vlan与 vlan trunk
vlan主要实现的功能
- 把一台交换机内的广播域隔离成为多个广播域
- 同一个vlan就是同一个广播域,不同vlan就是不同的广播域
- 有多少根网线就有多少个vlan
- vlan是二层隔离
vlan的简单原理
- vlan通过access端口实现划分广播域
- 当数据进入access端口的入口到达交换机,就是被追加一个tag标签标记vlan 编号【PVID】,当数据从交换机的access端口出口转发出去的时候,去掉标识,脱TAG,只能讲PVID对于的VID剥离,vlan10 的就只能剥离vlan 10的,vlan 20的就剥离不了
vlan配置
实验要求:
- 把交换机使用access接口划分为vlan 10与vlan 20 使pc1无法与pc3,pc4通讯
华为设备操作:
首先进行查看交换机是否配置其他vlan
[SW1]dis vlan
The total number of vlans is : 1
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) GE0/0/4(U)
GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001vlan 10的配置
g-0/0/1端口 [SW1]vlan 10 [SW1-vlan10]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 10 g-0/0/2端口 [SW1]vlan 10 [SW1-vlan10]int g/0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 10
vlan 20的配置
g0/0/3端口 [SW1]vlan 20 [SW1-vlan20]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 20 g0/0/4端口 [SW1]vlan 20 [SW1-vlan20]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type access [SW1-GigabitEthernet0/0/4]port default vlan 20
测试连通性
[SW1]dis vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U) GE0/0/2(U)
20 common UT:GE0/0/3(U) GE0/0/4(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020pc1 ping 不通pc4,可以ping通pc2
批量创建vlan
[Huawei]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.[Huawei]dis vlan
The total number of vlans is : 5
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(D) GE0/0/3(D) GE0/0/4(D)
GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common
20 common
30 common
40 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
40 enable default enable disable VLAN 0040批量创建vlan方法二:
创建20-30的vlan
[Huawei]vlan batch 20 to 30
Info: This operation may take a few seconds. Please wait for a moment...done.
删除vlan配置
[SW1-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 11
#
return[SW1-GigabitEthernet0/0/2]undo port default vlan
[SW1-GigabitEthernet0/0/2]undo port link-type
[SW1-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
#
删除vlan接口
VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 10 enable default enable disable VLAN 0010 11 enable default enable disable VLAN 0011 12 enable default enable disable VLAN 0012
比如删除vlan 11接口
[SW1]undo int vlan 11[SW1]undo vlan 11[SW1]dis vlan
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
12 enable default enable disable VLAN 0012
vlan trunk
trunk 是为了实现一根网线完成多条vlan通讯,应用场景就是,比如办公室1楼和2楼各有一个交换机,向要实习这两个楼层电脑相互通讯,就是要是trunk的功能,两个楼层的交换机相互使用一根网线连接,就可以实现两个楼层PC设备相互通讯
trunk配置
实验要求,实现PC3和PC5通讯,PC4和PC6通讯
思科操作:
批量创建vlan的方法
1.创建指定的vlan(不连续的)
vlan 10,20
2.创建连续的vlan
vlan 10-20
查看vlan的方法
do show vlan-switch
R1:
enable conf vlan 10 int f1/0 swi mod access swi access vlan 10
enable conf vlan 10 int f1/1 swi mod access swi access vlan 10
R2:
conf vlan 20 int f1/0 swi mod access swi access vlan 20
conf vlan 20 int f1/1 swi mod access swi access vlan 20
配置trunk端口
R1:
enable conf int f1/15 switchport trunk enc dot1q switchport mo trunk
R2:
enbale conf int 1/15 switchport trunk enc dot1q switchport mode trunk
设置通过vlan的ID
一定要先允许,1,1002-1005通过的这些是默认的
swit trunk allowed vlan 1,1002-1005,10-20
R1,R2,trunk查看方法
show run int f1/15
R2(config)#do show run int f1/15 interface FastEthernet1/15 switchport mode trunk end R1(config)#do show run int f1/15 Building configuration... Current configuration : 57 bytes ! interface FastEthernet1/15 switchport mode trunk end
华为配置trunk
SW1
g0/0/1 端口 [SW1]vlan batch 10 20 Info: This operation may take a few seconds. Please wait for a moment...done. [SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 10
g0/0/2 端口 [SW1]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 20
g0/0/3接口 [SW1-GigabitEthernet0/0/3]port link-type trunk
查看vlan接口信息
华为和思科不一样,在cisco里trunk是容许所有所有的access口通过,但是华为trunk默认只能走vlan 1
[SW1-GigabitEthernet0/0/3]dis port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 access 10 -
GigabitEthernet0/0/2 access 20 -
GigabitEthernet0/0/3 trunk 1 1
GigabitEthernet0/0/4 hybrid 1 -所以华为的trunk口要配置允许通过的PVID
//指定通过的vlan号
port trunk allow-pass vlan 10 20
//指定通过连续的vlan号
port trunk allow-pass vlan 10 to 20
//指定通过所有的vlan号
port trunk allow-pass vlan all
[SW1]int g0/0/3 [SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
[SW1-GigabitEthernet0/0/3]dis port vlan Port Link Type PVID Trunk VLAN List ------------------------------------------------------------------------------- GigabitEthernet0/0/1 access 10 - GigabitEthernet0/0/2 access 20 - GigabitEthernet0/0/3 trunk 1 1 10 20
SW2
g0/0/1端口 [SW2]vlan batch 10 20 [SW2]int g0/0/1 [SW2-GigabitEthernet0/0/1]port link-type access [SW2-GigabitEthernet0/0/1]port default vlan 10
g0/0/2端口 [SW2]int g0/0/2 [SW2-GigabitEthernet0/0/2]port link-type access [SW2-GigabitEthernet0/0/2]port default vlan 20
g0/0/3端口 [SW2]int g0/0/3 [SW2-GigabitEthernet0/0/3]port link-type trunk [SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20
trunk配置过滤(过滤哪个vlan 端)
sw trunk allowed vlan
继续阅读
我的微信
这是我的微信扫一扫
评论