Chinaunix首页 | 论坛 | 博客
  • 博客访问: 947343
  • 博文数量: 276
  • 博客积分: 4182
  • 博客等级: 上校
  • 技术积分: 4486
  • 用 户 组: 普通用户
  • 注册时间: 2012-04-17 21:14
文章分类

全部博文(276)

文章存档

2014年(9)

2013年(132)

2012年(135)

分类: 系统运维

2013-03-01 15:54:24

本征是中一个不是很容易理解的概念,在网上看了一些文章但也说得不是很清楚,书上也没有多讲.找到 CISCO的文档,所以引用了一下.今天也做了下NATIVE 的小实验,以便更好的理解.
 
Native VLAN的作用:在Trunk链路使用802.1Q封装时,用Native VLAN指定哪个VLAN的数据不用做802.1Q标记,Native VLAN外的其它VLAN数据都会做802.1Q封装的标记.
为什么要使用Native VLAN:交换的管理流量以及未指定VLAN的流量,默认使用Native VLAN(默认为VLAN 1)来传送,这些流量不需要做802.1Q封装.
 
网上一般都是如上来描述Native VLAN,我也如是说,但看了又不是很明白,所以通过实验一看一下:
 
 
 

autostart = false

[localhost]
port = 7200
udp = 10000
workingdir = d:\lab\3640\

[[3640]]
     image = d:\lab\c3640-telco-124-13.bin    
     idlepc = 0x6100bf2c
     ram = 128
     confreg = 0x2102    
     exec_area = 64
     mmap = false
#     slot1 = NM-16ESW

[[2620]]
     image = d:\lab\c2600-i.120-7.bin
     ram = 20
     confreg = 0x2102    
     idlepc = 0x802d0b80
     exec_area = 64
     mmap = false

# [[router TermServ]]
#     model=3640
#     e0/0 = NIO_gen_eth:\Device\NPF_{1D0AB987-6689-4B46-8AF5-27395AD05B0B}

       [[router R1]]
     image = d:\lab\c7200-adventerprisek9.124-6.T3.bin #需要带有 plus特性的IOS,才支持VLAN间路由
     idlepc = 0x613503b8
     ram = 256
     npe = npe-400
     confreg = 0x2102    
     exec_area = 64
     mmap = false
   f0/0 = SW1 f1/14
  
     [[router SW1]]
     model=3640
     slot1 = NM-16ESW
     f1/15 = SW2 f1/15

    
     [[router SW2]]
     model=3640
     slot1 = NM-16ESW

        [[router PC1]]
     model=2620
     f0/0 = SW2 f1/1
            [[router PC2]]
     model=2620
     f0/0 = SW2 f1/2
            [[router PC3]]
     model=2620
     f0/0 = SW2 f1/3
            [[router PC4]]
     model=2620
     f0/0 = SW1 f1/4
            [[router PC5]]
     model=2620
     f0/0 = SW1 f1/5
            [[router PC6]]
     model=2620
     f0/0 = SW1 f1/6

 

基本配置(略):
配置SW1为VTP SERVER,VTP DOMAIN CISCO,VTP PASSWORD CISCO
配置SW2为VTP CLIENT,VTP DOMAIN CISCO,VTP PASSWORD CISCO
配置SW1和SW2间的trunk
在SW1新建VLAN 14,VLAN 25, VLAN36
为PC1,PC2,PC4,PC5
把PC2和PC5分配到VLAN 25,并测试其连通性.
让PC1,PC4在VLAN 14中,在trunk设置中将VLAN14设置为Native VLAN.测试其连通性.
SW1#sh run int f1/15
Building configuration...
Current configuration : 90 bytes
!
FastEthernet1/15
switchport trunk native vlan 14  
switchport mode trunk
end
SW1#
SW2的配置和SW1相同.
使用capture SW1 f1/15 vlantr.cap dynagen在SW1和SW2的Trunk的一端接口上抓包到dyangen的working目录里的vlantr.cap文件中.
在PC4,和PC5上分别ping PC1和PC2以分别得到,经过NATIVE VLAN和普通VLAN所传送的数据.
使用 caputre SW1 f1/15停止抓包.
使用开源嗅探器Wireshark打开刚才抓的包看一下,包的目录在dynagen的working目录,上面已经 提到.
 
我使用了icmp过滤器(Filter),结果看起来简洁一点.
 
这是带802.1Q标记的数据包.
从下面可以看到802.1Q数据为4字节,
优先级为0,CFI为0,VLAN ID为25,类型为IP
整个数据帧的格式为:Protocols in frame: eth:vlan:ip:icmp:data
这是Native VLAN的数据包,里面不带802.1Q封装.
帧格式为:Protocols in frame: eth:ip:icmp:data
 
这就是Native VLAN的本质了.呵呵.
 
最后帖上各设备的配置:
 
 

PC1#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC1
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.14.1 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
login
!
end

PC1#

 

 

PC2#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC2
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.25.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end

PC2#

 

 

PC4#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC4
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.14.4 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end

PC4#

 

 

PC5#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC5
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.25.5 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end

PC5#

 

 

SW1#sh run
Building configuration...

Current configuration : 960 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
switchport access vlan 14
!
interface FastEthernet1/5
switchport access vlan 25
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport trunk native vlan 14
switchport mode trunk
!
interface Vlan1
no ip address
!
ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end

SW1#

 

 

SW2#sh run
Building configuration...

Current configuration : 960 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
interface FastEthernet1/0
!
interface FastEthernet1/1
switchport access vlan 14
!
interface FastEthernet1/2
switchport access vlan 25
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport trunk native vlan 14
switchport mode trunk
!
interface Vlan1
no ip address
!
ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end

SW2#


摘自文档:

Native VLAN

Each physical port has a parameter called PVID. Every 802.1Q port is assigned a PVID value that is of its native VLAN ID (default is VLAN 1). All untagged frames are assigned to the LAN specified in the PVID parameter. When a tagged frame is received by a port, the tag is respected. If the frame is untagged, the value contained in the PVID is considered as a tag. Because the frame is untagged and the PVID is tagged to allow the coexistence, as shown in , on the same pieces of cable of VLAN-aware bridge/stations and of VLAN-unaware bridges/stations. Consider, for example, the two stations connected to the central trunk link in the lower part of . They are VLAN-unaware and they will be associated to the VLAN C, because the PVIDs of the VLAN-aware bridges are equal to VLAN C. Because the VLAN-unaware stations will send only untagged frames, when the VLAN-aware bridge devices receive these untagged frames they will assign them to VLAN C.

Figure 76 Native VLAN

 
阅读(1946) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~