4、vlan的規划及配置
在本節中我們講解vlan的規划及具體的配置命令。在此例中我們用的是vtp(VLAN Trunking Protocol)server的模式,在這種模式中我們需要配置核心交換機的vtp模式為server,各接入交換機的vtp模式為cilent,那么配置完成后接入交換機就會通過trunk口自動從核心交換機學習到所有的vlan配置信息。在接入交換機中只需要添加相應的端口即可,這樣易於管理與部署。具體的配置命令我們通過兩小節來演示:
4.1 核心交換機的相關配置
(這是一台已經配置好了的交換機,但這並不會影響我們的演示效果。所有我們新作的配置會在演示結束后清除。)
TEST#sh vlan # 顯示已經有的vlan信息,並且同時顯示了各端口所屬的vlan
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/16 2 firewall active Gi1/1 10 Engineering active Gi3/9, Gi3/10 20 Procurement active Gi3/19 30 QAQC active 40 Operation active 50 Yard active Gi3/18 60 BM active 70 HRAD active 80 Facility active 100 Finance active 110 GO active 120 Wlan active 150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8 160 Client active Gi3/11, Gi3/15
# 從這行往下是為其他協議預留的vlan號段,這些不必理會。
1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 30 enet 100030 1500 - - - - - 0 0 40 enet 100040 1500 - - - - - 0 0 50 enet 100050 1500 - - - - - 0 0 60 enet 100060 1500 - - - - - 0 0 70 enet 100070 1500 - - - - - 0 0 80 enet 100080 1500 - - - - - 0 0 100 enet 100100 1500 - - - - - 0 0 110 enet 100110 1500 - - - - - 0 0 120 enet 100120 1500 - - - - - 0 0 150 enet 100150 1500 - - - - - 0 0 160 enet 100160 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0
TEST#conf
TEST(config)#vlan 200 # 我們新建一個vlan號為200的vlan
TEST(config-vlan)#name test # 給這個vlan命名,這樣便於日常的管理。
TEST(config-vlan)#END # 建好vlan后退出到特權模式中
TEST#show ip int brief
# 顯示目前有的端口配置狀態,我們會發現此時並沒有vlan200的相關信息
Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES NVRAM down down Vlan1 192.168.113.254 YES NVRAM up up Vlan2 172.16.0.2 YES NVRAM up up Vlan10 192.168.101.254 YES NVRAM up up Vlan20 192.168.102.254 YES NVRAM up up Vlan30 192.168.103.254 YES NVRAM up up Vlan40 192.168.104.254 YES NVRAM up up Vlan50 192.168.105.254 YES NVRAM up up Vlan60 192.168.106.254 YES NVRAM up up Vlan70 192.168.107.254 YES NVRAM up up Vlan80 192.168.108.254 YES NVRAM up up Vlan100 192.168.110.254 YES NVRAM up up Vlan110 192.168.111.254 YES NVRAM up up Vlan120 192.168.112.254 YES NVRAM up up Vlan150 192.168.100.254 YES NVRAM up up Vlan160 192.168.115.254 YES NVRAM up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset down down GigabitEthernet1/3 unassigned YES unset down down GigabitEthernet1/4 unassigned YES unset down down GigabitEthernet1/5 unassigned YES unset down down GigabitEthernet1/6 unassigned YES unset down down GigabitEthernet1/7 unassigned YES unset down down GigabitEthernet1/8 unassigned YES unset down down GigabitEthernet1/9 unassigned YES unset down down GigabitEthernet1/10 unassigned YES unset down down GigabitEthernet1/11 unassigned YES unset down down GigabitEthernet1/12 unassigned YES unset down down GigabitEthernet1/13 unassigned YES unset down down GigabitEthernet1/14 unassigned YES unset down down GigabitEthernet1/15 unassigned YES unset up up GigabitEthernet1/16 unassigned YES unset down down GigabitEthernet1/17 unassigned YES unset down down GigabitEthernet1/18 unassigned YES