Experiment one virtual local area network experiment
team member:
【Purpose】
- Complete complex switched Ethernet designs
- Implement VLAN division across switches
- Verify the communication process between endpoints belonging to the same VLAN
- Verify that two terminals belonging to different VLANs cannot communicate
- Verify the Difference Between Access Ports and Tagged Ports
- Verify 802.1Q standard MAC frame format
【Experimental hours】
2 credit hours recommended
[Experimental environment configuration]
Figure 1 Network Structure Diagram
【Principle of experiment】
1. Create VLANs and assign switch ports to VLANs
The network structure is shown in Figure 1. It is required to configure VLANs according to the relationship between terminals and VLANs shown in Table 1. Table 1 Relationship between terminals and VLANs
| VLAN |
terminal |
VLAN |
terminal |
| VLAN1 |
PC7,PC8 |
VLAN2 |
PC1,PC2,PC9 |
| VLAN3 |
PC5,PC6,PC10 |
VLAN4 |
PC3,PC4 |
During switch configuration, if only switching paths belonging to a single VLAN pass through a switch port,
Assign the switch port as an access port (Access) to the VLAN. If there are multiple switching paths belonging to different VLANs passing through a switch port, configure the switch port as a shared port shared by these VLANs.
(Trunk)。
If a switch is directly connected to a terminal belonging to a VLAN, the VLAN needs to be created in the switch. If a switch is not directly connected to a terminal belonging to a VLAN, but as long as a switching path belonging to the VLAN passes through the ports in the switch, the switch also needs to create the VLAN.
For example, the switch SW2 in Figure 1 does not directly connect the terminal belonging to VLAN4, but because the switching path from the terminal PC3 belonging to VLAN4 to PC4 has port 1 and port 2 through switch SW2, VLAN4 also needs to be created in switch SW2.
According to the above principles of creating VLANs and assigning switch ports to VLANs, in order to realize the VLANs shown in Table 1
For the relationship with the terminal, please fill in Table 2 to determine the relationship between VLAN and switch port. Figure 2 Relationship between VLANs and Switch Ports
| switch (model) |
port |
Port type (tick it) |
Assigned VLAN (Access)/ Shared VLAN (Trunk) |
|
| Access |
Trunk |
|||
| SW1 (S3700) |
Ethernet0/0/1 |
☑ |
|
Vlan2 |
| Ethernet0/0/2 |
☑ |
|
Vlan2 |
|
| Ethernet0/0/3 |
☑ |
|
Vlan4 |
|
| Ethernet0/0/4 |
|
☑ |
Vlan2, vlan4 |
|
| SW2(S3700) |
Ethernet0/0/1 |
|
☑ |
Vlan2, vlan4 |
| Ethernet0/0/2 |
|
☑ |
Vlan1, vlan3, vlan4 |
|
| Ethernet0/0/3 |
☑ |
|
Vlan2 |
|
| Ethernet0/0/4 |
☑ |
|
Vlan3 |
|
| Ethernet0/0/5 |
☑ |
|
Vlan1 |
|
| SW3(S3700) |
Ethernet0/0/1 |
☑ |
|
Vlan4 |
| Ethernet0/0/2 |
☑ |
|
Vlan3 |
|
| Ethernet0/0/3 |
☑ |
|
Vlan3 |
|
| Ethernet0/0/4 |
|
☑ |
Vlan1, vlan3, vlan4 |
|
| Ethernet0/0/5 |
☑ |
|
Vlan1 |
|
2. The relationship between port mode and MAC frame format
The MAC frame input/output from the access port does not carry the VLAN ID and is in the normal MAC frame format. In the MAC frame input/output from the shared port, except the MAC frame belonging to the local VLAN, other MAC frames carry the VLAN ID of the VLAN to which the MAC frame belongs. The native VLAN can be determined by configuration. By default, VLAN 1 is the native VLAN. Therefore, for a MAC frame output through a shared port, if the MAC frame is a MAC frame transmitted between two terminals belonging to VLAN 1, the format of the MAC frame is a normal MAC frame. If the MAC frame is two belonging to the same other
The MAC frame transmitted between the terminals of the VLAN, the MAC frame format is the 802.1Q standard MAC frame format (carrying the VLAN
ID's MAC frame format). The following figure is the frame format of 802.1Q.
