博达交换机VLAN隔离配置[S3224]
博达交换机VLAN隔离配置[S3224]
Switch_config#show run
Building configuration...
Current configuration:
!
service timestamps log date
service timestamps debug date
!
!
interface FastEthernet0/1 //端口1
switchport mode trunk //设定成trunk模式,答应端口属于多个vlan
switchport pvid 2 //数据入端口时加上vlan1的tag
switchport trunk vlan-allowed 1,24 //端口可以属于vlan1和24
switchport trunk vlan-untagged 1,24 //数据出端口时去除tag1和tag24
!
interface FastEthernet0/2 //端口2
switchport mode trunk //设定成trunk模式
switchport pvid 2 //数据入端口时加上vlan2的tag
switchport trunk vlan-allowed 2,24 //端口同时可属于vlan2和24
switchport trunk vlan-untagged 2,24 //数据出端口时去除tag2和tag24
!
interface FastEthernet0/3 //同上
switchport mode trunk
switchport pvid 3
switchport trunk vlan-allowed 3,24
switchport trunk vlan-untagged 3,24
!
interface FastEthernet0/4
switchport mode trunk
switchport pvid 4
switchport trunk vlan-allowed 4,24
switchport trunk vlan-untagged 4,24
!
interface FastEthernet0/5
switchport mode trunk
switchport pvid 5
switchport trunk vlan-allowed 5,24
switchport trunk vlan-untagged 5,24
!
interface FastEthernet0/6
switchport mode trunk
switchport pvid 6
switchport trunk vlan-allowed 6,24
switchport trunk vlan-untagged 6,24
!
interface FastEthernet0/7
switchport mode trunk
switchport pvid 7
switchport trunk vlan-allowed 7,24
switchport trunk vlan-untagged 7,24
!
interface FastEthernet0/8
switchport mode trunk
switchport pvid 8
switchport trunk vlan-allowed 8,24
switchport trunk vlan-untagged 8,24
!
interface FastEthernet0/9
switchport mode trunk
switchport pvid 9
switchport trunk vlan-allowed 9,24
switchport trunk vlan-untagged 9,24
!
interface FastEthernet0/10
switchport mode trunk
switchport pvid 10
switchport trunk vlan-allowed 10,24
switchport trunk vlan-untagged 10,24
!
interface FastEthernet0/11
switchport mode trunk
switchport pvid 11
switchport trunk vlan-allowed 11,24
switchport trunk vlan-untagged 11,24
!
interface FastEthernet0/12
switchport mode trunk
switchport pvid 12
switchport trunk vlan-allowed 12,24
switchport trunk vlan-untagged 12,24
!
interface FastEthernet0/13
switchport mode trunk
switchport pvid 13
switchport trunk vlan-allowed 13,24
switchport trunk vlan-untagged 13,24
!
interface FastEthernet0/14
switchport mode trunk
switchport pvid 14
switchport trunk vlan-allowed 14,24
switchport trunk vlan-untagged 14,24
!
interface FastEthernet0/15
switchport mode trunk
switchport pvid 15
switchport trunk vlan-allowed 15,24
switchport trunk vlan-untagged 15,24
!
interface FastEthernet0/16
switchport mode trunk
switchport pvid 16
switchport trunk vlan-allowed 16,24
switchport trunk vlan-untagged 16,24
!
interface FastEthernet0/17
switchport mode trunk
switchport pvid 17
switchport trunk vlan-allowed 17,24
switchport trunk vlan-untagged 17,24
!
interface FastEthernet0/18
switchport mode trunk
switchport pvid 18
switchport trunk vlan-allowed 18,24
switchport trunk vlan-untagged 18,24
!
interface FastEthernet0/19
switchport mode trunk
switchport pvid 19
switchport trunk vlan-allowed 19,24
switchport trunk vlan-untagged 19,24
!
interface FastEthernet0/20
switchport mode trunk
switchport pvid 20
switchport trunk vlan-allowed 20,24
switchport trunk vlan-untagged 20,24
!
