Article directory
Purpose
- Understand the concept and principle of VLAN;
- Master the VLAN division method based on the switch port;
- Master the single-switch and cross-switch VLAN configuration methods of Cisco2950 switches.
Experimental principle
(1) The concept of VLAN
VLAN (Virtual Local Area Network, Virtual Local Area Network) is a network technology that allows you to create logically separated networks in a physical network. Each VLAN is an independent broadcast domain, which means that devices in one VLAN can only communicate directly with other devices in the same VLAN.
The working principle of VLAN is to add a VLAN tag to the data packet, which identifies which VLAN the data packet belongs to. Network devices (such as switches) use this label to decide how to process and forward data packets. In this way, even if the devices are physically connected on the same switch or network, as long as they belong to different VLANs, they cannot communicate directly.
Virtual local area network is actually just a service provided by local area network to users, not a new type of local area network.
Experimental content
(1) The experimental topology is as follows:
-
To construct the experimental network according to the above topological diagram, it is required to configure the IP addresses of each PC terminal to achieve
reachability between PC1 and PC2, and reachability between PC3 and PC4.
-
Check the address through the configuration window here:
Test:
PC1 ping PC2:
PC3 ping PC4:
(2) Through the above connection diagram, now Switch1 and Switch2 are connected through their fastethernet0/24 interfaces using straight-through cables (straight-through cables). Is PC1 pinging PC3/PC4 successful? How to connect to make PC1 reachable to PC3 and PC4.
won't connect, use a crossover
(3) Connect the fastethernet0/24 interfaces of Switch1 and Switch2 with a crossover cable, and divide PC2 and PC4 into VLAN 10 before testing. Is PC1 pinging PC2 successful? Is PC1 pinging PC3 successful? Is PC1 pinging PC4 successful? Can PC2 ping PC4? Why?
Configure the switch: directly enter the command in the CLI window in the switch/router configuration window, and
the interfaces connected to PC2 and PC4 are divided into VLAN 10 respectively:
There are two ways to create a vlan in Cisco IOS,
use the vlan vlanid command in the global configuration mode,
such as switch(config)#vlan 10
to create a vlan under the vlan database,
such as switch(vlan) #vlan 20.
Switch1 configuration:
Create vlan 10:
Switch1>enable
Switch1#vlan database
Switch1(vlan)#vlan 10 name VLAN10
is divided based on ports:
Switch1>enable
Switch1#configure terminal
Switch1(config)#interface fastethernet0/2 Enter port configuration mode
Switch1(config -if)#switchport mode access Configure the port as access mode
Switch1(config-if)#switchport access vlan 10 divide the port into vlan 10
View vlan information:
Switch2 configuration:
Create vlan 10:
Switch2>enable
Switch2#configure terminal
Switch2(config)#vlan 10
Switch2(config-vlan)#name vlan10
Switch2(config-vlan)
#Based on port division:
Switch2>enable
Switch2#configure terminal
Switch2( config)#interface fastethernet0/2 Enter the port configuration mode
Switch2(config-if)#switchport mode access configure the port as access mode
Switch2(config-if)#switchport access vlan 10 divide the port into vlan 10
View vlan information:
(4) PC1 test
PC1 test: PC1 to PC2 unreachable
PC1 test: PC1 to PC3 reachable
PC1 test: PC1 to PC4 unreachable
(5) PC2 test
PC2 test: PC2 to PC3 unreachable
PC2 test: PC2 to PC4 unreachable
Through the above tests, PC1 to PC3 are reachable, but PC1 to PC2 and PC4 are unreachable; PC2 to PC4 are unreachable. Analyze its reasons.
Reason: Interface 24 is in vlan1, so vlan10 cannot use interface 24, so pc2 and pc4 are unreachable
(6) Configure trunk
Configure the fastethernet0/24 interface mode in the switch as trunk, and check the vlan id information that is allowed to pass through
Switch1(config)# interface fastethernet0/24
Switch1(config-if)#switchport mode trunk
Switch2(config)# interface fastethernet0/24
Switch2(config-if)#switchport mode trunk
Switch1(config-if)#switchport trunk allowed vlan add 10 允许 vlan 10 数据通过
Switch1(config-if)#switchport trunk allowed vlan remove 10 取消 vlan 10 数据通过
After the above configuration is completed, PCs in the same vlan can be reached, and different vlans cannot be reached, that is,
PC1 to PC3 can be reached, and PC2 to PC4 can be reached.
Note that after configuring the interface mode as trunk, vlan1 must also be added to enable PC1 to ping PC3
Experiment summary
- Mainly master the operation of configuring switch VLANs, and master how to divide VLANs.
- Virtual local area network (VLAN) technology can divide a large layer 2 switching network into several smaller logical networks, each logical network is a broadcast domain, and has nothing to do with the specific physical location, which makes VLAN technology in the local area network is commonly used.
- vlan has the following advantages:
(1) Control the broadcast domain. Each VLAN belongs to a broadcast domain. By dividing different VLANs, the broadcast is limited within a VLAN, which will effectively control the broadcast range and reduce the adverse impact of broadcast on the network.
(2) Enhance the security of the network. User groups with sensitive data can be isolated from other users through VLAN to reduce the possibility of leakage caused by broadcast monitoring.
(3) The networking is flexible and easy to manage. VLANs can be divided according to functional departments, project groups or other management logic to facilitate resource sharing within departments. Since VLAN is only a logical grouping network, users in different geographical locations can be divided into the same VLAN. For example, if some users on the second floor and some users on the third floor of a building are assigned to the same VLAN, although they may be connected to different manage. - Master the operation mode of dividing vlan in Cisco
Create vlan 10:
Switch1>enable
Switch1#vlan database
Switch1(vlan)#vlan 10 name VLAN10
is divided based on port:
Switch1>enable
Switch1#configure terminal
Switch1(config)#interface fastethernet0/2 Enter port configuration mode
Switch1(config-if) #switchport mode access Configure the port as access mode
Switch1(config-if)#switchport access vlan 10 divide the port into vlan 10
- The connection of the switch should use a crossover cable instead of a straight-through cable
Devices in a network are generally divided into two types: MDI and MDI-X. Generally speaking, devices such as computers and routers belong to the MDI type, while devices such as switches and hubs belong to the MDI-X type.
In an Ethernet cable, there are two pairs of wires used for data transmission, one pair for sending data and one pair for receiving data. For MDI devices, the sending line corresponds to lines 1 and 2, and the receiving line corresponds to lines 3 and 6. For MDI-X equipment, the sending line corresponds to lines 3 and 6, and the receiving line corresponds to lines 1 and 2.
When connecting network devices, it is usually necessary to ensure that thesending lineto the other endreceiving line,vice versa. Therefore, if you areConnect two devices of the same type(for example, two computers or two switches), you need to usecross line, which connects the send line at one end to the receive line at the other end, and vice versa.
However, if you're connecting two different types of devices (for example, a computer and a switch), you can use straight-through cables because their transmit and receive lines are already matched to each other.