3. Description of key commands
The switch VLAN configuration process is divided into two steps: 1) Create multiple VLANs on the switch as needed, the default
In case there is only one VLAN on the switch, namely VLAN 1; 2) Assign the switch ports to different VLANs.
- Create VLAN Run the vlan <vlan-id> command on the switch to create a VLAN.
[SWA] vlan 10
[SWA-vlan10]quit
[SWA]vlan batch 2 to 3
Info: This operation may take a few seconds. Please wait for a moment...done.
As shown in this example, after executing the vlan 10 command, VLAN 10 is created and the VLAN 10 view is entered. The value range of VLAN ID is 1 to 4094. To create multiple VLANs, you can execute the vlan batch { vlan-id1 [ to vlan-id2 ] } command on the switch to create multiple consecutive VLANs. You can also run the vlan batch { vlan-id1 vlan-id2 } command to create multiple non-consecutive VLANs with spaces between VLAN numbers. Use the quit command to exit the VLAN view.
- Configure the link type of the port and assign the port to a VLAN
The default port type is hybrid. The command to configure the port type is port link-type <type> , and the type can be configured as Access, Trunk or Hybrid. It should be noted that if the port type information is not found when viewing the port configuration, the port uses the default hybrid port link type. When modifying the port type, the default port must be restored first
VLAN configuration so that the port belongs to the default VLAN 1.
1) Assign access port (Access)
[SWA]interface Ethernet 0/0/5
[SWA-Ethernet0/0/5]port link-type access
[SWA-Ethernet0/0/5]port default vlan 2
The interface Ethernet 0/0/5 command is used to enter the interface configuration mode of the switch port Ethernet 0/0/5. port link-type access is a command used in interface mode to designate the port of a specific switch as the access port
(Access), in this example, the Ethernet0/0/5 interfaces of the SWA switch are configured as access ports. port default vlan 2 adds the port to VLAN 2. 2) Assign a shared port (Trunk)
[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
When configuring Trunk, you should first use the port link-type trunk command to change the port type to Trunk, and then configure
Set which VLAN data frames are allowed to pass through the Trunk port. Execute port trunk allow-pass
The vlan { { vlan-id1 [ to vlan-id2 ] } | all } command can configure the VLANs allowed by the port, all means allow all VLANs
VLAN data frames pass through. In this example, the G0/0/1 port of SWA is configured as a trunk port, and the PVID of this port is 1 by default. configure
After the port trunk allow-pass vlan 2 3 command, the trunk allows the data traffic of VLAN 2 and VLAN 3 to pass through.
3. After verifying the configuration and creating a VLAN, you can run the display vlan command to view the configuration result.
[SWA]display vlan
The total number of vlans is : 4
------------------------------------------------------------
U:Up; D:Down; TG:Tagged; UT:Untagged; MP:Vlan-mapping; ST:Vlan-stacking; #:
ProtocolTransparent-vlan; *:Management-vlan;
--------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------
1 common UT:GE0/0/1(U) ……
2 common UT: GE0 / 0/7 (D) TG: GE0 / 0/1 (U) common UT: GE0 / 0/5 (U) TG: GE0 / 0/1 (U)
10 common
……
TG indicates that the port will forward the data frame corresponding to the VLAN without stripping the label, and the port will be forwarded directly. The port can be a Trunk port or a labeled Hybrid port. In this example, GigabitEthernet0/0/1 is forwarding VLAN 2
When the traffic of VLAN3 and VLAN3 is not stripped, it is directly forwarded.
You can also use the display port vlan command to view the configuration of VLANs and interfaces.
[SWB]disp port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Ethernet0/0/1 trunk 1 1-4094
Ethernet0/0/2 trunk 1 1-4094 Ethernet0/0/3 hybrid 1 -
In this example, you can see that both E0/0/1 and E0/0/2 of SWB have been configured as trunk type, and run all the
VLAN traffic passes through (VLAN 1~4094).
4. Preservation arrangement
In the user view, use the save command to save the current configuration information.
After saving, use display saved-configuration to display the configuration.
