中继接口
中继链接(Trunk Link)指的是能够转发多个不同VLAN的通信的端口。
中继接口封装的类型
Cisco支持多种Trunk方式(即对VLAN帧标识):
1. ISL――Cisco专有封装协议,也是默认的。前面加26字节,后面加4字节FCS。 帧长度1518/1548。可支持的VLAN数为1-1046。
2. IEEE 802.1Q――IEEE标准方法,在帧头写入VLAN信息,后面只增加4字节FCS。
帧长度为1518/1522。有12位的vlan标识,它可以支持到4096个VLAN。
802.1Q-trunk为转发未被标记的frame而定义了native
VLAN(本地VLAN)。交换机能够从未被标记的trunk上的nativeVLAN转发2层frame,接受方将把所有的未标记frame转发到
native
VLAN中。VLAN1是默认的本地VLAN,也可以把其他的VLAN更改为本地VLAN。如果是ISL,则没被封装的frame将会丢弃,包括
nativeVLAN,所有的数据将被封装
3. 802.10――FDDI上传输VLAN信息的Cisco专有协议,把VLAN信息写入SAID安全关联标识符部分
4. LANE――基于ATM上传输VLAN信息的一种IEEE标准方法。
配置中继接口模式
1.交叉线连接两台交换机
2.进入接口
sw2(config)#interface f0/24
3.配置接口模式
· switchport mode access:设置接口为访问接口,会将接口的模式作为非中继接口或者协商地将某个接口调整为访问接口(不管对方邻居是什么模式)
· switchport mode dynamic auto:设置接口为自动动态协商(若对方邻居接口的模式为中继接口或者是主动协商,这个接口会转变为中继链路),交换机默认的接口模式。
· switchport mode dynamic desirable:设置接口为主动动态协商。如果相邻的接口为trunk、desirable、auto模式,设置位desirable模式的接口会成为中继接口。
· switchport mode trunk:设置接口模式为中继模式。
· switchport nonegotiate:阻止接口产生DTP(自动协商)帧,关闭中继的协商。该命令只有在接口上已经配置access或trunk之后才能使用。必须手工去配置相邻接口的模式。
· switchport mode dot1q-tunnel:设置接口为dot1q隧道 。
封装配置
1. 进入中继接口配置模式
interface f0/24
2. 设置中继接口的封装类型
· switchport trunk encapsulation isl:中继接口的类型为cisco专有的isl(3550)
· switchport trunk encapsulation dot1q:中继接口的类型为 IEEE 802.1Q (2950)
· switchport trunk encapsulation negotiate:根据相邻接口的类型来协商封装类型
允许中继访问的VLAN
在默认情况下,交换机的中继接口发送和接收来自所有VLAN(1-4094)数据流量。我们可以使用命令将一些VLAN从允许访问的VLAN列表中删除,使得这些VLAN在中继链路上不装载。
配置步骤:
1. 进入接口模式 interface f0/24
2. 将接口配置为中继模式(如果已经是中继接口就不需要)
switchport mode trunk
3. 配置允许VLAN列表
switchport trunk allowed vlan {add | all | except | remove} vlan-list
· add:将VLAN添加到允许中继运载的VLAN列表
· all:允许中继链路晕在所有的VLAN,这是一个默认值
· except:除了VLAN-list指定的VLAN外,其他的VLAN都允许
· remove:将vlan-list指定的VLAN从允许列表中移除
· vlan-list:可以使用单个(1-4094)或者一个范围(不能出现空格)
4.查看配置结果
show running interface f0/24 //查看中继接口配置
show interface f0/24 switchport //查看中继接口的状态
如:
show running interface f0/24
show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
------------------------------------------------------------------
conf t
interface f0/24
switchport trunk allowed vlan remove 3,5,6-10
end
show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,2,4,11-4094
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
-----------------------------------------------------------------------------
show running interface f0/24
!
