华为三层交换Vlan配置

Vlan配置

学习目的

• 了解vlan的意义

• 理解vlan的安全表现

• 掌握vlan的配置

• 掌握Access接口与Trunk接口的配置

• 掌握将接口与vlan关联的配置

• 掌握Hybrid接口的配置

拓扑图

        

场景：

         你是公司的网络管理员。当前网络中需要部署vlan。购置了两台交换机。你需要部署vlan和其它特性。

学习任务

步骤一.Eth-trunk链路聚合

         实验之前，需要关闭部分设备接口，避免影响本次实验。

         本次实验需要关闭S3的E0/0/1、E0/0/23接口，另外需要关闭S4的E0/0/14接口。

         S1与S2之间的两条链路，如果开启STP，则会有一条链路被禁用，造成带宽的浪费；如果不适用STP，则会造成环路。但是如果使用Eth-trunk，则可以很好的解决这个问题。

         配置Eth-trunk之前，必须清楚接口原有配置信息。

         配置Eth-trunk时，可以将物理接口加入Eth-trunk组，也可以在Eth-trunk配置模式下，添加物理接口。

         S1使用第一种模式配置Eth-trunk与物理接口之间的关联关系。

[Huawei]sysname S1

[S1]interface eth-trunk 1

[S1-Eth-Trunk1]q

[S1]interface g0/0/9

[S1-GigabitEthernet0/0/9]eth-trunk 1

[S1-GigabitEthernet0/0/9]interface g0/0/10

[S1-GigabitEthernet0/0/10]eth-trunk 1

Info: This operation may take a fewseconds. Please wait for a moment...done.

S2使用第二种模式配置Eth-trunk与物理接口之间的关联关系。

[Huawei]sysnam S2

[S2]interface eth-trunk 1

[S2-Eth-Trunk1]trunkport g0/0/9

Info: This operation may take a fewseconds. Please wait for a moment...done.

[S2-Eth-Trunk1]trunkport g0/0/10

Info: This operation may take a fewseconds. Please wait for a moment...done.

接口默认的链路类型黑Hybird类型，可以直接修改链路类型为trunk类型。另外需要注意的是，默认情况下，接口的trunk功能禁止所有vlan的数据传输过去。

[S1]interface Eth-Trunk 1

[S1-Eth-Trunk1]port link-type trunk

[S1-Eth-Trunk1]port trunk allow-pass vlanall

 

[S2]interface Eth-Trunk 1

[S2-Eth-Trunk1]port link-type trunk

[S2-Eth-Trunk1]port trunk allow-pass vla

步骤二.配置vlan

         实验中S3、R1、R3、S4模拟为主机进行测试。其中S3属于vlan3、R1、R3属于vlan4、S4属于vlan5

         配置号码连续的多个vlan的方式有两种。实验中分别演示。

         定义vlan与接口的对应关系也有两种，试验中分别演示。

[S1]interface g0/0/13

[S1-GigabitEthernet0/0/13]port link-typeaccess

[S1-GigabitEthernet0/0/13]interface g0/0/1

[S1-GigabitEthernet0/0/1]port link-typeaccess

[S1-GigabitEthernet0/0/1]vlan 3

[S1-vlan3]port gi0/0/13

[S1-vlan3]vlan 4

[S1-vlan4]port gi0/0/1

[S1-vlan4]vlan 5

 

 

[S2]vlan batch 3 to 5

[S2]interface g0/0/2

[S2-GigabitEthernet0/0/2]port link-typeaccess

[S2-GigabitEthernet0/0/2]port default vlan4

[S2-GigabitEthernet0/0/2]interface g0/0/22

[S2-GigabitEthernet0/0/22]port link-typeaccess

[S2-GigabitEthernet0/0/22]port default vlan5

步骤三.规划地址

         R1、R3、S3和S4模拟为客户端，测试vlan配置效果。

         需要各自配置接口地址、其中交换机物理接口无法配置地址。在vlanif1接口配置IP地址。

[Huawei]sysname S3

[S3]interface vlanif 1

[S3-Vlanif1]ip add 10.0.3.3 24

 

 

[Huawei]sysname R1

[R1]interface g0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.0.4.1 24

[R1-GigabitEthernet0/0/1]

 

[Huawei]sysname R3

[R3]interface g0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.4.3 24

 

[Huawei]sysname S4

[S4]interface vlanif 1

[S4-Vlanif1]ip add 10.0.5.4 24

 

步骤四.测试

         使用ping命令，正常情况下，同属于vlan4的R1与R3之间可以通讯，其余两两相互不能通讯。

<R3>ping 10.0.4.1

 PING 10.0.4.1: 56  data bytes,press CTRL_C to break

   Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=150 ms

   Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=50 ms

   Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=60 ms

   Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=80 ms

   Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=70 ms

 

  ---10.0.4.1 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

round-tripmin/avg/max = 50/82/150 ms

其余设备之间则无法相互通讯，可以测试R1与R3之间、R3与R4之间通讯情况

         在S1上为每个vlan配置一个管理地址。相当于在S1连接了三台客户端，属于vlan3、4、5.

