随着网络中计算机的数量越来越多,传统的以太网络开始面临冲突严重、广播泛滥以及安全性无法保障等各种问题。
VLAN(Virtual Local Area Network)即虚拟局域网,是将一个物理的局域网在逻辑上划分成多个广播域的技术。通过在交换机上配置VLAN,可以实现在同一个VLAN内的用户可以进行二层互访,而不同VLAN间的用户被二层隔离。这样既能够隔离广播域,又能够提升网络的安全性。
创建vlan命令
[Huawei]vlan 10 直接可以创建vla10
[Huawei]vlan batch 10 to 20 批量连续创建vlan 10-vlan20
[Huawei]vlan batch 10 20 30 批量创建vlan 10 、vlan 20和vlan30
一、常用的VLAN配置:
实验一:
上图所示,每个汇聚交换机是不同的一个网段,我们需要把各汇 聚交换机下面的设备能够互通。通过使用vlan来实现
核心交换机需要把接口 g0/0/1至g0/0/4划分到vlan9 、g0/0/5至g0/0/9划分到vlan10、g0/0/10至g0/0/14划分到vlan11,g0/0/15至g0/0/19划分到vlan12 最后24口划分为vlan20
1、配置核心交换机各接口的网关
配置核心交换机
sys
[Huawei]sysname R1
[R1]vlan 9
[R1]quit
[R1]port-group group-member g0/0/1 to g0/0/4 #临时把接口g0/0/1 至 g0/0/4
[R1-port-group]port link-type access #批量修改接口g0/0/1 至 g0/0/4的接口类型为access
[R1-GigabitEthernet0/0/1]port link-type access
[R1-GigabitEthernet0/0/2]port link-type access
[R1-GigabitEthernet0/0/3]port link-type access
[R1-GigabitEthernet0/0/4]port link-type access
[R1-port-group]port default vlan 9 #批量把g0/0/1 至g0/0/4接口加入到vlan9
[R1-GigabitEthernet0/0/1]port default vlan 9
[R1-GigabitEthernet0/0/2]port default vlan 9
[R1-GigabitEthernet0/0/3]port default vlan 9
[R1-GigabitEthernet0/0/4]port default vlan 9
[R1-port-group]quit
[R1]int vlanif 9
[R1-Vlanif9]ip add 192.168.9.1 24
[R1]vlan 10
[R1]quit
[R1]port-group group-member g0/0/5 to g0/0/9
[R1-port-group]port link-type access
[R1-GigabitEthernet0/0/5]port link-type access
[R1-GigabitEthernet0/0/6]port link-type access
[R1-GigabitEthernet0/0/7]port link-type access
[R1-GigabitEthernet0/0/8]port link-type access
[R1-GigabitEthernet0/0/9]port link-type access
[R1-port-group]port default vlan 10
[R1-GigabitEthernet0/0/5]port default vlan 10
[R1-GigabitEthernet0/0/6]port default vlan 10
[R1-GigabitEthernet0/0/7]port default vlan 10
[R1-GigabitEthernet0/0/8]port default vlan 10
[R1-GigabitEthernet0/0/9]port default vlan 10
[R1-port-group]quit
[R1]int vlanif 10
[R1-Vlanif10]ip add 192.168.10.1 24
[R1]vlan 11
[R1-vlan11]quit
[R1]port-group group-member g0/0/10 to g0/0/14
[R1-port-group]port link-type access
[R1-GigabitEthernet0/0/10]port link-type access
[R1-GigabitEthernet0/0/11]port link-type access
[R1-GigabitEthernet0/0/12]port link-type access
[R1-GigabitEthernet0/0/13]port link-type access
[R1-GigabitEthernet0/0/14]port link-type access
[R1-port-group]port default vlan 11
[R1-GigabitEthernet0/0/10]port default vlan 11
[R1-GigabitEthernet0/0/11]port default vlan 11
[R1-GigabitEthernet0/0/12]port default vlan 11
[R1-GigabitEthernet0/0/13]port default vlan 11
[R1-port-group]quit
[R1]int vlanif 11
[R1-Vlanif11]ip add 192.168.11.1 24
[R1]vlan 12
[R1-vlan12]quit
[R1]port-group group-member g0/0/15 to g0/0/19
[R1-port-group]port link-type access
[R1-GigabitEthernet0/0/15]port link-type access
