【应用场景】
流量隔离的需求。例如下图中,该企业通过一台二层交换机连接各三个用户群体,分别是部门A的用户、部门B的用户以及访客,初次之外交换机上还连接着公共服务器(Server)。
【实验需求】
- A部门内大用户之间能够进行二层通信,B部门同理。但是A、B部门之间的用户之间不能进行二层通信。
- 要求部门A以及部门B的用户都能访问公共服务器Server。
这里需要面对第一个疑难点。因为部门A和部门B如果被划分到两个不同的VLAN 中,二两个VLAN 现在都要访问Server,那么该把Server放在哪个VLAN呢?如果将Server防止在与部门A相同的VLAN 中,那么部门B 的用户将无法访问Server,此时就不得不借助三层设备,例如路由器来实现VLAN之间的通信,这就增加了经济成本。
- 要求访客区的任意一台PC除了能访问Server外,不能访问任何其他设备,包括其他访客PC。
这又是另一个难题。如何解决任何访客PC之间的流量隔离问题?如果将每一台访客PC都防止在不同的VLAN里,将不得不配置大量的VLAN,这心阿然是不合理的,另外,访客又如何与Server直接通信呢?
【基础知识】
MUX VLAN(Multiplex VLAN)可以实现上述需求。MUX VLAN实现了二层流量的弹性控制。
我们首先来熟悉一下MUX VLAN的几个基本概念。
- 主VLAN (Princial VLAN)
加入Principal VLAN的接口也即Principal Port,它们可以和MUX VLAN内所有的接口进行通信。
- 从VALN(Subordinate VLAN)
互通型Subordinate VLAN(Group VLAN),另一种是隔离型(Separate VLAN)。每个Group VLAN及Separate VLAN必须与一个Principal VLAN绑定。
Separate Port只能与Principal Port通信,而无法与其他类型的接口通信(包括同属一个Separate VLAN的其他Separate Port)。
Separate Port可以和Principal Port通信,属于同一Group VLAN的用户之间能够进行二层通信,而属于不同Group VLAN之间的用户之间就无法通信了,另外Group Port也无法与Separate Port通信。
【回归案例】
在该网络中部署MUX VLAN即可实现相关需求。如下图所示,交换机创建了四个VLAN,分别是100、101、102以及109,这四个VLAN分别给Server、部门A\部门B以及访客使用。VLAN 100被配置为Principal VLAN,VLAN101以及VLAN102被配置为Principal VLAN100的Gruop VLAN,如此一来,A部门内的用户之间能够进行二层通信,B部门内的用户同理,而这两个部门用户之间 则无法通信,同时由于VLAN101以及VLAN102都是Group VLAN,因此两个部门的用户都处于VLAN100的Server通信。接下来讲VLAN109配置为Principal VLAN100的Separate VLAN,如此依赖,属于VLAN109的访客只能够与Server通信,而无法与其他任何接口通信,包括VLAN109中的其他访客。
【实验拓扑】
【交换机配置】
The device is running!
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys SW1
[SW1]vlan batch 101
Oct 9 2023 21:14:11-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 4, the c
hange loop count is 0, and the maximum number of records is 4095.100 102 109
^
Error: Wrong parameter found at '^' position.
[SW1]vlan batch 100 101 102 109
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]
Oct 9 2023 21:21:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 5, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW1]mux-vlan
^
Error: Unrecognized command found at '^' position.
[SW1]suboridinate group 101 102
^
Error: Unrecognized command found at '^' position.
[SW1]vlan100
^
Error: Unrecognized command found at '^' position.
[SW1]vlan 10
[SW1-vlan10]q
[SW1]
Oct 9 2023 21:24:01-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW1]vlan 100
[SW1-vlan100]mux-vlan
[SW1-vlan100]s
Oct 9 2023 21:24:21-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 7, the c
hange loop count is 0, and the maximum number of records is 4095.
^
Error:Ambiguous command found at '^' position.
[SW1-vlan100]
[SW1-vlan100]subordinate group 101 102
[SW1-vlan100]subordi
Oct 9 2023 21:24:41-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 8, the c
hange loop count is 0, and the maximum number of records is 4095.nate separate 1
09
[SW1-vlan100]
Oct 9 2023 21:24:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 9, the c
hange loop count is 0, and the maximum number of records is 4095.qui
[SW1]int ge0/0/1
^
Error: Wrong parameter found at '^' position.
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]q
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]po li acc
[SW1-Ethernet0/0/1]
Oct 9 2023 21:25:31-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 10, the
change loop count is 0, and the maximum number of records is 4095.
