Switch_config#show;run
Building;configuration...
Current;configuration:
!
service;timestamps;log;date
service;timestamps;debug;date
!
!
interface;FastEthernet0/1;;;//端口1
switchport;mode;trunk;;;;;;//设定成trunk模式,答应端口属于多个vlan
switchport;pvid;2;;;;;;//数据入端口时加上vlan1的tag
switchport;trunk;vlan-allowed;1,24;;;;;;//端口可以属于vlan1和24
switchport;trunk;vlan-untagged;1,24;;;//数据出端口时去除tag1和tag24
!
interface;FastEthernet0/2;;//端口2
switchport;mode;trunk;;;;;//设定成trunk模式
switchport;pvid;2;;;;;//数据入端口时加上vlan2的tag
switchport;trunk;vlan-allowed;2,24;;;;;//端口同时可属于vlan2和24
switchport;trunk;vlan-untagged;2,24;;//数据出端口时去除tag2和tag24
!
interface;FastEthernet0/3;;//同上
switchport;mode;trunk
switchport;pvid;3
switchport;trunk;vlan-allowed;3,24
switchport;trunk;vlan-untagged;3,24
!
interface;FastEthernet0/4
switchport;mode;trunk
switchport;pvid;4
switchport;trunk;vlan-allowed;4,24
switchport;trunk;vlan-untagged;4,24
!
interface;FastEthernet0/5
switchport;mode;trunk
switchport;pvid;5
switchport;trunk;vlan-allowed;5,24
switchport;trunk;vlan-untagged;5,24
!
interface;FastEthernet0/6
switchport;mode;trunk
switchport;pvid;6
switchport;trunk;vlan-allowed;6,24
switchport;trunk;vlan-untagged;6,24
!
interface;FastEthernet0/7
switchport;mode;trunk
switchport;pvid;7
switchport;trunk;vlan-allowed;7,24
switchport;trunk;vlan-untagged;7,24
!
interface;FastEthernet0/8
switchport;mode;trunk
switchport;pvid;8
switchport;trunk;vlan-allowed;8,24
switchport;trunk;vlan-untagged;8,24
!
interface;FastEthernet0/9
switchport;mode;trunk
switchport;pvid;9
switchport;trunk;vlan-allowed;9,24
switchport;trunk;vlan-untagged;9,24
!
interface;FastEthernet0/10
switchport;mode;trunk
switchport;pvid;10
switchport;trunk;vlan-allowed;10,24
switchport;trunk;vlan-untagged;10,24
!;
interface;FastEthernet0/11
switchport;mode;trunk
switchport;pvid;11
switchport;trunk;vlan-allowed;11,24
switchport;trunk;vlan-untagged;11,24
!
interface;FastEthernet0/12
switchport;mode;trunk
switchport;pvid;12
switchport;trunk;vlan-allowed;12,24
switchport;trunk;vlan-untagged;12,24
!
interface;FastEthernet0/13
switchport;mode;trunk
switchport;pvid;13
switchport;trunk;vlan-allowed;13,24
switchport;trunk;vlan-untagged;13,24
!
interface;FastEthernet0/14
switchport;mode;trunk
switchport;pvid;14
switchport;trunk;vlan-allowed;14,24
switchport;trunk;vlan-untagged;14,24
!
interface;FastEthernet0/15
switchport;mode;trunk
switchport;pvid;15
switchport;trunk;vlan-allowed;15,24
switchport;trunk;vlan-untagged;15,24
!
interface;FastEthernet0/16
switchport;mode;trunk
switchport;pvid;16
switchport;trunk;vlan-allowed;16,24
switchport;trunk;vlan-untagged;16,24
!
interface;FastEthernet0/17
switchport;mode;trunk
switchport;pvid;17
switchport;trunk;vlan-allowed;17,24
switchport;trunk;vlan-untagged;17,24
!
interface;FastEthernet0/18
switchport;mode;trunk
switchport;pvid;18
switchport;trunk;vlan-allowed;18,24
switchport;trunk;vlan-untagged;18,24
!
interface;FastEthernet0/19
switchport;mode;trunk
switchport;pvid;19
switchport;trunk;vlan-allowed;19,24
switchport;trunk;vlan-untagged;19,24
!
interface;FastEthernet0/20
switchport;mode;trunk
switchport;pvid;20
switchport;trunk;vlan-allowed;20,24
switchport;trunk;vlan-untagged;20,24
!
interface;FastEthernet0/21
switchport;mode;trunk
switchport;pvid;21
switchport;trunk;vlan-allowed;21,24
switchport;trunk;vlan-untagged;21,24
!
interface;FastEthernet0/22
switchport;mode;trunk
switchport;pvid;22
switchport;trunk;vlan-allowed;22,24
switchport;trunk;vlan-untagged;22,24
!
