command prompt, DW-HYPERV-02 can respond the message to DW-HYPERV-01, and vice verses.
If we want to block the communication between PCs, maybe we can buy another Switch and one by one connect with the Switch port. But this behavior is not good idea because we will lose the money.
Why we separate the network segment?
Maybe need to separate the different department/floor or avoid Virus/Spam/Broadcast/ARP attack so that make this plan.
How to save the money?
Maybe it will be good method to configure VLAN on Switch!
At first, we can realize what VLAN status is now by command line show vlan-switch
In the result, all Ethernet ports are active status and are assigned to VLAN 1. This is why PC can ping and the respond is normal each other.In the next step, we will begin to create VLAN ID on switch by command
So does that there is two new VLAN ID on Switch now.
Finally, assign the Switch port number to the special VLAN ID
The port number will be mapped into VLAN ID one by one.
In the moment, the message exchange fail between PCs each other.
Of course, please remember to execute command wr for building and saving configuration. Otherwise, the above setting will miss if the Switch device is restarted in the future.
沒有留言:
張貼留言