Vlan配置

学习目的

  • 了解vlan的意义

  • 理解vlan的安全表现

  • 掌握vlan的配置

  • 掌握Access接口与Trunk接口的配置

  • 掌握将接口与vlan关联的配置

  • 掌握Hybrid接口的配置

拓扑图

        华为三层交换Vlan配置_第1张图片

场景:

         你是公司的网络管理员。当前网络中需要部署vlan。购置了两台交换机。你需要部署vlan和其它特性。

学习任务

步骤一.Eth-trunk链路聚合

         实验之前,需要关闭部分设备接口,避免影响本次实验。

         本次实验需要关闭S3E0/0/1E0/0/23接口,另外需要关闭S4E0/0/14接口。

         S1S2之间的两条链路,如果开启STP,则会有一条链路被禁用,造成带宽的浪费;如果不适用STP,则会造成环路。但是如果使用Eth-trunk,则可以很好的解决这个问题。

         配置Eth-trunk之前,必须清楚接口原有配置信息。

         配置Eth-trunk时,可以将物理接口加入Eth-trunk组,也可以在Eth-trunk配置模式下,添加物理接口。

         S1使用第一种模式配置Eth-trunk与物理接口之间的关联关系。

[Huawei]sysname S1

[S1]interface eth-trunk 1

[S1-Eth-Trunk1]q

[S1]interface g0/0/9

[S1-GigabitEthernet0/0/9]eth-trunk 1

[S1-GigabitEthernet0/0/9]interface g0/0/10

[S1-GigabitEthernet0/0/10]eth-trunk 1

Info: This operation may take a fewseconds. Please wait for a moment...done.

S2使用第二种模式配置Eth-trunk与物理接口之间的关联关系。

[Huawei]sysnam S2

[S2]interface eth-trunk 1

[S2-Eth-Trunk1]trunkport g0/0/9

Info: This operation may take a fewseconds. Please wait for a moment...done.

[S2-Eth-Trunk1]trunkport g0/0/10

Info: This operation may take a fewseconds. Please wait for a moment...done.

接口默认的链路类型黑Hybird类型,可以直接修改链路类型为trunk类型。另外需要注意的是,默认情况下,接口的trunk功能禁止所有vlan的数据传输过去。

[S1]interface Eth-Trunk 1

[S1-Eth-Trunk1]port link-type trunk

[S1-Eth-Trunk1]port trunk allow-pass vlanall

 

[S2]interface Eth-Trunk 1

[S2-Eth-Trunk1]port link-type trunk

[S2-Eth-Trunk1]port trunk allow-pass vla

步骤二.配置vlan

         实验中S3R1R3S4模拟为主机进行测试。其中S3属于vlan3R1R3属于vlan4S4属于vlan5

         配置号码连续的多个vlan的方式有两种。实验中分别演示。

         定义vlan与接口的对应关系也有两种,试验中分别演示。

[S1]interface g0/0/13

[S1-GigabitEthernet0/0/13]port link-typeaccess

[S1-GigabitEthernet0/0/13]interface g0/0/1

[S1-GigabitEthernet0/0/1]port link-typeaccess

[S1-GigabitEthernet0/0/1]vlan 3

[S1-vlan3]port gi0/0/13

[S1-vlan3]vlan 4

[S1-vlan4]port gi0/0/1

[S1-vlan4]vlan 5

 

 

[S2]vlan batch 3 to 5

[S2]interface g0/0/2

[S2-GigabitEthernet0/0/2]port link-typeaccess

[S2-GigabitEthernet0/0/2]port default vlan4

[S2-GigabitEthernet0/0/2]interface g0/0/22

[S2-GigabitEthernet0/0/22]port link-typeaccess

[S2-GigabitEthernet0/0/22]port default vlan5

步骤三.规划地址

         R1R3S3S4模拟为客户端,测试vlan配置效果。

         需要各自配置接口地址、其中交换机物理接口无法配置地址。在vlanif1接口配置IP地址。

[Huawei]sysname S3

[S3]interface vlanif 1

[S3-Vlanif1]ip add 10.0.3.3 24

 

 

[Huawei]sysname R1

[R1]interface g0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.0.4.1 24

[R1-GigabitEthernet0/0/1]

 

[Huawei]sysname R3

[R3]interface g0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.4.3 24

 

[Huawei]sysname S4

[S4]interface vlanif 1

[S4-Vlanif1]ip add 10.0.5.4 24

 

步骤四.测试

         使用ping命令,正常情况下,同属于vlan4R1R3之间可以通讯,其余两两相互不能通讯。

ping 10.0.4.1

 PING 10.0.4.1: 56  data bytes,press CTRL_C to break

   Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=150 ms

   Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=50 ms

   Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=60 ms

   Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=80 ms

   Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=70 ms

 

  ---10.0.4.1 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

round-tripmin/avg/max = 50/82/150 ms

其余设备之间则无法相互通讯,可以测试R1R3之间、R3R4之间通讯情况

         S1上为每个vlan配置一个管理地址。相当于在S1连接了三台客户端,属于vlan345.