interface;FastEthernet0/23
switchport;mode;trunk
switchport;pvid;23
switchport;trunk;vlan-allowed;23-24
switchport;trunk;vlan-untagged;23-24
!
interface;FastEthernet0/24;;;;//端口24,本例中作为上行口
switchport;mode;trunk;//设为trunk模式
switchport;pvid;24;;;;;;;//数据入端口时加上vlan24的tag
switchport;trunk;vlan-untagged;all;;//数据出端口时去除所有tag(tag1~tag24)
!;//注重trunk口时默认属于所有tag的!
vlan;1-24;;;;;//建立1~24个vlan,默认情况下只有vlan1,其他需要增加,且这个操作时第一步要做的!
!
!说明,本例子完成之后,interface;f0/1~f/23分别属于不同的vlan,相互之间是不能互通的(不考虑使用三层路由转发的情况),但此时这23个端口都能与上行口interface;f0/24口通讯!
此时的vlan分配情况为:
Switch_config#show;vlan
VLAN;Status;;Name;;;;;Ports
----;-------;--------------------------------;---------------------------------
1;;;;Static;;Default;;F0/1,;F0/24
2;;;;Static;;VLAN0002;F0/2,;F0/24
3;;;;Static;;VLAN0003;F0/3,;F0/24
4;;;;Static;;VLAN0004;F0/4,;F0/24
5;;;;Static;;VLAN0005;F0/5,;F0/24
6;;;;Static;;VLAN0006;F0/6,;F0/24
7;;;;Static;;VLAN0007;F0/7,;F0/24
8;;;;Static;;VLAN0008;F0/8,;F0/24
9;;;;Static;;VLAN0009;F0/9,;F0/24
10;;;Static;;VLAN0010;F0/10,;F0/24
11;;;Static;;VLAN0011;F0/11,;F0/24
12;;;Static;;VLAN0012;F0/12,;F0/24
13;;;Static;;VLAN0013;F0/13,;F0/24
14;;;Static;;VLAN0014;F0/14,;F0/24
15;;;Static;;VLAN0015;F0/15,;F0/24
16;;;Static;;VLAN0016;F0/16,;F0/24
17;;;Static;;VLAN0017;F0/17,;F0/24
18;;;Static;;VLAN0018;F0/18,;F0/24
19;;;Static;;VLAN0019;F0/19,;F0/24
20;;;Static;;VLAN0020;F0/20,;F0/24
21;;;Static;;VLAN0021;F0/21,;F0/24
22;;;Static;;VLAN0022;F0/22,;F0/24
23;;;Static;;VLAN0023;F0/23,;F0/24
24;;;Static;;VLAN0024;F0/1,;F0/2,;F0/3,;F0/4,;F0/5
F0/6,;F0/7,;F0/8,;F0/9,;F0/10
F0/11,;F0/12,;F0/13,;F0/14,;F0/15
F0/16,;F0/17,;F0/18,;F0/19,;F0/20
F0/21,;F0/22,;F0/23,;F0/24简单分析一下工作流程:
1、f0/2和f0/3之间的通信,
Switch_config#show;vlan;inter;f0/2
Interface;;;;VLAN
Name;Property;PVID;Vlan-Map;uTagg-VLan-Map
--------------------;--------;----;----------------;----------------
FastEthernet0/2;;;;;;Trunk;;;;2;;;;2,24;;;;;2,24
Switch_config#show;vlan;inter;f0/3
Interface;;;;VLAN
Name;Property;PVID;Vlan-Map;uTagg-VLan-Map
--------------------;--------;----;----------------;----------------
FastEthernet0/3;;;;;;Trunk;;;;3;;;;3,24;;;;;3,24
从中我们可以看到,f0/2是属于vlan2和vlan的,且pvid为2,那就是说普通数据(非802.1q)进入这个端口时会被打上tag2,然后zhge报通过交换机到达f0/3时,端口三是指能够untagvlan3和vlan24的的tag的,这个可以从上面的show;vlan;inter;f0/3看出来,所以f0/3无法识别从f0/2过来的数据包!反过来也是一样的!
换句话说就是实现了vlan2和vlan3的隔离!
2、f0/2和f0/24之间的通信,
Switch_config#show;vlan;inter;f0/2
Interface;;;;VLAN
Name;Property;PVID;Vlan-Map;uTagg-VLan-Map
--------------------;--------;----;----------------;----------------
FastEthernet0/2;;;;;;Trunk;;;;2;;;;2,24;;;;;2,24
Switch_config#show;vlan;inter;f0/24
Interface;;;;VLAN
Name;Property;PVID;Vlan-Map;uTagg-VLan-Map
--------------------;--------;----;----------------;----------------
FastEthernet0/24;;;;;Trunk;;;;24;;;1-24;;;;;1-2
同上面的分析方法,f0/2进入的数据被打上了tag2,但是由于f0/24是untag;all的,所以他能够去除tag2,或者是识别vlan2的数据!反过来也是一样,数据进入f0/24时打上了tag24,这个标记在f0/2口上是能够被去除的!所以f0/2口和f0/24口可以实现互通!
