目录
一、实验目标
- 掌握GVRP的配置方法;
- 掌握GVRP不同注册模式的配置方法。
二、实验拓扑
三、配置交换机间链路
配置交换机间为Trunk链路:
S1:
[S1]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
Apr 10 2022 14:21:39-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/1]q
[S1]
Apr 10 2022 14:22:29-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 6, the ch
ange loop count is 0, and the maximum number of records is 4095.
S2:
[S2]int g0/0/1
[S2-GigabitEthernet0/0/1]port link-type trunk
[S2-GigabitEthernet0/0/1]
Apr 10 2022 14:23:19-08:00 S2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.
[S2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S2-GigabitEthernet0/0/1]q
[S2]
S3:
[S3]int e0/0/1
[S3-Ethernet0/0/1]port link-type trunk
Apr 10 2022 14:24:37-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.
[S3-Ethernet0/0/1]port trunk allow-pass vlan all
[S3-Ethernet0/0/1]
Apr 10 2022 14:24:47-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 6, the ch
ange loop count is 0, and the maximum number of records is 4095.q
[S3]int e0/0/2
[S3-Ethernet0/0/2]port link-type trunk
Apr 10 2022 14:25:17-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 7, the ch
ange loop count is 0, and the maximum number of records is 4095.tr
[S3-Ethernet0/0/2]port trunk allow-pass vlan all
[S3-Ethernet0/0/2]q
[S3]
Apr 10 2022 14:25:27-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
S4:
[S4]int e0/0/1
[S4-Ethernet0/0/1]port link-type trunk
Apr 10 2022 14:26:32-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.va
[S4-Ethernet0/0/1]port trunk allow-pass vlan all
[S4-Ethernet0/0/1]
[S4-Ethernet0/0/1]q
[S4]int e
Apr 10 2022 14:26:42-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 6, the ch
ange loop count is 0, and the maximum number of records is 4095.0/0/2
[S4-Ethernet0/0/2]port link-type trunk
[S4-Ethernet0/0/2]port trunk allow-pass vlan all
[S4-Ethernet0/0/2]q
[S4]
Apr 10 2022 14:27:12-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
四、开启GVRP功能
首先要在全局模式下开启GVRP,然后在相应接口下启用GVRP:
S1:
[S1]gv
[S1]gvrp
[S1]int g0/0/01
[S1-GigabitEthernet0/0/1]gvrp
[S1-GigabitEthernet0/0/1]q
[S1]
S2:
[S2]gvrp
[S2]int g0/0/01
[S2-GigabitEthernet0/0/1]gvrp
[S2-GigabitEthernet0/0/1]q
[S2]
Apr 10 2022 14:38:10-08:00 S2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.
S3:
[S3]gvrp
[S3]int e0/0/1
[S3-Ethernet0/0/1]gvrp
[S3-Ethernet0/0/1]
Apr 10 2022 14:38:48-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 10, the c
hange loop count is 0, and the maximum number of records is 4095.q
[S3]int e0/0/2
[S3-Ethernet0/0/2]gvrp
[S3-Ethernet0/0/2]q
[S3]
Apr 10 2022 14:38:58-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 11, the c
hange loop count is 0, and the maximum number of records is 4095.
S4:
[S4]gvrp
[S4]int e0/0/1
[S4-Ethernet0/0/1]
Apr 10 2022 14:39:23-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
[S4-Ethernet0/0/1]gvrp
[S4-Ethernet0/0/1]q
[S4]int e0/0/2
[S4-Ethernet0/0/2]
Apr 10 2022 14:39:33-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 10, the c
hange loop count is 0, and the maximum number of records is 4095.
[S4-Ethernet0/0/2]gvrp
[S4-Ethernet0/0/2]q
[S4]
在S1上创建VLAN2和VLAN100,在S2上创建VLAN2和VLAN200,在S3、S4上创建VLAN2:
S1:
[S1]vlan batch 2 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]
Apr 10 2022 14:42:50-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
S2:
[S2]vlan batch 2 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[S2]
Apr 10 2022 14:43:00-08:00 S2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.
S3:
[S3]vlan 2
[S3-vlan2]q
[S3]
S4:
[S4]vlan 2
[S4-vlan2]q
[S4]
在S3、S4上执行display gvrp statistics 命令,查看GVRP统计信息:
S3:
S4:
可以看到,交换机上默认的GVRP注册模式为Normal,接下来再查看S3、S4上VLAN的学习情况:
S3:
S4:
上述信息可以看到,S3、S4已经能够学习到VLAN100和VLAN200,但是仅有一侧端口加入到VLAN的动态学习中,此时数据帧就只能单向通信,还分别要在S1上创建VLAN200,S2上创建VLAN100,使得交换机两侧端口都加入到VLAN动态学习中,这样才能实现报文的双向通信:
S1:
[S1]vlan 200
[S1-vlan200]q
[S1]
S2:
[S2]vlan 100
[S2-vlan100]q
[S2]
配置完成后再来查看S3、S4上的VLAN信息:
S3:
S4:
对比之前的VLAN信息,可以看到S3、S4上的两侧端口均已加入VLAN的动态学习中。
五、修改GVRP注册模式
将S3的E0/0/2、S4的E0/0/2接口的注册模式修改为Fixed:
S3:
[S3]int e0/0/2
[S3-Ethernet0/0/2]gvrp registration fixed
[S3-Ethernet0/0/2]q
[S3]
Apr 10 2022 15:09:43-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 12, the c
hange loop count is 0, and the maximum number of records is 4095.
S4:
[S4]int e0/0/2
[S4-Ethernet0/0/2]gvrp registration fixed
[S4-Ethernet0/0/2]q
[S4]
Apr 10 2022 15:10:18-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 12, the c
hange loop count is 0, and the maximum number of records is 4095.
再次在S3、S4上执行display gvrp statistics 命令,查看GVRP统计信息:
S3:
S4:
可以看到E0/0/2端口注册模式已修改为Fixed,该端口将无法注册动态VLAN。
在S3上查看VLAN信息:
S3:
可以看到,E0/0/2端口已无法注册动态VLAN。
修改S3、S4上的E/0/0/2接口注册模式为Forbidden:
S3:
[S3]int e0/0/2
[S3-Ethernet0/0/2]gvrp registration forbidden
Info: This operation may take a few seconds. Please wait for a moment...done.
[S3-Ethernet0/0/2]q
[S3]
Apr 10 2022 15:18:54-08:00 S3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 13, the c
hange loop count is 0, and the maximum number of records is 4095.
S4:
[S4]int e0/0/2
[S4-Ethernet0/0/2]gvrp registration forbidden
Info: This operation may take a few seconds. Please wait for a moment...done.
[S4-Ethernet0/0/2]q
[S4]
Apr 10 2022 15:19:38-08:00 S4 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 13, the c
hange loop count is 0, and the maximum number of records is 4095.
再次在S3、S4上执行display gvrp statistics 命令,查看GVRP统计信息:
S3:
S4:
最后验证配置结果:
S3:
因为在Forbidden模式下,端口只允许VLAN1报文通过,禁止其他任何VLAN报文通过。
六、配置文件
S1:
[S1]display current-configuration
#
sysname S1
#
vlan batch 2 100 200
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[S1]
S2:
[S2]display current-configuration
#
sysname S2
#
vlan batch 2 100 200
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[S2]
S3:
[S3]display current-configuration
#
sysname S3
#
vlan batch 2
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
gvrp registration forbidden
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[S3]
S4:
[S4]display current-configuration
#
sysname S4
#
vlan batch 2
#
gvrp
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
gvrp
gvrp registration forbidden
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[S4]