需求分析
1、创建vlan batch 10 20 50 100
2、super vlan为vlan 100
sub vlan为vlan 10 20
3、vlan 50为普通vlan
4、网段分配
vlan 10 网路地址10.1.1.10-19
vlan 20网络地址10.1.1.20-29
vlan 50网络地址:50.1.1.1-255
vlan 100为super vlan,只能为逻辑地址
配置
SW1:
<sw1>display current-configuration
#
sysname sw1
#
vlan batch 10 20 50 100
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
vlan 100
aggregate-vlan
access-vlan 10 20
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif50
ip address 50.1.1.1 255.255.255.0
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 50
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/12
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/13
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/14
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return
<sw1>
SW2:
<sw2>display current-configuration
#
sysname sw2
#
vlan batch 10
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return
<sw2>
关键命令
1、创建super-vlan
[sw1-vlan100] aggregate-vlan
super-vlan 中不能包含任何物理接口,vlan1不能配置为SUPER-VLAN
SUPER-VLAN中的vlan id与sub vlan中的vlan id必须使用不同的vlan id
2、将sub-vlan 加入super-vlan
[sw1-vlan100]access-vlan{vlan-id1[ to vlan-id2]}
将sub-vlan加入到super-vlan 对应的vlan中时,必须保证sub-vlan没有创建对应的VLANIF接口
3、(可选)使能super-vlan对应的vlanif接口的proxy ARP
使能sub-vlan间的proxy ARP功能
