Rivers and lakes heroes revisit the basics of VLAN, VLAN can ever wondered how to divide 4094, which way is easy to use and simple? Xiao Bian specially careful finishing a lot, to play heroes play.
VLAN -divisional manner:
Ø -based interface is divided the VLAN : The interface switch assigned VLAN ID. Simple configuration, can be used in various scenes.
Ø based MAC division VLAN: VLAN ID assigned source MAC addresses of the packets. Often the user changes position, the scene need to reconfigure the VLAN.
Ø based subnetting the VLAN : VLAN ID assigned IP address of the source packet. Users generally used on the same network segment, unified management scene.
Ø protocol-based the VLAN : VLAN ID assigned according to the message protocol type. Suitable for users with the same application or service, unified management scene.
Ø based matching strategy dividing the VLAN : VLAN ID assigned according to the specified policy (for example, to match the packet's source MAC, the source IP and port). Suitable for high security requirements of the scene.
Several division VLAN various ways, based on the Interface division VLAN , is the most common and easiest way, how to configure it in the end, how to use it?
Before configuring use, let's look at the port and small series common link types it.
Access : switch and a PC connected;
Trunk : a switch and the switch is connected;
Hybrid : i.e., the switch may be used and the PC are connected, the switch can also be used connected to the switch. Using the hub when the switch links, often use this type.
Well, the following small series to actual networking, for example, explain the configuration interface based VLAN division.
Scene 1: A switch two users, how to achieve isolation through the interface of VLAN it (VLAN is to isolate broadcast domains, heroes do not forget it)
Ø Let's look at the same segment of the PC and the two switches directly connected, no division VLAN, to ping it?
Seen from the figure, it can ping through, which is why?
Because by default, Huawei switch interfaces are added to the default VLAN 1 , both PC and directly connected to the switch, as long as the same network segment, you can communicate.
Ø then how to achieve it through quarantine VLAN? As long as the interface is added to a different VLAN, on it. E.g. switch GE0 / 0/1 and GE0 / 0/2 type access ports are added to VLAN 10 and VLAN 20.
Ø At this time, two PC-based interface into different VLAN, the interconnect ping fails to achieve isolation.
Scene 2 Description: Cross-switch, 4 user, how through the interface is divided VLAN to achieve isolation and exchange it?
FIG follows: By default, the PC 4 the same network segment, each ping is successful. Assuming that PC1 and PC2 belong to the same department, PC3 and PC4 belong to the same department. How to configure interface-based VLAN, can realize the exchange of visits between the same department, between different departments can not access it?
Ø 同一个部门两个用户PC1 和 PC2划分到同一个VLAN100。交换机1的 GE0/0/1和交换机2的GE0/0/1端口分别以access类型加入VLAN100。
Ø 另外一个部门的两个用户PC3 和 PC4划分到另一个VLAN 200。
Ø 两台相连交换机的端口GE0/0/3,分别以trunk端口加入VLAN 100 和VLAN 200,实现跨交换机的通信。
Ø 这样,就可以实现到同一部门的用户PC1和PC3可以互通,不同部门的用户PC2 和 PC4 不能互通了。
OK,典型的应用场景就讲完了。各位大侠是否发现上面两个场景中,VLAN和端口数都比较少,而在现实组网中,经常需要配置多个VLAN,多个端口,有什么办法可以快速完成配置吗?下面小编再介绍一下批量配置和快速恢复端口VLAN缺省配置的方法。
1、批量创建VLAN
< Huawei > system-view
[Huawei]vlan batch 2 to 100
2、批量端口加入VLAN
[Huawei] port-group group-member GigabitEthernet 0/0/10 to GigabitEthernet 0/0/20
[Huawei-port-group]port link-type access
[Huawei-port-group]port default vlan 100
3、快速恢复端口VLAN缺省配置
想要快速恢复端口VLAN的缺省配置,必须要知道什么是缺省配置?华为交换机,缺省情况下所有端口都是只加入VLAN1的。
那么下面和小编一起看看3种链路类型下,怎么快速恢复缺省配置呢?
Ø access口: 一步搞定,命令是undo port default vlan
Ø trunk和hybrid口: 三步搞定,先恢复PVID的配置,再删除端口下所有vlan,然后再把缺省的VLAN1 加入。具体命令如下:
| trunk |
hybrid |
| undo port trunk pvid vlan
undo port trunk allow-pass vlan all port trunk allow-pass vlan 1 |
undo port hybrid pvid vlan undo port hybrid vlan all port hybrid untagged vlan 1 |