Current configuration:
!
service timestamps log date
service timestamps debug date
!
!
interface FastEthernet0/1 //端口1
switchport mode trunk //設定成trunk模式,答應端口屬于多個vlan
switchport pvid 2 //數(shù)據(jù)入端口時加上vlan1的tag
switchport trunk vlan-allowed 1,24 //端口可以屬于vlan1和24
switchport trunk vlan-untagged 1,24 //數(shù)據(jù)出端口時去除tag1和tag24
!
interface FastEthernet0/2 //端口2
switchport mode trunk //設定成trunk模式
switchport pvid 2 //數(shù)據(jù)入端口時加上vlan2的tag
switchport trunk vlan-allowed 2,24 //端口同時可屬于vlan2和24
switchport trunk vlan-untagged 2,24 //數(shù)據(jù)出端口時去除tag2和tag24
!
interface FastEthernet0/3 //同上
switchport mode trunk
switchport pvid 3
switchport trunk vlan-allowed 3,24
switchport trunk vlan-untagged 3,24
!
interface FastEthernet0/4
switchport mode trunk
switchport pvid 4
switchport trunk vlan-allowed 4,24
switchport trunk vlan-untagged 4,24
!
interface FastEthernet0/5
switchport mode trunk
switchport pvid 5
switchport trunk vlan-allowed 5,24
switchport trunk vlan-untagged 5,24
!
interface FastEthernet0/6
switchport mode trunk
switchport pvid 6
switchport trunk vlan-allowed 6,24
switchport trunk vlan-untagged 6,24
!
interface FastEthernet0/7
switchport mode trunk
switchport pvid 7
switchport trunk vlan-allowed 7,24
switchport trunk vlan-untagged 7,24
!
interface FastEthernet0/8
switchport mode trunk
switchport pvid 8
switchport trunk vlan-allowed 8,24
switchport trunk vlan-untagged 8,24
!
interface FastEthernet0/9
switchport mode trunk
switchport pvid 9
switchport trunk vlan-allowed 9,24
switchport trunk vlan-untagged 9,24
!
interface FastEthernet0/10
switchport mode trunk
switchport pvid 10
switchport trunk vlan-allowed 10,24
switchport trunk vlan-untagged 10,24
!
interface FastEthernet0/11
switchport mode trunk
switchport pvid 11
switchport trunk vlan-allowed 11,24
switchport trunk vlan-untagged 11,24
!
interface FastEthernet0/12
switchport mode trunk
switchport pvid 12
switchport trunk vlan-allowed 12,24
switchport trunk vlan-untagged 12,24
!
interface FastEthernet0/13
switchport mode trunk
switchport pvid 13
switchport trunk vlan-allowed 13,24
switchport trunk vlan-untagged 13,24
!
interface FastEthernet0/14
switchport mode trunk
switchport pvid 14
switchport trunk vlan-allowed 14,24
switchport trunk vlan-untagged 14,24
!
interface FastEthernet0/15
switchport mode trunk
switchport pvid 15
switchport trunk vlan-allowed 15,24
switchport trunk vlan-untagged 15,24
!
interface FastEthernet0/16
switchport mode trunk
switchport pvid 16
switchport trunk vlan-allowed 16,24
switchport trunk vlan-untagged 16,24
!
interface FastEthernet0/17
switchport mode trunk
switchport pvid 17
switchport trunk vlan-allowed 17,24
switchport trunk vlan-untagged 17,24
!
interface FastEthernet0/18
switchport mode trunk
switchport pvid 18
switchport trunk vlan-allowed 18,24
switchport trunk vlan-untagged 18,24
!
interface FastEthernet0/19
switchport mode trunk
switchport pvid 19
switchport trunk vlan-allowed 19,24
switchport trunk vlan-untagged 19,24
!
interface FastEthernet0/20
switchport mode trunk
switchport pvid 20
switchport trunk vlan-allowed 20,24
switchport trunk vlan-untagged 20,24
!
interface FastEthernet0/21
switchport mode trunk
switchport pvid 21
switchport trunk vlan-allowed 21,24
switchport trunk vlan-untagged 21,24
!
interface FastEthernet0/22
switchport mode trunk
switchport pvid 22
switchport trunk vlan-allowed 22,24
switchport trunk vlan-untagged 22,24
!
