交换机划分 VLAN 配置
| 某一公司内财务部、销售部的 PC 通过 2 台交换机实现通信;要求财务部和销售部的 PC 可以互通,但为了数据安全起见,销售部和财务部需要进行互相隔离,现要在交换机上做适当配置来实现这一目标。 |
VLAN(Virtual Local Area Network)的中文名为"虚拟局域网"。
虚拟局域网(VLAN)是一组逻辑上的设备和用户,这些设备和用户并不受物理位置的限制,可以根据功能、部门及应用等因素将它们组织起来,相互之间的通信就好像它们在同一个网段中一样,由此得名虚拟局域网。VLAN是一种比较新的技术,工作在OSI参考模型的第2层和第3层,一个VLAN就是一个广播域,VLAN之间的通信是通过第3层的路由器来完成的。与传统的局域网技术相比较,VLAN技术更加灵活,它具有以下优点:网络设备的移动、添加和修改的管理开销减少;可以控制广播活动;可提高网络的安全性。
VLAN 是指在一个物理网段内,进行逻辑的划分,划分成若干个虚拟局域网,VLAN做大的特性是不受物理位置的限制,可以进行灵活的划分。VLAN 具备了一个物理网段所具备的特性。相同 VLAN 内的主机可以相互直接通信,不同 VLAN 间的主机之间互相访问必须经路由设备进行转发,广播数据包只可以在本 VLAN 内进行广播,不能传输到其他 VLAN 中。
Port VLAN 是实现 VLAN 的方式之一,它利用交换机的端口进行 VALN 的划分,一个端口只能属于一个 VLAN。
Tag VLAN 是基于交换机端口的另一种类型,主要用于是交换机的相同 Vlan 内的主机之间可以直接访问,同时对不同 Vlan 的主机进行隔离。Tag VLAN 遵循IEEE802.1Q 协议的标准,在使用配置了 Tag VLAN 的端口进行数据传输时,需要在数据帧内添加 4 个字节的 8021.Q 标签信息,用于标示该数据帧属于哪个 VLAN,便于对端交换机接收到数据帧后进行准确的过滤。
新建 Packet Tracer 拓扑图;
划分 VLAN;
将端口划分到相应 VLAN 中;
设置 Tag VLAN Trunk 属性;
测试
实验设备
Switch_2960 2 台;PC 4 台;直连线
PC1
IP: 192.168.1.2
Submark: 255.255.255.0
Gateway: 192.168.1.1
PC2
IP: 192.168.1.3
Submark: 255.255.255.0
Gateway: 192.168.1.1
PC3
IP: 192.168.1.4
Submark: 255.255.255.0
Gateway: 192.168.1.1
PC4
IP: 192.168.1.5
Submark: 255.255.255.0
Gateway: 192.168.1.1
Switch1
en
conf t
vlan 2
exit
vlan 3
exit
inter fa 0/1
switch access vlan 2
exit
inter fa 0/2
switch access vlan 3
exit
inter fa 0/24
switch mode trunk
end
show vlan
Switch2
en
conf t
vlan 2
exit
vlan 3
exit
int fa 0/1
switch access vlan 2
exit
int fa 0/2
switch access vlan 3
exit
int fa 0/24
switch mode trunk
end
show vlan
PC1 ping PC2 timeout
PC1 ping PC3 Reply
Switch1
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#exit
Switch(config)#inter fa 0/1
Switch(config-if)#switch access vlan 2
Switch(config-if)#exit
Switch(config)#inter fa 0/2
Switch(config-if)#switch access vlan 3
Switch(config-if)#exit
Switch(config)#inter fa 0/24
Switch(config-if)#switch mode trunk
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
Switch#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gig1/1, Gig1/2
2 VLAN0002 active Fa0/1
3 VLAN0003 active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
--More--
Switch2
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#exit
Switch(config)#int fa 0/1
Switch(config-if)#switch access vlan 2
Switch(config-if)#exit
Switch(config)#int fa 0/2
Switch(config-if)#switch access vlan 3
Switch(config-if)#exit
Switch(config)#int fa 0/24
Switch(config-if)#switch mode trunk
Switch(config-if)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
Switch#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Gig1/1, Gig1/2
2 VLAN0002 active Fa0/1
3 VLAN0003 active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
--More--
PC>ipconfig
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.1.3
Pinging 192.168.1.3 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 192.168.1.3:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
PC>ping 192.168.1.4
Pinging 192.168.1.4 with 32 bytes of data:
Reply from 192.168.1.4: bytes=32 time=16ms TTL=128
Reply from 192.168.1.4: bytes=32 time=17ms TTL=128
Reply from 192.168.1.4: bytes=32 time=15ms TTL=128
Reply from 192.168.1.4: bytes=32 time=18ms TTL=128
Ping statistics for 192.168.1.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 18ms, Average = 16ms
PC>ipconfig
IP Address......................: 192.168.1.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC>ping 192.168.1.4
Pinging 192.168.1.4 with 32 bytes of data:
Request timed out.
Ping statistics for 192.168.1.4:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C
^C
PC>ping 192.168.1.5
Pinging 192.168.1.5 with 32 bytes of data:
Reply from 192.168.1.5: bytes=32 time=16ms TTL=128
Reply from 192.168.1.5: bytes=32 time=15ms TTL=128
Reply from 192.168.1.5: bytes=32 time=16ms TTL=128
Reply from 192.168.1.5: bytes=32 time=15ms TTL=128
Ping statistics for 192.168.1.5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 16ms, Average = 15ms
本文原创地址:https://www.linuxprobe.com/switch-vlan-configuration.html 编辑:传棋,审核员:逄增宝
