我们今天来配置一个Vlan的综合项目,包扩Vlan的划分、基于端口的vlan、基于IP的vlan、基于协议的vlan
搭建实验拓扑图
基于端口的vlan配置
在 S1上创建VLAN10和VLAN20,将PCA所连接的端口GigabitEthernet1/0/2添加到VLAN10中,将PCB所连接的端口 GigabitEthernet1/0/3添加到VLAN20 中;,在S2上创建VLAN10和VLAN20,将PCC所连接的端口 GigabitEthernet1/0/2添加到VLAN10中,将PCD所连接的端口GigabitEthernet1/0/3添加到VLAN10中
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]sysname S1
[S1]vlan 10
[S1-vlan10]port GigabitEthernet 1/0/2
[S1-vlan10]quit
[S1]vlan 20
[S1-vlan20]port GigabitEthernet 1/0/3
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C]sysname S2
[S2]vlan 10
[S2-vlan10]port GigabitEthernet 1/0/2
[S2-vlan10]vlan 20
[S2-vlan20]port GigabitEthernet 1/0/3
查看vlan
验证vlan的隔离性
同一vlan下的PC互通,不同vlan不通
PC编址
PCA | 192.168.1.1 | 255.255.255.0 |
PCB | 192.168.1.2 | 255.255.255.0 |
PCC | 192.168.1.3 | 255.255.255.0 |
PCD | 192.168.1.4 | 255.255.255.0 |
可见,即使在同一网段下,PC与PCB也不会通
交换机之间配置trunk接口,交换机与PC间配置access接口
[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/1]port link-type trunk
[S1-GigabitEthernet1/0/1]port trunk permit vlan all
[S1-GigabitEthernet1/0/1]quit
[S1]interface GigabitEthernet 1/0/2
[S1-GigabitEthernet1/0/2]port link-type access
[S1-GigabitEthernet1/0/2]quit
[S1]interface GigabitEthernet 1/0/3
[S1-GigabitEthernet1/0/3]port link-type access
[S2]interface GigabitEthernet 1/0/1
[S2-GigabitEthernet1/0/1]port link-type trunk
[S2-GigabitEthernet1/0/1]port trunk permit vlan all
[S2-GigabitEthernet1/0/1]quit
[S2]interface GigabitEthernet 1/0/2
[S2-GigabitEthernet1/0/2]port link-type access
[S2-GigabitEthernet1/0/2]quit
[S2]interface GigabitEthernet 1/0/3
[S2-GigabitEthernet1/0/3]port link-type access
查看vlan信息
此时的PCA才会与PCC通,PCB与PCD通
配置Hybrid端口
这种模式不同于trunk的是,它属于一方是被动的,自己可以自动判断vlan的vid,但个人觉得还是传统模式比较好
在S1上先创建VLAN30,把端口GigabitEthernet1/0/2设置为Hybrid链路端口,并允许VLAN10和VLAN30的数据帧不打标签;端口GigabitEthernet1/0/3设置为Hybrid链路端口,并允许VLAN20和VLAN30的数据帧不打标;VLAN30的数据帧不打标签(untagged);把端口GigabitEthernet1/0/1设置为Hybrid链路端口,修改端口的PVID为VLAN30,并允许VLAN10、VLAN20和VLAN30的数据帧不打标签( untagged) 。
注意:Trunk端口不能直接被设置为Hybrid端口,只能先设为Access端口,再设置为Hybrid端口。
[S1]vlan 30
[S1-vlan30]quit
[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/2]port link-type access
[S1-GigabitEthernet1/0/2]port link-type hybrid
[S1-GigabitEthernet1/0/2]port hybrid vlan 10 30 untagged
[S1-GigabitEthernet1/0/2]qu
[S1]interface GigabitEthernet 1/0/2
[S1-GigabitEthernet1/0/3]port link-type hybrid
[S1-GigabitEthernet1/0/3]port hybrid vlan 20 30 untagged
