博达交换机VLAN隔离配置[S3224].doc

博达交换机VLAN隔离配置S3224Switch_config#showrunBuildingconfiguration. Currentconfiguration:!servicetimestampslogdateservicetimestampsdebugdate!interfaceFastEthernet0/1/端口1switchportmodetrunk/设定成trunk模式，允许端口属于多个vlanswitchportpvid2/数据入端口时加上vlan1的tagswitchporttrunkvlan-allowed1,24/端口可以属于vlan1和24switchporttrunkvlan-untagged1,24/数据出端口时去除tag1和tag24!interfaceFastEthernet0/2/端口2switchportmodetrunk/设定成trunk模式switchportpvid2/数据入端口时加上vlan2的tagswitchporttrunkvlan-allowed2,24/端口同时可属于vlan2和24switchporttrunkvlan-untagged2,24/数据出端口时去除tag2和tag24!interfaceFastEthernet0/3/同上switchportmodetrunkswitchportpvid3switchporttrunkvlan-allowed3,24switchporttrunkvlan-untagged3,24!interfaceFastEthernet0/4switchportmodetrunkswitchportpvid4switchporttrunkvlan-allowed4,24switchporttrunkvlan-untagged4,24!interfaceFastEthernet0/5switchportmodetrunkswitchportpvid5switchporttrunkvlan-allowed5,24switchporttrunkvlan-untagged5,24!interfaceFastEthernet0/6switchportmodetrunkswitchportpvid6switchporttrunkvlan-allowed6,24switchporttrunkvlan-untagged6,24!interfaceFastEthernet0/7switchportmodetrunkswitchportpvid7switchporttrunkvlan-allowed7,24switchporttrunkvlan-untagged7,24!interfaceFastEthernet0/8switchportmodetrunkswitchportpvid8switchporttrunkvlan-allowed8,24switchporttrunkvlan-untagged8,24!interfaceFastEthernet0/9switchportmodetrunkswitchportpvid9switchporttrunkvlan-allowed9,24switchporttrunkvlan-untagged9,24!interfaceFastEthernet0/10switchportmodetrunkswitchportpvid10switchporttrunkvlan-allowed10,24switchporttrunkvlan-untagged10,24!interfaceFastEthernet0/11switchportmodetrunkswitchportpvid11switchporttrunkvlan-allowed11,24switchporttrunkvlan-untagged11,24!interfaceFastEthernet0/12switchportmodetrunkswitchportpvid12switchporttrunkvlan-allowed12,24switchporttrunkvlan-untagged12,24!interfaceFastEthernet0/13switchportmodetrunkswitchportpvid13switchporttrunkvlan-allowed13,24switchporttrunkvlan-untagged13,24!interfaceFastEthernet0/14switchportmodetrunkswitchportpvid14switchporttrunkvlan-allowed14,24switchporttrunkvlan-untagged14,24!interfaceFastEthernet0/15switchportmodetrunkswitchportpvid15switchporttrunkvlan-allowed15,24switchporttrunkvlan-untagged15,24!interfaceFastEthernet0/16switchportmodetrunkswitchportpvid16switchporttrunkvlan-allowed16,24switchporttrunkvlan-untagged16,24!interfaceFastEthernet0/17switchportmodetrunkswitchportpvid17switchporttrunkvlan-allowed17,24switchporttrunkvlan-untagged17,24!interfaceFastEthernet0/18switchportmodetrunkswitchportpvid18switchporttrunkvlan-allowed18,24switchporttrunkvlan-untagged18,24!interfaceFastEthernet0/19switchportmodetrunkswitchportpvid19switchporttrunkvlan-allowed19,24switchporttrunkvlan-untagged19,24!interfaceFastEthernet0/20switchportmodetrunkswitchportpvid20switchporttrunkvlan-allowed20,24switchporttrunkvlan-untagged20,24!interfaceFastEthernet0/21switchportmodetrunkswitchportpvid21switchporttrunkvlan-allowed21,24switchporttrunkvlan-untagged21,24!interfaceFastEthernet0/22switchportmodetrunkswitchportpvid22switchporttrunkvlan-allowed22,24switchporttrunkvlan-untagged22,24!interfaceFastEthernet0/23switchportmodetrunkswitchportpvid23switchporttrunkvlan-allowed23-24switchporttrunkvlan-untagged23-24!interfaceFastEthernet0/24/端口24，本例中作为上行口switchportmodetrunk/设为trunk模式switchportpvid24/数据入端口时加上vlan24的tagswitchporttrunkvlan-untaggedall/数据出端口时去除所有tag（tag1tag24）!