实验工具:模拟CISO3640交换机2台
,
PC6台
实验目的:设置Trunk后,同一VLAN
的PC
能PING
通
VLAN
:对网络用户逻辑分段,不受位置限制。也就是说同一VLAN
可PING
通,不同不能通。
Trunk(
中继):
用一条物理链路将一台交换机连接其他交换机或路由
S1
S1#vlan data
S1#vlan database
S1(vlan)#vlan 2
设置
VLAN
VLAN 2 added:
Name: VLAN0002
S1(vlan)#vlan 3
VLAN 3 added:
Name: VLAN0003
S1(vlan)#exit
Exiting....
S1#conf t
S1(config)#interface range f0/5 �C 8
把端口设置入
VLAN
S1(config-if-range)#switchport access vlan 2 VLAN1
是默认的,可以把端口加入
VLAN2
S1(config-if-range)#exit
S1(config)#interface range f0/9 - 14
S1(config-if-range)#switchport access vlan 3
S1(config-if-range)#exit
S1(config)#exit
S1#show
S1#show vlan
VLAN Name Status Ports
发现端口全都加进去了
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/15
2 VLAN0002 active Fa0/5, Fa0/6, Fa0/7, Fa0/8
3 VLAN0003 active Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
S1#conf t
S1(config)#interface f0/15
S1(config-if)#switchport mode trunk
把
F015
设置为
Trunk
S1(config-if)#exit
S1(config)#exit
S1#show interface f0/15 switchport
Name: Fa0/15
Switchport: Enabled
Administrative Mode: trunk F0/15
成为
Trunk
Operational Mode: trunk S2
端口也已成为
Trunk
Administrative Trunking Encapsulation: dot1q
为公用的
IEEE802.1Q
格式
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL Trunk
可承载所有
Vlan
Trunking VLANs Active: 1-3
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
S2
S2(config)#exit
S2#v
*Mar 1 00:09:14.495: %SYS-5-CONFIG_I: Configured from console by console
S2#vlan data
S2(vlan)#vlan 2
VLAN 2 added:
Name: VLAN0002
S2(vlan)#vlan 3
VLAN 3 added:
Name: VLAN0003
S2(vlan)#exit
APPLY completed.
Exiting....
S2#conf t
S2(config)#interface range f0/5 - 8
S2(config-if-range)#switchport access vlan 2
S2(config-if-range)#exit
S2(config)#interface range f0/9 - 14
S2(config-if-range)#switchport access vlan 3
S2(config-if-range)#exit
S2(config)#interface f0/15
S2(config-if)#switchport mode trunk
由于设置的是企望模式,这里可设,也可不设
*Mar 1 00:12:52.079: %DTP-5-TRUNKPORTON: Port Fa0/15 has become dot1q trunk
设置PC的IP后,同一VLAN能通,不同VLAN不能通,实验成功
如果想让主机
6
和
3
不通信,也可是删除一端口的
VLAN
(如图)
S2(config)#interface f0/15
S2(config-if)#switchport trunk allowed vlan remove 3
移除
VLAN3
S2(config-if)#exit
S2(config)#exit
S2#show interface f0/15 switchport
Name: Fa0/15
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1,2,4-1005 Trunk
已经移除
VLAN3
Trunking VLANs Active: 1-2 Trunk
只能承载
VLAN1--2
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
删除VLAN3后无法PING通
如想恢复用
switchport trunk allowed vlan add 3
,不多做演示。