VLAN的3种端口类型、实验配置
- 理论
- VLAN概述
- VLAN优点
- VLAN标签
- PVID
- 接口类型
- Access-接入端口
- Trunk-干道端口
- Hybrid-混杂端口
- 3种类型总结
- 实践
- Access实验
- 拓扑
- 命令
- 结果验证
- Trunk、Hybrid实验
- 拓扑
- 命令
- 结果验证
理论
前言:
此笔记基于谢斌老师的数通课程。VLAN概述
Virtual LAN 虚拟局域网
- 将一个物理局域网在逻辑上划分成多个广播域
- 1 VLAN = 1 广播域 = 1 子网 (划分最好一个子网一个VLAN)
- 广播不会在不同VLAN间转发,而是限制在各自的VLAN中
- 不同VLAN间的设备默认无法通信,需要三层设备才能实现互通
VLAN范围:0~4095 (0和4095为保留,1为默认)
VLAN优点
- 有效控制广播域范围
- 增强局域网的安全性
- 灵活构建虚拟工作组
- 简化网络管理
VLAN标签
IEEE 802.1q:又称dot1q,是VLAN的正式标准,对Ethernet帧格式进行修改,在源MAC地址字段和协议类型字段中插入了4字节的802.1q Tag
无标记帧 (untagged frame) | 原始的数据帧,未加入4字节802.1q tag的字段 |
有标记帧 (tagged frame) | 插入了4字节802.1q tag的字段 |
PVID
Port Vlan ID ,代表端口的缺省VLAN
接口类型
Access-接入端口
用于和不能识别Tag的用户终端相连,或者不需要区分不同VLAN成员时使用。
Trunk-干道端口
用于连接交换机、路由器、AP以及可同时收发Tagged帧和Untagged帧的终端。
允许多个VLAN的帧带Tag通过,但只允许一个VLAN的帧从该类接口上发出时不带Tag (即剥离Tag)。
Hybrid-混杂端口
既可以连接主机,又可以连接其他交换机。
既可以连接接入链路又可以连接干道链路。
允许多个VLAN的帧通过,并可以在出接口方向将某些VLAN帧的Tag剥掉(由命令决定)
接收过程跟trunk一样,区别在发送 是否配置 发送报文时携带标签
3种类型总结
实践
Access实验
拓扑
需求:
1.研发、财务、销售做隔离
2.销售跟销售可以互访
命令
sys
sys SW1
vlan batch 10 20 30 100 200
int g0/0/1
port link-type access
port default vlan 10
int g0/0/2
port link-type access
port default vlan 20
int g0/0/3
port link-type access
port default vlan 30
int g0/0/4
port link-type access
port default vlan 30结果验证
PC1 不能ping通 PC2、PC3、PC4
PC1>ping 192.168.20.20
Ping 192.168.20.20: 32 data bytes, Press Ctrl_C to break
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
--- 192.168.20.20 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC1>
PC1>ping 192.168.20.30
Ping 192.168.20.30: 32 data bytes, Press Ctrl_C to break
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
--- 192.168.20.30 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC1>
PC1>ping 192.168.20.40
Ping 192.168.20.40: 32 data bytes, Press Ctrl_C to break
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
From 192.168.20.10: Destination host unreachable
--- 192.168.20.40 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC1>PC3 和 PC4 可以互通
PC3>ping 192.168.20.40
Ping 192.168.20.40: 32 data bytes, Press Ctrl_C to break
From 192.168.20.40: bytes=32 seq=1 ttl=128 time=47 ms
From 192.168.20.40: bytes=32 seq=2 ttl=128 time=31 ms
From 192.168.20.40: bytes=32 seq=3 ttl=128 time=47 ms
From 192.168.20.40: bytes=32 seq=4 ttl=128 time=31 ms
From 192.168.20.40: bytes=32 seq=5 ttl=128 time=31 ms
--- 192.168.20.40 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/37/47 ms
PC3>PC4>ping 192.168.20.30
Ping 192.168.20.30: 32 data bytes, Press Ctrl_C to break
From 192.168.20.30: bytes=32 seq=1 ttl=128 time=31 ms
From 192.168.20.30: bytes=32 seq=2 ttl=128 time=47 ms
From 192.168.20.30: bytes=32 seq=3 ttl=128 time=31 ms
From 192.168.20.30: bytes=32 seq=4 ttl=128 time=47 ms
From 192.168.20.30: bytes=32 seq=5 ttl=128 time=47 ms
--- 192.168.20.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/47 ms
PC4>Trunk、Hybrid实验
拓扑
需求:
1.研发、财务、销售做隔离
2.销售跟销售可以互访3.研发、财务、销售 都可以访问 服务器1
4.只有研发 可以访问 服务器2
备注:
- 这里左边区域原来是做Access,为什么改成Hybrid了?
