1. VLAN技术
- 通过逻辑手段重新分配物理资源的虚拟化技术。
- 无需考虑这些设备是否连接同一台交换机上。
- 通过逻辑的方式,将某些特定的设备组成一个广播域。
2. VLAN特点
- 每台终端都属于一个VLAN
- 属于同一个VLAN的设备之间可以通过二层直接通信
- 属于不同VLAN设备之间则只能通过IP路由功能才能实现通信。
3. VLAN原理
- VLAN技术通过给数据帧插入不同的VLAN标签
- 交换机通过VLAN标签分辨出各个数据帧所属的VLAN
4. VLAN应用下交换机端口的类型
- Access:连接的链路称为access链路。(通常用于连接终端设备)、(只能传输一个VLAN数据)
- Trunk:连接的链路称为trunk链路。(通常用于连接交换机设备之间)、(允许传输多个VLAN数据)
- Hybrid:可以用于交换机链路连接,也可以用于交换机与终端链路的连接。(能接收和发送多个VLAN数据)
5. VLAN实验
5.1 实验拓扑图
5.2 实现PC1、PC2之间的互访
5.2.1 PC1、PC2配置
5.2.2 SW1配置
(1)修改名称
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW1
[SW1]
例1:查看端口类型
[SW1]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 hybrid 1 U: 1
Eth0/0/2 hybrid 1 U: 1
Eth0/0/3 hybrid 1 U: 1
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 hybrid 1 U: 1
GE0/0/2 hybrid 1 U: 1
例2:查看VLAN
[SW1]display vlan
The total number of vlans is : 1
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(U)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
(2) 创建VLAN10,把接口e0/0/1、e0/0/2设置成access接口,并且划分到VLAN10中
1. 创建VLAN
[SW1]vlan 10
[SW1-vlan10]quit
例3:查看VLAN是否创建成功
[SW1]display vlan
The total number of vlans is : 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(U)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
10 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
2. 配置接口所属VLAN
[SW1]interface e0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 10
[SW1-Ethernet0/0/1]interface e0/0/2
[SW1-Ethernet0/0/2]port link-type access
[SW1-Ethernet0/0/2]port default vlan 10
[SW1-Ethernet0/0/2]quit
例4:查看是否加入成功(成功)
[SW1]display vlan
The total number of vlans is : 2
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/3(U) Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
10 common UT:Eth0/0/1(U) Eth0/0/2(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
5.2.3 验证PC1、PC2连通(成功)
5.3 实现PC3、PC4、PC5之间的互访
5.3.1 PC配置
其余自行配置。
5.3.2 SW1配置
[SW1]interface e0/0/3
[SW1-Ethernet0/0/3]port link-type access
[SW1-Ethernet0/0/3]port default vlan 20
例5:查看VLAN配置
[SW1]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D)
Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D)
Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D)
Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D)
Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D)
GE0/0/2(D)
10 common UT:Eth0/0/1(U) Eth0/0/2(U)
20 common UT:Eth0/0/3(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
5.3.3 SW2配置
(1)修改名称
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW2
[SW2]
(2)创建VLAN20,把接口e0/0/2、e0/0/3设置成access接口,并且划分到VLAN20中
[SW2]vlan batch 10 20 30
[SW2]interface e0/0/2
[SW2-Ethernet0/0/2]port link-type access
[SW2-Ethernet0/0/2]port default vlan 20
[SW2-Ethernet0/0/2]interface e0/0/3
[SW2-Ethernet0/0/3]port link-type access
[SW2-Ethernet0/0/3]port default vlan 20
[SW2-Ethernet0/0/3]quit
[SW2]
例6:查看VLAN是否加入成功
[SW2]display vlan
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/4(U) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
10 common
20 common UT:Eth0/0/2(U) Eth0/0/3(U)
30 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
(3)测试PC3、PC4、PC5连通
PC4与PC5(成功):
PC3与PC4、PC5(失败):
(4)解决PC3与PC4、PC5连通问题
例7:SW1上查看发现
[SW1]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 access 10 U: 10
Eth0/0/2 access 10 U: 10
Eth0/0/3 access 20 U: 20
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 hybrid 1 U: 1
GE0/0/2 hybrid 1 U: 1
可以看出交换机接口e0/0/4只允许VLAN1。
Eth0/0/4 hybrid 1 U: 1
例8:查看SW2列表信息
[SW2]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 hybrid 1 U: 1
Eth0/0/2 access 20 U: 20
Eth0/0/3 access 20 U: 20
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 hybrid 1 U: 1
GE0/0/2 hybrid 1 U: 1
可以发现接口e0/0/1允许VLAN1。
Eth0/0/1 hybrid 1 U: 1
解决方法:在交换机直连接口上配置接口类型为trunk并允许需要通过的VLAN
SW1配置:
[SW1]interface e0/0/4
[SW1-Ethernet0/0/4]port link-type trunk
[SW1-Ethernet0/0/4]port trunk allow-pass vlan 10 20
SW2配置:
[SW2]interface e0/0/1
[SW2-Ethernet0/0/1]port link-type trunk
[SW2-Ethernet0/0/1]port trunk allow-pass vlan 10 20
例9:查看验证
发现e0/0/4接口允许通过VLAN变化为:
Eth0/0/4 trunk 1 U: 1
T: 10 20
发现e0/0/1接口允许VLAN变化为:
Eth0/0/1 trunk 1 U: 1
T: 10 20
(5)验证PC3与PC4、PC5(成功)
5.4 实现PC1,PC2与PC3,PC4,PC5之间的隔离
PC3与PC1(不通):
PC3与PC5(通):
5.5 实现PC6与任一PC之间的互访
(1)SW2配置
[SW2]interface e0/0/4
[SW2-Ethernet0/0/4]port link-type hybrid
[SW2-Ethernet0/0/4]port hybrid pvid vlan 30
[SW2-Ethernet0/0/4]port hybrid untagged vlan 10 20 30
验证:PC6与PC5(失败)
例10:查看SW2上配置
发现接口e0/0/2、e0/0/3只允许VLAN20:
Eth0/0/2 access 20 U: 20
Eth0/0/3 access 20 U: 20
(2)解决方法
重新配置PC4的e0/0/2、PC5的e0/0/3端口类型
1、查看接口相关配置
[SW2]interface e0/0/2
[SW2-Ethernet0/0/2]dis this
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
return
[SW2-Ethernet0/0/2]
2、通过undo删除已经配置的命令,重配置
[SW2-Ethernet0/0/2]undo port default vlan
[SW2-Ethernet0/0/2]undo port link-type
[SW2-Ethernet0/0/2]port link-type hybrid
[SW2-Ethernet0/0/2]port hybrid pvid vlan 20
[SW2-Ethernet0/0/2]port hybrid untagged vlan 20 30
3、验证PC4与PC6(成功)
对于其它pc接口配置删除重配这里省略了,可以参考PC4。
同理可以验证其它PC与PC6连通。
4、验证PC6与PC5(成功)
5、验证PC6与PC1(成功)
6、验证PC6与PC2(成功)
7、验证PC6与PC3(成功)