Articles and resources are archived in [AIShareLab], which can be obtained by replying to communication systems and networks .
Article directory
First, the purpose
- Master the basic configuration of VLAN and Trunk.
- Master the basic configuration of Ethernet link aggregation.
- Master the configuration of router sub-interfaces and how to achieve interworking between VLANs through sub-interfaces (single-arm routing)
2. Environment and network topology
This experiment simulates a typical simple campus network, as shown in Figure 1, in which the terminals of VLAN10 and VLAN20
are connected to the access switch AS1, the terminal of VLAN30 is connected to the access switch AS2, and AS1 is connected to the router Router through AS2. Among them, it is assumed that AS1 and AS2 are both Layer 2 switches and do not have Layer 3 functions. The router uses the sub-interface of its GE0/0/0 interface as the gateway for terminals in VLAN10, VLAN20 and VLAN30 to realize the three-layer switching of terminals between different VLANs. layer exchange visits. Among them, it is recommended to use S5700 and above equipment for switches AS1 and AS2, and AR2220 and above equipment for router.
Figure 1 IPv6 Ethernet single-arm routing experiment topology.
Note: In actual networking, considering the laboratory equipment configuration, the router can choose AR1220. The default
port includes 2 Gigabit Fast Ethernet ports (respectively shown in the interface view). They are GigabitEthernet0/0/0 and
GigabitEthernet0/0/1, both are Layer 3 interfaces) and 8 Fast Ethernet ports (shown in the interface view are
Ethernet0/0/0-Ethernet0/0/7, both are Layer 2 interfaces) ), compared to the AR2220 networking mode used in Figure 1 in the simulation experiment, the interface selection remains unchanged during the experiment, and the GigabitEthernet0/0/0 interface is still selected. The switch can choose S3700. The default ports of S3700 include 24 Fast Ethernet ports (displayed in the interface view as Ethernet0/0/1-Ethernet0/0/24) and 4 Gigabit Ethernet ports (currently enabled as Console on the panel). There are two electrical ports on the left side of the port. The corresponding interface serial numbers when the panel lights up are 27 and 28 respectively. The interface view shows GigabitEthernet0/0/3 and GigabitEthernet0/0/4 respectively. Compared with Figure 1, the switch adopts S5700 network. Method, during the experiment, the switch interface GE0/0/0-2 was changed to Ethernet0/0/0-2, GE0/0/23-24 was changed to Ethernet13-14, and GE0/0/20 was changed to Ethernet0/0/20.
Note that in order to adapt to network requirements, the following Ethernet interface types are defined on the device: The Layer 2 Ethernet interface is
a physical interface that works at the data link layer and cannot be configured with an IP address. It can Perform Layer 2 switching and
forwarding, or join a VLAN to perform Layer 3 routing and forwarding of received packets through the VLANIF interface; Layer 3
The Ethernet interface is a physical interface that works at the network layer and can be configured with an IP address. It can perform Layer 3 routing and forwarding of received packets . For the AR200 series, AR1220, AR1220V, AR1220W, AR1220VW, and AR1220F,
interfaces Ethernet0/0/0-Ethernet0/0/7 are Layer 2 Ethernet interfaces by default. The device supports switching interfaces Ethernet0/0/0-Ethernet0/0/7 from Layer 2 mode to Layer 3 mode through the undo
portswitch command.
3. Demand
1. Complete the configuration of each network device so that PC1, PC2 and PC3 belong to VLAN10, VLAN20 and VLAN30 respectively. The gateways of the VLANs corresponding to the three computers are all on the GE0/0/0 interface of the Router. The Router communicates with the three through sub-interfaces. VLAN interconnection.
2. Deploy Ethernet link aggregation between AS1 and AS2.
3. PC1, PC2 and PC3 are required to achieve Layer 3 interoperability.
4. Steps
(1) Create the relevant VLAN on AS1 and complete the interface configuration.
Complete the following configuration on AS1:
<Huawei> system-view
[Huawei] sysname AS1
#创建VLAN10及20:
[AS1] vlan batch 10 20
#将连接PC1的接口配置为Access类型并加入VLAN10:
[AS1] interface GigabitEthernet 0/0/1
[AS1-GigabitEthernet0/0/1] port link-type access
[AS1-GigabitEthernet0/0/1] port default vlan 10
[AS1-GigabitEthernet0/0/1] quit
#将连接PC2的接口配置为Access类型并加入VLAN20:
[AS1] interface GigabitEthernet 0/0/2
[AS1-GigabitEthernet0/0/2] port link-type access
[AS1-GigabitEthernet0/0/2] port default vlan 20
[AS1-GigabitEthernet0/0/2] quit
#创建聚合接口Eth-trunk1,并将GE0/0/23及GE0/0/24作为成员接口加入该聚合接口,然
后将聚合接口配置为Trunk类型并允许VLAN10及20:
[AS1] interface Eth-Trunk 1
[AS1-Eth-Trunk1] trunkport GigabitEthernet 0/0/23
[AS1-Eth-Trunk1] trunkport GigabitEthernet 0/0/24
[AS1-Eth-Trunk1] port link-type trunk
[AS1-Eth-Trunk1] port trunk allow-pass vlan 10 20
[AS1-Eth-Trunk1] quit
Figure 2 Process of configuring AS1
Phased verification:
⑴ Execute the display vlan command in the AS1 system view, view the VLAN information on AS1 and display the results, verify whether the current AS1 has successfully created VLAN10 and VLAN20, and confirm the ownership relationship between each interface and the VLAN.