/注意trunk口时默认属于所有tag的！vlan1-24/建立124个vlan，默认情况下只有vlan1，其他需要增加，且这个操作时第一步要做的！!说明，本例子完成之后，interfacef0/1f/23分别属于不同的vlan，相互之间是不能互通的（不考虑使用三层路由转发的情况），但此时这23个端口都能与上行口interfacef0/24口通讯！ 此时的vlan分配情况为：Switch_config#showvlanVLANStatusNamePorts-1StaticDefaultF0/1,F0/242StaticVLAN0002F0/2,F0/243StaticVLAN0003F0/3,F0/244StaticVLAN0004F0/4,F0/245StaticVLAN0005F0/5,F0/246StaticVLAN0006F0/6,F0/247StaticVLAN0007F0/7,F0/248StaticVLAN0008F0/8,F0/249StaticVLAN0009F0/9,F0/2410StaticVLAN0010F0/10,F0/2411StaticVLAN0011F0/11,F0/2412StaticVLAN0012F0/12,F0/2413StaticVLAN0013F0/13,F0/2414StaticVLAN0014F0/14,F0/2415StaticVLAN0015F0/15,F0/2416StaticVLAN0016F0/16,F0/2417StaticVLAN0017F0/17,F0/2418StaticVLAN0018F0/18,F0/2419StaticVLAN0019F0/19,F0/2420StaticVLAN0020F0/20,F0/2421StaticVLAN0021F0/21,F0/2422StaticVLAN0022F0/22,F0/2423StaticVLAN0023F0/23,F0/2424StaticVLAN0024F0/1,F0/2,F0/3,F0/4,F0/5F0/6,F0/7,F0/8,F0/9,F0/10F0/11,F0/12,F0/13,F0/14,F0/15F0/16,F0/17,F0/18,F0/19,F0/20F0/21,F0/22,F0/23,F0/24简单分析一下工作流程：1、f0/2和f0/3之间的通信，Switch_config#showvlaninterf0/2InterfaceVLANNamePropertyPVIDVlan-MapuTagg-VLan-Map-FastEthernet0/2Trunk22,242,24 Switch_config#showvlaninterf0/3InterfaceVLANNamePropertyPVIDVlan-MapuTagg-VLan-Map-FastEthernet0/3Trunk33,243,24从中我们可以看到，f0/2是属于vlan2和vlan的，且pvid为2，那就是说普通数据（非802.1q）进入这个端口时会被打上tag2，然后zhge报通过交换机到达f0/3时，端口三是指能够untagvlan3和vlan24的的tag的，这个可以从上面的showvlaninterf0/3看出来，所以f0/3无法识别从f0/2过来的数据包！反过来也是一样的！换句话说就是实现了vlan2和vlan3的隔离！2、f0/2和f0/24之间的通信，Switch_config#showvlaninterf0/2InterfaceVLANNamePropertyPVIDVlan-MapuTagg-VLan-Map-FastEthernet0/2Trunk22,242,24Switch_config#showvlaninterf0/24InterfaceVLANNamePropertyPVIDVlan-MapuTagg-VLan-Map-FastEthernet0/24Trunk241-241-2同上面的分析方法，f0/2进入的数据被打上了tag2，但是由于f0/24是untagall的，所以他能够去除tag2，或者是识别vlan2的数据！反过来也是一样，数据进入f0/24时打上了tag24，这个标记在f0/2口上是能够被去除的！所以f0/2口和f0/24口可以实现互通！上面的两个通信过程基本代表了这种vlan配置/应用的功能，即：所有的下行口都能相互隔离，但是所有的下行口都能与上行口通讯！这种vlan配置方式比较简单，也非常常用！大家可以参考应用！ 当然这种方式的vlan划分是局限在一台交换机上面的！一般情况下在中小规模的应用中比较常见，特点是完全由一台交换机来实现vlan的隔离/互通，且每一个端口的输出数据都是不带有tag的，是普通的ip数据包，用户绝大多数的数据设备都能识别！（一般的网卡是无法识别802.1q的数据包的）还有一个优点是，这个交换机上面使用过的vlan号在其他交换机上面可以重复使用，没有限制或者相关性！还有一种应用是跨交换机的vlan配置！这种方式下要考虑多台交换机的相互协调工作，比如vlantag的“加和“去”的问题！还是以实现上面例子为例，Switch_config#showrunBuildingconfiguration.Currentconfiguration:!servicetimestampslogdateservicetimestampsdebugdate!interfaceFastEthernet0/1!interfaceFastEthernet0/2switchportpvid2!interfaceFastEthernet0/3switchportpvid3!interfaceFastEthernet0/4switchportpvid4!interfaceFastEthernet0/5switchportpvid5!interfaceFastEthernet0/6switchportpvid6!interfaceFastEthernet0/7switchportpvid7!interfaceFastEthernet0/8switchportpvid8!interfaceFastEthernet0/9switchportpvid9!interfaceFastEthernet0/10switchportpvid10!interfaceFastEthernet0/11switchportpvid11!interfaceFastEthernet0/12switchportpvid12!interfaceFastEthernet0/13switchportpvid13!interfaceFastEthernet0/14switchportpvid14!interfaceFastEthernet0/15switchportpvid15!interfaceFastEthernet0/16switchportpvid16!interfaceFastEthernet0/17switchportpvid17!interfaceFastEthernet0/18switchportpvid18!interfaceFastEthernet0/19switchportpvid19!interfaceFastEthernet0/20switchportpvid20!interfaceFastEthernet0/21switchportpvid21!interfaceFastEthernet0/22switchportpvid22!interfaceFastEthernet0/23switchportpvid23!interfaceFastEthernet0/24switchportmodetrunkswitchporttrunkvlan-untaggedall!vlan1-24!在这个配置里面，我们可以看到，除了上行口之外，所有的端口都属于access模式