一、VLAN的通信:
1、基础配置:
1-1配置主机名:
例:switch(config)#hostname sw-3
1-2关闭域名解晰:
例:sw-3(config)#no ip domain-lookup
1-3配置密码:(配置密码用于远程登陆管理交换机,工程配置密文密码)
例:sw-3(config)#enable password itaa
1-4配置远程功能:
例:
sw-3(config)#line vty 0 4(允许远程登陆用户数)
sw-3(config)#no login (关闭远程登陆密码认证)
2、创建VLAN名称
例:
s2#vlan database
格式:vlan模式#VLAN vlan号 vlan名字
s2(vlan)#VLAN 10 ITAA
3、修改接口模式:
3-1、配置trunk模式:
3-1-1格式:接口模式#switchport mode 接口模式
例:sw-3(config-if)#switchport mode trunk
3-1-2格式:接口模式#switchport trunk encapsulation trunk封装协议
例:sw-3(config-if)#switchport trunk encapsulation dot1q
或是switchport trunk native vlan 1(默认的不用打上Vlan标记)
3-2、配置VLAN
3-2-1格式:接口模式#switchport mode 接口模式
例:sw-3(config-if)#switchport mode access(cisco交换机接口默认access)
3-2-2格式:接口模式#switchport access vlan vlan号
例:sw-3(config-if)#switchport acceess vlan 10
3-3进入多个接口:用于配置多个相同VLAN号的接口,在cisco2950以上才支持
例:SW(config-if)#int range f0/2-6
4、配置交换机管理地址:用于远程管理本交换机
例:
sw-1(config)#int vlaN 10
sw-1(config-subif)#ip add 10.1.1.1 255.255.255.0
sw-1(config-subif)#no shut(其它3层VLAN 接口必须关闭)
5、删除接口配置:
格式:全局模式#default interface 接口类型 接口号
例:sw-1(config)#default interface fastEthernet 0/2
6、上图配置结果:
SW-1:(接入交换机)
hostname sw-1
!
enable password itaa
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
spanning-tree portfast-------------------------->快速收敛STP,用于配置连接PC的接口
!
interface FastEthernet0/3
switchport access vlan 20
spanning-tree portfast
!
interface VLAN1
shutdown
!
interface VLAN10
ip address 10.1.1.1 255.255.255.0
!
line vty 0 4
no login
SW-1VLAN信息:
sw-1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7,
Fa0/8, Fa0/9, Fa0/10, Fa0/11,
Fa0/12
2 VLAN0010 active Fa0/2
3 VLAN0020 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
SW-2:(干道交换机)
hostname sw-2
!
enable password itaa
!
no ip domain-lookup
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface VLAN1
shutdown
!
interface VLAN10
ip address 10.1.1.2 255.255.255.0
!
line vty 0 4
no login
SW-2VLAN信息:
sw-2#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6,
Fa0/7, Fa0/8, Fa0/9, Fa0/10,
Fa0/11, Fa0/12
10 VLAN0010 active ----------------------------------------------------->干道交换机必须和接入交换机配置相同的VLAN号
20 VLAN0020 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
SW-3:(接入交换机)
hostname sw-3
!
enable password itaa
!
no ip domain-lookup
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 20
spanning-tree portfast
!
interface VLAN1
shutdown
!
interface VLAN10
ip address 10.1.1.3 255.255.255.0
!
