ACCESS口的小实验
如上图的配置,两个交换机之间端口VLAN ID不同但是能互相PING通,原理是交换机自己从access发送出的数据不带有VLAN标签到了对端G0/0/1口带上标签,交换机收到了能回应。从SW4也不能PING通PC5,因为PC5回应的数据在SW3上面带上了VLAN ID10,SW4不能接收,PC4也能PING通PC6,他们对应交换机的端口都没做任何配置,然后我再在SW4上的G0/0/3上加一个VLAN30 如下图
发现PC4PING不通PC6,原理是PC4与交换机SW4所连的端口默认VLAN 1 数据在G0/0/2上带上了VLAN ID为1的标签,从g/0/3出来发现是access口,只能通过VLAN 30 的标签,所以目的主机不可达,数据到不了PC6。
以下是配置命令
// SW3
#
sysname SW3
#
vlan batch 10
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
//sw4
#
vlan batch 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
#