1. Task topology
2. Knowledge preparation
In Ethernet, broadcast domains are isolated and the security of network communication is enhanced by dividing VLANs. An Ethernet is usually composed of multiple switches. In order to transmit VLAN data frames across multiple switches, the interconnection links between the switches need to be configured as trunk links. Unlike the access link, the trunk link is used to carry multiple different VLAN data between different devices (such as between a switch and a router, between a switch and a switch), and it does not belong to any specific VLAN. It can carry all VLAN data, or it can be configured to only transmit data of specified VLAN.
1. The emergence of link type VLAN technology makes VLAN Ethernet frames with tags and VLAN Ethernet frames without tags exist in the switch network. Therefore, the links can be divided into access links and trunk links. link.
(1) Access link (Access Link) The link used to connect the computer and the switch is called the access link, and the frames passing through the access link are VLAN Ethernet frames without Tag.
(2) Trunk link (Trunk Link) The link used to connect the switch and the switch is called the trunk link. The frame passing on the trunk link is generally a VLAN Ethernet frame with a tag, or a VLAN frame without a tag. Ethernet frame.
2. The PVID of the port type is the Port VLAN ID, which represents the default VLAN of the port. By default, the PVID of each port of the switch is 1. The frames received by the switch from the peer device may be untagged data frames, but all Ethernet Network frames are processed and forwarded in the form of Tagged in the switch, so the switch must add a Tag to the untagged data frame received by the port. To achieve this, the switch must be configured with a default VLAN for the port. When the port receives an Untagged data frame, the switch will add the VLAN Tag of the default VLAN to it. Based on the different processing methods of the link to the VLAN tag, therefore, the ports of the Ethernet switch are also distinguished, and the port types are roughly divided into three categories.
1. Access port (Access Port) The Access port is the port used to connect the user host on the switch, it can only connect the access link, and only allow the unique VLAN ID to pass through this port. The rules for sending and receiving data frames on the Access port are as follows. (1) If the Access port receives the data frame sent by the peer device as Untagged (without VLAN tag), the switch will forcefully add the PVID of the port; if the port receives the data frame sent by the peer device as Tagged (with VLAN tag). VLAN tag), the switch will check the VLAN ID in the Tag, and when the VLAN ID is the same as the PVID of the port, the packet will be accepted; otherwise, the packet will be discarded.
(2) When the Access port sends a data frame, it will always strip the Tag of the data frame first, and then send it. The Ethernet frame sent by the Access port to the peer device is always a data frame without Tag. Ethernet0/0/1, Ethernet0/0/2, and Ethernet0/0/3 of switch LSW1 are connected to three hosts PC1, PC2, and PC3 respectively, and are configured as access ports. The host PC1 sends the data frame (without tag) to the Ethernet0/0/1 port of the switch LSW1, and then the switch sends it to other destinations. After receiving the data frame, the switch LSW1 will add VLAN Tag 10 to the data frame according to the PVID of the port, and then decide to forward the data frame through Ethernet0/0/3 port. The PVID of the Ethernet0/0/3 port is also 10, which is the same as the VLAN ID in the VLAN tag. Then the switch will strip the Tag and send the data frame to the host PC3. The PVID of the port connected to host PC2 is 20, which does not belong to the same VLAN as VLAN10, so this port will not receive data frames of VLAN10.
2. Trunk Port (Trunk Port) The Trunk port is the port used to connect with other switches on the switch, and it can only connect to the trunk link. Trunk ports allow frames (with Tags) of multiple VLANs to pass through. The rules for sending and receiving data frames on a Trunk port are as follows.
(1) When the Trunk port receives a data frame without a Tag sent by the peer device, the switch will add the PVID of the port to the data frame. If the PVID is in the allowed VLAN ID list, the message will be accepted, otherwise Discard the packet. When receiving a tagged data frame sent by the peer device, the switch will check whether the VLAN ID is in the allowed VLAN ID list. If the VLAN ID is in the list of VLAN IDs allowed by the port, the message will be accepted. Otherwise, the packet is discarded.
(2) When the Trunk port sends a data frame, when the VLAN ID is the same as the PVID of the port and is the VLAN ID allowed by the port, the switch will strip the Tag and send the message. When the VLAN ID is different from the PVID of the port, but it is also the VLAN ID allowed by the port, the original Tag will be kept and the packet will be sent. The port connecting the switch LSW1 and the switch LSW2 to the host is an access port, and the port connecting the PVID switch LSW1 and the switch LSW2 is a trunk port, and the PVID is 1. This trunk link allows traffic of all VLANs to pass through. When the switch LSW1 forwards the data frame of VLAN1, it will strip the Tag, and then send it to the trunk link; while forwarding the data frame of VLAN20, it will not strip the Tag, but directly forward it to the trunk link.
3. Task implementation