[S1]interface vlanif 3

[S1-Vlanif3]ip add 10.0.3.11 24

[S1-Vlanif3]interface vlanif 4

[S1-Vlanif4]ip add 10.0.4.11 24.

[S1-Vlanif4]interface vlanif 5

[S1-Vlanif5]ip add 10.0.5.11 24

[S1-Vlanif5]q

配置完成后,可以在S1上测试所有vlan内部客户端是否正常通讯。

[S1]ping 10.0.3.3

 PING 10.0.3.3: 56  data bytes,press CTRL_C to break

   Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=260 ms

   Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=40 ms

   Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=50 ms

   Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=40 ms

   Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=20 ms

 

  ---10.0.3.3 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 20/82/260 ms

 

[S1]ping 10.0.4.1

 PING 10.0.4.1: 56  data bytes,press CTRL_C to break

   Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=70 ms

   Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=50 ms

   Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=40 ms

   Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=50 ms

   Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=30 ms

 

  ---10.0.4.1 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 30/48/70 ms

 

[S1]ping 10.0.4.3

 PING 10.0.4.3: 56  data bytes,press CTRL_C to break

   Reply from 10.0.4.3: bytes=56 Sequence=1 ttl=255 time=110 ms

   Reply from 10.0.4.3: bytes=56 Sequence=2 ttl=255 time=70 ms

   Reply from 10.0.4.3: bytes=56 Sequence=3 ttl=255 time=60 ms

   Reply from 10.0.4.3: bytes=56 Sequence=4 ttl=255 time=50 ms

   Reply from 10.0.4.3: bytes=56 Sequence=5 ttl=255 time=80 ms

 

  ---10.0.4.3 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 50/74/110 ms

 

[S1]ping 10.0.5.4

 PING 10.0.5.4: 56  data bytes,press CTRL_C to break

   Reply from 10.0.5.4: bytes=56 Sequence=1 ttl=255 time=110 ms

   Reply from 10.0.5.4: bytes=56 Sequence=2 ttl=255 time=60 ms

   Reply from 10.0.5.4: bytes=56 Sequence=3 ttl=255 time=40 ms

   Reply from 10.0.5.4: bytes=56 Sequence=4 ttl=255 time=90 ms

   Reply from 10.0.5.4: bytes=56 Sequence=5 ttl=255 time=60 ms

 

  ---10.0.5.4 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

round-tripmin/avg/max = 40/72/110 ms

步骤五.掌握Hybrid接口的配置

         Hybrid接口与trunk接口类似。但是增加了一些功能,可以实现在不同vlan的用户通讯,比如实验中S3R3设备。当前他们首先需要在同一网段。

修改S3R3地址

[S3]interface vlanif 1

[S3-Vlanif1]ip add 10.0.6.3 24

[S3-Vlanif1]

 

[R3]interface g0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.6.4 24

 

定义S1G0/0/13/接口为Hybird接口,属于vlan3.vlan3vlan4定义为Untagged。注意修改链路类型之前,需要删除接口的额外配置。

[S1]interface g0/0/13

[S1-GigabitEthernet0/0/13]undo port defaultvlan

[S1-GigabitEthernet0/0/13]port link-typehybrid

[S1-GigabitEthernet0/0/13]port hybrid pvidvlan 3

[S1-GigabitEthernet0/0/13]port hybriduntagged vlan 3 to 4

定义S2G0/0/2接口为Hybird接口,属于vlan4.vlan3vlan4定义为Untagged

[S2]interface g0/0/2

[S2-GigabitEthernet0/0/2]undo port defaultvlan

[S2-GigabitEthernet0/0/2]port link-typehybrid

[S2-GigabitEthernet0/0/2]port hybrid pvidvlan 4

[S2-GigabitEthernet0/0/2]port hybriduntagged vlan 3 to 4

此时S3R3虽然在不同网段,但是可以实现互通。

ping 10.0.6.4

 PING 10.0.6.4: 56  data bytes,press CTRL_C to break

   Reply from 10.0.6.4: bytes=56 Sequence=1 ttl=255 time=170 ms

   Reply from 10.0.6.4: bytes=56 Sequence=2 ttl=255 time=90 ms

   Reply from 10.0.6.4: bytes=56 Sequence=3 ttl=255 time=60 ms

   Reply from 10.0.6.4: bytes=56 Sequence=4 ttl=255 time=60 ms

   Reply from 10.0.6.4: bytes=56 Sequence=5 ttl=255 time=90 ms

 

  ---10.0.6.4 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 60/94/170 ms