VLAN的配置包括创建VLAN、端口分配、特性配置、扩展和调整,以及安全设置等步骤和设置。通过合理的VLAN配置,可以实现网络的分段、隔离和安全,提高网络性能和管理灵活性。
VLAN的配置在网工学习中非常基础也非常重要,可以提高网络性能、增强网络安全性、灵活地进行网络管理,并降低网络维护成本。
拓扑
1、通过实验练习ACCESS接口的配置,实现PC互通,并说明原理;
先在PC1、2、3、4上配置IP地址,PC1上做通信测试
PC>ping 192.168.1.2
Ping 192.168.1.2: 32 data bytes, Press Ctrl_C to break From 192.168.1.2: bytes=32 seq=1 ttl=128 time=62 ms From 192.168.1.2: bytes=32 seq=2 ttl=128 time=47 ms From 192.168.1.2: bytes=32 seq=3 ttl=128 time=47 ms From 192.168.1.2: bytes=32 seq=4 ttl=128 time=47 ms From 192.168.1.2: bytes=32 seq=5 ttl=128 time=63 ms
--- 192.168.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 47/53/63 ms
PC>ping 192.168.1.3
Ping 192.168.1.3: 32 data bytes, Press Ctrl_C to break From 192.168.1.3: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.1.3: bytes=32 seq=2 ttl=128 time=47 ms From 192.168.1.3: bytes=32 seq=3 ttl=128 time=31 ms From 192.168.1.3: bytes=32 seq=4 ttl=128 time=47 ms From 192.168.1.3: bytes=32 seq=5 ttl=128 time=46 ms
----192.168.1.3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/43/47 ms
PC>ping 192.168.1.4
Ping 192.168.1.4: 32 data bytes, Press Ctrl_C to break From 192.168.1.4: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.1.4: bytes=32 seq=2 ttl=128 time=63 ms From 192.168.1.4: bytes=32 seq=3 ttl=128 time=47 ms From 192.168.1.4: bytes=32 seq=4 ttl=128 time=47 ms From 192.168.1.4: bytes=32 seq=5 ttl=128 time=63 ms
--- 192.168.1.4 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 47/53/63 ms
在LSW1上创建并绑定vlan
[LSW1]undo info-center enable Info: Information center is disabled. [LSW1]vlan ba [LSW1]vlan batch 10 20 //创建vlan10 20 Info: This operation may take a few seconds. Please wait for a moment...done. [LSW1]int gi0/0/1 //进入0/0/1接口 [LSW1-GigabitEthernet0/0/1]port link-ty [LSW1-GigabitEthernet0/0/1]port link-type ac //设置接口为接入模式 [LSW1-GigabitEthernet0/0/1]p d v 10 //绑定vlan10 [LSW1-GigabitEthernet0/0/1]int gi0/0/2 //进入0/0/2接口 [LSW1-GigabitEthernet0/0/2]port link-ty [LSW1-GigabitEthernet0/0/2]port link-type ac [LSW1-GigabitEthernet0/0/2]p d v 10 [LSW1-GigabitEthernet0/0/2]int gi0/0/3 [LSW1-GigabitEthernet0/0/3]port link-ty [LSW1-GigabitEthernet0/0/3]port link-type ac [LSW1-GigabitEthernet0/0/3]p d v 20 [LSW1-GigabitEthernet0/0/3]int gi0/0/4 [LSW1-GigabitEthernet0/0/4]port link-ty ac [LSW1-GigabitEthernet0/0/4]p d v 20 [LSW1-GigabitEthernet0/0/4]q [LSW1]dis vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; --------------------------------------------------------------------------------
VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/5(U) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D) 10 common UT:GE0/0/1(U) GE0/0/2(U) 20 common UT:GE0/0/3(U) GE0/0/4(U)
VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 10 enable default enable disable VLAN 0010 20 enable default enable disable VLAN 0020
在PC1上做通信测试
PC>ping 192.168.1.2 //同一vlan内可以ping通
Ping 192.168.1.2: 32 data bytes, Press Ctrl_C to break From 192.168.1.2: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.1.2: bytes=32 seq=2 ttl=128 time=47 ms From 192.168.1.2: bytes=32 seq=3 ttl=128 time=47 ms From 192.168.1.2: bytes=32 seq=4 ttl=128 time=46 ms From 192.168.1.2: bytes=32 seq=5 ttl=128 time=47 ms
--- 192.168.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 46/46/47 ms
