Vlan配置

Vlan配置

问题

VLAN(虚拟局域网)是对连接到的第二层交换机端口的网络用户的逻辑分段,不受网络用户的物理位置限制而根据用户需求进行网络分段。一个VLAN可以在一个交换机或者跨交换机实现。VLAN可以根据网络用户的位置、作用、部门或者根据网络用户所使用的应用程序和协议来进行分组。基于交换机的虚拟局域网能够为局域网解决冲突域、广播域、带宽问题。
1)按企业部门规划vlan
2)配置交换机之间的链路为中继链路

方案

企业网络的拓扑如图所示:

Vlan配置_第1张图片

步骤

实现此案例需要按照如下步骤进行。

步骤一:将两台交换机所连的f0/24端口设置为中继模式

为了使得不同交换机上相同的VLAN可以通信,需要交换机间的链路可以承载所有VLAN数据。Trunk链路不属于任何VLAN,但是可以承载所有VLAN通信。

tarena-sw1(config)#interface fastEthernet 0/24
tarena-sw1(config-if)#switchport mode trunk 
tarena-sw1(config-if)#	
tarena-sw2(config)#interface fastEthernet 0/24
tarena-sw2(config-if)#switchport mode trunk 
tarena-sw2(config-if)#

步骤二:分别在tarena-sw1和tarena-sw2上创建人事部VLAN5和销售部VLAN10

tarena-sw1(config)#vlan 5
tarena-sw1(config-vlan)#name HR
tarena-sw1(config-vlan)#exit
tarena-sw1(config)#vlan 10
tarena-sw1(config-vlan)#name Sales
tarena-sw1(config-vlan)#exit
tarena-sw1(config)#
tarena-sw2(config)#vlan 5
tarena-sw2(config-vlan)#name HR
tarena-sw2(config-vlan)#exit
tarena-sw2(config)#vlan 10
tarena-sw2(config-vlan)#name Sales
tarena-sw2(config-vlan)#exit
tarena-sw2(config)#

步骤三:将PC1所连的tarena-sw1的f0/1端口和PC3所连的tarena-sw2的f0/3加入到人事部VLAN5;将PC2所连的tarena-sw1的f0/2端口和PC4所连的tarena-sw2的f0/4加入到销售部VLAN10

把交换机端口加入到VLAN时,也可以不指定switchport mode access,但是有些交换机的端口默认是企望或自动状态。如果该端口所连用户通过软件协商成中继状态,那么他就可以向任何VLAN发送数据,对安全产生威胁。因此,强烈建议设置switchport mode access语句。

tarena-sw1(config)#interface fastEthernet 0/1
tarena-sw1(config-if)#switchport mode access
tarena-sw1(config-if)#switchport access vlan 5
tarena-sw1(config-if)#exit
tarena-sw1(config)#interface fastEthernet 0/2
tarena-sw1(config-if)#switchport mode access
tarena-sw1(config-if)#switchport access vlan 10
tarena-sw1(config-if)#exit
tarena-sw1(config)#
tarena-sw2(config)#interface fastEthernet 0/3
tarena-sw1(config-if)#switchport mode access
tarena-sw2(config-if)#switchport access vlan 5
tarena-sw2(config-if)#exit
tarena-sw2(config)#interface fastEthernet 0/4
tarena-sw1(config-if)#switchport mode access
tarena-sw2(config-if)#switchport access vlan 10
tarena-sw2(config-if)#exit
tarena-sw2(config)#

步骤四:分别在两台交换机上验证VLAN配置结果

交换机所有端口默认都属于VLAN1,VLAN1是交换机预设VLAN,它还有一些特殊应用,不能被删除。

tarena-sw1#show vlan brief 
VLAN Name                   Status       Ports
---- -------------------------------- --------- ---------------------
1    default                 active     Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                           Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                           Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                           Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                           Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                             Fa0/23
5    HR                         active     Fa0/1
10   Sales                     active      Fa0/2
1002 fddi-default            active    
1003 token-ring-default     active    
1004 fddinet-default         active    
1005 trnet-default           active    
tarena-sw1#
tarena-sw2#show vlan brief 
VLAN Name                    Status      Ports
---- -------------------------------- ---------------------------------
1    default                  active      Fa0/1, Fa0/2, Fa0/5, Fa0/6
                                             Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                             Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                             Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                             Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                             Fa0/23
5    HR                        active      Fa0/3
10   Sales                    active      Fa0/4
1002 fddi-default           active    
1003 token-ring-default    active    
1004 fddinet-default        active    
1005 trnet-default          active    
tarena-sw2#

结果显示已经将端口加入到相应VLAN中

步骤五:查看交换机的中继端口状态:

注意端口的Administrative Mode和Operational Mode,管理模式Administrative Mode是指该端口配置模式,而操作模式Operational Mode才是真正生效的模式。比如端口的管理模式Administrative Mode有可能是动态企望dynamic desireble模式,但操作模式Operational Mode是中继trunk。

tarena-sw1#show interfaces fastEthernet 0/24 switchport 
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
tarena-sw1#

结果显示tarena-sw1的f0/24端口当前为中继链路,采用了802.1q的封装

步骤六:从PC1[192.168.5.10/24]测试到PC3[192.168.5.20/24]的连通性

PC>ping 192.168.5.20
Pinging 192.168.5.20 with 32 bytes of data:
Reply from 192.168.5.20: bytes=32 time=27ms TTL=128
Reply from 192.168.5.20: bytes=32 time=22ms TTL=128
Reply from 192.168.5.20: bytes=32 time=22ms TTL=128
Reply from 192.168.5.20: bytes=32 time=5ms TTL=128
Ping statistics for 192.168.5.20:

这里是引用

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 27ms, Average = 19ms
PC>

结果表明两台处于相同VLAN的PC可以互通。不同VLAN的主机,即使IP地址在相同网络也不能通信。如果想实现VLAN间的互通,需要用到后面的“VLAN间路由”知识。

步骤七:从PC2[192.168.10.10]测试到PC4[192.168.10.20]的连通性

PC>ping 192.168.10.20
Pinging 192.168.10.20 with 32 bytes of data:
Reply from 192.168.10.20: bytes=32 time=25ms TTL=128
Reply from 192.168.10.20: bytes=32 time=11ms TTL=128
Reply from 192.168.10.20: bytes=32 time=13ms TTL=128
Reply from 192.168.10.20: bytes=32 time=12ms TTL=128
Ping statistics for 192.168.10.20:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 25ms, Average = 15ms
PC>

结果表明两台处于相同VLAN的PC可以互通

你可能感兴趣的:(Vlan配置)