Principle overview
The early local area network was based on bus topology. The bus topology is connected by a single cable to all hosts. This LAN technology has a conflict domain problem. All users are in a conflict domain, so only one host can send messages at the same time, and messages from any device Will be received by other hosts, users may receive a lot of unnecessary messages, and cannot control the security of information.
In order to avoid conflict domains and expand more computers at the same time, layer 2 switches can be used in the LAN. The switch can effectively isolate the conflict domain, but all computers are in the same broadcast domain and can receive all packets. Broadcast domain and information security problems still exist, and VLAN was born, and the physical LAN can be divided into multiple broadcast domains. In this way, broadcast messages are restricted to one VLAN, and VLAN is named virtual local area network.
Three kinds of interfaces
This experiment uses the Trunk interface type, which is generally used for ports connected between switches, and can receive and send packets from multiple VLANs.
When the Trunk port receives a data frame, if the frame does not contain the VLAN tag of 802.1Q, it will be marked with the PVID of the Trunk port. If the frame contains the VLAN tag of 802.1Q, it will not be changed.
When the Trunk port sends a data frame, when the VLAN ID of the frame sent is different from the PVID of the port, check whether the VLAN is allowed to pass, if it is allowed, it will be directly transmitted transparently, and it will be directly discarded when the VLAN ID of the frame is When the PVID of the port is the same, it will be forwarded after stripping off the VLAN tag.
Experimental topology
Experimental steps
1: Configure IP slightly
2: Check the connectivity of each host (command ping)
3: Create VLAN 10 20 on S1 and S2 respectively
[S1]vlan 10
[S1-vlan10]vlan 20
[S2]vlan 10
[S2-vlan10]vlan 20
4: Check the VLAN configuration (here only the configuration of S1 is issued, and S2 is the same as above)
[S1]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/2(U) Eth0/0/3(U) Eth0/0/4(D)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/10(D) Eth0/0/11(D) Eth0/0/12(D)
Eth0/0/13(D) Eth0/0/14(D) Eth0/0/15(D) Eth0/0/16(D)
Eth0/0/17(D) Eth0/0/18(D) Eth0/0/19(D) Eth0/0/20(D)
Eth0/0/21(D) Eth0/0/22(D) GE0/0/1(D) GE0/0/2(D)
10 common ·可以看到创建成功·
20 common
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010 ·这里也没有问题·
20 enable default enable disable VLAN 0020
Configure the interface connected to the host as an Access interface on S1 and divide the corresponding VLAN
. Configure the interface connected to the host as an Access interface on S2 and divide the corresponding VLAN.
[S1]interface Ethernet 0/0/2
[S1-Ethernet0/0/2]port link-type access
[S1-Ethernet0/0/2]port default vlan 10
[S1-Ethernet0/0/2]quit
[S1]interface Ethernet 0/0/3
[S1-Ethernet0/0/3]port link-type access
[S1-Ethernet0/0/3]port default vlan 20
[S1-Ethernet0/0/3]quit
[S2]interface Ethernet 0/0/2
[S2-Ethernet0/0/2]port link-type access
[S2-Ethernet0/0/2]port default vlan 10
[S2-Ethernet0/0/2]quit
[S2]interface Ethernet 0/0/3
[S2-Ethernet0/0/3]port link-type access
[S2-Ethernet0/0/3]port default vlan 20
5: Check the VLAN configuration again (S2 is the same as above, not shown here)
[S1]display vlan
The total number of vlans is : 3
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:Eth0/0/1(U) Eth0/0/4(D) Eth0/0/5(D) Eth0/0/6(D)
Eth0/0/7(D) Eth0/0/8(D) Eth0/0/9(D) Eth0/0/10(D)
Eth0/0/11(D) Eth0/0/12(D) Eth0/0/13(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/1(D) GE0/0/2(D)
10 common UT:Eth0/0/2(U) ·配置没有问题·
20 common UT:Eth0/0/3(U) ·配置没有问题·
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
6: At this time, PC-1 ping PC-3 cannot connect
PC>ping 10.1.1.3
Ping 10.1.1.3: 32 data bytes, Press Ctrl_C to break
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
--- 10.1.1.3 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
**因为交换机之间的端口没有相应的VLAN信息,所以无法通信**
7:
Configure the trunk interface type on the interface connecting S1 to S3 and allow VLAN 10 20 to pass
. Configure the trunk interface type on the interface connecting S2 to S3 and allow VLAN 10 20 to pass through
the interface connecting S1 and S2 on S3 Configure it as a Trunk interface type and allow all VLANs to pass
[S1]interface Ethernet 0/0/1
[S1-Ethernet0/0/1]port link-type trunk
[S1-Ethernet0/0/1]port trunk allow-pass vlan 10 20
[S2]interface Ethernet 0/0/1
[S2-Ethernet0/0/1]port link-type trunk
[S2-Ethernet0/0/1]port trunk allow-pass vlan 10 20
[S3]vlan 10
[S3-vlan10]vlan 20
[S3-vlan20]quit
[S3]interface GigabitEthernet 0/0/1
[S3-GigabitEthernet0/0/1]port link-type trunk
[S3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[S3-GigabitEthernet0/0/1]quit
[S3]interface GigabitEthernet 0/0/2
[S3-GigabitEthernet0/0/2]port link-type trunk
[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
8: Check the configuration of Trunk, here is S3 as an example
[S3]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1-4094 ·配置没问题·
GigabitEthernet0/0/2 trunk 1 1-4094
9: Detect connectivity
PC-1-PC-3 can connect to the same vlan
PC-1-PC-2 can not connect to different vlans
Others will not be demonstrated
PC>ping 10.1.1.3
Ping 10.1.1.3: 32 data bytes, Press Ctrl_C to break
From 10.1.1.3: bytes=32 seq=1 ttl=128 time=140 ms
From 10.1.1.3: bytes=32 seq=2 ttl=128 time=94 ms
From 10.1.1.3: bytes=32 seq=3 ttl=128 time=93 ms
From 10.1.1.3: bytes=32 seq=4 ttl=128 time=109 ms
From 10.1.1.3: bytes=32 seq=5 ttl=128 time=94 ms
--- 10.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 93/106/140 ms
PC>ping 10.1.1.2
Ping 10.1.1.2: 32 data bytes, Press Ctrl_C to break
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
From 10.1.1.1: Destination host unreachable
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
New bloggers, with limited qualifications, please feel free to enlighten me if there are any shortcomings.