unset down down GigabitEthernet1/19 unassigned YES unset down down GigabitEthernet1/20 unassigned YES unset down down GigabitEthernet3/1 unassigned YES unset up up GigabitEthernet3/2 unassigned YES unset up up GigabitEthernet3/3 unassigned YES unset up up GigabitEthernet3/4 unassigned YES unset up up GigabitEthernet3/5 unassigned YES unset up up GigabitEthernet3/6 unassigned YES unset up up GigabitEthernet3/7 unassigned YES unset up up GigabitEthernet3/8 unassigned YES unset down down
TEST#sh vlan # 顯示一下vlan信息
View Code
# 這個是我們新建好的vlan,但是vlan中沒有任何端口。
1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 30 enet 100030 1500 - - - - - 0 0 40 enet 100040 1500 - - - - - 0 0 50 enet 100050 1500 - - - - - 0 0 60 enet 100060 1500 - - - - - 0 0 70 enet 100070 1500 - - - - - 0 0 80 enet 100080 1500 - - - - - 0 0 100 enet 100100 1500 - - - - - 0 0 110 enet 100110 1500 - - - - - 0 0 120 enet 100120 1500 - - - - - 0 0 150 enet 100150 1500 - - - - - 0 0 160 enet 100160 1500 - - - - - 0 0 200 enet 100200 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0
TEST#conf t
TEST(config)#interface gigabitEthernet 1/2 # 進入端口配置模式,配置gigabitEthernet 1/2這個端口
TEST(config-if)#switchport access vlan 200 # 將此端口加入到剛才建好的vlan200中
TEST(config-if)#end
TEST#sh vlan # 退出來驗證一下
TEST#sh ip int brief # 再顯示一下所有端口的狀態,我們會發現同樣沒有vlan200的相關信息。
Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES NVRAM down down Vlan1 192.168.113.254 YES NVRAM up up Vlan2 172.16.0.2 YES NVRAM up up Vlan10 192.168.101.254 YES NVRAM up up Vlan20 192.168.102.254 YES NVRAM up up Vlan30 192.168.103.254 YES NVRAM up up Vlan40 192.168.104.254 YES NVRAM up up Vlan50 192.168.105.254 YES NVRAM up up Vlan60 192.168.106.254 YES NVRAM up up Vlan70 192.168.107.254 YES NVRAM up up Vlan80 192.168.108.254 YES NVRAM up up Vlan100 192.168.110.254 YES NVRAM up up Vlan110 192.168.111.254 YES NVRAM up up Vlan120 192.168.112.254 YES NVRAM up up Vlan150 192.168.100.254 YES NVRAM up up Vlan160 192.168.115.254 YES NVRAM up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset down down GigabitEthernet1/3 unassigned YES unset down down GigabitEthernet1/4 unassigned YES unset down down GigabitEthernet1/5 unassigned YES unset down down GigabitEthernet1/6 unassigned YES unset down down GigabitEthernet1/7 unassigned YES unset down down GigabitEthernet1/8 unassigned YES unset down down GigabitEthernet1/9 unassigned YES unset down down GigabitEthernet1/10 unassigned YES unset down down GigabitEthernet1/11 unassigned YES unset down down GigabitEthernet1/12 unassigned YES unset down down GigabitEthernet1/13 unassigned YES unset down down GigabitEthernet1/14 unassigned YES unset down down GigabitEthernet1/15 unassigned YES unset up up GigabitEthernet1/16 unassigned YES unset down down GigabitEthernet1/17 unassigned YES unset down down GigabitEthernet1/18 unassigned YES unset down down GigabitEthernet1/19 unassigned YES unset down down GigabitEthernet1/20 unassigned YES unset down down GigabitEthernet3/1 unassigned YES unset up up GigabitEthernet3/2 unassigned YES unset up up GigabitEthernet3/3 unassigned YES unset up up GigabitEthernet3/4 unassigned YES unset up up GigabitEthernet3/5 unassigned YES unset up up GigabitEthernet3/6 unassigned YES unset up up GigabitEthernet3/7 unassigned YES unset up up GigabitEthernet3/8 unassigned YES unset down down
