一、VLAN配置过程。
1. 搭建拓扑结构。
运行eNSP>新建拓扑>搭建如下图的拓扑结构>启动设备
2. 测试主机间连通性。
2.1 四台主机基础配置如下:
PC1: IP地址:192.168.2.2 子网掩码:255.255.255.0 网关:192.168.2.0
PC2: IP地址:192.168.2.3 子网掩码:255.255.255.0 网关:192.168.2.0
PC3: IP地址:192.168.2.4 子网掩码:255.255.255.0 网关:192.168.2.0
PC4: IP地址:192.168.2.5 子网掩码:255.255.255.0 网关:192.168.2.0
2.2 测试主机间连通性:
运用ping命令测试各主机间连通性。
PC1:
PC>ping 192.168.2.3
Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: bytes=32 seq=1 ttl=128 time=47 ms
PC>ping 192.168.2.4
Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: bytes=32 seq=1 ttl=128 time=63 ms
PC>ping 192.168.2.5
Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: bytes=32 seq=1 ttl=128 time=62 ms
如上,PC1与其他三台主机间都能连通。
PC2:
PC>ping 192.168.2.2
Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: bytes=32 seq=1 ttl=128 time=47 ms
PC>ping 192.168.2.4
Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: bytes=32 seq=1 ttl=128 time=79 ms
PC>ping 192.168.2.5
Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: bytes=32 seq=1 ttl=128 time=32 ms
如上,PC2与其他三台主机间都能连通。
PC3与PC4经测试都能与其他三台主机连通,篇幅原因命令语句在此不进行展示。
3. 配置交换机。
3.1 配置交换机LSW1:
3.1.1 进入管理员系统,构建VLAN2,VLAN3,查看VLAN。
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]quit
[Huawei]vlan 3
[Huawei-vlan3]quit
[Huawei]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(D)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
2 common
3 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
3 enable default enable disable VLAN 0003
3.1.2 将0/0/1和0/0/2端口设置为access类型:
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 2
[Huawei-Ethernet0/0/1]quit
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 3
[Huawei-Ethernet0/0/2]quit
[Huawei]
3.1.3 将0/0/3端口设置为trunk类型:
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type trunk
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 2
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 3
[Huawei-Ethernet0/0/3]quit
3.1.4 查看VLAN:
[Huawei]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/3(U) Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
2 common UT:Eth0/0/1(U)
TG:Eth0/0/3(U)
3 common UT:Eth0/0/2(U)
TG:Eth0/0/3(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
3 enable default enable disable VLAN 0003
[Huawei]
3.2 配置交换机LSW2:
步骤同上,配置LSW2,在此不描述详细步骤,只展示交换机命令。
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]quit
[Huawei]vlan 3
[Huawei-vlan3]quit
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 3
[Huawei-Ethernet0/0/1]quit
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 2
[Huawei-Ethernet0/0/2]quit
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type trunk
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 2
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 3
[Huawei-Ethernet0/0/3]quit
[Huawei]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/3(U) Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
2 common UT:Eth0/0/2(U)
TG:Eth0/0/3(U)
3 common UT:Eth0/0/1(U)
TG:Eth0/0/3(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
3 enable default enable disable VLAN 0003
[Huawei]
至此,两台交换机配置完成。
4.实验验证。
4.1 测试VLAN中各主机间连通性:
ping命令测试:
PC1:
PC>ping 192.168.2.3
Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
--- 192.168.2.3 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.2.4
Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
--- 192.168.2.4 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.2.5
Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: bytes=32 seq=1 ttl=128 time=62 ms
