International Journal of Advanced Engineering Research and Science (IJAERS) Vol-3, Issue-1 , Jan- 2016]

ISSN: 2349-6495

Secure Network Implementation using VLAN

and ACL
Mr J. Ramprasath, Dr S. Ramakrishnan, P. Saravana Perumal, M. Sivaprakasam, Vishnuraj, U. Manokaran

Department of Information Technology, Dr. Mahalingam College of Engineering and Technology, Pollachi, Tamil Nadu,
India
Abstract—The contributions of this article are two folds; chained hubs. Every packet that any device puts onto the
first, we introduce the virtual LAN and second one is the wire gets sent to every other device on the LAN. The
introduction of time varying nodes. In virtual LAN number of workstations on the typical LAN grew, they
implementation we segregate the network into two groups started to become hopelessly congested; there were just
such as staff and students systems. By separating the too many collisions, because most of the time when a
network into two groups the staff system will receive only workstation tried to send a packet, it would find that the
their information and students system will receive only wire was already occupied by a packet sent by some other
the student’s data and no other staff information will be device.
received. By introducing this concept, security is The three solutions for this congestion that were
maintained so that unwanted access of data is restricted. developed:
The router and the switches in the LAN will be configured • Using routers to segment LANs
to implement the virtual LAN. Each VLAN is given a • Using switches to segment LANs
separate name and identification number. By using this • Using VLANs to segment LAN
we can easily identify the VLAN’s present inside the Routers that forward data in software become a bottleneck
campus network. Data can be transferred only within the as LAN data rates increase. Doing away with the routers
nodes present inside the VLAN. No other nodes present removes this bottleneck. Because workstations can be
outside VLAN can receive the data which means that moved from one VLAN to another just by changing the
security is assured for sure. The main aim of moving to configuration on switches, it is relatively easy to put all
VLAN is that it can provide segregation of groups, by the people working together on a particular project all into
means of which security is provided. Here these concepts a single VLAN. They can then more easily share files and
are used for the campus network which consists of two resources with each other. To be honest, though, virtual
groups such as students and staff. workgroups sound like a good idea in theory, but often do
Keywords— VLAN, time varying nodes, Firewall not work well in practice. It turns out that users are
usually more interested in accessing.
I. INTRODUCTION
A VLAN is a switched network that is logically III. OVERVIEW
segmented by function, project team, or application, Normally in our campus, FTP is provided to transfer the
without regard to the physical locations of the users. data from one system to the other system. In the existing
VLANs have the same attributes as physical LANs, but LAN the FTP has two logins. One of the login is used by
you can group end stations even if they are not physically the staff and the other is used by the student. Since
located on the same LAN segment. Any switch port can security is not provided, even the student can login into
belong to a VLAN, and multicast, unicast and broadcast the staff FTP by entering their password. For example the
packets are forwarded and flooded only to end stations in staff may have the exam question paper in their FTP,
the VLAN. Each VLAN [1] is considered a logical students by logging in can easily get the question papers.
network, and packets destined for stations that do not In the present system one can easily access to the others
belong to the VLAN must be forwarded through a router account because it is the only password protected system.
or bridge. Because a VLAN [1] is considered a separate In order to avoid these kinds of issues we are going for
logical network, it contains its own bridge Management VLAN implementation for the campus network. The main
Information Base (MIB) information and can support its objective of this project is to provide the security to the
own implementation of spanning tree. existing LAN connection by implementing VLAN.
In the normal system, there will be wastage of resources.
II. NEEDS OF VLAN This means that, when VLAN is implemented the
Initially LANs were very flat—all the workstations were appropriate details will go only to that system. For
connected to a single piece of coaxial cable, or to sets of example the data corresponding to the staff system will
[Link] Page | 47
 International Journal of Advanced Engineering Research and Science (IJAERS) Vol-3, Issue-1 , Jan- 2016]
ISSN: 2349-6495
reach only staff systems and the data corresponding to the TABLE 2 Assigning the ports to VLAN
student system will reach only the student systems. A
Enter global S1 # configure terminal
main disadvantage present in this system is that, staff
configuration mode.
system will not be used continuously after the working Enter interface S1(config) # interface
hours. Whereas, only the students will use the system in configuration mode for interface_id
the extra hours and during non-working days. This leads the SVI
to wastage of resources. In order to avoid this kind of Configure the S1(config) # ip address
situation we are going in for time varying nodes. By using management interface [Link]