[SW1-Ethernet0/0/1]po def vlan 101
[SW1-Ethernet0/0/1]port mux-vla
Oct 9 2023 21:25:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 11, the
change loop count is 0, and the maximum number of records is 4095.n enable
[SW1-Ethernet0/0/1]qui
[SW1]int
Oct 9 2023 21:26:01-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 12, the
change loop count is 0, and the maximum number of records is 4095. e0/0/2
[SW1-Ethernet0/0/2]por li acc
[SW1-Ethernet0/0/2]poer def
Oct 9 2023 21:26:21-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 13, the
change loop count is 0, and the maximum number of records is 4095.vlan 101
^
Error: Unrecognized command found at '^' position.
[SW1-Ethernet0/0/2]port mux-vlan enable
Error: Please enable MUX-VLAN in vlan command mode.
[SW1-Ethernet0/0/2]qui
[SW1]int e0/0/3
[SW1-Ethernet0/0/3]
[SW1-Ethernet0/0/3]po li acc
[SW1-Ethernet0/0/3]
Oct 9 2023 21:26:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 14, the
change loop count is 0, and the maximum number of records is 4095.
[SW1-Ethernet0/0/3]po def vlan 102
[SW1-Ethernet0/0/3]
[SW1-Ethernet0/0/3]por mux-vlan
Oct 9 2023 21:27:11-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 15, the
change loop count is 0, and the maximum number of records is 4095.enable
^
Error:Ambiguous command found at '^' position.
[SW1-Ethernet0/0/3]port mux-vlan enable
[SW1-Ethernet0/0/3]q
[SW1]int
Oct 9 2023 21:27:31-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 16, the
change loop count is 0, and the maximum number of records is 4095.e0/0/5
[SW1-Ethernet0/0/5]int e0/0/4
[SW1-Ethernet0/0/4]po li acc
[SW1-Ethernet0/0/4]port
Oct 9 2023 21:27:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 17, the
change loop count is 0, and the maximum number of records is 4095.def vlan 102
[SW1-Ethernet0/0/4]por
Oct 9 2023 21:28:21-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 18, the
change loop count is 0, and the maximum number of records is 4095
Error: The interface is already a L2 interface.
[SW1-Ethernet0/0/4]port mux-vlan enable
[SW1-Ethernet0/0/4]q
[SW1]int e0/0/5
Oct 9 2023 21:28:41-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 19, the
change loop count is 0, and the maximum number of records is 4095.po li acc
^
Error: Wrong parameter found at '^' position.
[SW1]por defa
[SW1-port-group-defa]po def
Oct 9 2023 21:28:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 20, the
change loop count is 0, and the maximum number of records is 4095.vlan 109
[SW1-port-group-defa]q
[SW1]int e0/0/5
[SW1-Ethernet0/0/5]po li acc
[SW1-Ethernet0/0/5]po
Oct 9 2023 21:29:11-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 21, the
change loop count is 0, and the maximum number of records is 4095.def vlan 109
[SW1-Ethernet0/0/5]po mux-vl
Oct 9 2023 21:29:21-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 22, the
change loop count is 0, and the maximum number of records is 4095.an enable
[SW1-Ethernet0/0/5]
Oct 9 2023 21:29:31-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 23, the
change loop count is 0, and the maximum number of records is 4095.q
[SW1]int e0/0/6
[SW1-Ethernet0/0/6]po li acc
[SW1-Ethernet0/0/6]
Oct 9 2023 21:29:41-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 24, the
change loop count is 0, and the maximum number of records is 4095.
[SW1-Ethernet0/0/6]po def vlan 109
[SW1-Ethernet0/0/6]port mux-vlan
Oct 9 2023 21:30:01-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 25, the
change loop count is 0, and the maximum number of records is 4095.enable
[SW1-Ethernet0/0/6]q
[SW1]int
Oct 9 2023 21:30:11-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 26, the
change loop count is 0, and the maximum number of records is 4095.
^
Error:Incomplete command found at '^' position.
[SW1]int e0/0/0
^
Error: Wrong parameter found at '^' position.
[SW1]int e0/0/7
[SW1-Ethernet0/0/7]po lin acc
[SW1-Ethernet0/0/7]po def vlan
Oct 9 2023 21:30:51-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 27, the
change loop count is 0, and the maximum number of records is 4095.100
[SW1-Ethernet0/0/7]port mux-vlan
Oct 9 2023 21:31:01-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 28, the
change loop count is 0, and the maximum number of records is 4095.enable
[SW1-Ethernet0/0/7]q【配置结果】
[SW1]dis mux-vlan
Oct 9 2023 21:31:11-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 29, the
change loop count is 0, and the maximum number of records is 4095.
Principal Subordinate Type Interface
-----------------------------------------------------------------------------
100 - principal Ethernet0/0/7
100 109 separate Ethernet0/0/5 Ethernet0/0/6
100 101 group Ethernet0/0/1
100 102 group Ethernet0/0/3 Ethernet0/0/4
-----------------------------------------------------------------------------
[SW1]
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