PC>ping 192.168.1.3 //不同vlan无法ping通
Ping 192.168.1.3: 32 data bytes, Press Ctrl_C to break From 192.168.1.1: Destination host unreachable From 192.168.1.1: Destination host unreachable From 192.168.1.1: Destination host unreachable From 192.168.1.1: Destination host unreachable From 192.168.1.1: Destination host unreachable
--- 192.168.1.3 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
原理:
PC1发出一个没有带tag的帧进入交换机LSW1的0/0/1接口,交换机会在这个帧中添加上vid为pvid的tag,然后进行转发(之前已经ping过,mac地址表存在,所以这里写转发),交换机会查看这个帧的tag的vid对比每个接口的pvid;如果相同,就把这个帧的vlan tag剥离,再从链路进行发送;如果不同,就丢弃。
2、通过实现不同VLAN间互通,理解trunk模式下PVID的作用,说明原理;
配置PC5、6的IP地址,再PC5上做通信测试
PC>ping 192.168.1.6
Ping 192.168.1.6: 32 data bytes, Press Ctrl_C to break From 192.168.1.6: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.1.6: bytes=32 seq=2 ttl=128 time=47 ms From 192.168.1.6: bytes=32 seq=3 ttl=128 time=47 ms From 192.168.1.6: bytes=32 seq=4 ttl=128 time=32 ms From 192.168.1.6: bytes=32 seq=5 ttl=128 time=47 ms
--- 192.168.1.6 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 32/44/47 ms
配置交换机LSW3和LSW1
LSW3:
[LSW3]undo info-center en Info: Information center is disabled. [LSW3]vlan ba [LSW3]vlan batch 10 20 Info: This operation may take a few seconds. Please wait for a moment...done. [LSW3]int gi0/0/2
[LSW3-GigabitEthernet0/0/2]port li ac [LSW3-GigabitEthernet0/0/2]p d v 10 [LSW3-GigabitEthernet0/0/2]int gi0/0/3 [LSW3-GigabitEthernet0/0/3]port li ac [LSW3-GigabitEthernet0/0/3]p d v 20 [LSW3-GigabitEthernet0/0/3]int gi0/0/1 [LSW3-GigabitEthernet0/0/1]po li tr
[LSW3-GigabitEthernet0/0/1]port tr all vl 10 20 [LSW3-GigabitEthernet0/0/1]port tr pvid vlan 20 [LSW3-GigabitEthernet0/0/1]q [LSW3]dis port vlan ac T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- GE0/0/1 trunk 20 U: 20 T: 1 10 GE0/0/2 access 10 U: 10 GE0/0/3 access 20 U: 20
LSW1:
[LSW1]int gi0/0/5 [LSW1-GigabitEthernet0/0/5]port li tr [LSW1-GigabitEthernet0/0/5]port tr all vlan 10 20 [LSW1-GigabitEthernet0/0/5]port tr pvid vlan 10 [LSW1-GigabitEthernet0/0/5]q [LSW1]dis port vlan ac T=TAG U=UNTAG ------------------------------------------------------------------------------- Port Link Type PVID VLAN List ------------------------------------------------------------------------------- GE0/0/1 access 10 U: 10 GE0/0/2 access 10 U: 10 GE0/0/3 access 20 U: 20 GE0/0/4 access 20 U: 20 GE0/0/5 trunk 10 U: 10 T: 1 20
在PC1上做通信测试:
PC>ping 192.168.1.6 //不同vlan之间的互通
Ping 192.168.1.6: 32 data bytes, Press Ctrl_C to break From 192.168.1.6: bytes=32 seq=1 ttl=128 time=78 ms From 192.168.1.6: bytes=32 seq=2 ttl=128 time=63 ms From 192.168.1.6: bytes=32 seq=3 ttl=128 time=78 ms From 192.168.1.6: bytes=32 seq=4 ttl=128 time=78 ms From 192.168.1.6: bytes=32 seq=5 ttl=128 time=62 ms
--- 192.168.1.6 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/71/78 ms
原理:
LSW1交换机收到了PC1的帧,打上了tag(vid=10),这个帧到达交换机的Trunk接口后,如果这个帧的tag中的vid(vid=10)在允许通过的vlan list(vlan 1 10 20)中,则会比较该tag中的vid是否与接口的pvid相同(pvid=vid=10),因为相同(如果不相同就不去vlan tag,直接带tag发送),所以剥离vlan tag并从链路上发送到LSW3的trunk接口上,LSW3接收到没有带tag的帧,会打上tag,tag内的vid和LSW3接收接口pvid(pvid=20)相同的,所以这个帧的vid变成20了,就会发送到PC6上,这样就可以做到不同vlan之间互通了
| 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2023-9-4 14:23:06
置顶卡
喧嚣卡
变色卡
千斤顶