this time varying nodes we can allot time for the IP address
particular resources [2]. Only for that particular time that Set the port to access S1(config) # switchport
mode mode access
resource will be active and after that time the resource
Assign the port to a S1(config) # switchport
will be allotted for different use. VLAN access vlan vlan_id
3.1 Creating the VLAN Return to the privileged S1(config) # end
Initially enter into the global configuration mode by EXEC mode
giving the command configure terminal. Then the second
step is to create a VLAN with a valid id number. This is 3.3 Configuring the Trunk Links
done by giving the command vlan vlan_id. The number of The first and foremost step is to enter into the global
vlans will be decided based on the user requirements. For configuration mode by giving configure terminal. The
example in the college network staffs and the students second step is to enter into the interface configuration
require separate VLANs so two VLANs will be created. mode by using the command interface interface_id. In
In this way the number of VLAN creation varies. The addition to it specify the list of VLANs to be allowed to
third step is to specify the names for the VLAN that we trunk link by giving switchport trunk allowed vlan
have created in the previous step. This is done by giving vlan_list. Then return to the privileged EXEC mode by
the command name vlan_name. Finally, return to the giving the end [Link] following table describes
privileged EXEC mode by giving end. about the steps involved in configuring the trunk links in
The following table describes about the steps involved. detail:
TABLE 1 Creating the VLAN
TABLE 3 Configuring the Trunk Links
Enter global S1# configure terminal
configuration mode Enter global S1 # configure terminal
Create the vlan S1 (config)# VLAN configuration mode.
VLAN_id Enter interface S1(config) # interface
configuration mode. interface_id
Specify unique name S1 (config)# name Force the link to be a S1(config) # switchport
vlan_name trunk link. mode trunk
Return S1 (config)# End Specify a native VLAN S1(config) # switchport
for untagged 802.1Q trunk native vlan vlan_id
trunks
3.2 Assigning the Ports to VLAN Specify the list of S1(config) # switchport
VLANs to be allowed on trunk allowed vlan
Initially enter into the global configuration mode by
the trunk link. vlan_list
giving configure terminal command. Then enter into the Return to the privileged S1(config) # end
interface configuration mode by using the command EXEC mode
interface interface_id and configure the management
interface IP address by giving the command ip address 3.4 Inter VLAN Routing
particular_ip_address. Set the port to access mode using Networks are constantl constantly evolving, and in the
switchport mode access and assign the port to a VLAN past few years a number of trends have become apparent.
by switch port access vlan vlan_id command. At last First of all, the Internet Protocol (IP) has become the
return to the privileged EXEC mode by giving end Layer 3 protocol of choice for modern networks, with
command. The following table describes about the steps other Layer 3 protocols such as Internetwork Packet
involved in the port assignment to the VLAN in detail: Exchange (IPX) and AppleTalk rapidly being phased out.
IP interconnects the Internet. The increasing reliance of
organizations on the Internet has promoted IP as the
Layer 3 protocol of choice. Secondly, local-area networks
(LANs) have seen tremendous advances in terms of
[Link] Page | 48
 International Journal of Advanced Engineering Research and Science (IJAERS) Vol-3, Issue-1 , Jan- 2016]
ISSN: 2349-6495
performance, bandwidth, and lowering cost. The LAN And here the below figure shows us about the packet
provides the medium over which users and devices transfer. Packets can be transferred only between the
connect to the internal IP network and the Internet hence nodes present inside the VLAN. This shows that the
is an important component of networking. LAN grouping is done and security is maintained. The two
topologies have evolved from traditionally being single, groups such as the student group and the staff group
flat broadcast domains into multi-virtual LAN (VLAN) commonly mentioned here as student VLAN and staff
topologies, with inter-VLAN routing required to enable VLAN are used in the campus networks. Here the packets
communications between each VLAN [2]. Multiple from the staff VLAN cannot propagate to the student
VLANs increase network efficiency by reducing VLAN and the vice versa is also not possible. By means
broadcast domain size, as well as providing a mechanism of using this VLAN we can share the data among the
to allow network layer access control to be applied users of similar kinds. Grouping and security is also
between VLANs. provided which is not available in the existing system.
3.5 Configure Inter VLAN Routing The output is shown as successful if and only if the packet
This logical diagram explains a simple inter VLAN is delivered correctly. If there is any loss of packets or any
routing [3] scenario. The scenario can be expanded to hardware problems or if the user tries to transfer the
include a multi-switch environment by first configuring content to different VLANs we cannot get proper output.
and testing inter-switch connectivity across the network
before configuring the routing capability. For such a
scenario that uses a Catalyst 3550, refer to Configuring
Inter VLAN Routing with Catalyst 3550 Series Switches.