interface FastEthernet0/24
switchport trunk allowed vlan 1,2,4,11-4094
end
----------------------------------------------------------------------
conf t
interface f0/24
switchport trunk allowed vlan add 3
end
show running interface f0/24
interface FastEthernet0/24
switchport trunk allowed vlan 1-4,11-4094
考试题目:
YY版本:SW1和SW2上座trunk,封装类型为isl,使所有的odd的vlan承载在fa0/23上,而even的vlan承载在fa0/24上,并且只承载题目中存在的vlan
配置:
SW1和SW2
Interface f0/23
Switchport mode trunk
Switchport trunk encapsulation isl
Switchport trunk allowed vlan 11,13,15,17
Interface f0/24
Switchport trunk encapsulation isl
Switchport mode trunk
Switchport trunk allowed vlan 12,14,16
验证:
show interface trunk
设置中继修剪适宜列表
Prunning-eligible合适修剪列表只能应用在中继链路上,VTP的修剪功能必须打开。
配置过程:
1. 打开vtp的修剪功能
特权模式下: vlan database
vtp pruning
exit
2.进入中继接口模式
interface f0/24
switch trunk pruning vlan {add |except | none | remove} vlan-list [,vlan[,vlan[,,,]]
add:将vlan加入到适宜修剪的列表中
except:除了指定的vlan之外都修剪
none:不做任何的修剪
remove:将指定的vlan移除需要修剪的列表
vlan-list:可以是用逗号分隔的单个vlan(2-1001,其他不能被修剪掉),短线表示为一个范围,不能出现空格
3.查看配置结果
show interface f0/24 switchport
show running interface f0/24
show interface trunk
如:
show running inter f0/24
show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,2,4-4094
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
--------------------------------------------------------------------------
conf t
interface f0/24
switchport trunk pruning vlan add 3,5,6-10
show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,2,4-4094
Pruning VLANs Enabled: 2,4,11-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
--------------------------------------------------------
Show interface trunk
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1-2,10
配置802.1Q的本地vlan(native vlan)
封装类型为802.1q的trunk中继接口,可以接收“带标记
tagged)”和“未加标记(untagged)”的数据。缺省时,交换机会用该端口的本地vlan(native
vlan)来转发未加标记的数据。而封装类型为isl的未加标记的数据将会丢弃。缺省vlan 1为本地vlan。
本地vlan可以被指定为人一的vlan号,它不依赖于管理vlan。
配置过程:
1. 进入接口模式,中继的封装类型为802.1q
interface f0/24
switchport mode trunk
switchport trunk encap dot1q
2. 设置哪个vlan作为本地vlan
switchport trunk native vlan vlan-id
vlan-id:1-4094
3. 查看配置结果
show interface f0/24 switchport
如果某个数据帧的vlan id与出端口的本地vlan号相同,该数据包就按照未标记传送;否则,交换机会使用带标记来传输数据包
如:
# show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,2,4-4094
Pruning VLANs Enabled: 2-9,11-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
---------------------------------------------------------------------------
conf t
interface f0/24
switchport mode trunk
switchport trunk encap dot1q
switchport trunk native vlan 3
end
show interf f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 3 (VLAN_B)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,2,4-4094
Pruning VLANs Enabled: 2-9,11-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
--------------------------------------------------------------------------
Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 desirable 802.1q trunking 3
Port Vlans allowed on trunk
Fa0/24 1-2,4-4094
Port Vlans allowed and active in management domain
Fa0/24 1-2,10
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1-2,10
动态中继协议DTP
以太网中继接口支持以下几种中继模式:
· 接入access
· 动态dynamic
o 主动desirable
o 自动auto
· 中继trunk
· 不协商nonegotiate
· dot1q隧道
通过使用不同的中继模式,可以设置接口的不同状态,如中继、非中继以及与相邻接口协商中继。要自动进行中继协商,双方的端口必须处于同一个VTP域中,由cisco开发的一个点对点协议---DTP动态中继协议完成(私有vlan的接口和隧道接口中不支持DTP)
组合模式表
邻接类型 本地端口的类型
(略过)
配置模式:
· switchport mode access:设置接口为永久性接入接口,产生DTP帧,与相邻接口进行协商。会将接口的模式作为非中继接口或者协商地将某个接口调整为接入接口(不管对方邻居是什么模式)
· switchport mode dynamic auto:设置接口为自动动态协商(若对方邻居接口的模式为中继接口或者是主动协商,这个接口会转变为中继链路),交换机默认的接口模式。
· switchport mode dynamic
desirable:设置接口为主动动态协商将链路转换为中继链路。如果相邻的接口为trunk、desirable、auto模式,设置为
desirable模式的接口会成为中继接口。如果相邻接口是接入或nonegotiate模式,该链路成为非中继
· switchport mode trunk:设置接口模式永久为中继模式或协商转换为中继。即使相邻接口不同意改变,但该接口依然是中继接口。
· switchport nonegotiate:阻止接口产生DTP(自动协商)帧,关闭中继的协商。该命令只有在接口上已经配置access或trunk之后才能使用。必须手工去配置相邻接口的模式。
· switchport mode dot1q-tunnel:设置接口为dot1q隧道 。
检查DTP
show interface 接口 switchport
show interface trunk
如:
conf t
interface f0/24
switchport mode dynamic desirable
end
show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
……
--------------------------------------------------------------------------
conf t
interface f0/24
switchport mode trunk(如果这一步不做,下一步将不会有效果)
switchport nonegotiate
end
show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk //管理模式
Operational Mode: trunk //工作模式
Administrative Trunking Encapsulation: dot1q //管理封装类型
Operational Trunking Encapsulation: dot1q //工作封装类型
Negotiation of Trunking: Off //协商状态
Access Mode VLAN: 1 (default)
Show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 3
题目:
YY版本:关闭交换机上DTP流量
配置:
SW1和SW2
Interface rang f0/1-24
Switchport mode access
Switchport nonegotiata