Figure 3 The result of executing the display vlan command in the AS1 system view is shown in Figure 3. AS1 has successfully created VLAN10 and VLAN20. The ownership relationship between each interface and the VLAN is as shown in the figure: interface 1 and interface Eth-trunk1 belong to VLAN10, and the interface 2 and interface Eth-trunk1 belong to VLAN20
⑵ Execute the display port vlan command in the AS1 system view to view the VLAN information of the AS1 interface and display the results to verify whether each interface correctly belongs to the assigned VLAN.
Figure 4 Execute the display port vlan command in the AS1 system view
. The verification results are shown in Figure 4. The verification shows that each interface has correctly belonged to the divided VLAN
(2) Create the relevant VLAN on AS2 and complete the interface configuration.
Complete the following on AS2 Configuration:
<Huawei> system-view
[Huawei] sysname AS2
[AS2] vlan batch 10 20 30
[AS2] interface GigabitEthernet 0/0/1
[AS2-GigabitEthernet0/0/1] port link-type access
[AS2-GigabitEthernet0/0/1] port default vlan 30
[AS2-GigabitEthernet0/0/1] quit
[AS2] interface Eth-Trunk 1
[AS2-Eth-Trunk1] trunkport GigabitEthernet 0/0/23
[AS2-Eth-Trunk1] trunkport GigabitEthernet 0/0/24
[AS2-Eth-Trunk1] port link-type trunk
[AS2-Eth-Trunk1] port trunk allow-pass vlan 10 20
[AS2-Eth-Trunk1] quit
[AS2] interface GigabitEthernet 0/0/20
[AS2-GigabitEthernet0/0/20] port link-type trunk
[AS2-GigabitEthernet0/0/20] port trunk allow-pass vlan 10 20 30
[AS2-GigabitEthernet0/0/20] quit
Note: In the above configuration, we created 3 VLANs on AS2, then configured the GE0/0/1 interface as an Access interface and added it to VLAN30, then created the Eth-trunk1 interface and added the corresponding member interface, which is used To connect to
AS1, the data frames of VLANs 10 and 20 need to be allowed to pass. In addition, the GE0/0/20 interface is used to connect to the Router. This interface needs to allow the data frames of VLANs 10, 20 and 30 to pass, so these three VLANs must be allowed to pass. The results are shown in Figure 5:
Figure 5 Process of configuring AS2
Phased verification:
⑴ Execute the display eth-trunk 1 command in the AS2 system view to check the status of the aggregation interface and verify whether AS1 and AS2 have completed the link aggregation configuration.
Figure 6 Execute the display eth-trunk 1 command
. The verification results are shown in Figure 6. The Eth-trunk1 interface of AS2 contains 2 member interfaces, and the status of these two member interfaces is Up. It needs to be emphasized again that once the Eth-trunk aggregate interface between devices is formed, the device will treat the Eth-trunk aggregate interface as an independent interface, and the configuration of the interconnection between devices (such as Trunk configuration) will no longer exist. It is performed under the physical member interface and under the aggregate interface.
⑵ Execute the display vlan command in the AS2 system view to view the VLAN information on AS2 and display the results. Verify that VLAN10, VLAN20 and VLAN30 have been successfully created on AS2 and confirm the ownership relationship between each interface and the VLAN.
Figure 7
The verification result of executing the display vlan command in AS2 system view is shown in Figure 7. AS2 has successfully created VLAN10, VLAN20 and VLAN30. The ownership relationship between each interface and VLAN is as follows: interface 20 interface Eth-trunk1 belongs to VLAN10, interface 20 interface Eth -trunk1 belongs to VLAN20, interface 1 and interface 20 belong to VLAN30.
⑶ Execute the display port vlan command in the AS2 system view to view the VLAN information of the AS2 interface and display the results to verify whether each interface correctly belongs to the assigned VLAN.
Figure 8 Execute the display port vlan command in the AS2 system view.
