Article directory
1. Overview of VLANs
1.1 Introduction to VLAN
-
VLAN is the abbreviation of Virtual Local Area Network (Virtual Bridged Local Area Network) (IEEE802.1Q agreement), it is in aLogical network divided from physical network. This network corresponds to the second layer of the ISO modeldata link layer。
-
Division of VLANsNot limited by the actual physical location of the network ports。
注意:
(1) Two adjacent nodes must be inwithin the same network segment。
(2) Subnet division can be divided intodifferent network segments。
1.2 IEEE802.1Q frame format
1.3 Advantages of VLAN
巨大的广播域会带来很多弊端:
-
broadcast storm
-
Difficult to manage and maintain
-
potential security issues
There are two ways to split broadcast domains:physical division、logical division;
物理分割:路由器;逻辑分割:划分不同VLAN;
Advantages of VLANs:control broadcast、Enhance network security、Simplify network management;
1.4 Types of VLANs
Static VLAN: based onport division(used more)
Dynamic VLAN: based onMAC address division
1.5 VLAN ID range
Total number of VLANs: 4096 (0-4095)
Available VLAN ID rangeFor: 1-4094 (1 is the default ID, 0 and 4095 are reserved for the system)
2.TRUNK link
2.1 Introduction to TRUNK
The link types of Huawei switches are:ACCESS、TRUBK、HYBRID(Huawei/H3C default link type).
-
TRUNK is through aphysical link, to achieve cross-switching intercommunication with the same VLAN;
-
TRUNK has two encapsulation modes: ISL and IEEE 802.1Q;
-
TRUNK configurationSimplifies the network structure, more flexible management;
-
access link type: usually configured inswitch to computer/routerPorts for data that will enter the switch =join a vlan, or will send data from the switchout of vlan identification;
The switch tags the data frames to other switches with a VLAN ID, as shown in the figure below;
- trunk link type: usually configured inSwitches and SwitchesThe connected port is used for vlan communication between the switch and the switch;
注意:
-
VLAN can only be used inswitch, there is no need to add any VLAN information in the router.
-
TRUNK type port: allowMultiple VLANs pass through, can receive and send multiple VLAN packets, generally used forSwitches and Switchesrelated interfaces.
2.2 TRUNK command configuration
Experiment: Divide different VLANs
实验环境:
-
There are many broadcasts in the existing network, resulting in very slow network speed
-
Various departments can visit each other, and there are certain security issues
需求描述: Restrict broadcast messages to enhance certain internal security of the company
实验拓扑图如下所示:
拓扑图详解: All PC hosts belong toThe same network segment (192.168.0.0/24), requiring that PC1, PC3, and PC5 belong to
VLAN10, that is, the three hosts can communicate with each other; PC2, PC4, and PC6 belong to VLAN20, and VLAN10 and VLAN20 are different.
able to communicate with each otherLogical isolation within the same LAN.
The experimental steps are as follows:
1. Configure the specified IP address and mask for each host respectively;
以PC1为例,其他各主机与PC1配置操作相同
补充说明: First of all, before any configuration is done on each switch, since all PC hosts belong to the 192.168.0.0/24 network
segment, switchThe default VLAN ID number is VLAN 1, that is, all hosts at this timebelong to the same network segment and a VLAN number,
Therefore, each host can realize the intercommunication of the whole network .
以PC1从为例,主机PC1 ping 主机PC2结果,如下所示:
主机PC1 ping 主机PC3结果,如下所示:
主机PC1 ping 主机PC4结果,如下所示:
主机PC1 ping 主机PC5结果,如下所示:
主机PC1 ping 主机PC6结果,如下所示:
2. Configure access interfaces for the interfaces of the access links of each switch, and divide them into different VLANs according to the specified requirements;
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sys SW1
[SW1]undo info-center enable
Info: Information center is disabled.
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]vlan batch 10 20
查看交换机R1的VLAN信息,结果如下所示:
为交换机SW1的接入链路配置access口,并划分到不同VLAN中;
查看交换机SW1的VLAN信息,如下所示:
3. Add a trunk port for the switch SW2 and the trunk link, add the 0/0/3 interface of the switch SW1, and add the trunk link type;
删除交换机SW2上0/0/2接口上的错误配置,并重新为0/0/4接口划分VLAN;
至此,交换机上所有接口信息,已成功配置;
4. Try to ping other hosts on the host PC1, and view the results (connected to PC3 and PC5, and logically isolated from PC2, PC4, and PC6)
主机PC1ping主机PC3,结果如下所示:
主机PC1ping主机PC4,结果如下所示:
So far, all the results of this experiment have been successfully completed, and this is the end!