上面的两个通信过程基本代表了这种vlan配置/应用的功能,即:所有的下行口都能相互隔离,但是所有的下行口都能与上行口通讯!这种vlan配置方式比较简单,也非经常用!大家可以参考应用!
当然这种方式的vlan划分是局限在一台交换机上面的!一般情况下在中小规模的应用中比较常见,特点是完全由一台交换机来实现vlan的隔离/互通,且每一个端口的输出数据都是不带有tag的,是普通的ip数据包,用户绝大多数的数据设备都能识别!(一般的网卡是无法识别802.1q的数据包的)还有一个优点是,这个交换机上面使用过的vlan号在其他交换机上面可以重复使用,没有限制或者相关性!
还有一种应用是跨交换机的vlan配置!
这种方式下要考虑多台交换机的相互协调工作,比如vlan;tag的“加和“去”的问题!
还是以实现上面例子为例,
Switch_config#show;run
Building;configuration...
Current;configuration:
!
service;timestamps;log;date
service;timestamps;debug;date
!
!
interface;FastEthernet0/1
!
interface;FastEthernet0/2
switchport;pvid;2
!
interface;FastEthernet0/3
switchport;pvid;3
!
interface;FastEthernet0/4
switchport;pvid;4
!
interface;FastEthernet0/5
switchport;pvid;5
!
interface;FastEthernet0/6
switchport;pvid;6
!
interface;FastEthernet0/7
switchport;pvid;7
!
interface;FastEthernet0/8
switchport;pvid;8
!
interface;FastEthernet0/9
switchport;pvid;9
!
interface;FastEthernet0/10
switchport;pvid;10
!
interface;FastEthernet0/11
switchport;pvid;11
!
interface;FastEthernet0/12
switchport;pvid;12
!
interface;FastEthernet0/13
switchport;pvid;13
!
interface;FastEthernet0/14
switchport;pvid;14
!
interface;FastEthernet0/15
switchport;pvid;15
!
interface;FastEthernet0/16
switchport;pvid;16
!
interface;FastEthernet0/17
switchport;pvid;17
!
interface;FastEthernet0/18
switchport;pvid;18
!
interface;FastEthernet0/19
switchport;pvid;19
!
interface;FastEthernet0/20
switchport;pvid;20
!
interface;FastEthernet0/21
switchport;pvid;21
!
interface;FastEthernet0/22
switchport;pvid;22
!
interface;FastEthernet0/23
switchport;pvid;23
!
interface;FastEthernet0/24
switchport;mode;trunk
switchport;trunk;vlan-untagged;all
!
vlan;1-24
!
!
在这个配置里面,我们可以看到,除了上行口之外,所有的端口都属于Access模式,就是说端口只是属于一个vlan,而f0/24上行口虽然和前面一样都是trunk,但是没有必要指定pvid号,原因是因为在这个配置里面这个参数不是很重要!
因为下行口的数据网上走时,相应的tag都能被f0/24识别(tag号不去除),但下行数据打上什么tag就不是f0/24来确定了,这个参数多是由对方交换机来确定的或者是由对方路由器(封装子接口,802.1q)来确定的!这第二种方式,关于对方的配置情况就比较复杂:
1、假如是博达自己的交换机,那么配置就相对简单,方法如前所述;最简单的配是:两台BDCOM交换机按照楼上的配置即可实现vlan的相互隔离和通信,方法是把他们的f0/24口连接起来即可,然后即可实现两台交换机的号码相同的口互通,号码不同的口不能通信!
2、假如对方是支持802.1q的路由器,比如BDCOM的2621路由器,在其子接口下面封装相应的vlan即可!如:
interface;FastEthernet0/0.1
ip;address;*.*.*.*
no;ip;directed-broadcast
encapsulation;dot1Q;2
bandwidth;100000
delay;1
!
interface;FastEthernet0/0.2
ip;address;*.*.*.*
no;ip;directed-broadcast
encapsulation;dot1Q;3
bandwidth;100000
delay;1
!
interface;FastEthernet0/0.3
ip;address;*.*.*.*
no;ip;directed-broadcast
encapsulation;dot1Q;4
bandwidth;100000
delay;1
!
3、假如对方是其他厂家的设备,基本上也是支持这种情况,但命令就不尽相同了
标签: 交换机