TEST#conf t
TEST(config)#int vlan 200 # 給這個vlan添加相應的ip地址,注意此處的語法
TEST(config-if)#ip add 10.10.10.0.1 255.255.255.0 # 配置vlan 200 的ip地址
TEST(config-if)#no shut # 使能此端口
TEST(config-if)#end
TEST#sh ip int b
# 重新顯示一下所有端口的狀態,我們會發現已經有了vlan200的端口信息了。
Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES NVRAM down down Vlan1 192.168.113.254 YES NVRAM up up Vlan2 172.16.0.2 YES NVRAM up up Vlan10 192.168.101.254 YES NVRAM up up Vlan20 192.168.102.254 YES NVRAM up up Vlan30 192.168.103.254 YES NVRAM up up Vlan40 192.168.104.254 YES NVRAM up up Vlan50 192.168.105.254 YES NVRAM up up Vlan60 192.168.106.254 YES NVRAM up up Vlan70 192.168.107.254 YES NVRAM up up Vlan80 192.168.108.254 YES NVRAM up up Vlan100 192.168.110.254 YES NVRAM up up Vlan110 192.168.111.254 YES NVRAM up up Vlan120 192.168.112.254 YES NVRAM up up Vlan150 192.168.100.254 YES NVRAM up up Vlan160 192.168.115.254 YES NVRAM up up Vlan200 10.10.0.1 YES manual up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset down down GigabitEthernet1/3 unassigned YES unset down down GigabitEthernet1/4 unassigned YES unset down down GigabitEthernet1/5 unassigned YES unset down down GigabitEthernet1/6 unassigned YES unset down down GigabitEthernet1/7 unassigned YES unset down down GigabitEthernet1/8 unassigned YES unset down down GigabitEthernet1/9 unassigned YES unset down down GigabitEthernet1/10 unassigned YES unset down down GigabitEthernet1/11 unassigned YES unset down down GigabitEthernet1/12 unassigned YES unset down down GigabitEthernet1/13 unassigned YES unset down down GigabitEthernet1/14 unassigned YES unset down down GigabitEthernet1/15 unassigned YES unset up up GigabitEthernet1/16 unassigned YES unset down down GigabitEthernet1/17 unassigned YES unset down down GigabitEthernet1/18 unassigned YES unset down down GigabitEthernet1/19 unassigned YES unset down down GigabitEthernet1/20 unassigned YES unset down down GigabitEthernet3/1 unassigned YES unset up up GigabitEthernet3/2 unassigned YES unset up up GigabitEthernet3/3 unassigned YES unset up up GigabitEthernet3/4 unassigned YES unset up up GigabitEthernet3/5 unassigned YES unset up up GigabitEthernet3/6 unassigned YES unset up up GigabitEthernet3/7 unassigned YES unset up up
## 小結一下:在剛才的配置過程中,端口Gi1/2下面所連接的電腦的網關就是vlan200的地址——10.10.0.1。下面所連的電腦找到相應的網關后在會去找具體的路由,這些我們下節會講解。
TEST#show inter trunk
# 顯示當前交換機中的trunk接口。作為trunk接口的端口下聯的是接入層(或者是匯聚層)的交換機。
View Code
TEST#conf t
TEST(config)#int gi1/15 # 我們以gi1/15來說明,如何將此端口配置成trunk接口
TEST(config-if)#switchport mode trunk # 首先定義此接口的模式為trunk
TEST(config-if)#switchport trunk encapsulation ?
