VLAN规划
图表
| 类型 | VLAN5 | VLAN10 |
|---|---|---|
| 基于端口 | G0/0/1、G0/0/7 | G0/0/2 G0/0/9 |
| 基于MAC地址 | 00-01-02-02-04-QQ | 00-01-02-03-04-WW |
| 基于IP子网划分 | 10.0.1.* | 10.0.2.* |
| 基于协议划分 | IP | IPX |
| 基于策略 | 10.0.1.* + G0/0/1 + 00-01-02-03-04-AA | 10.0.2.* + G0/0/2 + 00-01-02-03-04-BB |
图示
VLAN配置
命令
图表
| 命令 | 备注 |
|---|---|
| VLAN 10 | 创建单个VLAN |
| vlan batch 10 to 20 | 创建多个VLAN |
| port link-type access/trunk/hybrid | 配置接口类型 |
| port default vlan 10 | 配置Access关联VLAN/PVID |
| port trunk allow-pass vlan 10 | 配置Trunk允许VLAN 默认只允许VLAN1 |
| port trunk pvid vlan 10 | 配置Trunk的PVID |
| port hybrid tagged/untagged vlan 10 | 配置Hybrid的PVID |
| port hybrid pvid vlan 10 | 配置Hybrid的PVID |
| display vlan | 验证VLAN |
| display port vlan | 验证VLAN |
解释
将Access端口配置给某个VLAN
1
2
3# Access端口模式下
port default vlan xxx
Trunk端口下配置VLAN
1
2
3
4
5
6
7# Trunk端口模式下
#配置Trunk允许列表
port trunk allow-pass vlan xxx
#配置Trunk端口的PVID
port trunk pvid vlan xxx
Hybrid端口下配置VLAN
1
2
3
4
5
6
7# Hybrid 端口配置VLAN
# 配置带不带标签
port hybrid tagged/untagged vlan xxx
# 配置PVID
port hybrid pvid vlan xxx
实验
普通实验
拓扑
配置
全部配置成Access端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50<S3>sys
Enter system view, return user view with Ctrl+Z.
[S3]sys S3
[S3]int g0/0/1
[S3-GigabitEthernet0/0/1]q
[S3]q
<S3>sys
Enter system view, return user view with Ctrl+Z.
[S3]sys S3
# 创建VLAN 10
[S3]vlan 10
[S3-vlan10]int g0/0/1
# 配置端口类型
[S3-GigabitEthernet0/0/1]port link-type access
#配置端口VLAN
[S3-GigabitEthernet0/0/1]port default vlan 10
# 验证端口配置
[S3-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
return
[S3-GigabitEthernet0/0/1]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type access
[S3-GigabitEthernet0/0/2]p
Apr 26 2021 23:12:04-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 13, the c
hange loop count is 0, and the maximum number of records is 4095.
Error: The interface is already a L2 interface.
[S3-GigabitEthernet0/0/2]port default vlan 10
[S3-GigabitEthernet0/0/2]
Apr 26 2021 23:12:22-08:00 S3 %%01IFNET/4/IF_STATE(l)[0]:Interface Vlanif1 has t
urned into DOWN state.
Apr 26 2021 23:12:24-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 14, the c
hange loop count is 0, and the maximum number of records is 4095.
[S3-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
return
[S3-GigabitEthernet0/0/2]
R1配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23<S1>sys
Enter system view, return user view with Ctrl+Z.
[S1]sys S1
[S1]vlan 10
[S1-vlan10]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 10
[S1-GigabitEthernet0/0/1]dis this
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
return
[S1-GigabitEthernet0/0/2]port link-type access
[S1-GigabitEthernet0/0/2]port default vlan 10
[S1-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
return
验证
解释
- S1、S2、S3都是Access端口模式,S2是默认Hybrid端口模式,因为没有配置其他策略,等于是Access模式
- PC1到PC3路径,PC1到S1交换发送不带Tag的数据帧,S1收到数据帧会添加VLANID为10的Tag
- S1向PVID为10的端口发送ARP广播帧,端口2的PVID为10,会收到广播帧。
- 端口2的类型是Access,会将PVID为10的广播帧的Tag剥离发送出去。
- S2的端口2收到无Tag的数据帧,会将端口的VLANID添加Tag中,此时VLANID为1。
- 同样S2将数据帧转发出去的时候也会将Tag剥离,所以端口全是Access的时候,都可以ping通
验证
抓包
高级实验
- 拓扑