- Access环境,比如PC1 ping 服务器1:
- PC1 发包给 服务器1,SW2 可以剥离掉VLAN 10的标签
- 服务器1 发包给PC1,发出来的是VLAN 100的标签,虽然中间可以剥离掉100的标签。但是,一个没有标签的包(服务器1的包),在只有一条Trunk链路下,要怎么发给VLAN10、20、30他们呢
- 为什么要多在拓扑里加一台SW3呢?
- 实际没有必要,这里只是用来演示Trunk用的
命令
SW1
sys
sys SW1
vlan batch 10 20 30 100 200
int g0/0/1
port link-type hybrid
port hybrid pvid vlan 10
port hybrid untagged vlan 10 100 200
int g0/0/2
port link-type hybrid
port hybrid pvid vlan 20
port hybrid untagged vlan 20 100
int g0/0/3
port link-type hybrid
port hybrid pvid vlan 30
port hybrid untagged vlan 30 100
int g0/0/4
port link-type hybrid
port hybrid pvid vlan 30
port hybrid untagged vlan 30 100
int g0/0/5
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20 30 100 200SW2
sys
sys SW2
vlan batch 10 20 30 100 200
int g0/0/1
port link-type hybrid
port hybrid pvid vlan 1
port hybrid tagged vlan 10 20 30 100 200
int g0/0/2
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 10 20 30 100
int g0/0/3
port link-type hybrid
port hybrid pvid vlan 200
port hybrid untagged vlan 10 200SW3
sys
sys SW3
vlan batch 10 20 30 100 200
int g0/0/1
port link-type trunk
port trunk pvid vlan 1
port trunk allow-pass vlan 10 20 30 100 200
int g0/0/2
port link-type hybrid
port hybrid pvid vlan 1
port hybrid tagged vlan 10 20 30 100 200结果验证
SW1
[SW1]dis vlan
The total number of vlans is : 6
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) GE0/0/4(U)
GE0/0/5(U) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U)
TG:GE0/0/5(U)
20 common UT:GE0/0/2(U)
TG:GE0/0/5(U)
30 common UT:GE0/0/3(U) GE0/0/4(U)
TG:GE0/0/5(U)
100 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) GE0/0/4(U)
TG:GE0/0/5(U)
200 common UT:GE0/0/1(U)
TG:GE0/0/5(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
100 enable default enable disable VLAN 0100
200 enable default enable disable VLAN 0200
[SW1]SW2
[SW2]dis vlan
The total number of vlans is : 6
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) GE0/0/4(D)
GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/2(U) GE0/0/3(U)
TG:GE0/0/1(U)
20 common UT:GE0/0/2(U)
TG:GE0/0/1(U)
30 common UT:GE0/0/2(U)
TG:GE0/0/1(U)
100 common UT:GE0/0/2(U)
TG:GE0/0/1(U)
200 common UT:GE0/0/3(U)
TG:GE0/0/1(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
100 enable default enable disable VLAN 0100
200 enable default enable disable VLAN 0200
[SW2]SW3
[SW3]dis vlan
The total number of vlans is : 6
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(D) GE0/0/4(D)
GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common TG:GE0/0/1(U) GE0/0/2(U)
20 common TG:GE0/0/1(U) GE0/0/2(U)
30 common TG:GE0/0/1(U) GE0/0/2(U)
100 common TG:GE0/0/1(U) GE0/0/2(U)
200 common TG:GE0/0/1(U) GE0/0/2(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
100 enable default enable disable VLAN 0100
200 enable default enable disable VLAN 0200
[SW3]PC1
PC1>
PC1>ping 192.168.20.100
Ping 192.168.20.100: 32 data bytes, Press Ctrl_C to break
From 192.168.20.100: bytes=32 seq=1 ttl=255 time=62 ms
From 192.168.20.100: bytes=32 seq=2 ttl=255 time=47 ms
From 192.168.20.100: bytes=32 seq=3 ttl=255 time=62 ms
From 192.168.20.100: bytes=32 seq=4 ttl=255 time=63 ms
From 192.168.20.100: bytes=32 seq=5 ttl=255 time=62 ms
