∙理解虚拟 LAN(VLAN)基本原理;
∙掌握一般交换机按端口划分 VLAN的配置方法;
∙掌握Tag VLAN配置方法。
二、实验背景
某一公司内财务部、销售部的PC通过2台交换机实现通信;要求财务部和销售部内的PC可以互通,但为了数据安全起见,销售部和财务部需要进行隔离,现要在交换机上做适当配置来实现这一目的。
三、技术原理
∙VLAN是指在一个物理网段内,进行逻辑的划分,划分成若干个虚拟局域网。VLAN最大的特性是不受物理位置的,可以进行灵活的划分。VLAN具备了一个物理网段所具备的特性。相同VLAN内的主机可以相互直接通信,不同VLAN间的主机之间互相访问必须经由路由设备进行转发。广播数据包只可以在本VLAN内进行广播,不能传输到其他VLAN中。
∙Port VLAN是实现VLAN的方式之一,它利用交换机的端口进行VLAN的划分,一个端口只能属于一个VLAN。
∙Tag VLAN是基于交换机端口的另外一种类型,主要用于使交换机的相同VLAN内的主机之间可以直接访问,同时对于不同VLAN的主机进行隔离。Tag VLAN遵循IEEE802.1Q协议的标准。在使用配置了Tag VLAN的端口进行数据传输时,需要在数据帧内添加4个字节的802.1Q标签信息,用于标示该数据帧属于哪个VLAN,便于对端交换机收到数据帧后进行准确的过滤。
四、实验步骤
实验拓扑
1、设置四台PC机IP地址如图所示。
2、对交换机S1进行设置。
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1 //设置主机名
S1(config)#vlan 2 //划分VLAN 2
S1(config-vlan)#exit
S1(config)#vlan 3 //划分VLAN 3
S1(config-vlan)#exit
S1(config)#interface fa0/1
S1(config-if)#switchport access vlan 2 //将fa0/1划分到VLAN 2
S1(config-if)#exit
S1(config)#interface fa0/2
S1(config-if)#switchport access vlan 3 //将fa0/2划分到VLAN 3
S1(config-if)#exit
S1(config)#interface fa0/24 //设置fa0/24端口模式为trunk
S1(config-if)#switchport mode trunk
S1(config-if)#end
S1#
%SYS-5-CONFIG_I: Configured from console by console
S1#show vlan //查看VLAN划分情况
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gig1/1, Gig1/2
2 VLAN0002 active Fa0/1
3 VLAN0003 active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 TranS1
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
S1#show running-config
Building configuration...
Current configuration : 1080 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 3
!
interface FastEthernet0/3
!
......
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S1#
3、对交换机S2进行设置。
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vlan 2
S2(config-vlan)#exit
S2(config)#vlan 3
S2(config-vlan)#exit
S2(config)#interface fa0/1
S2(config-if)#switchport access vlan 2
S2(config-if)#exit
S2(config)#interface fa0/2
S2(config-if)#switchport access vlan 3
S2(config-if)#exit
S2(config)#interface fa0/24
S2(config-if)#switchport mode trunk
S2(config-if)#end
S2#
%SYS-5-CONFIG_I: Configured from console by console
S2#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gig1/1, Gig1/2
2 VLAN0002 active Fa0/1
3 VLAN0003 active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
S2#show running-config
Building configuration...
Current configuration : 1080 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S2
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 3
!
interface FastEthernet0/3
!
......
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S2#
五、验证
打开PC1的Command Prompt
Packet Tracer PC Command Line 1.0
PC>ipconfig
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.1.3
Pinging 192.168.1.3 with 32 bytes of data:
Request timed out. //不同VLAN间无法PING通
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>ping 192.168.1.4
Pinging 192.168.1.4 with 32 bytes of data:
Reply from 192.168.1.4: bytes=32 time=172ms TTL=128 //相同VLAN可以PING通
Reply from 192.168.1.4: bytes=32 time=78ms TTL=128
Reply from 192.168.1.4: bytes=32 time=63ms TTL=128
Reply from 192.168.1.4: bytes=32 time=79ms TTL=128
Ping statistics for 192.168.1.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 172ms, Average = 98ms下载本文