【Experimental steps】
Exercise 1: Basic Networking Operations
1. After placing and connecting network devices according to the network structure shown in Figure 1, start all devices. Carry out the following ping experiment, observe the phenomenon, record the result, and explain the reason.
Table 2 Exercise 1 Ping test results
| Ping experiment |
Whether PING _ |
reason |
| PC1–PC9(192.168.1.9) |
Pass |
on the same network segment |
| PC3–PC4(192.168.1.4) |
Pass |
on the same network segment |
| PC5–PC10(192.168.3.10) |
Pass |
on the same network segment |
| PC7–PC8(192.168.1.8) |
Pass |
on the same network segment |
| PC1 – PC3(192.168.1.3) |
Pass |
on the same network segment |
| PC2 – PC6(192.168.3.6) |
No way |
not on the same network segment |
| PC9-PC7(192.168.1.7) |
Pass |
on the same network segment |
Exercise 2: According to Table 2 , create VLANs in each switch and assign ports.
- On switch SW1, enter "display vlan" in the view to check the default vlan configuration of the switch, you can find that all ports are added to VLAN 1 by default. Switches SW2 and SW3 are also similar.
- Configure the Access port on switch SW1: (1) Enter "sys" in the user view to enter the system view;
In this view, you can enter the following command to close the log information command to reduce the prompt information of device configuration changes. An example is as follows:
<r1>sys
Enter system view, return user view with Ctrl+Z.
[r1]info-center source DS channel 0 log state off trap state off
(2) Use "vlan batch 2 4" to create two vlans (3) Configure the Ethernet0/0/1 port as Access type and enter the port setting interface: interface Ethernet0/0/1 Set the port link type: port link-type access Add port to vlan: port default vlan 2
(4) Use the quit command to exit the interface view and return to the system view. Configure the other several Access-type ports on SW1 in a similar manner.
3. Configure the trunk port on switch SW1:
(1) Enter "sys" in the user view to enter the system view;
(2) Configure the Ethernet0/0/4 port as Trunk type and enter the port setting interface: interface Ethernet0/0/4 Set the port link type: port link-type trunk Set the allowed vlan frames: port trunk allow-pass vlan all
(3) Use the quit command to exit the interface view and return to the system view.
4. Create VLANs and configure ports on other switches SW2 and SW3. Reminder: By default, all switch ports are assigned to VLAN 1 as access ports, so Ethernet0/0/5 of SW2 and Ethernet0/0/5 of SW3 are not required to be assigned to VLAN 1. In addition, the port on SW2 is not directly connected to the host on VLAN 4, but because the communication between PC3 and PC4 in VLAN4 needs to go through SW2, when creating VLAN on SW2, VLAN 2 still needs to be established.
After completing the above operations correctly, perform the following ping experiment, observe the phenomenon, record the results, and explain the reasons. Table 3 Ping test results of exercise 2
| Ping experiment |
Whether PING _ |
reason |
| PC1–PC9(192.168.1.9) |
Pass |
Two terminals are in the same virtual network vlan2 |
| PC3–PC4(192.168.1.4) |
Pass |
Two terminals are in the same virtual network vlan4 |
