Vlan配置
学习目的
了解vlan的意义
理解vlan的安全表现
掌握vlan的配置
掌握Access接口与Trunk接口的配置
掌握将接口与vlan关联的配置
掌握Hybrid接口的配置
拓扑图
场景:
你是公司的网络管理员。当前网络中需要部署vlan。购置了两台交换机。你需要部署vlan和其它特性。
学习任务
步骤一.Eth-trunk链路聚合
实验之前,需要关闭部分设备接口,避免影响本次实验。
本次实验需要关闭S3的E0/0/1、E0/0/23接口,另外需要关闭S4的E0/0/14接口。
S1与S2之间的两条链路,如果开启STP,则会有一条链路被禁用,造成带宽的浪费;如果不适用STP,则会造成环路。但是如果使用Eth-trunk,则可以很好的解决这个问题。
配置Eth-trunk之前,必须清楚接口原有配置信息。
配置Eth-trunk时,可以将物理接口加入Eth-trunk组,也可以在Eth-trunk配置模式下,添加物理接口。
S1使用第一种模式配置Eth-trunk与物理接口之间的关联关系。
[Huawei]sysname S1
[S1]interface eth-trunk 1
[S1-Eth-Trunk1]q
[S1]interface g0/0/9
[S1-GigabitEthernet0/0/9]eth-trunk 1
[S1-GigabitEthernet0/0/9]interface g0/0/10
[S1-GigabitEthernet0/0/10]eth-trunk 1
Info: This operation may take a fewseconds. Please wait for a moment...done.
S2使用第二种模式配置Eth-trunk与物理接口之间的关联关系。
[Huawei]sysnam S2
[S2]interface eth-trunk 1
[S2-Eth-Trunk1]trunkport g0/0/9
Info: This operation may take a fewseconds. Please wait for a moment...done.
[S2-Eth-Trunk1]trunkport g0/0/10
Info: This operation may take a fewseconds. Please wait for a moment...done.
接口默认的链路类型黑Hybird类型,可以直接修改链路类型为trunk类型。另外需要注意的是,默认情况下,接口的trunk功能禁止所有vlan的数据传输过去。
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]port link-type trunk
[S1-Eth-Trunk1]port trunk allow-pass vlanall
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]port link-type trunk
[S2-Eth-Trunk1]port trunk allow-pass vla
步骤二.配置vlan
实验中S3、R1、R3、S4模拟为主机进行测试。其中S3属于vlan3、R1、R3属于vlan4、S4属于vlan5
配置号码连续的多个vlan的方式有两种。实验中分别演示。
定义vlan与接口的对应关系也有两种,试验中分别演示。
[S1]interface g0/0/13
[S1-GigabitEthernet0/0/13]port link-typeaccess
[S1-GigabitEthernet0/0/13]interface g0/0/1
[S1-GigabitEthernet0/0/1]port link-typeaccess
[S1-GigabitEthernet0/0/1]vlan 3
[S1-vlan3]port gi0/0/13
[S1-vlan3]vlan 4
[S1-vlan4]port gi0/0/1
[S1-vlan4]vlan 5
[S2]vlan batch 3 to 5
[S2]interface g0/0/2
[S2-GigabitEthernet0/0/2]port link-typeaccess
[S2-GigabitEthernet0/0/2]port default vlan4
[S2-GigabitEthernet0/0/2]interface g0/0/22
[S2-GigabitEthernet0/0/22]port link-typeaccess
[S2-GigabitEthernet0/0/22]port default vlan5
步骤三.规划地址
R1、R3、S3和S4模拟为客户端,测试vlan配置效果。
需要各自配置接口地址、其中交换机物理接口无法配置地址。在vlanif1接口配置IP地址。
[Huawei]sysname S3
[S3]interface vlanif 1
[S3-Vlanif1]ip add 10.0.3.3 24
[Huawei]sysname R1
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip add 10.0.4.1 24
[R1-GigabitEthernet0/0/1]
[Huawei]sysname R3
[R3]interface g0/0/2
[R3-GigabitEthernet0/0/2]ip add 10.0.4.3 24
[Huawei]sysname S4
[S4]interface vlanif 1
[S4-Vlanif1]ip add 10.0.5.4 24
步骤四.测试
使用ping命令,正常情况下,同属于vlan4的R1与R3之间可以通讯,其余两两相互不能通讯。
PING 10.0.4.1: 56 data bytes,press CTRL_C to break
Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=150 ms
Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=60 ms
Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=80 ms
Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=70 ms
---10.0.4.1 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-tripmin/avg/max = 50/82/150 ms
其余设备之间则无法相互通讯,可以测试R1与R3之间、R3与R4之间通讯情况
在S1上为每个vlan配置一个管理地址。相当于在S1连接了三台客户端,属于vlan3、4、5.