[S1-GigabitEthernet1/0/3]qu
[S1]interface GigabitEthernet 1/0/24
[S1-GigabitEthernet1/0/1]port link-type access
[S1-GigabitEthernet1/0/1]port link-type hybrid
[S1-GigabitEthernet1/0/1]port hybrid pvid vlan 30
[S1-GigabitEthernet1/0/1]port hybrid vlan 10 20 30 untagged
PCB则作 恢复为缺省vlan出厂设置
S1上查看vlan信息
ping测试
基于协议的Vlan
注意:基于协议的VLAN功能只能在 Hybrid端口配置。
在S1上创建VLAN10和VLAN20,分别匹配IPv4和IPv6协议模板,设置端口
GigabitEthernet1/0/2和 GigabitEthernet1/0/3为Hybrid链路端口,允许VLAN10和VLAN20不带标签(Untagged)通过,并且与VLAN10的协议模板О和VLAN20的协议模板О绑定。
在S2上创建VLAN10和VLAN20,分别匹配IPv4和 IPv6的协议模板,设置端口GigabitEthernet1/0/2和GigabitEthernet1/0/3为Hybrid链路端口,允许VLAN10和 VLAN20不带标签通过,并且与VLAN10的协议模板0和VLAN20的协议模板0绑定。
[S1]vlan 10
[S1-vlan10]protocol-vlan ipv4
[S1-vlan10]vlan 20
[S1-vlan20]protocol-vlan ipv6
[S1-vlan20]qu
查看vlan信息
S1上配置
[S1]interface GigabitEthernet 1/0/2
[S1-GigabitEthernet1/0/2]port link-type hybrid
[S1-GigabitEthernet1/0/2]port hybrid vlan 10 20 untagged
[S1-GigabitEthernet1/0/2]port hybrid protocol-vlan vlan 10 0
[S1-GigabitEthernet1/0/2]port hybrid protocol-vlan vlan 20 0
[S1-GigabitEthernet1/0/2]qu
[S1]interface GigabitEthernet 1/0/3
[S1-GigabitEthernet1/0/3]port link-type hybrid
[S1-GigabitEthernet1/0/3]port hybrid vlan 10 20 untagged
[S1-GigabitEthernet1/0/3]port hybrid protocol-vlan vlan 10 0
[S1-GigabitEthernet1/0/3]port hybrid protocol-vlan vlan 20 0
[S1-GigabitEthernet1/0/3]qu
[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/1]port link-type trunk
[S1-GigabitEthernet1/0/1]port trunk permit vlan 10 20
S2上配置
[S2]vlan 10
[S2-vlan10]protocol-vlan ipv4
[S2-vlan10]vlan 20
[S2-vlan20]protocol-vlan ipv6
[S2-vlan20]qu
[S2]interface GigabitEthernet 1/0/2
[S2-GigabitEthernet1/0/2]port link-type hybrid
[S2-GigabitEthernet1/0/2]port hybrid vlan 10 20 untagged
[S2-GigabitEthernet1/0/2]port hybrid protocol-vlan vlan 10 0
[S2-GigabitEthernet1/0/2]port hybrid protocol-vlan vlan 20 0
[S2-GigabitEthernet1/0/2]quit
[S2]interface GigabitEthernet 1/0/3
[S2-GigabitEthernet1/0/3]port link-type hybrid
[S2-GigabitEthernet1/0/3]port hybrid vlan 10 20 untagged
[S2-GigabitEthernet1/0/3]port hybrid protocol-vlan vlan 10 0
[S2-GigabitEthernet1/0/3]port hybrid protocol-vlan vlan 20 0
[S2-GigabitEthernet1/0/3]quit
[S2]interface GigabitEthernet 1/0/1
[S2-GigabitEthernet1/0/1]port link-type trunk
[S2-GigabitEthernet1/0/1]port trunk permit vlan 10 20
PC编址
PCA | 192.168.1.1 | 255.255.255.0 |