interface FastEthernet0/23
switchport mode trunk
switchport pvid 23
switchport trunk vlan-allowed 23-24
switchport trunk vlan-untagged 23-24
!
interface FastEthernet0/24 //端口24,本例中作為上行口
switchport mode trunk //設為trunk模式
switchport pvid 24 //數(shù)據(jù)入端口時加上vlan24的tag
switchport trunk vlan-untagged all //數(shù)據(jù)出端口時去除所有tag(tag1~tag24)
! //注重trunk口時默認屬于所有tag的!
vlan 1-24 //建立1~24個vlan,默認情況下只有vlan1,其他需要增加,且這個操作時第一步要做的!
!
!說明,本例子完成之后,interface f0/1~f/23分別屬于不同的vlan,相互之間是不能互通的(不考慮使用三層路由轉發(fā)的情況),但此時這23個端口都能與上行口interface f0/24口通訊!
此時的vlan分配情況為:
Switch_config#show vlan
VLAN Status Name Ports
---- ------- -------------------------------- ---------------------------------
1 Static Default F0/1, F0/24
2 Static VLAN0002 F0/2, F0/24
3 Static VLAN0003 F0/3, F0/24
4 Static VLAN0004 F0/4, F0/24
5 Static VLAN0005 F0/5, F0/24
6 Static VLAN0006 F0/6, F0/24
7 Static VLAN0007 F0/7, F0/24
8 Static VLAN0008 F0/8, F0/24
9 Static VLAN0009 F0/9, F0/24
10 Static VLAN0010 F0/10, F0/24
11 Static VLAN0011 F0/11, F0/24
12 Static VLAN0012 F0/12, F0/24
13 Static VLAN0013 F0/13, F0/24
14 Static VLAN0014 F0/14, F0/24
15 Static VLAN0015 F0/15, F0/24
16 Static VLAN0016 F0/16, F0/24
17 Static VLAN0017 F0/17, F0/24
18 Static VLAN0018 F0/18, F0/24
19 Static VLAN0019 F0/19, F0/24
20 Static VLAN0020 F0/20, F0/24
21 Static VLAN0021 F0/21, F0/24
22 Static VLAN0022 F0/22, F0/24
23 Static VLAN0023 F0/23, F0/24
24 Static VLAN0024 F0/1, F0/2, F0/3, F0/4, F0/5
F0/6, F0/7, F0/8, F0/9, F0/10
F0/11, F0/12, F0/13, F0/14, F0/15
F0/16, F0/17, F0/18, F0/19, F0/20
F0/21, F0/22, F0/23, F0/24簡單分析一下工作流程:
1、f0/2和f0/3之間的通信,
Switch_config#show vlan inter f0/2
Interface VLAN
Name PRoperty PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/2 Trunk 2 2,24 2,24
Switch_config#show vlan inter f0/3
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/3 Trunk 3 3,24 3,24
從中我們可以看到,f0/2是屬于vlan2和vlan的,且pvid為2,那就是說普通數(shù)據(jù)(非802.1q)進入這個端口時會被打上tag2,然后zhge報通過交換機到達f0/3時,端口三是指能夠untagvlan3和vlan24的的tag的,這個可以從上面的show vlan inter f0/3看出來,所以f0/3無法識別從f0/2過來的數(shù)據(jù)包!反過來也是一樣的!
換句話說就是實現(xiàn)了vlan2和vlan3的隔離!
2、f0/2和f0/24之間的通信,
Switch_config#show vlan inter f0/2
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/2 Trunk 2 2,24 2,24
Switch_config#show vlan inter f0/24
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/24 Trunk 24 1-24 1-2
同上面的分析方法,f0/2進入的數(shù)據(jù)被打上了tag2,但是由于f0/24是untag all的,所以他能夠去除tag2,或者是識別vlan2的數(shù)據(jù)!反過來也是一樣,數(shù)據(jù)進入f0/24時打上了tag24,這個標記在f0/2口上是能夠被去除的!所以f0/2口和f0/24口可以實現(xiàn)互通!
上面的兩個通信過程基本代表了這種vlan配置/應用的功能,即:所有的下行口都能相互隔離,但是所有的下行口都能與上行口通訊!這種vlan配置方式比較簡單,也非經(jīng)常用!大家可以參考應用!
