1. VLAN技術
- 通過邏輯手段重新分配物理資源的虛擬化技術。
- 無需考慮這些設備是否連接同一臺交換機上。
- 通過邏輯的方式,將某些特定的設備組成一個廣播域。
2. VLAN特點
- 每臺終端都屬於一個VLAN
- 屬於同一個VLAN的設備之間可以通過二層直接通信
- 屬於不同VLAN設備之間則只能通過IP路由功能才能實現通信。
3. VLAN原理
- VLAN技術通過給數據幀插入不同的VLAN標籤
- 交換機通過VLAN標籤分辨出各個數據幀所屬的VLAN
4. VLAN應用下交換機端口的類型
- Access:連接的鏈路稱爲access鏈路。(通常用於連接終端設備)、(只能傳輸一個VLAN數據)
- Trunk:連接的鏈路稱爲trunk鏈路。(通常用於連接交換機設備之間)、(允許傳輸多個VLAN數據)
- Hybrid:可以用於交換機鏈路連接,也可以用於交換機與終端鏈路的連接。(能接收和發送多個VLAN數據)
5. VLAN實驗
5.1 實驗拓撲圖
5.2 實現PC1、PC2之間的互訪
5.2.1 PC1、PC2配置
5.2.2 SW1配置
(1)修改名稱
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW1
[SW1]
例1:查看端口類型
[SW1]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 hybrid 1 U: 1
Eth0/0/2 hybrid 1 U: 1
Eth0/0/3 hybrid 1 U: 1
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 hybrid 1 U: 1
GE0/0/2 hybrid 1 U: 1
例2:查看VLAN
[SW1]display vlan
The total number of vlans is : 1
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(U)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
(2) 創建VLAN10,把接口e0/0/1、e0/0/2設置成access接口,並且劃分到VLAN10中
1. 創建VLAN
[SW1]vlan 10
[SW1-vlan10]quit
例3:查看VLAN是否創建成功
[SW1]display vlan
The total number of vlans is : 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(U)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
10 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
2. 配置接口所屬VLAN
[SW1]interface e0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 10
[SW1-Ethernet0/0/1]interface e0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 10
[SW1-Ethernet0/0/2]quit
例4:查看是否加入成功(成功)
[SW1]display vlan
The total number of vlans is : 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/3(U) Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
10 common UT:Eth0/0/1(U) Eth0/0/2(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
5.2.3 驗證PC1、PC2連通(成功)
5.3 實現PC3、PC4、PC5之間的互訪
5.3.1 PC配置
其餘自行配置。
5.3.2 SW1配置
[SW1]interface e0/0/3
[SW1-Ethernet0/0/3]port link-type access
[SW1-Ethernet0/0/3]port default vlan 20
例5:查看VLAN配置
[SW1]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D)
Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D)
Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D)
Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D)
Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D)
GE0/0/2(D)
10 common UT:Eth0/0/1(U) Eth0/0/2(U)
20 common UT:Eth0/0/3(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
5.3.3 SW2配置
(1)修改名稱
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW2
[SW2]
(2)創建VLAN20,把接口e0/0/2、e0/0/3設置成access接口,並且劃分到VLAN20中
[SW2]vlan batch 10 20 30
[SW2]interface e0/0/2
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 20
[SW2-Ethernet0/0/2]interface e0/0/3
[SW2-Ethernet0/0/3]port link-type access
[SW2-Ethernet0/0/3]port default vlan 20
[SW2-Ethernet0/0/3]quit
[SW2]
例6:查看VLAN是否加入成功
[SW2]display vlan
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
10 common
20 common UT:Eth0/0/2(U) Eth0/0/3(U)
30 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
(3)測試PC3、PC4、PC5連通
PC4與PC5(成功):
PC3與PC4、PC5(失敗):
(4)解決PC3與PC4、PC5連通問題
例7:SW1上查看發現
[SW1]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 access 10 U: 10
Eth0/0/2 access 10 U: 10
Eth0/0/3 access 20 U: 20
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 hybrid 1 U: 1
GE0/0/2 hybrid 1 U: 1
可以看出交換機接口e0/0/4只允許VLAN1。
Eth0/0/4 hybrid 1 U: 1
例8:查看SW2列表信息
[SW2]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 hybrid 1 U: 1
Eth0/0/2 access 20 U: 20
Eth0/0/3 access 20 U: 20
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 hybrid 1 U: 1
GE0/0/2 hybrid 1 U: 1
可以發現接口e0/0/1允許VLAN1。
Eth0/0/1 hybrid 1 U: 1
解決方法:在交換機直連接口上配置接口類型爲trunk並允許需要通過的VLAN
SW1配置:
[SW1]interface e0/0/4
[SW1-Ethernet0/0/4]port link-type trunk
[SW1-Ethernet0/0/4]port trunk allow-pass vlan 10 20
SW2配置:
[SW2]interface e0/0/1
[SW2-Ethernet0/0/1]port link-type trunk
[SW2-Ethernet0/0/1]port trunk allow-pass vlan 10 20
例9:查看驗證
發現e0/0/4接口允許通過VLAN變化爲:
Eth0/0/4 trunk 1 U: 1
T: 10 20
發現e0/0/1接口允許VLAN變化爲:
Eth0/0/1 trunk 1 U: 1
T: 10 20
(5)驗證PC3與PC4、PC5(成功)
5.4 實現PC1,PC2與PC3,PC4,PC5之間的隔離
PC3與PC1(不通):
PC3與PC5(通):
5.5 實現PC6與任一PC之間的互訪
(1)SW2配置
[SW2]interface e0/0/4
[SW2-Ethernet0/0/4]port link-type hybrid
[SW2-Ethernet0/0/4]port hybrid pvid vlan 30
[SW2-Ethernet0/0/4]port hybrid untagged vlan 10 20 30
驗證:PC6與PC5(失敗)
例10:查看SW2上配置
發現接口e0/0/2、e0/0/3只允許VLAN20:
Eth0/0/2 access 20 U: 20
Eth0/0/3 access 20 U: 20
(2)解決方法
重新配置PC4的e0/0/2、PC5的e0/0/3端口類型
1、查看接口相關配置
[SW2]interface e0/0/2
[SW2-Ethernet0/0/2]dis this
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
return
[SW2-Ethernet0/0/2]
2、通過undo刪除已經配置的命令,重配置
[SW2-Ethernet0/0/2]undo port default vlan
[SW2-Ethernet0/0/2]undo port link-type
[SW2-Ethernet0/0/2]port link-type hybrid
[SW2-Ethernet0/0/2]port hybrid pvid vlan 20
[SW2-Ethernet0/0/2]port hybrid untagged vlan 20 30
3、驗證PC4與PC6(成功)
對於其它pc接口配置刪除重配這裏省略了,可以參考PC4。
同理可以驗證其它PC與PC6連通。
4、驗證PC6與PC5(成功)
5、驗證PC6與PC1(成功)
6、驗證PC6與PC2(成功)
7、驗證PC6與PC3(成功)
