-
2. Experimental source code and experimental result verification
Introduce MUX-vlan
MUX-vlan: the main work is the isolation technology of the layer 2 switch
Divided into primary vlan
Slave vlan: isolated vlan: internal mutual access is not allowed
Intercommunication type secondary vlan: internal mutual visits
Use this feature to perform Layer 2 isolation operations
提示:以下是本篇文章正文内容,下面案例可供参考
1. Experimental Topology
2. Experimental source code and experimental result verification
1. Experiment source code:
The code is as follows (example):
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys SW1(命名)
[SW1]un in en
Info: Information center is disabled.
[SW1]vlan b
[SW1]vlan batch 10 20 30(添加vlan)
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int g0/0/1(进入接口)
[SW1-GigabitEthernet0/0/1]
[SW1-GigabitEthernet0/0/1]port link-type access (设置接口模式)
[SW1-GigabitEthernet0/0/1]port default vlan 10(通过vlan)
[SW1-GigabitEthernet0/0/1]display this
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1-GigabitEthernet0/0/2]int g0/0/1
[SW1-GigabitEthernet0/0/1]po
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1] port default vlan 30
[SW1-GigabitEthernet0/0/1]dis
[SW1-GigabitEthernet0/0/1]display th
[SW1-GigabitEthernet0/0/1]display this
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]dis
[SW1-GigabitEthernet0/0/2]display th
[SW1-GigabitEthernet0/0/2]display this
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3] port default vlan 10
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4] port default vlan 20
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port link-type access
[SW1-GigabitEthernet0/0/5] port default vlan 20
[SW1-GigabitEthernet0/0/5]q
[SW1]dis
[SW1]display po
[SW1]display policy-vlan
^
Error:Incomplete command found at '^' position.
[SW1]di
[SW1]display por
[SW1]display port vlan
[SW1]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet0/0/1 access 30 -
GigabitEthernet0/0/2 access 10 -
GigabitEthernet0/0/3 access 10 -
GigabitEthernet0/0/4 access 20 -
GigabitEthernet0/0/5 access 20 -
GigabitEthernet0/0/6 hybrid 1 -
GigabitEthernet0/0/7 hybrid 1 -
GigabitEthernet0/0/8 hybrid 1 -
GigabitEthernet0/0/9 hybrid 1 -
GigabitEthernet0/0/10 hybrid 1 -
GigabitEthernet0/0/11 hybrid 1 -
GigabitEthernet0/0/12 hybrid 1 -
GigabitEthernet0/0/13 hybrid 1 -
GigabitEthernet0/0/14 hybrid 1 -
GigabitEthernet0/0/15 hybrid 1 -
GigabitEthernet0/0/16 hybrid 1 -
GigabitEthernet0/0/17 hybrid 1 -
GigabitEthernet0/0/18 hybrid 1 -
GigabitEthernet0/0/19 hybrid 1 -
GigabitEthernet0/0/20 hybrid 1 -
GigabitEthernet0/0/21 hybrid 1 -
GigabitEthernet0/0/22 hybrid 1 -
GigabitEthernet0/0/23 hybrid 1 -
GigabitEthernet0/0/24 hybrid 1 -
[SW1]
[SW1]vlan 30
[SW1-vlan30]mu
[SW1-vlan30]mux-vlan
[SW1-vlan30]dis
[SW1-vlan30]display th
[SW1-vlan30]display this
#
vlan 30
mux-vlan
#
return
[SW1-vlan30]vlan
[SW1-vlan30]su
[SW1-vlan30]subordinate ?
group Vlan Group
separate Separate vlan
[SW1-vlan30]subordinate se
[SW1-vlan30]subordinate g
[SW1-vlan30]subordinate group 10
[SW1-vlan30]subordinate g
[SW1-vlan30]subordinate group 20
[SW1-vlan30]q
[SW1]vlan 30
[SW1-vlan30]display this
[SW1-vlan30]subordinate separate 20
Error: The current vlan has already been configured to other vlan type.
[SW1-vlan30]undo subordinate group 20
[SW1-vlan30]su
[SW1-vlan30]subordinate se
[SW1-vlan30]subordinate separate 20
[SW1-vlan30]dis
[SW1-vlan30]display th
[SW1-vlan30]display this
[SW1]display mux-vlan
Principal Subordinate Type Interface
-----------------------------------------------------------------------------
30 - principal
30 20 separate
30 10 group
-----------------------------------------------------------------------------
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]po
[SW1-GigabitEthernet0/0/1]port mux
[SW1-GigabitEthernet0/0/1]port mux-vlan en
[SW1-GigabitEthernet0/0/1]port mux-vlan enable
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port mux-vlan enable
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]port mux-vlan enable
[SW1-GigabitEthernet0/0/3]int g0/0/4
[SW1-GigabitEthernet0/0/4]port mux-vlan en
[SW1-GigabitEthernet0/0/4]int g0/0/5
[SW1-GigabitEthernet0/0/5]port mux-vlan enable
[SW1-GigabitEthernet0/0/5]display this
#
interface GigabitEthernet0/0/5
port link-type access
port default vlan 20
port mux-vlan enable
#
return
[SW1-GigabitEthernet0/0/5]q
[SW1]display mux-vlan
Principal Subordinate Type Interface
-----------------------------------------------------------------------------
30 - principal GigabitEthernet0/0/1
30 20 separate GigabitEthernet0/0/4 GigabitEthernet0/0/5
30 10 group GigabitEthernet0/0/2 GigabitEthernet0/0/3
-----------------------------------------------------------------------------
[SW1]
[SW1]2. Verification of experimental results
pc1:
pc1 pings the server:
can communicate
pc1 ping pc2:
can communicate
pc1 ping pc3:
Communication failed, the experiment was successful because there is an isolated network segment
pc3 ping server:
Can communicate, the experiment is successful
pc3 ping pc4:
If the communication fails, the experiment is successful, and the isolated network segments cannot communicate with each other.
Summarize
MUX (multiplex) VLAN is used for traffic isolation between Layer 2 switch networks . It can be used for more precise Layer 2 traffic separation based on VLANs. Take the following topology as an example, so that different departments cannot communicate, but all departments can To access the server network, this situation cannot be solved by using pure VLANs. Some people may say that it can be solved by using layer 3 devices. However, many network technologies are for cost saving.