eNSP交换机配置VLAN

一、VLAN配置过程。

1. 搭建拓扑结构。

运行eNSP>新建拓扑>搭建如下图的拓扑结构>启动设备

vlan内计算机的网关地址 vlan网关地址设置_子网掩码


2. 测试主机间连通性。

2.1 四台主机基础配置如下:

PC1:   IP地址:192.168.2.2   子网掩码:255.255.255.0   网关:192.168.2.0
PC2:   IP地址:192.168.2.3   子网掩码:255.255.255.0   网关:192.168.2.0
PC3:   IP地址:192.168.2.4   子网掩码:255.255.255.0   网关:192.168.2.0
PC4:   IP地址:192.168.2.5   子网掩码:255.255.255.0   网关:192.168.2.0

2.2 测试主机间连通性:
运用ping命令测试各主机间连通性。
PC1:

PC>ping 192.168.2.3

Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: bytes=32 seq=1 ttl=128 time=47 ms

PC>ping 192.168.2.4

Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: bytes=32 seq=1 ttl=128 time=63 ms

PC>ping 192.168.2.5

Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: bytes=32 seq=1 ttl=128 time=62 ms

如上,PC1与其他三台主机间都能连通。
PC2:

PC>ping 192.168.2.2

Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: bytes=32 seq=1 ttl=128 time=47 ms

PC>ping 192.168.2.4

Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: bytes=32 seq=1 ttl=128 time=79 ms

PC>ping 192.168.2.5

Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: bytes=32 seq=1 ttl=128 time=32 ms

如上,PC2与其他三台主机间都能连通。
PC3与PC4经测试都能与其他三台主机连通,篇幅原因命令语句在此不进行展示。
3. 配置交换机。
3.1 配置交换机LSW1:
3.1.1 进入管理员系统,构建VLAN2,VLAN3,查看VLAN。

<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]quit
[Huawei]vlan 3
[Huawei-vlan3]quit
[Huawei]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up;         D: Down;         TG: Tagged;         UT: Untagged;
MP: Vlan-mapping;               ST: Vlan-stacking;
#: ProtocolTransparent-vlan;    *: Management-vlan;
--------------------------------------------------------------------------------

VID  Type    Ports                                                          
--------------------------------------------------------------------------------
1    common  UT:Eth0/0/1(U)     Eth0/0/2(U)     Eth0/0/3(U)     Eth0/0/4(D)     
                Eth0/0/5(D)     Eth0/0/6(D)     Eth0/0/7(D)     Eth0/0/8(D)     
                Eth0/0/9(D)     Eth0/0/10(D)    Eth0/0/11(D)    Eth0/0/12(D)    
                Eth0/0/13(D)    Eth0/0/14(D)    Eth0/0/15(D)    Eth0/0/16(D)    
                Eth0/0/17(D)    Eth0/0/18(D)    Eth0/0/19(D)    Eth0/0/20(D)    
                Eth0/0/21(D)    Eth0/0/22(D)    GE0/0/1(D)      GE0/0/2(D)      

2    common  
3    common  

VID  Status  Property      MAC-LRN Statistics Description      
--------------------------------------------------------------------------------

1    enable  default       enable  disable    VLAN 0001                         
2    enable  default       enable  disable    VLAN 0002                         
3    enable  default       enable  disable    VLAN 0003

3.1.2 将0/0/1和0/0/2端口设置为access类型:

[Huawei]interface Ethernet 0/0/1    
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 2  
[Huawei-Ethernet0/0/1]quit 
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 3
[Huawei-Ethernet0/0/2]quit             
[Huawei]

3.1.3 将0/0/3端口设置为trunk类型:

[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type trunk
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 2
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 3
[Huawei-Ethernet0/0/3]quit

3.1.4 查看VLAN:

[Huawei]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up;         D: Down;         TG: Tagged;         UT: Untagged;
MP: Vlan-mapping;               ST: Vlan-stacking;
#: ProtocolTransparent-vlan;    *: Management-vlan;
--------------------------------------------------------------------------------

VID  Type    Ports                                                          
--------------------------------------------------------------------------------
1    common  UT:Eth0/0/3(U)     Eth0/0/4(D)     Eth0/0/5(D)     Eth0/0/6(D)     
                Eth0/0/7(D)     Eth0/0/8(D)     Eth0/0/9(D)     Eth0/0/10(D)    
                Eth0/0/11(D)    Eth0/0/12(D)    Eth0/0/13(D)    Eth0/0/14(D)    
                Eth0/0/15(D)    Eth0/0/16(D)    Eth0/0/17(D)    Eth0/0/18(D)    
                Eth0/0/19(D)    Eth0/0/20(D)    Eth0/0/21(D)    Eth0/0/22(D)    
                GE0/0/1(D)      GE0/0/2(D)                                      