[S1]interface vlanif 3
[S1-Vlanif3]ip add 10.0.3.11 24
[S1-Vlanif3]interface vlanif 4
[S1-Vlanif4]ip add 10.0.4.11 24.
[S1-Vlanif4]interface vlanif 5
[S1-Vlanif5]ip add 10.0.5.11 24
[S1-Vlanif5]q
配置完成后,可以在S1上测试所有vlan内部客户端是否正常通讯。
[S1]ping 10.0.3.3
PING 10.0.3.3: 56 data bytes,press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=260 ms
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=50 ms
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=20 ms
---10.0.3.3 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/82/260 ms
[S1]ping 10.0.4.1
PING 10.0.4.1: 56 data bytes,press CTRL_C to break
Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=70 ms
Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=50 ms
Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=30 ms
---10.0.4.1 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/48/70 ms
[S1]ping 10.0.4.3
PING 10.0.4.3: 56 data bytes,press CTRL_C to break
Reply from 10.0.4.3: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 10.0.4.3: bytes=56 Sequence=2 ttl=255 time=70 ms
Reply from 10.0.4.3: bytes=56 Sequence=3 ttl=255 time=60 ms
Reply from 10.0.4.3: bytes=56 Sequence=4 ttl=255 time=50 ms
Reply from 10.0.4.3: bytes=56 Sequence=5 ttl=255 time=80 ms
---10.0.4.3 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 50/74/110 ms
[S1]ping 10.0.5.4
PING 10.0.5.4: 56 data bytes,press CTRL_C to break
Reply from 10.0.5.4: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 10.0.5.4: bytes=56 Sequence=2 ttl=255 time=60 ms
Reply from 10.0.5.4: bytes=56 Sequence=3 ttl=255 time=40 ms
Reply from 10.0.5.4: bytes=56 Sequence=4 ttl=255 time=90 ms
Reply from 10.0.5.4: bytes=56 Sequence=5 ttl=255 time=60 ms
---10.0.5.4 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-tripmin/avg/max = 40/72/110 ms
步骤五.掌握Hybrid接口的配置
Hybrid接口与trunk接口类似。但是增加了一些功能,可以实现在不同vlan的用户通讯,比如实验中S3与R3设备。当前他们首先需要在同一网段。
修改S3与R3地址
[S3]interface vlanif 1
[S3-Vlanif1]ip add 10.0.6.3 24
[S3-Vlanif1]
[R3]interface g0/0/2
[R3-GigabitEthernet0/0/2]ip add 10.0.6.4 24
定义S1的G0/0/13/接口为Hybird接口,属于vlan3.对vlan3和vlan4定义为Untagged。注意修改链路类型之前,需要删除接口的额外配置。
[S1]interface g0/0/13
[S1-GigabitEthernet0/0/13]undo port defaultvlan
[S1-GigabitEthernet0/0/13]port link-typehybrid
[S1-GigabitEthernet0/0/13]port hybrid pvidvlan 3
[S1-GigabitEthernet0/0/13]port hybriduntagged vlan 3 to 4
定义S2的G0/0/2接口为Hybird接口,属于vlan4.对vlan3和vlan4定义为Untagged。
[S2]interface g0/0/2
[S2-GigabitEthernet0/0/2]undo port defaultvlan
[S2-GigabitEthernet0/0/2]port link-typehybrid
[S2-GigabitEthernet0/0/2]port hybrid pvidvlan 4
[S2-GigabitEthernet0/0/2]port hybriduntagged vlan 3 to 4
此时S3与R3虽然在不同网段,但是可以实现互通。
PING 10.0.6.4: 56 data bytes,press CTRL_C to break
Reply from 10.0.6.4: bytes=56 Sequence=1 ttl=255 time=170 ms
Reply from 10.0.6.4: bytes=56 Sequence=2 ttl=255 time=90 ms
Reply from 10.0.6.4: bytes=56 Sequence=3 ttl=255 time=60 ms
Reply from 10.0.6.4: bytes=56 Sequence=4 ttl=255 time=60 ms
Reply from 10.0.6.4: bytes=56 Sequence=5 ttl=255 time=90 ms
---10.0.6.4 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/94/170 ms