目录
1 VLAN的概念及优势
物理分隔。将网络从物理上划分为若干个小网络,然后使用能隔离广播的路由设备将不同的网络连接起来实现通信。
逻辑分隔。将网络从逻辑上划分为若干个小的虚拟网络,即VLAN(Virtual Local Area Network,虚拟局域网)。VLAN工作在OSI参考模型的数据链路层,一个VLAN就是一个交换网络,其中的所有用户都在同一个广播域中,各VLAN通过路由设备的连接实现通信。
作用:划分广播域,控制广播消息传递范围
VLAN的优势
节约一定的带宽资源
实际项目:缩小排错的范围
控制广播(防止交换机接口同时广播造成网络风波)
增强网络安全性(分割出的广播域不用影响其他广播域;提供了一定的安全性:默认情况下两个不同的VLAN不允许相互通信
简化网络管理(划分广播域的类型,更加方便,简易,好管理)
2 VLAN的种类
1.1静态vlan
静态VLAN也称基于端口的VLAN,是目前最常见的VLAN实现方式。静态VLAN即明确指定交换机的端口属于哪个VILAN,这需要网络管理员手动配置。当用户主机连接到交换机端口上时,就被分配到了对应的VLAN中
1.2动态vlan
静态vlan通过将接口加入vlan来分配对应的vlan,接入到这个接口的都属于这个vlan
但动态vlan不同,他是基于mac地址的vlan,他把mac地址跟vlan对应,只要是这个mac地址的设备就属于这个vlan,而不管我是接在哪个接口上
三.静态VLAN的配置
Cisco交换机最多能够支持4096个VLAN,不同型号的交换机支持的VLAN数目不同。例如:Catalyst 2960最多能够支持255个VLAN,Catalyst 3560最多能够支持1024个VLAN。
四、常用VLAN指令
将端口加入VLAN,Access口只能属于1个VLAN,一般用于连接计算机端口。
[Huawei] int e0/0/0(进入接口模式)
[Huawei-Ethernet0/0/0] port link-typeaccess (定义二层端口为access模式)
[Huawei-Ethernet0/0/0] port default vlan 10 (将端口加入到vlan中)
[Huawei-Ethernet0/0/0] undo shutdown (开启端口)
将端口从vlan删除
[Huawei-Ethernet0/0/0] undo port default vlan
[Huawei -Ethernet0/0/0] port link-type hybrid (将端口类型恢复成默认的hvbrid模式)
查看当前端口模式、状态
[Huawei-Ethernet0/0/0] dis this
同时将多个端口加入VLAN
[Huawei] port-group1(新增组1)
[Huawei-port-group- 1] group-member Ethernet 0/0/1 to Ethernet 0/0/20(组1的成员是e0/0/1到e0/0/20)
[Huawei -port-group- 1] port link-type access[Huawei-port-group-1]port default vlan 30端口恢复默认配置,注意,执行完命令后,接口会被shutdown
[Huawei] clear confiquration interface e0/0/1
查看指定VLAN信息 dis vlan 10
五、Trunk与配置
作用
为每一个VLAN提供一条链路
只使用一条链路,且通过标识来区分不同VLAN的数据
Trunk配置命令
port link-type trunk #定义二层端口为trunk模式
port trunk allow-pass vlan10 20 #配置trunk端口允许通过的vlan
undo shutdown #开启端口
undo port trunk allow-pass vlan 10 #删除vlan
六、vlan接口类型
1.access接口类型接入模式:一般用于连接计算机或者路由的端口
作用:数据进交换机时打上vlan标签,出交换机 脱掉vlan标签
2.trunk中继一般用于连接交换机与交换机的端口
作用:用于识别可放心行的VLAN标签
3.hybrid华为私有协议华为交换机接口上默认的接口类型
七、例子
<SW1>SYS
Enter system view, return user view with Ctrl+Z.
[SW1]DIS
[SW1]display CU
[SW1]display current-configuration
#
sysname SW1
#
undo info-center enable
#
vlan batch 10 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
port link-type access
port default vlan 10
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
port link-type access
port default vlan 30
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 10.0.0.0 255.255.255.0 192.168.3.2
ip route-static 192.168.10.0 255.255.255.0 192.168.3.2
#
user-interface con 0
user-interface vty 0 4
#
return
sysname SW2
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 20
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
interface Ethernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return
[SW2]
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.3.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 192.168.2.0 255.255.255.0 192.168.3.1
ip route-static 192.168.10.0 255.255.255.0 10.0.0.1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
sysname R6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 192.168.2.0 255.255.255.0 10.0.0.2
ip route-static 192.168.3.0 255.255.255.0 10.0.0.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
PC1pingPC5
PC3pingPC5
PC2pingPC4和PC6
PC4pingPC6