介绍MUX-vlan
MUX-vlan:主要做得是二层交换机得隔离技术
分为主vlan
从vlan:隔离型vlan:内部不能互访
互通型从vlan:内部可以互访
利用这种特性进行二层得隔离操作
提示:以下是本篇文章正文内容,下面案例可供参考
一、实验拓扑
二、实验源码和实验结果验证
1.实验源码:
代码如下(示例):
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys SW1(命名)
[SW1]un in en
Info: Information center is disabled.
[SW1]vlan b
[SW1]vlan batch 10 20 30(添加vlan)
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int g0/0/1(进入接口)
[SW1-GigabitEthernet0/0/1]
[SW1-GigabitEthernet0/0/1]port link-type access (设置接口模式)
[SW1-GigabitEthernet0/0/1]port default vlan 10(通过vlan)
[SW1-GigabitEthernet0/0/1]display this
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]int g0/0/1
[SW1-GigabitEthernet0/0/1]po
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1] port default vlan 30
[SW1-GigabitEthernet0/0/1]dis
[SW1-GigabitEthernet0/0/1]display th
[SW1-GigabitEthernet0/0/1]display this
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]dis
[SW1-GigabitEthernet0/0/2]display th
[SW1-GigabitEthernet0/0/2]display this
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3] port default vlan 10
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4] port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5] port default vlan 20
[SW1-GigabitEthernet0/0/5]q
[SW1]dis
[SW1]display po
[SW1]display policy-vlan
^
Error:Incomplete command found at '^' position.
[SW1]di
[SW1]display por
[SW1]display port vlan
[SW1]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 access 30 -
GigabitEthernet0/0/2 access 10 -
GigabitEthernet0/0/3 access 10 -
GigabitEthernet0/0/4 access 20 -
GigabitEthernet0/0/5 access 20 -
GigabitEthernet0/0/6 hybrid 1 -
GigabitEthernet0/0/7 hybrid 1 -
GigabitEthernet0/0/8 hybrid 1 -
GigabitEthernet0/0/9 hybrid 1 -
GigabitEthernet0/0/10 hybrid 1 -
GigabitEthernet0/0/11 hybrid 1 -
GigabitEthernet0/0/12 hybrid 1 -
GigabitEthernet0/0/13 hybrid 1 -
GigabitEthernet0/0/14 hybrid 1 -
GigabitEthernet0/0/15 hybrid 1 -
GigabitEthernet0/0/16 hybrid 1 -
GigabitEthernet0/0/17 hybrid 1 -
GigabitEthernet0/0/18 hybrid 1 -
GigabitEthernet0/0/19 hybrid 1 -
GigabitEthernet0/0/20 hybrid 1 -
GigabitEthernet0/0/21 hybrid 1 -
GigabitEthernet0/0/22 hybrid 1 -
GigabitEthernet0/0/23 hybrid 1 -
GigabitEthernet0/0/24 hybrid 1 -
[SW1]
[SW1]vlan 30
[SW1-vlan30]mu
[SW1-vlan30]mux-vlan
[SW1-vlan30]dis
[SW1-vlan30]display th
[SW1-vlan30]display this
#
vlan 30
mux-vlan
#
return
[SW1-vlan30]vlan
[SW1-vlan30]su
[SW1-vlan30]subordinate ?
group Vlan Group
separate Separate vlan
[SW1-vlan30]subordinate se
[SW1-vlan30]subordinate g
[SW1-vlan30]subordinate group 10
[SW1-vlan30]subordinate g
[SW1-vlan30]subordinate group 20
[SW1-vlan30]q
[SW1]vlan 30
[SW1-vlan30]display this
[SW1-vlan30]subordinate separate 20
Error: The current vlan has already been configured to other vlan type.
[SW1-vlan30]undo subordinate group 20
[SW1-vlan30]su
[SW1-vlan30]subordinate se
[SW1-vlan30]subordinate separate 20
[SW1-vlan30]dis
[SW1-vlan30]display th
[SW1-vlan30]display this
[SW1]display mux-vlan
Principal Subordinate Type Interface
-----------------------------------------------------------------------------
30 - principal
30 20 separate
30 10 group
-----------------------------------------------------------------------------
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]po
[SW1-GigabitEthernet0/0/1]port mux
[SW1-GigabitEthernet0/0/1]port mux-vlan en
[SW1-GigabitEthernet0/0/1]port mux-vlan enable
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port mux-vlan enable
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port mux-vlan enable
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port mux-vlan en
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port mux-vlan enable
[SW1-GigabitEthernet0/0/5]display this
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 20
port mux-vlan enable
#
return
[SW1-GigabitEthernet0/0/5]q
[SW1]display mux-vlan
Principal Subordinate Type Interface
-----------------------------------------------------------------------------
30 - principal GigabitEthernet0/0/1
30 20 separate GigabitEthernet0/0/4 GigabitEthernet0/0/5
30 10 group GigabitEthernet0/0/2 GigabitEthernet0/0/3
-----------------------------------------------------------------------------
[SW1]
[SW1]
2.实验结果验证
pc1:
pc1 ping 服务器:
可以通信
pc1 ping pc2:
可以通信
pc1 ping pc3:
通信不了,实验成功,因为有隔离网段
pc3 ping 服务器:
可以通信,实验成功
pc3 ping pc4:
通信不了,实验成功,隔离网段不能互相通信。
总结
MUX (multiplex) VLAN是用在二层交换机的网络之间做流量隔离使用的,可以基于vlan做更精准的二层流量分离,以下面拓扑为例,让不同部门不可以通讯,但是所有部门可以访问服务器网络,这种情况如果使用纯vlan是解决不了的,有些人可能说使用三层设备可以解决但是,网络技术很多都是为了节约成本的。