# 然后定義trunk口的封裝類型,此處選擇dot1q也叫802.1q,為通用封裝類型
dot1q Interface uses only 802.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
negotiate Device will negotiate trunking encapsulation with peer on interface
TEST(config-if)#switchport trunk encapsulation dot1q # 回車后就將此trunk口的封裝類型定義成了dot1q
## 小結一下:剛才配置的是如何將下聯接入層交換機的端口配置成trunk模式,並且如何將此trunk口封裝成特定的類型,接下來我們介紹如何配置此核心交換機的VTP的一些相關設置。
TEST(config)#vtp mode server # 首先我們在全局配置模式中將vtp的mode設置成server
TEST(config)#vtp domain pjoe # 然后配置vtp的domain,所有的交換機應該在一個domain中,此例中我們定義的doamin為pjoe
TEST(config)#vtp password pjoeserver # 配置此vtp的介入密碼,這樣可以防止未授權的交換機隨便加入到這個domian中來。
TEST#sh vtp status # 配置完畢后顯示一下vtp的狀態
VTP Version : 2
Configuration Revision : 22
Maximum VLANs supported locally : 1005
Number of existing VLANs : 20
VTP Operating Mode : Server # vtp的模式為server模式
VTP Domain Name : pjoe # vtp的域名是pjoe
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0x00 0xB3 0x21 0xB7 0x56 0xD7 0x06 0x4F
# 此處表示的是vtp的密碼(已加密)
Configuration last modified by 192.168.113.254 at 12-3-07 22:52:46
Local updater ID is 192.168.113.254 on interface Vl1 (lowest numbered VLAN interface found)
TEST# ## 小結一下:經過以上的配置就將核心交換機的vtp等的配置工作完成了,只需要再配置好接入交換機的相關vtp參數和對應的trunk接口,接入交換機就能夠從核心交換機上獲取到所有的vlan信息,而不需要重新建立各個vlan。
TEST#sh vlan # 接下來我們去掉新增加的vlan,先顯示一下。
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/12, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/14, 2 firewall active Gi1/1 10 Engineering active Gi3/9, Gi3/10 20 Procurement active Gi3/19 30 QAQC active 40 Operation active 50 Yard active Gi3/18 60 BM active 70 HRAD active 80 Facility active 100 Finance active 110 GO active 120 Wlan active 150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8 160 Client active Gi3/11, Gi3/15 200 test active Gi1/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 30 enet 100030 1500 - - - - - 0 0 40 enet 100040 1500 - - - - - 0 0 50 enet 100050 1500 - - - - - 0 0 60 enet 100060 1500 - - - - - 0 0 70 enet 100070 1500 - - - - - 0 0 80 enet 100080 1500 - - - - - 0 0 100 enet 100100 1500 - - - - - 0 0 110 enet 100110 1500 - - - - - 0 0 120 enet 100120 1500 - - - - - 0 0 150 enet 100150 1500 - - - - - 0 0 160 enet 100160 1500 - - - - - 0 0 200 enet 100200 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0
TEST#conf t
Enter configuration commands, one per line. End with CNTL/Z. #刪除vlan 及重新划分的方法步驟!
TEST(config)#no vlan 200 # 第一步,刪除vlan200
TEST(config)#no int vlan 200 # 第二步,刪除int vlan200 ,經過這兩步就可以徹底的刪除vlan200了
TEST(config)int gi1/2 # 進入到gi1/2這個端口中
TEST(config-if)#switchport access vlan 1 # 將這個端口重新划分到vlan1中
TEST(config-if)#end
TEST#shv vlan
# 確認一下,我們成功的將gi1/2回歸到vlan1中,並且刪除掉了vlan200
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/16 2 firewall active Gi1/1 10 Engineering active Gi3/9, Gi3/10 20 Procurement active Gi3/19 30 QAQC active 40 Operation active 50 Yard active Gi3/18 60 BM active 70 HRAD active 80 Facility active 100 Finance active 110 GO active 120 Wlan active 150 Server active Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8 160 Client active Gi3/11, Gi3/15 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 2 enet 100002 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 20 enet 100020 1500 - - - - - 0 0 30 enet 100030 1500 - - - - - 0 0 40 enet 100040 1500 - - - - - 0 0 50 enet 100050 1500 - - - - - 0 0 60 enet 100060 1500 - - - - - 0 0 70 enet 100070 1500 - - - - - 0 0 80 enet 100080 1500 - - - - - 0 0 100 enet 100100 1500 - - - - - 0 0 110 enet 100110 1500 - - - - - 0 0 120 enet 100120 1500 - - - - - 0 0 150 enet 100150 1500 - - - - - 0 0 160 enet 100160 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0