为什么需要VLAN
VLAN特点
-
一个VLAN中所有设备处于同一广播域内,不同的VLAN为不同的广播域,一个VLAN一般是一个IP网段,不同的VLAN规划到不同的IP网段;
-
不同的VLAN之间二层隔离,广播不能跨越VLAN传播,因此不同VLAN之间的设备无法进行二层通信,需通过三层设备实现互通;
-
VLAN中成员关系多基于交换机的接口进行静态地分配,划分VLAN就是将交换机的接口添加到特定VLAN;
-
VLAN工作于OSI参考模型的第二层,是二层交换机的一个非常根本的工作机制。
VLAN的范围
TRUNK
TRUNK协议类型
实验拓扑
配置SWITCH1和SWITCH2
配置S1
Switch1#configure
Switch1(config)#vlan 10
Switch1(config-vlan)#vlan 20
Switch1#configure
Switch1(config)#interface G0/1
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 10
Switch1(config-if)#exit
Switch1(config)#interface G0/2
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan 20
Switch1(config-if)#exit
Switch1# configure
Switch1(config)#interface G0/0
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#switchport trunk encapsulation dot1q
查看下VLAN配置信息
Switch1#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/3, Gi1/0, Gi1/1, Gi1/2
Gi1/3
10 VLAN0010 active Gi0/1
20 VLAN0020 active Gi0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
查看下trunk
Switch1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/0 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/0 1-4094
Port Vlans allowed and active in management domain
Gi0/0 1,10,20
Port Vlans in spanning tree forwarding state and not pruned
Gi0/0 1,10,20
配置S2
Switch2#configure
Switch2(config)#vlan 10
Switch2(config-vlan)#vlan 20
Switch2(config)#interface G0/1
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 10
Switch2(config-if)#exit
Switch2(config)#interface G0/2
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan 20
Switch2(config-if)#exit
Switch2(config)#interface G0/0
Switch2(config-if)#switchport mode trunk
Switch2(config-if)#switchport trunk encapsulation dot1q
配置PC3-PC6
PC3
ip addr add 192.168.10.3/24 dev eth1
ip route add default via 192.168.10.3
PC4
ip addr add 192.168.20.4/24 dev eth1
ip route add default via 192.168.20.4
PC5
ip addr add 192.168.10.5/24 dev eth1
ip route add default via 192.168.10.5
PC6
ip addr add 192.168.20.6/24 dev eth1
ip route add default via 192.168.20.6
ping测试
在PC3上ping PC5
bash-5.1# ping 192.168.10.5
PING 192.168.10.5 (192.168.10.5): 56 data bytes
64 bytes from 192.168.10.5: seq=0 ttl=64 time=9.315 ms
64 bytes from 192.168.10.5: seq=1 ttl=64 time=4.482 ms
64 bytes from 192.168.10.5: seq=2 ttl=64 time=5.886 ms
64 bytes from 192.168.10.5: seq=3 ttl=64 time=3.942 ms
^C
--- 192.168.10.5 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 3.942/5.906/9.315 ms
bash-5.1# ping 192.168.20.6
PING 192.168.20.6 (192.168.20.6): 56 data bytes
^C
--- 192.168.20.6 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
在PC4上ping PC6
bash-5.1# ping 192.168.20.6
PING 192.168.20.6 (192.168.20.6): 56 data bytes
64 bytes from 192.168.20.6: seq=0 ttl=64 time=6.408 ms
64 bytes from 192.168.20.6: seq=1 ttl=64 time=9.473 ms
64 bytes from 192.168.20.6: seq=2 ttl=64 time=10.450 ms
64 bytes from 192.168.20.6: seq=3 ttl=64 time=5.326 ms
64 bytes from 192.168.20.6: seq=4 ttl=64 time=4.256 ms
64 bytes from 192.168.20.6: seq=5 ttl=64 time=5.616 ms
^C
--- 192.168.20.6 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 4.256/6.921/10.450 ms