PCB | 2001::1 | |
PCC | 192.168.1.2 | |
PCD | 2001::2 |
连通性测试
PCB ping PCC
基于IP网段的VLAN
在S1上创建VLAN10和VLAN20,将IP网段10.10.10.0/24与VLAN10关联,IP网段20.20.20.0/24与 VLAN20关联,设置端口GigabitEthernet1/0/2和GigabitEthernet1/0/3为Hybrid链路端口,允许VLAN10和VLAN20不带标签(Untagged)通过,并且在端口上与VLAN10和VLAN20的子网进行关联。
[S1]vlan 10
[S1-vlan10]ip-subnet-vlan ip 10.10.10.0 255.255.255.0
[S1-vlan10]qu
[S1]vlan 20
[S1-vlan20]ip-subnet-vlan ip 20.20.20.0 255.255.255.0
[S1-vlan20]qu
查看VLAN信息
[S1]interface GigabitEthernet 1/0/2
[S1-GigabitEthernet1/0/2]port link-type hybrid
[S1-GigabitEthernet1/0/2]port hybrid vlan 10 20 untagged
[S1-GigabitEthernet1/0/2]port hybrid ip-subnet-vlan vlan 10
[S1-GigabitEthernet1/0/2]port hybrid ip-subnet-vlan vlan 20
[S1-GigabitEthernet1/0/2]quit
[S1]interface GigabitEthernet 1/0/3
[S1-GigabitEthernet1/0/3]port link-type hybrid
[S1-GigabitEthernet1/0/3]port hybrid vlan 10 20 untagged
[S1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 10
[S1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 20
[S1-GigabitEthernet1/0/3]quit
[S1]interface GigabitEthernet 1/0/1
[S1-GigabitEthernet1/0/1]port link-type trunk
[S1-GigabitEthernet1/0/1]port trunk permit vlan 10 20
在S2上创建VLAN10和VLAN20,将IP网段10.10.10.0/24 与VLAN10关联,IP网段20.20.20.0/24与VLAN20关联,设置端口 GigabitEthernet1/0/1和GigabitEthernet1/0/2为Hybrid链路端口,允许VLAN10和VLAN20不带标签(Untagged)通过,并且在端口上与VLAN10和 VLAN20的子网进行关联。
[S2]vlan 10
[S2-vlan10]ip
[S2-vlan10]ip-subnet-vlan ip 10.10.10.0 255.255.255.0
[S2-vlan10]quit
[S2]vlan 20
[S2-vlan20]ip-subnet-vlan ip 20.20.20.0 255.255.255.0
[S2-vlan20]quit
[S2]interface GigabitEthernet 1/0/2
[S2-GigabitEthernet1/0/2]port link-type hybrid
[S2-GigabitEthernet1/0/2]port hybrid vlan 10 20 untagged
[S2-GigabitEthernet1/0/2]port hybrid ip-subnet-vlan vlan 10
[S2-GigabitEthernet1/0/2]port hybrid ip-subnet-vlan vlan 20
[S2-GigabitEthernet1/0/2]quit
[S2]interface g1/0/3
[S2-GigabitEthernet1/0/3]port link-type hybrid
[S2-GigabitEthernet1/0/3]port hybrid vlan 10 20 untagged
[S2-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 10
[S2-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 20
[S2-GigabitEthernet1/0/3]qu
[S2]interface GigabitEthernet 1/0/1
[S2-GigabitEthernet1/0/1]port link-type trunk
[S2-GigabitEthernet1/0/1]port trunk permit vlan 10 20
PC编址
PCA | 10.10.10.1 | 255.255.255.0 |
PCB | 20.20.20.1 | 255.255.255.0 |
PCC | 10.10.10.2 | 255.255.255.0 |
PCD | 20.20.20.2 | 255.255.255.0 |