[S1]interface vlanif 3

[S1-Vlanif3]ip add 10.0.3.11 24

[S1-Vlanif3]interface vlanif 4

[S1-Vlanif4]ip add 10.0.4.11 24.

[S1-Vlanif4]interface vlanif 5

[S1-Vlanif5]ip add 10.0.5.11 24

[S1-Vlanif5]q

配置完成后，可以在S1上测试所有vlan内部客户端是否正常通讯。

[S1]ping 10.0.3.3

 PING 10.0.3.3: 56  data bytes,press CTRL_C to break

   Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=260 ms

   Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=40 ms

   Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=50 ms

   Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=40 ms

   Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=20 ms

 

  ---10.0.3.3 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 20/82/260 ms

 

[S1]ping 10.0.4.1

 PING 10.0.4.1: 56  data bytes,press CTRL_C to break

   Reply from 10.0.4.1: bytes=56 Sequence=1 ttl=255 time=70 ms

   Reply from 10.0.4.1: bytes=56 Sequence=2 ttl=255 time=50 ms

   Reply from 10.0.4.1: bytes=56 Sequence=3 ttl=255 time=40 ms

   Reply from 10.0.4.1: bytes=56 Sequence=4 ttl=255 time=50 ms

   Reply from 10.0.4.1: bytes=56 Sequence=5 ttl=255 time=30 ms

 

  ---10.0.4.1 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 30/48/70 ms

 

[S1]ping 10.0.4.3

 PING 10.0.4.3: 56  data bytes,press CTRL_C to break

   Reply from 10.0.4.3: bytes=56 Sequence=1 ttl=255 time=110 ms

   Reply from 10.0.4.3: bytes=56 Sequence=2 ttl=255 time=70 ms

   Reply from 10.0.4.3: bytes=56 Sequence=3 ttl=255 time=60 ms

   Reply from 10.0.4.3: bytes=56 Sequence=4 ttl=255 time=50 ms

   Reply from 10.0.4.3: bytes=56 Sequence=5 ttl=255 time=80 ms

 

  ---10.0.4.3 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 50/74/110 ms

 

[S1]ping 10.0.5.4

 PING 10.0.5.4: 56  data bytes,press CTRL_C to break

   Reply from 10.0.5.4: bytes=56 Sequence=1 ttl=255 time=110 ms

   Reply from 10.0.5.4: bytes=56 Sequence=2 ttl=255 time=60 ms

   Reply from 10.0.5.4: bytes=56 Sequence=3 ttl=255 time=40 ms

   Reply from 10.0.5.4: bytes=56 Sequence=4 ttl=255 time=90 ms

   Reply from 10.0.5.4: bytes=56 Sequence=5 ttl=255 time=60 ms

 

  ---10.0.5.4 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

round-tripmin/avg/max = 40/72/110 ms

步骤五.掌握Hybrid接口的配置

         Hybrid接口与trunk接口类似。但是增加了一些功能，可以实现在不同vlan的用户通讯，比如实验中S3与R3设备。当前他们首先需要在同一网段。

修改S3与R3地址

[S3]interface vlanif 1

[S3-Vlanif1]ip add 10.0.6.3 24

[S3-Vlanif1]

 

[R3]interface g0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.6.4 24

 

定义S1的G0/0/13/接口为Hybird接口，属于vlan3.对vlan3和vlan4定义为Untagged。注意修改链路类型之前，需要删除接口的额外配置。

[S1]interface g0/0/13

[S1-GigabitEthernet0/0/13]undo port defaultvlan

[S1-GigabitEthernet0/0/13]port link-typehybrid

[S1-GigabitEthernet0/0/13]port hybrid pvidvlan 3

[S1-GigabitEthernet0/0/13]port hybriduntagged vlan 3 to 4

定义S2的G0/0/2接口为Hybird接口，属于vlan4.对vlan3和vlan4定义为Untagged。

[S2]interface g0/0/2

[S2-GigabitEthernet0/0/2]undo port defaultvlan

[S2-GigabitEthernet0/0/2]port link-typehybrid

[S2-GigabitEthernet0/0/2]port hybrid pvidvlan 4

[S2-GigabitEthernet0/0/2]port hybriduntagged vlan 3 to 4

此时S3与R3虽然在不同网段，但是可以实现互通。

<S3>ping 10.0.6.4

 PING 10.0.6.4: 56  data bytes,press CTRL_C to break

   Reply from 10.0.6.4: bytes=56 Sequence=1 ttl=255 time=170 ms

   Reply from 10.0.6.4: bytes=56 Sequence=2 ttl=255 time=90 ms

   Reply from 10.0.6.4: bytes=56 Sequence=3 ttl=255 time=60 ms

   Reply from 10.0.6.4: bytes=56 Sequence=4 ttl=255 time=60 ms

   Reply from 10.0.6.4: bytes=56 Sequence=5 ttl=255 time=90 ms

 

  ---10.0.6.4 ping statistics ---

    5packet(s) transmitted

    5packet(s) received

   0.00% packet loss

   round-trip min/avg/max = 60/94/170 ms

本文转自 zhuxtqw 51CTO博客，原文链接：http://blog.51cto.com/1054054/1434977，如需转载请自行联系原作者