interface FastEthernet0/21
switchport mode trunk
switchport pvid 21
switchport trunk vlan-allowed 21,24
switchport trunk vlan-untagged 21,24
!
interface FastEthernet0/22
switchport mode trunk
switchport pvid 22
switchport trunk vlan-allowed 22,24
switchport trunk vlan-untagged 22,24
!
interface FastEthernet0/23
switchport mode trunk
switchport pvid 23
switchport trunk vlan-allowed 23-24
switchport trunk vlan-untagged 23-24
!
interface FastEthernet0/24 //端口24,本例中作为上行口
switchport mode trunk //设为trunk模式
switchport pvid 24 //数据入端口时加上vlan24的tag
switchport trunk vlan-untagged all //数据出端口时去除所有tag(tag1~tag24)
! //注重trunk口时默认属于所有tag的!
vlan 1-24 //建立1~24个vlan,默认情况下只有vlan1,其他需要增加,且这个操作时第一步要做的!
!
!说明,本例子完成之后,interface f0/1~f/23分别属于不同的vlan,相互之间是不能互通的(不考虑使用三层路由转发的情况),但此时这23个端口都能与上行口interface f0/24口通讯!
此时的vlan分配情况为:
Switch_config#show vlan
VLAN Status Name Ports
---- ------- -------------------------------- ---------------------------------
1 Static Default F0/1, F0/24
2 Static VLAN0002 F0/2, F0/24
3 Static VLAN0003 F0/3, F0/24
4 Static VLAN0004 F0/4, F0/24
5 Static VLAN0005 F0/5, F0/24
6 Static VLAN0006 F0/6, F0/24
7 Static VLAN0007 F0/7, F0/24
8 Static VLAN0008 F0/8, F0/24
9 Static VLAN0009 F0/9, F0/24
10 Static VLAN0010 F0/10, F0/24
11 Static VLAN0011 F0/11, F0/24
12 Static VLAN0012 F0/12, F0/24
13 Static VLAN0013 F0/13, F0/24
14 Static VLAN0014 F0/14, F0/24
15 Static VLAN0015 F0/15, F0/24
16 Static VLAN0016 F0/16, F0/24
17 Static VLAN0017 F0/17, F0/24
18 Static VLAN0018 F0/18, F0/24
19 Static VLAN0019 F0/19, F0/24
20 Static VLAN0020 F0/20, F0/24
21 Static VLAN0021 F0/21, F0/24
22 Static VLAN0022 F0/22, F0/24
23 Static VLAN0023 F0/23, F0/24
24 Static VLAN0024 F0/1, F0/2, F0/3, F0/4, F0/5
F0/6, F0/7, F0/8, F0/9, F0/10
F0/11, F0/12, F0/13, F0/14, F0/15
F0/16, F0/17, F0/18, F0/19, F0/20
F0/21, F0/22, F0/23, F0/24简单分析一下工作流程:
1、f0/2和f0/3之间的通信,
Switch_config#show vlan inter f0/2
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/2 Trunk 2 2,24 2,24
Switch_config#show vlan inter f0/3
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/3 Trunk 3 3,24 3,24
从中我们可以看到,f0/2是属于vlan2和vlan的,且pvid为2,那就是说普通数据(非802.1q)进入这个端口时会被打上tag2,然后zhge报通过交换机到达f0/3时,端口三是指能够untagvlan3和vlan24的的tag的,这个可以从上面的show vlan inter f0/3看出来,所以f0/3无法识别从f0/2过来的数据包!反过来也是一样的!
换句话说就是实现了vlan2和vlan3的隔离!
2、f0/2和f0/24之间的通信,
Switch_config#show vlan inter f0/2
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/2 Trunk 2 2,24 2,24
Switch_config#show vlan inter f0/24
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/24 Trunk 24 1-24 1-2
同上面的分析方法,f0/2进入的数据被打上了tag2,但是由于f0/24是untag all的,所以他能够去除tag2,或者是识别vlan2的数据!反过来也是一样,数据进入f0/24时打上了tag24,这个标记在f0/2口上是能够被去除的!所以f0/2口和f0/24口可以实现互通!