當然這種方式的vlan劃分是局限在一臺交換機上面的!一般情況下在中小規(guī)模的應用中比較常見,特點是完全由一臺交換機來實現(xiàn)vlan的隔離/互通,且每一個端口的輸出數(shù)據(jù)都是不帶有tag的,是普通的ip數(shù)據(jù)包,用戶絕大多數(shù)的數(shù)據(jù)設備都能識別!(一般的網(wǎng)卡是無法識別802.1q的數(shù)據(jù)包的)還有一個優(yōu)點是,這個交換機上面使用過的vlan號在其他交換機上面可以重復使用,沒有限制或者相關性!
還有一種應用是跨交換機的vlan配置!
這種方式下要考慮多臺交換機的相互協(xié)調(diào)工作,比如vlan tag的“加和“去”的問題!
還是以實現(xiàn)上面例子為例,
Switch_config#show run
Building configuration...
Current configuration:
!
service timestamps log date
service timestamps debug date
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport pvid 2
!
interface FastEthernet0/3
switchport pvid 3
!
interface FastEthernet0/4
switchport pvid 4
!
interface FastEthernet0/5
switchport pvid 5
!
interface FastEthernet0/6
switchport pvid 6
!
interface FastEthernet0/7
switchport pvid 7
!
interface FastEthernet0/8
switchport pvid 8
!
interface FastEthernet0/9
switchport pvid 9
!
interface FastEthernet0/10
switchport pvid 10
!
interface FastEthernet0/11
switchport pvid 11
!
interface FastEthernet0/12
switchport pvid 12
!
interface FastEthernet0/13
switchport pvid 13
!
interface FastEthernet0/14
switchport pvid 14
!
interface FastEthernet0/15
switchport pvid 15
!
interface FastEthernet0/16
switchport pvid 16
!
interface FastEthernet0/17
switchport pvid 17
!
interface FastEthernet0/18
switchport pvid 18
!
interface FastEthernet0/19
switchport pvid 19
!
interface FastEthernet0/20
switchport pvid 20
!
interface FastEthernet0/21
switchport pvid 21
!
interface FastEthernet0/22
switchport pvid 22
!
interface FastEthernet0/23
switchport pvid 23
!
interface FastEthernet0/24
switchport mode trunk
switchport trunk vlan-untagged all
!
vlan 1-24
!
!
在這個配置里面,我們可以看到,除了上行口之外,所有的端口都屬于access模式,就是說端口只是屬于一個vlan,而f0/24上行口雖然和前面一樣都是trunk,但是沒有必要指定pvid號,原因是因為在這個配置里面這個參數(shù)不是很重要!
因為下行口的數(shù)據(jù)網(wǎng)上走時,相應的tag都能被f0/24識別(tag號不去除),但下行數(shù)據(jù)打上什么tag就不是f0/24來確定了,這個參數(shù)多是由對方交換機來確定的或者是由對方路由器(封裝子接口,802.1q)來確定的!這第二種方式,關于對方的配置情況就比較復雜:
1、假如是博達自己的交換機,那么配置就相對簡單,方法如前所述;最簡單的配是:兩臺BDCOM交換機按照樓上的配置即可實現(xiàn)vlan的相互隔離和通信,方法是把他們的f0/24口連接起來即可,然后即可實現(xiàn)兩臺交換機的號碼相同的口互通,號碼不同的口不能通信!
2、假如對方是支持802.1q的路由器,比如BDCOM的2621路由器,在其子接口下面封裝相應的vlan即可!如:
interface FastEthernet0/0.1
ip address *.*.*.*
no ip directed-broadcast
encapsulation dot1Q 2
bandwidth 100000
delay 1
!
interface FastEthernet0/0.2
ip address *.*.*.*
no ip directed-broadcast
encapsulation dot1Q 3
bandwidth 100000
delay 1
!
interface FastEthernet0/0.3
ip address *.*.*.*
no ip directed-broadcast
encapsulation dot1Q 4
bandwidth 100000
delay 1
!
3、假如對方是其他廠家的設備,基本上也是支持這種情況,但命令就不盡相同了
新聞熱點
疑難解答
