构建VLAN
一、实验介绍
在一家微型企业中,企业的办公区域分为两个房间,一个小房间为老板办公室,一个大房间为开放办公室,财务部和销售部的员工共同使用这个办公空间。
我们需要通过VLAN的划分,使老板PC、财务部PC和销售部PC之间无法进行通信,以此提供一定程度的安全性和便捷性。同时在这个办公环境中,财务部和销售部各自拥有本部门的服务器,财务部PC可以访问财务部服务器,销售部PC可以访问销售部服务器,但不可跨部门访问。
二、 实验目的
掌握创建VLAN的命令,允许VLAN内部通信,不允许VLAN之间通信
掌握将交换机端口配置为 access、trunk、hybrid端口的命令
掌握限制 trunk链路上允许传输的VLAN的命令
掌握根据端口、MAC地址划分VLAN的方法
三、实验任务1:创建VLAN
实验目的:在两台交换机S1和S2上分别创建公司需要的VLAN,两台交换机上的VLAN总结如下:
1. S1的VLAN配置
- 交换机S1:VLAN 10、VLAN 20和VLAN 30
- 在S1上创建VLAN
vlan 10
quit
vlan 20
quit
vlan 30
2. S2的VLAN的配置
- 交换机S2:VLAN 20和VLAN 30
- 在S2上创建VLAN(使用
batch批量创建)
vlan batch 20 30
3. 在S1上查看VLAN汇总信息
display vlan summary
结果
static vlan:
Total 4 static vlan.
1 10 20 30
dynamic vlan:
Total 0 dynamic vlan.
reserved vlan:
Total 0 reserved vlan.
- 在S1上查看VLAN与端口的对应关系
display vlan
结果
[Huawei]dis vlan
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(D) GE0/0/3(D) GE0/0/4(U)
GE0/0/5(U) GE0/0/6(U) GE0/0/7(D) GE0/0/8(D)
GE0/0/9(D) GE0/0/10(U) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common
20 common
30 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
四、 实验任务2:基于端口划分VLAN
- 实验目的:交换机端口的规划总结如下:
1. S1的Access端口配置
- 将端口设置为Access模式(接口视图)[语法]
-
port link-type access
- 将端口加入VLAN(接口视图)[语法]
-
port default vlan vlan-id - 配置S1的G0/0/1 – G0/0/3端口
interface GigabitEthernet 0/0/1
port link-type access
port default vlan 10
quit
interface GigabitEthernet 0/0/2
port link-type access
port default vlan 10
quit
interface GigabitEthernet 0/0/3
port link-type access
port default vlan 10
quit
- 在S1上查看VLAN与端口的对应关系
display vlan
结果
[Huawei]display vlan
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/4(U) GE0/0/5(U) GE0/0/6(U) GE0/0/7(D)
GE0/0/8(D) GE0/0/9(D) GE0/0/10(U) GE0/0/11(D)
GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D)
GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D)
GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D)
GE0/0/24(D)
10 common UT:GE0/0/1(U) GE0/0/2(D) GE0/0/3(D)
20 common
30 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
2. S2的Access端口配置
- 配置S2的G0/0/1、G0/0/2端口
interface GigabitEthernet 0/0/1
port link-type access
port default vlan 20
quit
interface GigabitEthernet 0/0/2
port link-type access
port default vlan 30
- 在S2上查看VLAN与端口的对应关系
display vlan
结果
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/3(D) GE0/0/4(D) GE0/0/5(D) GE0/0/6(D)
GE0/0/7(D) GE0/0/8(D) GE0/0/9(D) GE0/0/10(U)
GE0/0/11(D) GE0/0/12(D) GE0/0/13(D) GE0/0/14(D)
GE0/0/15(D) GE0/0/16(D) GE0/0/17(D) GE0/0/18(D)
GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D)
GE0/0/23(D) GE0/0/24(D)
20 common UT:GE0/0/1(U)
30 common UT:GE0/0/2(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
3. Trunk端口设置
- 将端口设置为Trunk模式(接口视图)(trunk模式)[语法]
-
port link-type trunk - 设置允许Trunk传输的VLAN(接口视图)[语法]
-
port trunk allow-pass vlan {{vlan-id1 [to vlan-id2]} | all} - S1和S2的Trunk端口配置
- 配置S1的G0/0/10端口
interface GigabitEthernet 0/0/10
port link-type trunk
port trunk allow-pass vlan 20 30
undo port trunk allow-pass vlan 1
- 配置S2的G0/0/10端口
interface GigabitEthernet 0/0/10
port link-type trunk
port trunk allow-pass vlan 20 30
undo port trunk allow-pass vlan 1
- 查看VLAN与端口的对应关系(以S1为例)
display vlan
结果
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/4(U) GE0/0/5(U) GE0/0/6(U) GE0/0/7(D)
GE0/0/8(D) GE0/0/9(D) GE0/0/11(D) GE0/0/12(D)
GE0/0/13(D) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D)
GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D)
GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(D)
10 common UT:GE0/0/1(U) GE0/0/2(D) GE0/0/3(D)
20 common TG:GE0/0/10(U)
30 common TG:GE0/0/10(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
五. 实验任务3:基于MAC地址划分VLAN
- 实验目的:交换机S1端口G0/0/4 – G0/0/9需基于MAC地址划分VLAN。
- 将MAC地址与VLAN进行关联(VLAN视图)
mac-vlan mac-address mac-address(MAC地址 H-H-H)
- 将端口设置为Hybrid模式(接口视图)
port link-type hybrid(hybrid模式)
- 设置允许端口传输的VLAN(接口视图)
port hybrid untagged vlan {{vlan-id1 [to vlan-id2]} | all}
- 在端口上启用基于MAC地址划分VLAN(接口视图)\
mac-vlan enable
- 在S1上关联MAC地址和VLAN
vlan 20
mac-vlan mac-address 00e0-fc00-2001
mac-vlan mac-address 00e0-fc00-2002
quit
vlan 30
mac-vlan mac-address 00e0-fc00-3001
- 在S1上配置G0/0/4端口
interface GigabitEthernet 0/0/4
port link-type hybrid
port hybrid untagged vlan 20 30
mac-vlan enable
- 在S1上配置G0/0/4 – G0/0/9端口
port-group port5-9
group-member GigabitEthernet 0/0/5 to GigabitEthernet 0/0/9
port hybrid untagged vlan 20 30
mac-vlan enable
- 查看MAC地址与VLAN的关联
display mac-vlan mac-address all
结果
[Huawei-port-group-port5-9]display mac-vlan mac-address all
---------------------------------------------------
MAC Address MASK VLAN Priority
---------------------------------------------------
00e0-fc00-2001 ffff-ffff-ffff 20 0
00e0-fc00-2002 ffff-ffff-ffff 20 0
00e0-fc00-3001 ffff-ffff-ffff 30 0
Total MAC VLAN address count: 3
- 查看G0/0/4学到的MAC地址
display mac-address dynamic GigabitEthernet 0/0/4
结果
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
00e0-fc00-2001 20 - - GE0/0/4 dynamic 0/-
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 1
- 查看VLAN 20中的MAC地址
display mac-address dynamic vlan 20
结果
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
00e0-fc00-2001 20 - - GE0/0/4 dynamic 0/-
00e0-fc00-2010 20 - - GE0/0/10 dynamic 0/-
00e0-fc00-2002 20 - - GE0/0/5 dynamic 0/-
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 3
评论区