目录
第六章 VLAN特性与配置
实验 6-2 MUX VLAN (选做)
学习目的
·掌握MUX VLAN的配置方法
拓扑图
图6-2 MUX VLAN配置
场景
你是公司的网络管理员。现在公司网络是由二台交换机组成的以太网环境。图中路由器代表网络中的计算机。为了优化这个网络,需要你实现广播域的互相隔离。R1和R2处于相同的VLAN中,R3和R4分别处另一个VLAN中。公司策略需要所有PC均可以访问R5,R3和R4除了不能与R1、R2通信外也不能互相访问。
学习任务
步骤一.基础配置与IP编址
给所有设备配置IP地址和掩码。
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.10.1 24
[R1-GigabitEthernet0/0/1]quit
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.0.10.2 24
[R2-GigabitEthernet0/0/1]quit
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R3
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.10.3 24
[R3-GigabitEthernet0/0/1]quit
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R4
[R4]interface Ethernet2/0/0
[R4-Ethernet2/0/0]ip address 10.0.10.4 24
[R4-GigabitEthernet2/0/0]quit
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R5
[R5]interface Ethernet2/0/0
[R5-Ethernet2/0/0]ip address 10.0.10.5 24
[R1-GigabitEthernet0/0/1]quit
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname S1
[S1]
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname S2
[S2]
在R1上测试与R2、R3、R4和R5的连通性。
[R1]ping -c 1 10.0.10.2
PING 10.0.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.2: bytes=56 Sequence=1 ttl=255 time=14 ms
--- 10.0.10.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 14/14/14 ms
[R1]ping -c 1 10.0.10.3
PING 10.0.10.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.3: bytes=56 Sequence=1 ttl=255 time=5 ms
--- 10.0.10.3 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/5/5 ms
[R1]ping -c 1 10.0.10.4
PING 10.0.10.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.4: bytes=56 Sequence=1 ttl=255 time=15 ms
--- 10.0.10.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/15/15 ms
[R1]ping -c 1 10.0.10.5
PING 10.0.10.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.5: bytes=56 Sequence=1 ttl=255 time=6 ms
--- 10.0.10.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 6/6/6 ms
步骤二.MUX VLAN
MUX VLAN可以实现处于相同网段的设备划入不同VLAN后,虽然二层通信是隔离的,但是还可以和同一个指定VLAN通信。并且还能实现禁止相同VLAN内不同设备之间的通信。
将VLAN 100配置为MUX VLAN的主VLAN,VLAN 10和20配置为从VLAN。
通过配置各PC与交换机相连接口的类型实现所有PC均可和R4通信,R3和R4不能和其他VLAN通信的同时也不能互相通信。
配置VLAN 100为主VLAN并添加从VLAN配置。
[S1]vlan batch 10 20 100
[S1]vlan 100
[S1-vlan100]mux-vlan
[S1-vlan100]subordinate group 10
[S1-vlan100]subordinate separate 20
[S1-vlan100]quit
[S2]vlan batch 10 20 100
[S2]vlan 100
[S2-vlan100]mux-vlan
[S2-vlan100]subordinate group 10
[S2-vlan100]subordinate separate 20
[S2-vlan100]quit
将R5与S2连接的G0/0/5接口加入VLAN 100并开启MUX VLAN功能。
[S2]interface GigabitEthernet 0/0/5
[S2-GigabitEthernet0/0/5]port link-type access
[S2-GigabitEthernet0/0/5]port default vlan 100
[S2-GigabitEthernet0/0/5]port mux-vlan enable vlan 100
[S2-GigabitEthernet0/0/5]quit
将R1与S1连接的G0/0/1和R2与S1连接的G0/0/2接口加入VLAN 10并开启MUX VLAN功能。
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 10
[S1-GigabitEthernet0/0/1]port mux-vlan enable vlan 10
[S1-GigabitEthernet0/0/1]quit
[S1]interface GigabitEthernet 0/0/2
[S1-GigabitEthernet0/0/2]port link-type access
[S1-GigabitEthernet0/0/2]port default vlan 10
[S1-GigabitEthernet0/0/2]port mux-vlan enable vlan 10
[S1-GigabitEthernet0/0/2]quit
将R3与S1的G0/0/3和R4与S2的G0/0/4接口加入VLAN 20并开启MUX VLAN功能。
[S1]interface GigabitEthernet 0/0/3
[S1-GigabitEthernet0/0/3]port link-type access
[S1-GigabitEthernet0/0/3]port default vlan 20
[S1-GigabitEthernet0/0/3]port mux-vlan enable vlan 20
[S1-GigabitEthernet0/0/3]quit
[S2]interface GigabitEthernet 0/0/4
[S2-GigabitEthernet0/0/4]port link-type access
[S2-GigabitEthernet0/0/4]port default vlan 20
[S2-GigabitEthernet0/0/4]port mux-vlan enable vlan 20
[S2-GigabitEthernet0/0/4]quit
使用命令display mux-vlan查看所有MUX VLAN信息。
[S1]display mux-vlan
Principal Subordinate Type Interface
----------------------------------------------------------------------------
100 - principal
100 20 separate GE0/0/3
100 10 group GE0/0/1 GE0/0/2
----------------------------------------------------------------------------
[S2]display mux-vlan
Principal Subordinate Type Interface
----------------------------------------------------------------------------100 - principal GE0/0/5
100 20 separate GE0/0/4
100 10 group
----------------------------------------------------------------------------
使用ping命令测试R1与R2、R3、R4、R5的连通性。
[R1]ping -c 1 10.0.10.2
PING 10.0.10.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.2: bytes=56 Sequence=1 ttl=255 time=3 ms
--- 10.0.10.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
[R1]ping -c 1 10.0.10.3
PING 10.0.10.3: 56 data bytes, press CTRL_C to break
Request time out
--- 10.0.10.3 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
[R1]ping -c 1 10.0.10.4
PING 10.0.10.4: 56 data bytes, press CTRL_C to break
Request time out
--- 10.0.10.4 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
[R1]ping -c 1 10.0.10.5
PING 10.0.10.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.5: bytes=56 Sequence=1 ttl=255 time=3 ms
--- 10.0.10.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
使用ping命令测试R3与R2、R4、R5的连通性。
[R3]ping -c 1 10.0.10.2
PING 10.0.10.2: 56 data bytes, press CTRL_C to break
Request time out
--- 10.0.10.2 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
[R3]ping -c 1 10.0.10.4
PING 10.0.10.4: 56 data bytes, press CTRL_C to break
Request time out
--- 10.0.10.4 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
[R3]ping -c 1 10.0.10.5
PING 10.0.10.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.10.5: bytes=56 Sequence=1 ttl=255 time=3 ms
--- 10.0.10.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
从ping命令输出结果可知。 MUX VLAN中VLAN 10内部的R1和R2除了能够和R5通信外还能互相通信。VLAN 20内部的R3和R4仅仅能够和R5通信。
附加实验: 思考并验证
属于二个不同的MUX VLAN之间的用户,互相通信是否能实现?
最终设备配置
[S1]display current-configuration
!Software Version V200R008C00SPC500
#
sysname S1
#
vlan batch 10 20 100
#
vlan 100
mux-vlan
subordinate separate 20
subordinate group 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
port mux-vlan enable vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
port mux-vlan enable vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
port mux-vlan enable vlan 20
#
return
[S2]display current-configuration
!Software Version V200R008C00SPC500
#
sysname SW2
#
vlan batch 10 20 100
#
vlan 100
mux-vlan
subordinate separate 20
subordinate group 10
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
port mux-vlan enable vlan 20
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 100
port mux-vlan enable vlan 100
#
return