line vty 0 4
no login
SW-3 VLAN信息:
sw-3#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7,
Fa0/8, Fa0/9, Fa0/10, Fa0/11,
Fa0/12
2 VLAN0010 active Fa0/2
3 VLAN0020 active Fa0/3
109 VLAN0109 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
109 enet 100109 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
sw-3#
或者:
SW3-ITAA-901#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
2 VLAN0002 active
3 VLAN0003 active
4 VLAN0004 active
5 VLAN0005 active
6 VLAN0006 active
10 VLAN0010 active Fa0/3, Fa0/7
11 VLAN0011 active
100 caiwu active Fa0/6, Fa0/8, Fa0/9, Fa0/12
200 shengchan active Fa0/10, Fa0/11
300 dongshi active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
7、测试VLAN通信
例:
VLAN 10 测试:
pc-1#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
pc-1#
VLAN 20 测试:
pc-2#ping 192.168.2.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
pc-2#
8、查看MAC表:
sw-1#show mac-address-table
Dynamic Address Count: 6
Secure Address Count: 0
Static Address (User-defined) Count: 0
System Self Address Count: 36
Total MAC addresses: 42
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0002.fd9c.8ce0 Dynamic 10 FastEthernet0/2
0004.4de6.1480 Dynamic 10 FastEthernet0/1
0004.c16b.2c40 Dynamic 20 FastEthernet0/1
0004.ddf8.ef82 Dynamic 1 FastEthernet0/1
0030.8053.5e00 Dynamic 20 FastEthernet0/3
0050.546c.53c0 Dynamic 10 FastEthernet0/1
sw-2#show mac-address-table
Dynamic Address Count: 10
Secure Address Count: 0
Static Address (User-defined) Count: 0
System Self Address Count: 38
Total MAC addresses: 48
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0002.fd9c.8ce0 Dynamic 10 FastEthernet0/2
0003.e3e8.0880 Dynamic 10 FastEthernet0/2
0003.e3e8.0881 Dynamic 1 FastEthernet0/2
0003.e3e8.0881 Dynamic 10 FastEthernet0/2
0003.e3e8.0881 Dynamic 20 FastEthernet0/2
0004.4de6.1480 Dynamic 10 FastEthernet0/1
0004.4de6.1481 Dynamic 1 FastEthernet0/1
0004.c16b.2c40 Dynamic 20 FastEthernet0/1
0030.8053.5e00 Dynamic 20 FastEthernet0/2
0050.546c.53c0 Dynamic 10 FastEthernet0/1
9、查看ARP表:
sw-1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.2 89 0004.ddf8.ef80 ARPA VLAN10
Internet 10.1.1.3 89 0004.4de6.1480 ARPA VLAN10
Internet 10.1.1.1 - 0003.e3e8.0880 ARPA VLAN10
二、单臂路由:
1、配置:
R1:
hostname Router
!
no ip domain lookup
!
interface Ethernet0/0
no shut
!
interface Ethernet0/0.11
encapsulation dot1Q 10
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/0.21
encapsulation dot1Q 20
ip address 192.168.2.2 255.255.255.0
SW-1:
!
hostname Switch
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
3、测试:
3-1测试本地到本的网关:
pc-1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
3-2测试本地到远端网关:
pc-1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1002 ms
3-3测试本地到远端目标:
pc-1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
pc-1#
注意事项:
路由器的上子接口的VLAN必须和交换机上接PC的物理接口的VLAN是同一个VLAN号。
VTP配置:
1、交换机基础配置:
略;
2、配置VTP域:
格式:VLAN模式#vtp domain 域名
例:
s-3#vlan database
s-3(vlan)#vtp domain onetom
3、配置VTP模式:
格式:VLAN模式#vtp VTP模式
例:
s-1(vlan)#vtp server (服务器模式)
s-3(vlan)#vtp Client (客户端模式)
s-3(vlan)#vtp transparent (透明模式)
4、配置VTP密码:
格式:VLAN模式#vtp password 密码
例:s-3(vlan)#vtp password 123
5、配置VTP裁剪功能:
例:s-3(vlan)#vtp pruning
6、配置VLAN信息:
例:s-3(vlan)#vlan 99 name itaa
7、检查和测试:
S-1:
VTP信息:
sw-1#show vtp status
VTP Version : 2
Configuration Revision : 16
Maximum VLANs supported locally : 68
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : itaa-1
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x28 0xCB 0x4E 0x5C 0x73 0x73 0x73 0x09
Configuration last modified by 10.1.1.1 at 3-1-93 06:20:19
sw-1#
VLAN信息:
sw-1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6,
Fa0/7, Fa0/8, Fa0/9, Fa0/10,
Fa0/11
100 VLAN0100 active Fa0/12
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
.....
S-2:
VTP信息:
s-2#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 68
Number of existing VLANs : 10
VTP Operating Mode : Transparent
VTP Domain Name : itaa-1
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x44 0x71 0x44 0x1A 0x89 0x86 0xDC 0x7C
Configuration last modified by 0.0.0.0 at 3-1-93 04:56:55
VLAN信息:
s-2#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6,
Fa0/7, Fa0/8, Fa0/9, Fa0/10,
Fa0/11
100 VLAN0100 active
200 VLAN0200 active
500 VLAN0500 active
600 VLAN0600 active
1001 VLAN1001 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
......
S-4
VTP信息:
s-4#show vtp status
VTP Version : 2
Configuration Revision : 15
Maximum VLANs supported locally : 68
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : itaa-1
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xA2 0x42 0xD9 0x7E 0x07 0x14 0x38 0xE8
Configuration last modified by 10.1.1.1 at 3-1-93 06:21:35
VLAN信息:
s-4#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5,
Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12
100 VLAN0100 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
......