IV. RESULTS AND DISCUSSIONS

In the existing system that is in the normal LAN we face
numerous problems. In order to avoid these tough
scenarios, we have implemented virtualization concept in
LAN which is also known as VLAN. By the usage of this
virtualization concept we can reduce the number of
problems that occurs in our existing system. Though it
may require some additional hardware components, it is
one of the best methods to prevent the problems that
occur frequently in our existing system. Grouping facility
is not available in our current LAN. But this can be very
easily done with the help of virtualization techniques i.e. Fig.1: VLAN connection
by implementing the VLAN. The nodes that we want to
group can be done just by configuring the switches. Once
they are configured correctly each VLAN is given a name
and id. These names and ids are used only for the purpose
during verification and if there comes any situation which
involves the addition or removal of nodes from the VLAN
then these ids and the names can be used. So
virtualization concept helps the users by allocating the
nodes into separate groups and thus security is also
provided, which is the major need.
Since, in our project we have implemented the VLAN
concept for campus networks we have named the VLANs
as staff VLAN and student VLAN. The confidential data
transferred from the staff VLAN will not reach the
student VLAN, which means that security is assured.
The figure given below shows the maximum number of
nodes that can be accommodated to the switch. Based Fig.2: Packet Transfer
upon the requirements of VLAN the appropriate switch
can be used.

[Link] Page | 49
 International Journal of Advanced Engineering Research and Science (IJAERS) Vol-3, Issue-1 , Jan- 2016]
ISSN: 2349-6495
V. CONCLUSIONS
In our project we have implemented the secured LAN for
the campus by implementing the VLAN. VLANs are
mutually isolated and packets can only pass between them
via a router. The partitioning of the Layer 2 network takes
place inside a Layer 2 device, usually via a switch. Thus
by implementing the concept of VLAN, segregation of
groups is done, so that the security will be provided. The
major advantage is that it reduces the unwanted access of
the packets. Thus by using the virtualization concept
network traffic will be reduced and security will be
provided. A secured campus network can be
implemented. Inter VLAN routing is implemented in the
routers. Inter VLAN routing helps in the communication
between routers.

VI. FUTURE WORK

The future work is the introduction of time varying nodes.
Experimental results demonstrate the performance
achieved by the proposed work in terms of the increased
profit, resource utilization and number of accepted
requests. A novel model for time varying VN requests
based on demand-utility functions will be presented. By
using the time varying nodes we can allocate the time for
specific nodes. Once the time is allocated for the nodes
present in VLAN, the functionality of the nodes varies. So
that the VN users can determine the required resources for
the VN requests embedded using a novel hierarchical VN
embedding scheme via exact sub graph matching.

REFERENCES
[1] Pricing Utility-Based Virtual Networks, On Network
and Service Management, Vol. 10, No. 2, June 2013
[2] Reconfigurable Data Planes for Scalable Network
Virtualization on Computers, Vol. 62, No. 12,
December 2013
[3] Yaozu Dong, Xiantao Zhang, Jinquan Dai, and
Haibing Guan, A Hybrid Virtualization Solution
Balancing Performance and Manageability
[4] Ashiq Khan, Alf Zugenmaier, Dan Jurca, Wolfgang
Kellerer, DOCOMO Communications Laboratories
Europe GmbH, Network Virtualization:A
Hypervisor for the Internet
[5] [Link]

[Link] Page | 50