Based on this study, "HCNA Network Technology Laboratory Manual"
Principles outlined:
In Ethernet, by dividing VLAN broadcast domains to isolate and enhance the security of network communications. Ethernet is typically composed by a plurality of switches, in order to make the data of VLAN frames transmitted across multiple switches, interconnection links between switches to be configured as a trunk link (Trunk Link). And different access links, the trunk link is used between different devices (e.g., between a switch and a router, and switches between the switches) carrying a plurality of different WAN data, it does not belong to any particular the VLAN, VLAN can carry all of the data may be configured to transfer only specified data VLAN.
Trunk ports between switches ports generally used, Trunk port belongs VLANt can receive and send packets of a plurality of VLAN.
When Trunk port receives a data frame, if the frame does not contain the 802.1Q VLAN tag will be marked with the PVID Trunk port; If the frame contains the 802.1Q VLAN tag, is not changed.
Trunk port when sending data frames, when the port and the PVID VLAN ID of the transmitted frame is not the same, whether to allow the VLAN check by, if allowed by directly and transparently, it is not allowed to directly discarded; if the VLAN ID of the frame forwards and PV1D phase ports simultaneously, the label peeling YUAN.
Purpose:
• understand the application scenario road link
• grasp the Trunk port
• grasp Trunk port allows all VLAN configuration through
• Trunk port allows special master to go through to configure VLAN
Experiment:
The experimental simulation of a company network scenarios. The larger the company, more than 200 internal network is a large local area network. Companies placed multiple access switches (e.g., S1 and S2) is responsible for network access to employees. Between the access switches connected by aggregation switch S3.
The company by dividing the VLAN to isolate broadcast domains, more mountain to employees, employees of the same department with different access switches. To ensure that employees can communicate with each other in the same sector, different switches and links need to be configured to switch between channel mode, to achieve the same VLAN inter-switch communication.
Lab topology:
Experiments addressing:
Experimental Procedure:
Basic configurations
The experiments addressing table for the corresponding IP address of the basic configuration, and using the ping command to detect the direct links of communication
在没有完成划分VLAN前各PC之间都能互通(属于默认VLAN1).
2.创建VLAN,配置Access接口
公司内网需要通过VLAN的划分来隔离不同的部门,需要在3台交换机S1, S2.,S3 上都分别创建VLAN 10和VLAN 20,研发部员工属于VLAN 10,市场部员工属于VLAN 20。(description 命令用于给VLAN加标识)
配置完成后,使用display vlan命令查看所配置的VLAN信息,以S3为例。
在S1上配置E 0/0/2和E 0/0/3为Access 接口,并划分到相应的VLAN.
在S2上配置E 0/0/3和E 0/0/4为Access接口 ,并划分到相应的VLAN。
配置完成后,使用display port vlan命令检查VLAN和接口配置情况
可以观察到PC所连接的交换机接口都已经被配置成Access模式,并且已经加入到 了正确的VLAN中。
3.配置Trunk接口
将PC所连入的交换机接口划入到相应的部门VLAN后,测试相同部门中的PC是 否能够通信。
测试PC-1与PC-3之间的连通性。
测试PC-2与PC-4之间的连通性。
可以观察到此时同部门的PC间不能通信。
目前在该跨交换机实现不同VLAN通信的二层组网拓扑中,虽然与PC端相连的交 换机接口上创建并划分了 VL血N信息,但是在交换机与交换机之间相连的接口上并没有 相应的VLAN信息,不能够识别和发送跨越交换机的¥LAN报文,此时VLAN只具有 在每台交换机上的本地意义,无法实现相同VLAN的跨交换机通信。
为了让交换机间能够识别和发送跨越交换机的VLAN报文.需要将交换机间相连的接口 配置成为Trunk接口。配置时要明确被允许通过的VLAN,实现对VLAN流量传输的控制。
在S1上配置E 0/0/1为Trunk接口 ,允许VLAN 10和VLAN 20通过。
在S2上配置E 0/0/2为Trunk接口,允许VLAN 10和VLAN 20通过。
在S3上配置GE 0/0/1和GE 0/0/2为Trunk接口 f允许所有VLAN通过。
配置完成后可以使用display port vlan命令来检查Trunk的配置情况,这里以S3为例
可以观察到S3的GE 0/0/1和GE0/0/2已被成功配置为丁runk接口.并且允许所有 VLAN 流量通过(VLAN 1 〜4094)。
再次验证不同交换机上的相同部门的PC间的连通性。
测试PC-I与PC-3之间的连通性。
测试PC-2与PC-4之间的连通性。
可以观察到此时同部门的PC已经能成功通信.