实验任务一:基于端口的VLAN配置
-
建立物理连接
-
查看缺省VLAN
[SWA]display vlan
Total VLANs: 1
The VLANs include:
1(default)
[SWA]display vlan 1
VLAN ID: 1
VLAN type: Static
Route interface: Not configured
Description: VLAN 0001
Name: VLAN 0001
Tagged ports: None
Untagged ports:
FortyGigE1/0/53 FortyGigE1/0/54
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/3 GigabitEthernet1/0/4
GigabitEthernet1/0/5 GigabitEthernet1/0/6
GigabitEthernet1/0/7 GigabitEthernet1/0/8
GigabitEthernet1/0/9 GigabitEthernet1/0/10
GigabitEthernet1/0/11 GigabitEthernet1/0/12
GigabitEthernet1/0/13 GigabitEthernet1/0/14
GigabitEthernet1/0/15 GigabitEthernet1/0/16
GigabitEthernet1/0/17 GigabitEthernet1/0/18
GigabitEthernet1/0/19 GigabitEthernet1/0/20
GigabitEthernet1/0/21 GigabitEthernet1/0/22
GigabitEthernet1/0/23 GigabitEthernet1/0/24
GigabitEthernet1/0/25 GigabitEthernet1/0/26
GigabitEthernet1/0/27 GigabitEthernet1/0/28
GigabitEthernet1/0/29 GigabitEthernet1/0/30
GigabitEthernet1/0/31 GigabitEthernet1/0/32
GigabitEthernet1/0/33 GigabitEthernet1/0/34
GigabitEthernet1/0/35 GigabitEthernet1/0/36
GigabitEthernet1/0/37 GigabitEthernet1/0/38
GigabitEthernet1/0/39 GigabitEthernet1/0/40
GigabitEthernet1/0/41 GigabitEthernet1/0/42
GigabitEthernet1/0/43 GigabitEthernet1/0/44
GigabitEthernet1/0/45 GigabitEthernet1/0/46
GigabitEthernet1/0/47 GigabitEthernet1/0/48
Ten-GigabitEthernet1/0/49
Ten-GigabitEthernet1/0/50
Ten-GigabitEthernet1/0/51
Ten-GigabitEthernet1/0/52
- 配置VLAN并添加端口
[SWA]vlan 10
[SWA-vlan10]port GigabitEthernet 1/0/1
[SWA-vlan10]vlan 20
[SWA-vlan20]port GigabitEthernet 1/0/2
[SWB]vlan 10
[SWB-vlan10]port GigabitEthernet 1/0/2
[SWB-vlan10]vlan 20
[SWB-vlan20]port GigabitEthernet 1/0/3
查看VLAN信息
[SWA]display vlan
Total VLANs: 3
The VLANs include:
1(default), 10, 20
[SWA]display vlan
Total VLANs: 3
The VLANs include:
1(default), 10, 20
[SWA]display vlan 10
VLAN ID: 10
VLAN type: Static
Route interface: Not configured
Description: VLAN 0010
Name: VLAN 0010
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/1
[SWA]display vlan 20
VLAN ID: 20
VLAN type: Static
Route interface: Not configured
Description: VLAN 0020
Name: VLAN 0020
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/2
- 测试VLAN间的隔离
[PCA-GigabitEthernet0/0]ip ad 192.168.1.1 24
[PCB-GigabitEthernet0/0]ip ad 192.168.1.2 24
[PCC-GigabitEthernet0/0]ip ad 192.168.1.3 24
[PCD-GigabitEthernet0/0]ip ad 192.168.1.4 24
显然不能够PCA和PCB在这种情况下不能互通。
[PCA]ping 192.168.1.2
Ping 192.168.1.2 (192.168.1.2): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 192.168.1.2 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
[PCA]%May 26 16:54:18:927 2018 PCA PING/6/PING_STATISTICS: Ping statistics for 192.168.1.2: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.
- 跨交换机vlan互通测试
[SWA]int ge 1/0/3
[SWA-GigabitEthernet1/0/3]port link-type trunk
[SWA-GigabitEthernet1/0/3]port trunk permit vlan all
[SWB]int ge 1/0/1
[SWB-GigabitEthernet1/0/3]port link-type trunk
[SWB-GigabitEthernet1/0/3]port trunk permit vlan all
[SWA]display int ge 1/0/3
GigabitEthernet1/0/3
Current state: UP
Line protocol state: UP
IP packet frame type: Ethernet II, hardware address: 9620-0e0c-0300
Description: GigabitEthernet1/0/3 Interface
Band 1000000 kbps
Loopback is not set
1000Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 9216
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
PVID: 1 //端口的缺省VLAN
MDI type: Automdix
Port link-type: Trunk//端口类型
VLAN Passing: 1(default vlan), 10, 20
VLAN permitted: 1(default vlan), 2-4094
//VLAN允许通过,必须是存在缺省VLAN。
Trunk port encapsulation: IEEE 802.1q
Port priority: 2
Last link flapping: 0 hours 25 minutes 1 seconds
Last clearing of counters: Never
Current system time:2018-05-26 16:58:33
Last time when physical state changed to up:2018-05-26 16:33:32
Last time when physical state changed to down:2018-05-26 16:33:19
Peak input rate: 0 bytes/sec, at 00-00-00 00:00:00
Peak output rate: 0 bytes/sec, at 00-00-00 00:00:00
Last 300 second input: 0 packets/sec 0 bytes/sec 0%
Last 300 second output: 0 packets/sec 0 bytes/sec 0%
Input (total): 0 packets, 0 bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Input (normal): 0 packets, 0 bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, 0 overruns, 0 aborts
0 ignored, 0 parity errors
Output (total): 0 packets, 0 bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Output (normal): 0 packets, 0 bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, 0 underruns, 0 buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, 0 no carrier
[PCA]ping 192.168.1.3
Ping 192.168.1.3 (192.168.1.3): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.1.3: icmp_seq=0 ttl=255 time=4.000 ms
56 bytes from 192.168.1.3: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 192.168.1.3: icmp_seq=2 ttl=255 time=2.000 ms
56 bytes from 192.168.1.3: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 192.168.1.3: icmp_seq=4 ttl=255 time=1.000 ms
--- Ping statistics for 192.168.1.3 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.800/4.000/1.166 ms
[PCA]%May 26 17:03:18:826 2018 PCA PING/6/PING_STATISTICS: Ping statistics for 192.168.1.3: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.800/4.000/1.166 ms.