The verification results are shown in Figure 8. Each interface correctly belongs to the divided VLAN.
(3) Create a sub-interface on the Router and complete the interface configuration.
Complete the following configuration on the Router:
<Huawei> system-view
[Huawei] sysname Router
[Router] ipv6
[Router] interface GigabitEthernet 0/0/0.10
[Router-GigabitEthernet0/0/0.10] dot1q termination vid 10
[Router-GigabitEthernet0/0/0.10] ipv6 enable
[Router-GigabitEthernet0/0/0.10] ipv6 address FC00:10::FFFF/64
[Router-GigabitEthernet0/0/0.10] quit
[Router] interface GigabitEthernet 0/0/0.20
[Router-GigabitEthernet0/0/0.20] dot1q termination vid 20
[Router-GigabitEthernet0/0/0.20] ipv6 enable
[Router-GigabitEthernet0/0/0.20] ipv6 address FC00:20::FFFF/64
[Router-GigabitEthernet0/0/0.20] quit
[Router] interface GigabitEthernet 0/0/0.30
[Router-GigabitEthernet0/0/0.30] dot1q termination vid 30
[Router-GigabitEthernet0/0/0.30] ipv6 enable
[Router-GigabitEthernet0/0/0.30] ipv6 address FC00:30::FFFF/64
[Router-GigabitEthernet0/0/0.30] quit
Figure 9 Router configuration process
Note: In the above configuration, the ipv6 command is used to globally enable the IPv6 function, and the interface GigabitEthernet 0/0/0.10 command is used to create a sub-interface numbered 10 based on the GE0/0/0 physical interface. The sub-interface is carried on the physical interface GE0/0/0. After entering the interface view of the sub-interface, the dot1q termination vid 10 command is used to associate the sub-interface to VLAN10. Other commands will not be described again.
(4) Complete static address configuration on PC1, PC2 and PC3.
Staticly configure the IPv6 address, prefix length and gateway information of PC1, PC2 and PC3. The specific parameters are shown in Figure 1. The specific configuration process is shown in Figures 10, 11 and 12:
Figure 10 Configure PC1 IPv6 address, prefix length and gateway information
Figure 11 Configure PC2 IPv6 address, prefix length and gateway information
Figure 12 Configure PC3 IPv6 address, prefix length and gateway information
(5) Connectivity test
(1) Ping the default gateway on PC1. The specific command format is ping the default gateway IPv6 address of PC1 -6 to verify whether PC1 can successfully communicate with the default gateway. communication.
Figure 13 Ping the default gateway on PC1.
The verification result is shown in Figure 13. After verification, PC1 can successfully communicate with the default gateway.
(2) Ping the default gateway on PC2. The specific command format is ping the default gateway IPv6 address of PC2 -6 to verify whether PC2 can successfully communicate with the default gateway.
Figure 14 Ping the default gateway on PC2.
The verification result is shown in Figure 14. After verification, PC2 can successfully communicate with the default gateway.
⑶ Ping the default gateway on PC3. The specific command format is ping the default gateway IPv6 address of PC3 -6 to verify whether PC3 can successfully communicate with the default gateway.
Figure 15 Ping the default gateway on PC3.
The verification result is shown in Figure 15. After verification, PC3 can successfully communicate with the default gateway.
(4) Ping PC3 on PC1. The specific command format is ping the IPv6 address of PC3 -6 to verify whether PC1 can successfully communicate with PC3. As shown in Figure 16, PC1 can successfully communicate with PC3.
Figure 16 The verification results of pinging PC3 on PC1 are shown in Figure 16. After verification, PC3 can successfully communicate with PC1.
Answer the following questions:
In the experiment, why is there no terminal connected to VLAN10 and VLAN20 on the AS2 switch, but it is still necessary to create VLAN10 and VLAN20 on the device?
Answer: Even if there are no terminals connected to VLAN10 and VLAN20 on the AS2 switch, these VLANs still need to be created on the device because these VLANs play an important role in the network. First of all, creating VLAN allows network administrators to divide the network into multiple logical partitions, thereby improving the security and manageability of the network. For example, sensitive data and applications can be isolated in a VLAN to prevent unauthorized users from accessing these resources. Secondly, even if there are no terminals directly connected to VLAN10 and VLAN20 on a certain switch, these VLANs may still act as part of the forwarding path of routers or other switches in the network. If these VLANs are not created on the switch, these forwarding paths will not work properly, causing network failure. Finally, even if there are no terminals connected to VLAN10 and VLAN20 on the AS2 switch, configuring these VLANs on the switch can still provide flexibility for future expansion and upgrades. If you need to add new terminals to these VLANs, or connect these VLANs to other devices, these VLANs have already been configured on the switch and can be easily expanded and upgraded without reconfiguring the switch.