上面的两个通信过程基本代表了这种vlan配置/应用的功能,即:所有的下行口都能相互隔离,但是所有的下行口都能与上行口通讯!这种vlan配置方式比较简单,也非经常用!大家可以参考应用!
当然这种方式的vlan划分是局限在一台交换机上面的!一般情况下在中小规模的应用中比较常见,特点是完全由一台交换机来实现vlan的隔离/互通,且每一个端口的输出数据都是不带有tag的,是普通的ip数据包,用户绝大多数的数据设备都能识别!(一般的网卡是无法识别802.1q的数据包的)还有一个优点是,这个交换机上面使用过的vlan号在其他交换机上面可以重复使用,没有限制或者相关性!
还有一种应用是跨交换机的vlan配置!
这种方式下要考虑多台交换机的相互协调工作,比如vlan tag的“加和“去”的问题!
还是以实现上面例子为例,
Switch_config#show run
Building configuration...
Current configuration:
!
service timestamps log date
service timestamps debug date
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport pvid 2
!
interface FastEthernet0/3
switchport pvid 3
!
interface FastEthernet0/4
switchport pvid 4
!
interface FastEthernet0/5
switchport pvid 5
!
interface FastEthernet0/6
switchport pvid 6
!
interface FastEthernet0/7
switchport pvid 7
!
interface FastEthernet0/8
switchport pvid 8
!
interface FastEthernet0/9
switchport pvid 9
!
interface FastEthernet0/10
switchport pvid 10
!
interface FastEthernet0/11
switchport pvid 11
!
interface FastEthernet0/12
switchport pvid 12
!
interface FastEthernet0/13
switchport pvid 13
!
interface FastEthernet0/14
switchport pvid 14
!
interface FastEthernet0/15
switchport pvid 15
!
interface FastEthernet0/16
switchport pvid 16
!
interface FastEthernet0/17
switchport pvid 17
!
interface FastEthernet0/18
switchport pvid 18
!
interface FastEthernet0/19
switchport pvid 19
!
interface FastEthernet0/20
switchport pvid 20
!
interface FastEthernet0/21
switchport pvid 21
!
interface FastEthernet0/22
switchport pvid 22
!
interface FastEthernet0/23
switchport pvid 23
!
interface FastEthernet0/24
switchport mode trunk
switchport trunk vlan-untagged all
!
vlan 1-24
!
!
在这个配置里面,我们可以看到,除了上行口之外,所有的端口都属于Access模式,就是说端口只是属于一个vlan,而f0/24上行口虽然和前面一样都是trunk,但是没有必要指定pvid号,原因是因为在这个配置里面这个参数不是很重要!
因为下行口的数据网上走时,相应的tag都能被f0/24识别(tag号不去除),但下行数据打上什么tag就不是f0/24来确定了,这个参数多是由对方交换机来确定的或者是由对方路由器(封装子接口,802.1q)来确定的!这第二种方式,关于对方的配置情况就比较复杂:
1、假如是博达自己的交换机,那么配置就相对简单,方法如前所述;最简单的配是:两台BDCOM交换机按照楼上的配置即可实现vlan的相互隔离和通信,方法是把他们的f0/24口连接起来即可,然后即可实现两台交换机的号码相同的口互通,号码不同的口不能通信!
2、假如对方是支持802.1q的路由器,比如BDCOM的2621路由器,在其子接口下面封装相应的vlan即可!如:
interface FastEthernet0/0.1
ip address *.*.*.*
no ip directed-broadcast
encapsulation dot1Q 2
bandwidth 100000
delay 1
!
interface FastEthernet0/0.2
ip address *.*.*.*
no ip directed-broadcast
encapsulation dot1Q 3
bandwidth 100000
delay 1
!
interface FastEthernet0/0.3
ip address *.*.*.*
no ip directed-broadcast
encapsulation dot1Q 4
bandwidth 100000
delay 1
!
3、假如对方是其他厂家的设备,基本上也是支持这种情况,但命令就不尽相同了