From 192.168.2.5: bytes=32 seq=2 ttl=128 time=78 ms
From 192.168.2.5: bytes=32 seq=3 ttl=128 time=78 ms
From 192.168.2.5: bytes=32 seq=4 ttl=128 time=47 ms
From 192.168.2.5: bytes=32 seq=5 ttl=128 time=63 ms
--- 192.168.2.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/65/78 ms
PC2:
PC>ping 192.168.2.2
Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.2.4
Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: bytes=32 seq=1 ttl=128 time=63 ms
From 192.168.2.4: bytes=32 seq=2 ttl=128 time=62 ms
From 192.168.2.4: bytes=32 seq=3 ttl=128 time=63 ms
From 192.168.2.4: bytes=32 seq=4 ttl=128 time=62 ms
From 192.168.2.4: bytes=32 seq=5 ttl=128 time=63 ms
--- 192.168.2.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
PC>ping 192.168.2.5
Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
--- 192.168.2.5 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC3:
PC>ping 192.168.2.2
Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.2.3
Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: bytes=32 seq=1 ttl=128 time=63 ms
From 192.168.2.3: bytes=32 seq=2 ttl=128 time=62 ms
From 192.168.2.3: bytes=32 seq=3 ttl=128 time=63 ms
From 192.168.2.3: bytes=32 seq=4 ttl=128 time=63 ms
From 192.168.2.3: bytes=32 seq=5 ttl=128 time=62 ms
--- 192.168.2.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/62/63 ms
PC>ping 192.168.2.5
Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
--- 192.168.2.5 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC4:
PC>ping 192.168.2.2
Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: bytes=32 seq=1 ttl=128 time=94 ms
From 192.168.2.2: bytes=32 seq=2 ttl=128 time=31 ms
From 192.168.2.2: bytes=32 seq=3 ttl=128 time=62 ms
From 192.168.2.2: bytes=32 seq=4 ttl=128 time=63 ms
From 192.168.2.2: bytes=32 seq=5 ttl=128 time=62 ms
--- 192.168.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/62/94 ms
PC>ping 192.168.2.3
Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
--- 192.168.2.3 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.2.4
Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
--- 192.168.2.4 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
4.2 测试结果:
通过ping命令测试,可得结果为:
PC1与PC4之间相互连通,与PC2、PC3不通。
PC2与PC3之间相互连通,与PC1、PC4不通。
PC3与PC2之间相互连通,与PC1、PC4不通。
PC4与PC1之间相互连通,与PC2、PC3不通。
4.3 实验结论:
PC1与PC4属于VLAN2;
PC2与PC3属于VLAN3.
VLAN构建成功。
二、相关知识点。
1.什么是VLAN?
VLAN(Virtual Local Area Network)的中文名为"虚拟局域网"。
虚拟局域网(VLAN)是一组逻辑上的设备和用户,这些设备和用户并不受物理位置的限制,可以根据功能、部门及应用等因素将它们组织起来,相互之间的通信就好像它们在同一个网段中一样,由此得名虚拟局域网。
2.VLAN的作用。
通过划分不同的VLAN,VLAN内的主机间可以直接通信,而VLAN间不能直接互通,从而将广播报文限制在一个VLAN内。
作用:限制广播域、增强局域网的安全性(不同VLAN用户不能直接通信)、提高网络的健壮性(限制故障)、灵活构建虚拟工作组(同一VLAN用户不局限于固定的物理范围)。
3. VLAN的优点。
3.1 端口的分隔。
即便在同一个交换机上,处于不同VLAN的端口也是不能通信的。这样一个物理的交换机可以当作多个逻辑的交换机使用。
3.2 网络的安全。
不同VLAN不能直接通信,杜绝了广播信息的不安全性。
3.3 灵活的管理。
更改用户所属的网络不必换端口和连线,只需更改软件配置。
VLAN技术的出现,使得管理员根据实际应用需求,把同一物理局域网内的不同用户逻辑地划分成不同的广播域,每一个VLAN都包含一组有着相同需求的计算机工作站,与物理上形成的LAN有着相同的属性。由于它是从逻辑上划分,而不是从物理上划分,所以同一个VLAN内的各个工作站没有限制在同一个物理范围中,即这些工作站可以在不同物理LAN网段 。由VLAN的特点可知,一个VLAN内部的广播和单播流量都不会转发到其他VLAN中,从而有 助于控制流量、减少设备投资、简化网络管理、提高网络的安全性。 VLAN除了能将网络划 分为多个广播域,从而有效地控制广播风暴的发生,以及使网络的拓扑结构变得非常灵活 的优点外,还可以用于控制网络中不同部门、不同站点之间的互相访问。
4.交换机端口类型。
4.1 Access
Access类型的端口只能属于1个VLAN,一般用于连接计算机的端口;
4.2 Trunk
Trunk类型的端口可以允许多个VLAN通过,可以接收和发送多个VLAN的报文,一般用于交换机之间连接的端口;
4.3 Hybrid
Hybrid类型的端口可以允许多个VLAN通过,可以接收和发送多个VLAN的报文,可以用于交换机之间连接,也可以用于连接用户的计算机。
Hybrid端口和Trunk端口在接收数据时,处理方法一样,唯一不同之处在于发送数据时:Hybrid端口可以允许多个VLAN的报文发送时不打标签,而Trunk端口只允许缺省VLAN的报文发送时不打标签。