VLAN实验

一 .实验题目

二.实验记录

1.华为VLAN部分的接口模式讲解：

      只要流量进入华为的设备将马上打上标签；-- 华为设备内部转发的流量均存在标签

      华为设备交换机上所有的接口存在转发允许列表，只有被转发允许列表允许的流量，才能从            该 接口进入或转出；   

       从某个接口转出时，除查看允许列表外，还需要定义是否标记；

       若某个流量从交换机某个接口进入时，没有标签，将被标记上该接口pvlan id；

       若某个流量从交换机的某个接口进入时，存在标签，将匹配该接口的允许列表，若被允许可            以进入，若未被允许将被丢弃；

        PC若接收到存在标记的流量，将丢弃；

       无论接口为任何模式，均匹配以上6条规则；

2.sw配置

[sw1-Ethernet0/0/5]port link-type access 
[sw1-Ethernet0/0/5]port default vlan 2

[sw1-Ethernet0/0/3]port link-type access 
[sw1-Ethernet0/0/3]port default vlan 2


[sw1-Ethernet0/0/4]port hybrid untagged vlan 3 to 6
[sw1-Ethernet0/0/4]port hybrid pvid vlan 3


[sw1-Ethernet0/0/6]port hybrid untagged vlan 2 to 4	
[sw1-Ethernet0/0/6]port hybrid pvid vlan 4




[sw2-Ethernet0/0/1]port link-type trunk 
[sw2-Ethernet0/0/1]port trunk allow-pass vlan all
[sw2-Ethernet0/0/1]q


[sw2-Ethernet0/0/2]port hybrid untagged vlan 2 3 5
[sw2-Ethernet0/0/2]port hybrid pvid vlan 5
[sw2-Ethernet0/0/2]q


[sw2-Ethernet0/0/3]port hybrid untagged vlan 2 3 6
[sw2-Ethernet0/0/3]port hybrid pvid vlan 6

 

3.R1上面写每个虚拟局域网的单臂路由和利用DHCP分配地址

[r1]int G0/0/0.2	
[r1-GigabitEthernet0/0/0.2]dot1q termination vid 3
[r1-GigabitEthernet0/0/0.2]ip address 192.168.2.1 26
[r1-GigabitEthernet0/0/0.2]arp broadcast enable 
[r1]dhcp enable 
[r1]ip pool 1
[r1-ip-pool-1]network 192.168.2.0 mask 26
[r1-ip-pool-1]gateway-list 192.168.2.1
[r1]int G0/0/0.2
[r1-GigabitEthernet0/0/0.2]dhcp select global 


[r1]int G0/0/0.4
[r1-GigabitEthernet0/0/0.4]dot1q t	
[r1-GigabitEthernet0/0/0.4]dot1q termination vid 4
[r1-GigabitEthernet0/0/0.4]ip address 192.168.2.65 26
[r1-GigabitEthernet0/0/0.4]arp broadcast enable 
[r1]dhcp enable  
[r1]ip pool 2
[r1-ip-pool-2]network 192.168.2.64 mask 26
[r1-ip-pool-2]gateway-list 192.168.2.65
[r1-GigabitEthernet0/0/0.4]dhcp select global 


[r1]int G0/0/0.5
[r1-GigabitEthernet0/0/0.5]dot1q termination vid 5
[r1-GigabitEthernet0/0/0.5]ip address 192.168.2.129 26
[r1-GigabitEthernet0/0/0.5]arp broadcast enable 
[r1-GigabitEthernet0/0/0.5]q
[r1]dhcp enable 
[r1]ip pool 3
[r1-ip-pool-3]network 192.168.2.128 mask 26
[r1-ip-pool-3]gateway-list 192.168.2.129
[r1-ip-pool-3]q
[r1]int G0/0/0.5
[r1-GigabitEthernet0/0/0.5]dhcp select global 
[r1-GigabitEthernet0/0/0.5]q


[r1]int G0/0/0.6
[r1-GigabitEthernet0/0/0.6]dot1q termination vid 6
[r1-GigabitEthernet0/0/0.6]ip address 192.168.2.193 26	
[r1-GigabitEthernet0/0/0.6]arp broadcast  enable 
[r1-GigabitEthernet0/0/0.6]q
[r1]dhcp enable 
[r1]ip pool 4
[r1-ip-pool-4]network 192.168.2.192 mask 26
[r1-ip-pool-4]gateway-list 192.168.2.193
[r1]int G0/0/0.6
[r1-GigabitEthernet0/0/0.6]dhcp select global 
[r1-GigabitEthernet0/0/0.6]q


[r1]int G0/0/0.1
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/0.1]ip address 192.168.1.1 24
[r1-GigabitEthernet0/0/0.1]arp broadcast  enable 
[r1-GigabitEthernet0/0/0.1]q
[r1]dhcp enable 
[r1]ip pool 5	
[r1-ip-pool-5]network 192.168.1.0 mask 24
[r1-ip-pool-5]gateway-list 192.168.1.1
[r1-ip-pool-5]q
[r1]int G0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global 
[r1-GigabitEthernet0/0/0.1]q

PC1

PC3

PC2 PC4

 PC5

PC6 

 三.实验验证

PC2可以访问PC4/5/6

PC4不能访问PC5/6

PC5不能访问PC6

 pc1/3能访问PC2/4/5/6