--- 192.168.20.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/59/63 ms
PC1>
PC1>ping 192.168.20.200
Ping 192.168.20.200: 32 data bytes, Press Ctrl_C to break
From 192.168.20.200: bytes=32 seq=1 ttl=255 time=63 ms
From 192.168.20.200: bytes=32 seq=2 ttl=255 time=47 ms
From 192.168.20.200: bytes=32 seq=3 ttl=255 time=78 ms
From 192.168.20.200: bytes=32 seq=4 ttl=255 time=62 ms
From 192.168.20.200: bytes=32 seq=5 ttl=255 time=78 ms
--- 192.168.20.200 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/65/78 ms
PC1>PC2
PC2>ping 192.168.20.100
Ping 192.168.20.100: 32 data bytes, Press Ctrl_C to break
From 192.168.20.100: bytes=32 seq=1 ttl=255 time=140 ms
From 192.168.20.100: bytes=32 seq=2 ttl=255 time=63 ms
From 192.168.20.100: bytes=32 seq=3 ttl=255 time=78 ms
From 192.168.20.100: bytes=32 seq=4 ttl=255 time=78 ms
From 192.168.20.100: bytes=32 seq=5 ttl=255 time=78 ms
--- 192.168.20.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 63/87/140 ms
PC2>
PC2>ping 192.168.20.200
Ping 192.168.20.200: 32 data bytes, Press Ctrl_C to break
From 192.168.20.20: Destination host unreachable
From 192.168.20.20: Destination host unreachable
From 192.168.20.20: Destination host unreachable
From 192.168.20.20: Destination host unreachable
From 192.168.20.20: Destination host unreachable
--- 192.168.20.200 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC2>PC3
PC3>ping 192.168.20.100
Ping 192.168.20.100: 32 data bytes, Press Ctrl_C to break
From 192.168.20.100: bytes=32 seq=1 ttl=255 time=140 ms
From 192.168.20.100: bytes=32 seq=2 ttl=255 time=63 ms
From 192.168.20.100: bytes=32 seq=3 ttl=255 time=62 ms
From 192.168.20.100: bytes=32 seq=4 ttl=255 time=63 ms
From 192.168.20.100: bytes=32 seq=5 ttl=255 time=62 ms
--- 192.168.20.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/78/140 ms
PC3>
PC3>ping 192.168.20.200
Ping 192.168.20.200: 32 data bytes, Press Ctrl_C to break
From 192.168.20.30: Destination host unreachable
From 192.168.20.30: Destination host unreachable
From 192.168.20.30: Destination host unreachable
From 192.168.20.30: Destination host unreachable
From 192.168.20.30: Destination host unreachable
--- 192.168.20.200 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC3>PC4
PC4>ping 192.168.20.100
Ping 192.168.20.100: 32 data bytes, Press Ctrl_C to break
From 192.168.20.100: bytes=32 seq=1 ttl=255 time=125 ms
From 192.168.20.100: bytes=32 seq=2 ttl=255 time=63 ms
From 192.168.20.100: bytes=32 seq=3 ttl=255 time=62 ms
From 192.168.20.100: bytes=32 seq=4 ttl=255 time=63 ms
From 192.168.20.100: bytes=32 seq=5 ttl=255 time=47 ms
--- 192.168.20.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/72/125 ms
PC4>
PC4>ping 192.168.20.200
Ping 192.168.20.200: 32 data bytes, Press Ctrl_C to break
From 192.168.20.40: Destination host unreachable
From 192.168.20.40: Destination host unreachable
From 192.168.20.40: Destination host unreachable
From 192.168.20.40: Destination host unreachable
From 192.168.20.40: Destination host unreachable
--- 192.168.20.200 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC4>
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