[R1-GigabitEthernet0/0/16]port link-type access
[R1-GigabitEthernet0/0/17]port link-type access
[R1-GigabitEthernet0/0/18]port link-type access
[R1-GigabitEthernet0/0/19]port link-type access
[R1-port-group]port default vlan 12
[R1-GigabitEthernet0/0/15]port default vlan 12
[R1-GigabitEthernet0/0/16]port default vlan 12
[R1-GigabitEthernet0/0/17]port default vlan 12
[R1-GigabitEthernet0/0/18]port default vlan 12
[R1-GigabitEthernet0/0/19]port default vlan 12
[R1-port-group]quit
[R1]int vlanif 12
[R1-Vlanif12]ip add 192.168.12.1 24
[R1]vlan 20
[R1-vlan20]quit
[R1]int g0/0/24
[R1-GigabitEthernet0/0/24]port link-type access
[R1-GigabitEthernet0/0/24]port default vlan 20
[R1]int vlanif 20
[R1-Vlanif20]ip add 192.168.20.3 24
二、VLAN间路由
链路类型
用户主机和交换机之间的链路为接入链路,交换机与交换机之间的链路为干道链路
1、端口类型– Access
Access端口在收到数据后会添加VLAN Tag,VLAN ID和端口的PVID相同(vlan10,它的PVID就是10)。Access端口在转发数据前会移除VLAN Tag。
PC到交换机这段是通过access进行传送默认没有带PVID Tag标签。
当在PCA发送一个数据帧时,它是不带VLAN Tag的,当他到达交换机,交换机是判断数据帧是从g0/0/1接口,它就会给这个数据帧打上一个PVID10的Tag(标签)。 交换机再通过PVID10来判断出口进行传输。当数据帧从交换机g0/0/3的PVID10往处发送到到PC C时,它会把PVID10的Tag移动掉,再发送给PC C。
配置Access端口
[SWA]interface GigabitEthernet 0/0/5
[SWA-GigabitEthernet0/0/5]port link-type access
[SWA-GigabitEthernet0/0/5]interface GigabitEthernet 0/0/7
[SWA-GigabitEthernet0/0/7]port link-type access
添加端口到VLAN
[SWA]vlan 2
[SWA-vlan2]port GigabitEthernet 0/0/7
[SWA-vlan2]quit
[SWA]interface GigabitEthernet0/0/5
[SWA-GigabitEthernet0/0/5]port default vlan 3
配置验证
[SWA]display vlan
2、端口类型– Trunk
当Trunk端口收到帧时,如果该帧不包含Tag,将打上端口的PVID;如果该帧包含Tag,则不改变。
当Trunk端口发送帧时,该帧的VLAN ID在Trunk的允许发送列表中:若与端口的PVID相同时,则剥离Tag发送;若与端口的PVID不同时,则直接发送。
配置Trunk端口
[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
实验二:
R1
sys
[Huawei]sysname LSW1
[LSW1]vlan batch 10 20
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 10
[LSW1-GigabitEthernet0/0/1]quit
[LSW1]int g0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type access
[LSW1-GigabitEthernet0/0/3]port default vlan 20
[LSW1-GigabitEthernet0/0/3]quit
[LSW1]int g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]quit
[LSW1]int g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 20
R2
sys
[Huawei]sysname LSW2
[LSW2]vlan batch 10 20
[LSW2]int g0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type access
[LSW2-GigabitEthernet0/0/3]port default vlan 10
[LSW2-GigabitEthernet0/0/3]quit
[LSW2]int g0/0/4
[LSW2-GigabitEthernet0/0/4]port link-type access
[LSW2-GigabitEthernet0/0/4]port default vlan 20
[LSW2-GigabitEthernet0/0/4]quit
[LSW2]int g0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type access
[LSW2-GigabitEthernet0/0/2]quit
[LSW2-GigabitEthernet0/0/1]port link-type trunk
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 20