配置Hybrid链路端口
[SWB-GigabitEthernet1/0/3]port trunk pvid vlan 30
[SWA]vlan 10
[SWA]vlan 20
[SWA]vlan 30
[SWA-GigabitEthernet1/0/3]port hybrid vlan 10 20 30 untagged
[SWA-GigabitEthernet1/0/3]port hybrid pvid vlan 30
//vlan 10 20必须是缺省的VLAN
[SWA-GigabitEthernet1/0/1]port link-type hybrid
[SWA-GigabitEthernet1/0/1]port hybrid vlan 10 30 untagged
[SWA-GigabitEthernet1/0/1]port hybrid pvid vlan 10//基于端口VLAN
[SWA-GigabitEthernet1/0/1]int ge 1/0/2
[SWA-GigabitEthernet1/0/2]port hybrid pvid vlan 20
[SWA-GigabitEthernet1/0/2]port link-type hybrid
[SWA-GigabitEthernet1/0/2]port hybrid vlan 20 30 untagged
实验发现PCA可以ping通PCC,PCD,但是ping不通PCB。
实验过程发现下面问题:
%May 26 17:24:00:579 2018 SWB LLDP/5/LLDP_PVID_INCONSISTENT: PVID mismatch discovered on GigabitEthernet1/0/1 (PVID 30), with SWA GigabitEthernet1/0/3 (PVID 1).
一般组网情况下,要求链路两端的PVID保持一致。设备会对收到的LLDP报文中的PVID TLV进行检查,如果发现报文中的PVID与本端PVID不一致,则认为网络中可能存在错误配置,LLDP会打印日志信息,提示用户。
实验任务二:基于协议的VLAN配置
1. 建立物理连接
2. 配置SWA和SWB
[SWA-GigabitEthernet1/0/1]port link-type hybrid
[SWA-GigabitEthernet1/0/1]port hybrid protocol-vlan vlan 10 0
[SWA-GigabitEthernet1/0/1]port hybrid protocol-vlan vlan 20 0
[SWA-GigabitEthernet1/0/1]port hybrid vlan 10 20 untagged
[SWA-GigabitEthernet1/0/2]port link-type hybrid
[SWA-GigabitEthernet1/0/2]port hybrid protocol-vlan vlan 10 0
[SWA-GigabitEthernet1/0/2]port hybrid protocol-vlan vlan 20 0
[SWA-GigabitEthernet1/0/2]port hybrid vlan 10 20 untagged
[SWA-vlan10]protocol-vlan ipv4
[SWA-vlan10]vlan 20
[SWA-vlan20]protocol-vlan ipv6
[SWA-GigabitEthernet1/0/3]port link-type trunk
[SWA-GigabitEthernet1/0/3]port trunk permit vlan all
SWB配置同上。
3.查看SWA协议VLAN
[SWA]display protocol-vlan vlan all
VLAN ID: 10
Protocol index Protocol type
0 IPv4
VLAN ID: 20
Protocol index Protocol type
0 IPv6
PCA和PCB配置了IPV6地址互ping,但是结果如下。
[SWA]display mac-address
MAC Address VLAN ID State Port/Nickname Aging
9a22-bdb8-0105 1 Learned GE1/0/1 Y
9a22-e07c-0605 1 Learned GE1/0/3 Y
在模拟器做实验失败了。
实际看到应该是对应的vlan20 对应MAC地址。
实验任务三:基于子网的VLAN配置
-
建立物理连接
-
配置SWA和SWB
[SWA-vlan10]ip-subnet-vlan ip 10.0.0.0 255.255.255.0
[SWA-vlan20]ip-subnet-vlan ip 20.0.0.0 255.255.255.0
[SWA]int ge 1/0/1
[SWA-GigabitEthernet1/0/1]port link-type hybrid
[SWA-GigabitEthernet1/0/1]port hybrid ip-subnet-vlan vlan 10
[SWA-GigabitEthernet1/0/1]port hybrid vlan 10 20 untagged
[SWA-GigabitEthernet1/0/1]port hybrid ip-subnet-vlan vlan 20
[SWA-GigabitEthernet1/0/2]port link-type hybrid
[SWA-GigabitEthernet1/0/2]port hybrid ip-subnet-vlan vlan 20
[SWA-GigabitEthernet1/0/2]port hybrid ip-subnet-vlan vlan 10
[SWA-GigabitEthernet1/0/2]port hybrid vlan 10 20 untagged
[SWA]int ge 1/0/3
[SWA-GigabitEthernet1/0/3]port link-type trunk
[SWA-GigabitEthernet1/0/3]port trunk permit vlan all
SWB同上
在模拟器做实验失败了。
实际看到应该是对应的vlan20 对应MAC地址。
有条命令可以设置VLAN匹配优先级。
[H3C-GigabitEthernet1/0/1]vlan precedence ?
ip-subnet-vlan Preferentially match IP-subnet VLAN
mac-vlan Preferentially match MAC VLAN
子网还是Mac地址优先。