We have already spent enough time on the preparations for building a lab and now it is finally time to actually start building it.
In this chapter, we will show you the configuration of hardware and virtual network devices for both the options of building a lab, so you can easily choose the one that fits your needs best.
The chapter consists of the following topics:
- General lab network communication rules
- Configuring hardware wired devices
- Configuring virtual wired network devices
- Configuring WLANs
Network diagrams are a very convenient way to represent a network topology and its architecture. They are widely used by nearly all small or home office (SOHO) and enterprise networks. But this representation often lacks a logical layer for providing a better understanding of how network components interact and in which directions network traffic flows. It is not an easy task to show it in a diagram, so network engineers use a bunch of documentation for that purpose, mostly combining tables, flowcharts, and diagrams.
But as we have a very simple network diagram and a pretty straightforward understanding of how network traffic should flow, we can try to depict it as an additional layer on our network diagram, as shown in the following diagram:
The network diagram including a logical layer
To extend the diagram and better explain the target access rules, let's take a look at the additional information on the permitted access in the following table:
|
Source |
Allowed destination |
Purpose |
|---|---|---|
|
Admin workstation |
|
Network and system administration |
|
Servers |
|
Software installation and updates |
|
User workstations |
|
Internet access, access to the internal network services |
|
Trusted WLAN |
|
Internet access, access to the internal network services |
|
Guest WLAN |
|
Internet access |
We don't want any access to our lab network from an external network or guest WLAN, thus we should not permit it. Also, there is no need to access the user subnet from the trusted WLAN and server subnet, so we do not allow it. The last rule is that only an administrator should be able to access any services on network devices; therefore, we do not allow it to any other lab component.