| PC5–PC10(192.168.3.10) |
Pass |
Two terminals are in the same virtual network vlan3 |
| PC7–PC8(192.168.1.8) |
Pass |
Two terminals are in the same virtual network vlan1 |
| PC1 – PC3(192.168.1.3) |
No way |
The two terminals are not in the same virtual network |
| PC2 – PC6(192.168.3.6) |
No way |
The two terminals are not in the same virtual network |
| PC9-PC7(192.168.1.7) |
No way |
The two terminals are not in the same virtual network |
Exercise 3: Observe the VLAN configuration on each switch and the 802.1Q MAC frame format
- Run "display vlan" on each switch, and fill in the following table according to the configuration of each VLAN on each port of the switch:
表 4 交换机上的 VLAN 配置
| 交换机 |
VLAN |
Tagged 端口 |
Untagged 端口 |
| SW1 |
VLAN 2 |
Eth0/0/4 |
Eth0/0/1, Eth0/0/2 |
| VLAN 4 |
Eth0/0/4 |
Eth0/0/3 |
|
| SW2 |
VLAN 2 |
Eth0/0/1, Eth0/0/2 |
Eth0/0/3 |
| VLAN 3 |
Eth0/0/1, Eth0/0/2 |
Eth0/0/4 |
|
| VLAN 4 |
Eth0/0/1, Eth0/0/2 |
无 |
|
| SW3 |
VLAN 3 |
Eth0/0/4 |
Eth0/0/3, Eth0/0/2 |
| VLAN 4 |
Eth0/0/4 |
Eth0/0/1 |
标明为 Tagged 的端口表明该端口在转发对应 VLAN 的数据帧时,不会剥离标签,直接
进行转发。而标明为 Untagged 表明该端口发送数据帧时,会剥离 VLAN 标签。
- 在 SW3 的 Ethernet0/0/4 端口进行抓包,然后在 PC6 上运行“ping 192.168.3.10”,也即从 PC6 去 ping PC10,查看 Wireshark 的抓包结果。可以发现 PC6 发给 PC10 的 ping 包中含有 802.1Q 标准的 MAC 帧,将其中的字段值填入下表。
表 5 802.1Q 帧
| PRI |
CFI |
ID |
Type |
| 0 |
0 |
3 |
IP(0x0800) |
在 Ping 的过程中,由于 SW3 的 Ethernet0/0/4 口是被 VLAN 1、VLAN 3 和 VLAN 4 共享的共享端口,该 MAC 帧经过交换机 SW3 的 Ethernet0/0/4 口输出时,会携带 VLAN 3 对应的 ID。 继续在 SW3 的 Ethernet0/0/4 端口进行抓包,然后在 PC7 上运行“ping 192.168.1.8”,也即从 PC7 去 ping PC8,查看 Wireshark 的抓包结果。可以发现 PC7 发给 PC8 的 ping 包中并没有 802.1Q 标准的 MAC 帧。
练习四:保存各交换机配置,并查看配置情况
1. 分别在各个交换机上运行“save”,然后使用“display saved-configuration”命令,分别查看各交换机上的配置情况。
请分别贴在此处。
交换机 1 的配置:
#
sysname Huawei
#
vlan batch 2 4
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 2
#
interface Ethernet0/0/2
port link-type access
port default vlan 2
#
interface Ethernet0/0/3
port link-type access
port default vlan 4
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 4
#
---- More ----
交换机 2 的配置:
#
sysname Huawei
#
vlan batch 2 to 4
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/3
port link-type access
port default vlan 2
#
interface Ethernet0/0/4
port link-type access
port default vlan 3
# ---- More ----
交换机 3 的配置:
#
sysname Huawei
#
vlan batch 3 to 4
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 4
#
interface Ethernet0/0/2
port link-type access
port default vlan 3
#
interface Ethernet0/0/3
port link-type access
port default vlan 3
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/5
port link-type access
#
---- More ----
【思考问题】
- VLAN 有什么作用?
答:将局域网设备从逻辑上划分成一个个网段。实现广播域的分割,将连接在物理交换式以太网上的终端按照用户制定的分配原则分配到个个vlan中。
- 练习 3 中为什么 PC7 ping PC8,并不会携带 VLAN ID?
答:PC7和PC8是默认vlan1,默认的vlan是不携带VLAN ID的。
- 如果一个 Trunk 链路 PVID 是 5,且端口下配置 port trunk allow-pass vlan 2 3,那么哪些 VLAN 的流量可以通过该 Trunk 链路进行传输?
答:vlan2和vlan3
- PVID 为 2 的 Access 端口收到一个不带标记的帧会采取什么样的动作?
答:打上该端口的PVID后继续转发(到交换机内部的其他端口)。
- 如果在 SW2 中没有设置 VLAN 4,也则 PC3 能否 ping 通 PC4?为什么?在 SW2 的 E0/0/1 和 E0/0/2 口分别抓包到的 PC3 发出的报文会含有 VLAN 标识符么?
答:不能。因为SW2 中没有设置 VLAN 4,发送给vlan4终端的消息SW2找不到vlan4就会丢弃。发送不到PC4。
在E0/0/1口会有VLAN 标识符,在E0/0/2没有包