交换技术之 Valn 的简单理解及不同Vlan互通
一、Vlan解决的问题
解决同一个网段间广播数据的隔离
扩展:借助三层设备可以即隔离了二层同网段的广播数据,也可以实现不同网段的链接互通。
二、Vlan简单理解
在一个交换机上划分了好几个区域,每个区域都是一个相互隔离的容器(隔离的内容就是网络中的广播数据)。
不同的Vlan之间互通,一般是指不同的网段之间互通。既然网段都不一样了,想要通信的那就在‘二层’无法做到,就需要‘三层’的路由技术(即需要‘网关’:门口管理员,想去那里和我说下,我看你能去不,哈哈哈)。
同一个Vlan分别在不同的交换机上的互通,就需要借助 trunk(中继技术)来实现。个人理解:就是在交换机 1上有10个口归归Vlan1管理 ,现在想扩展地盘了,连交换机2上边的 Vlan1 的口子 也管理起来。
不同的Vlan之间互通的另一种方式是,用3层设备路由器去做‘看门的人 ’(网关)。
三、模拟器实验一
目的:通过Vlan 将同一个网段的广播域隔离,即同一个网段的两个IP ,当属于不同Vlan的时候不能互通。
拓扑:
交换机配置:
Switch#show vlan br VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig1/1, Gig1/2 10 VLAN0010 active Fa0/1, Fa0/2 40 VLAN0040 active Fa0/4 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch#
四、模拟器实验二
目的:通过3层交换机的路由功能实现不同网段互通
拓扑:
交换机配置:
S1#show vlan br VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa2/1, Fa3/1, Fa4/1, Fa5/1 10 VLAN0010 active Fa0/1 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active S1#
S2#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa2/1, Fa3/1, Fa4/1, Fa5/1 20 VLAN0020 active Fa0/1 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active S2#
S3#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig0/1, Gig0/2 10 VLAN0010 active 20 VLAN0020 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active S3#
S3#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/1 desirable n-802.1q trunking 1 Fa0/2 auto n-802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-1005 Fa0/2 1-1005 Port Vlans allowed and active in management domain Fa0/1 1,10,20 Fa0/2 1,10,20 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1,10,20 Fa0/2 1,10,20 S3#
S3#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES unset up up FastEthernet0/2 unassigned YES unset up up FastEthernet0/3 unassigned YES unset down down . . Vlan1 unassigned YES unset administratively down down Vlan10 192.168.1.254 YES manual up up Vlan20 192.168.2.254 YES manual up up S3#
五、模拟器实验三
目的:通过路由器实现不同网段互通,即单臂路由或一根棍路由。
拓扑:
交换机配置:
Switch#show vlan br VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19 Fa0/20, Fa0/21, Fa0/22, Fa0/23 Fa0/24, Gig1/1, Gig1/2 10 VLAN0010 active Fa0/1 20 VLAN0020 active Fa0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Switch#
路由器配置
Router#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 192.168.1.0/24 is directly connected, FastEthernet0/0.1 C 192.168.2.0/24 is directly connected, FastEthernet0/0.2 Router#
Router#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset up up FastEthernet0/0.1 192.168.1.254 YES manual up up FastEthernet0/0.2 192.168.2.254 YES manual up up FastEthernet1/0 unassigned YES unset administratively down down Router#
Router#show running-config Building configuration... Current configuration : 800 bytes ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 10 ip address 192.168.1.254 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation dot1Q 20 ip address 192.168.2.254 255.255.255.0 ! Router#
六、总结:
可以利用Vlan将1台交换机划分出不同Vlan,实现虚拟出多台交换机的样子
可以利用Vlan的三层交换功能实现不同Vlan(也是不同网段)之间互通,也可以通过将路由器的子接口封装(encapsulation)成dot1Q(即Vlan)实现。
附件有Cisco PT 实验脚本
#
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