2    common  UT:Eth0/0/1(U)                                                     

             TG:Eth0/0/3(U)                                                     

3    common  UT:Eth0/0/2(U)                                                     

             TG:Eth0/0/3(U)                                                     


VID  Status  Property      MAC-LRN Statistics Description      
--------------------------------------------------------------------------------

1    enable  default       enable  disable    VLAN 0001                         
2    enable  default       enable  disable    VLAN 0002                         
3    enable  default       enable  disable    VLAN 0003                         
[Huawei]

3.2 配置交换机LSW2:
步骤同上,配置LSW2,在此不描述详细步骤,只展示交换机命令。

<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 2
[Huawei-vlan2]quit 
[Huawei]vlan 3
[Huawei-vlan3]quit
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port link-type access 
[Huawei-Ethernet0/0/1]port default vlan 3
[Huawei-Ethernet0/0/1]quit
[Huawei]interface Ethernet 0/0/2
[Huawei-Ethernet0/0/2]port link-type access 
[Huawei-Ethernet0/0/2]port default vlan 2
[Huawei-Ethernet0/0/2]quit 
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port link-type trunk
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 2
[Huawei-Ethernet0/0/3]port trunk allow-pass vlan 3
[Huawei-Ethernet0/0/3]quit 
[Huawei]display vlan 
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up;         D: Down;         TG: Tagged;         UT: Untagged;
MP: Vlan-mapping;               ST: Vlan-stacking;
#: ProtocolTransparent-vlan;    *: Management-vlan;
--------------------------------------------------------------------------------

VID  Type    Ports                                                          
--------------------------------------------------------------------------------
1    common  UT:Eth0/0/3(U)     Eth0/0/4(D)     Eth0/0/5(D)     Eth0/0/6(D)     
                Eth0/0/7(D)     Eth0/0/8(D)     Eth0/0/9(D)     Eth0/0/10(D)    
                Eth0/0/11(D)    Eth0/0/12(D)    Eth0/0/13(D)    Eth0/0/14(D)    
                Eth0/0/15(D)    Eth0/0/16(D)    Eth0/0/17(D)    Eth0/0/18(D)    
                Eth0/0/19(D)    Eth0/0/20(D)    Eth0/0/21(D)    Eth0/0/22(D)    
                GE0/0/1(D)      GE0/0/2(D)                                      

2    common  UT:Eth0/0/2(U)                                                     

             TG:Eth0/0/3(U)                                                     

3    common  UT:Eth0/0/1(U)                                                     

             TG:Eth0/0/3(U)                                                     


VID  Status  Property      MAC-LRN Statistics Description      
--------------------------------------------------------------------------------

1    enable  default       enable  disable    VLAN 0001                         
2    enable  default       enable  disable    VLAN 0002                         
3    enable  default       enable  disable    VLAN 0003                         
[Huawei]

至此,两台交换机配置完成。
4.实验验证。
4.1 测试VLAN中各主机间连通性:
ping命令测试:
PC1:

PC>ping 192.168.2.3

Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable

--- 192.168.2.3 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>ping 192.168.2.4

Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable
From 192.168.2.2: Destination host unreachable

--- 192.168.2.4 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>ping 192.168.2.5

Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: bytes=32 seq=1 ttl=128 time=62 ms
From 192.168.2.5: bytes=32 seq=2 ttl=128 time=78 ms
From 192.168.2.5: bytes=32 seq=3 ttl=128 time=78 ms
From 192.168.2.5: bytes=32 seq=4 ttl=128 time=47 ms
From 192.168.2.5: bytes=32 seq=5 ttl=128 time=63 ms

--- 192.168.2.5 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 47/65/78 ms

PC2:

PC>ping 192.168.2.2

Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable

--- 192.168.2.2 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>ping 192.168.2.4

Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: bytes=32 seq=1 ttl=128 time=63 ms
From 192.168.2.4: bytes=32 seq=2 ttl=128 time=62 ms
From 192.168.2.4: bytes=32 seq=3 ttl=128 time=63 ms
From 192.168.2.4: bytes=32 seq=4 ttl=128 time=62 ms
From 192.168.2.4: bytes=32 seq=5 ttl=128 time=63 ms

--- 192.168.2.4 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 62/62/63 ms

PC>ping 192.168.2.5

Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable
From 192.168.2.3: Destination host unreachable

--- 192.168.2.5 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC3:

PC>ping 192.168.2.2

Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable

--- 192.168.2.2 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>ping 192.168.2.3

Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.3: bytes=32 seq=1 ttl=128 time=63 ms
From 192.168.2.3: bytes=32 seq=2 ttl=128 time=62 ms
From 192.168.2.3: bytes=32 seq=3 ttl=128 time=63 ms
From 192.168.2.3: bytes=32 seq=4 ttl=128 time=63 ms
From 192.168.2.3: bytes=32 seq=5 ttl=128 time=62 ms

--- 192.168.2.3 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 62/62/63 ms

PC>ping 192.168.2.5

Ping 192.168.2.5: 32 data bytes, Press Ctrl_C to break
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable
From 192.168.2.4: Destination host unreachable

--- 192.168.2.5 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC4:

PC>ping 192.168.2.2

Ping 192.168.2.2: 32 data bytes, Press Ctrl_C to break
From 192.168.2.2: bytes=32 seq=1 ttl=128 time=94 ms
From 192.168.2.2: bytes=32 seq=2 ttl=128 time=31 ms
From 192.168.2.2: bytes=32 seq=3 ttl=128 time=62 ms
From 192.168.2.2: bytes=32 seq=4 ttl=128 time=63 ms
From 192.168.2.2: bytes=32 seq=5 ttl=128 time=62 ms

--- 192.168.2.2 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 31/62/94 ms

PC>ping 192.168.2.3

Ping 192.168.2.3: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable

--- 192.168.2.3 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

PC>ping 192.168.2.4

Ping 192.168.2.4: 32 data bytes, Press Ctrl_C to break
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable
From 192.168.2.5: Destination host unreachable

--- 192.168.2.4 ping statistics ---
  5 packet(s) transmitted
  0 packet(s) received
  100.00% packet loss

4.2 测试结果:
通过ping命令测试,可得结果为:

PC1与PC4之间相互连通,与PC2、PC3不通。
PC2与PC3之间相互连通,与PC1、PC4不通。
PC3与PC2之间相互连通,与PC1、PC4不通。
PC4与PC1之间相互连通,与PC2、PC3不通。

4.3 实验结论:

PC1与PC4属于VLAN2;
PC2与PC3属于VLAN3.
VLAN构建成功。

二、相关知识点。

1.什么是VLAN?
VLAN(Virtual Local Area Network)的中文名为"虚拟局域网"。

虚拟局域网(VLAN)是一组逻辑上的设备和用户,这些设备和用户并不受物理位置的限制,可以根据功能、部门及应用等因素将它们组织起来,相互之间的通信就好像它们在同一个网段中一样,由此得名虚拟局域网。

2.VLAN的作用。
通过划分不同的VLAN,VLAN内的主机间可以直接通信,而VLAN间不能直接互通,从而将广播报文限制在一个VLAN内。
作用:限制广播域、增强局域网的安全性(不同VLAN用户不能直接通信)、提高网络的健壮性(限制故障)、灵活构建虚拟工作组(同一VLAN用户不局限于固定的物理范围)。

3. VLAN的优点。
3.1 端口的分隔。
即便在同一个交换机上,处于不同VLAN的端口也是不能通信的。这样一个物理的交换机可以当作多个逻辑的交换机使用。
3.2 网络的安全。
不同VLAN不能直接通信,杜绝了广播信息的不安全性。
3.3 灵活的管理。
更改用户所属的网络不必换端口和连线,只需更改软件配置。
VLAN技术的出现,使得管理员根据实际应用需求,把同一物理局域网内的不同用户逻辑地划分成不同的广播域,每一个VLAN都包含一组有着相同需求的计算机工作站,与物理上形成的LAN有着相同的属性。由于它是从逻辑上划分,而不是从物理上划分,所以同一个VLAN内的各个工作站没有限制在同一个物理范围中,即这些工作站可以在不同物理LAN网段 。由VLAN的特点可知,一个VLAN内部的广播和单播流量都不会转发到其他VLAN中,从而有 助于控制流量、减少设备投资、简化网络管理、提高网络的安全性。 VLAN除了能将网络划 分为多个广播域,从而有效地控制广播风暴的发生,以及使网络的拓扑结构变得非常灵活 的优点外,还可以用于控制网络中不同部门、不同站点之间的互相访问。

4.交换机端口类型。
4.1 Access
Access类型的端口只能属于1个VLAN,一般用于连接计算机的端口;
4.2 Trunk
Trunk类型的端口可以允许多个VLAN通过,可以接收和发送多个VLAN的报文,一般用于交换机之间连接的端口;
4.3 Hybrid
Hybrid类型的端口可以允许多个VLAN通过,可以接收和发送多个VLAN的报文,可以用于交换机之间连接,也可以用于连接用户的计算机。

Hybrid端口和Trunk端口在接收数据时,处理方法一样,唯一不同之处在于发送数据时:Hybrid端口可以允许多个VLAN的报文发送时不打标签,而Trunk端口只允许缺省VLAN的报文发送时不打标签。