VLNA聚合之--Super VLAN 配置
配置要求:
某公司拥有多个部门且位于同一个网段,现将不同部门划分到不同的VLAN中,不同部门的用户之间需要互通
实现不同部门的二层隔离、三层互通
思路:super-VLAN只能配置在三层交换机上,SUPER-VLAN为全局VLAN 可减少IP地址的浪费。
一:批量创建VLAN 2 3 4
[Huawei]vlan batch 2 4
[Huawei]qut
二:设置VLAN 4为super vlan 并允许VLAN 2和3
[Huawei]vlan 4
[Huawei-vlan4]aggregate-vlan
[Huawei-vlan4]access-vlan 2 to 3
[Huawei-vlan4]quit
三:配置GigabitEthernet 0/0/1和GigabitEthernet 0/0/2口为ACCESS接口 并加入VLAN 2中
注意:三层的默认端口为hybrid接口,需要更改为access接口
使用端口组port-group配置会更加快速
[Huawei]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2
[Huawei-port-group]undo shut
[Huawei-GigabitEthernet0/0/1]undo shutdown
[Huawei-GigabitEthernet0/0/2]undo shutdown
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/2]port default vlan 2
三:配置GigabitEthernet 0/0/3和GigabitEthernet 0/0/4口为ACCESS接口 并加入VLAN 3中
[Huawei]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4
[Huawei-port-group]undo shut
[Huawei-GigabitEthernet0/0/3]undo shutdown
[Huawei-GigabitEthernet0/0/4]undo shutdown
[Huawei-port-group]port link-type access
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/4]port link-type access
[Huawei-port-group]port default vlan 3
[Huawei-GigabitEthernet0/0/3]port default vlan 3
[Huawei-GigabitEthernet0/0/4]port default vlan 3
四:在vlanif 4中开启arp-proxy功能,并配置VLAN 2 和3 的网关地址
[Huawei]int Vlanif 4
[Huawei-Vlanif4]ip add 192.168.10.1 255.255.255.0
[Huawei-Vlanif4]arp-proxy inter-sub-vlan-proxy enable
[Huawei-Vlanif4]quit
全局配置命令:
[Huawei]dis current-configuration
vlan batch 2 to 4
#
vlan 4
aggregate-vlan
access-vlan 2 to 3
interface Vlanif4
ip address 192.168.10.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
#
清除某个端口全部配置的命令:
[Huawei]clear configuration interface GigabitEthernet 0/0/4
永远端口组和临时端口组在配置上的区别:
永远端口组的创建:
[Huawei]port-group 1
[Huawei-group-1]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/3
临时端口组的创建:
[Huawei]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4
去掉永远端口组的命令:(临时端口组在退出后自动删除)
[Huawei]undo port-group 1