原创作品,不得用于商业目的,转载请注明出处.
学习交换有些概念一直理得不是很清晰,所以做了一个一些交换基础概念的一个图示,希望我的理解没有问题.
实验中VLAN的划分情况:
实验的dynagen拓朴文件内容:
|
autostart = false
[localhost]
port = 7200
udp = 10000
workingdir = d:\lab\3640\
[[3640]]
image = d:\lab\c3640-telco-124-13.bin
idlepc = 0x6100bf2c
ram = 128
confreg = 0x2102
exec_area = 64
mmap = false
# slot1 = NM-16ESW
[[2620]]
image = d:\lab\c2600-i.120-7.bin #模拟PC选用占用内存较少的IOS
ram = 20
confreg = 0x2102
idlepc = 0x802d0b80
exec_area = 64
mmap = false
# [[router TermServ]]
# model=3640
# e0/0 = NIO_gen_eth:\Device\NPF_{1D0AB987-6689-4B46-8AF5-27395AD05B0B}
[[router R1]]
image = d:\lab\c7200-adventerprisek9.124-6.T3.bin #需要带有ip plus特性的IOS,才支持VLAN间路由
idlepc = 0x613503b8
ram = 256
npe = npe-400
confreg = 0x2102
exec_area = 64
mmap = false
f0/0 = SW1 f1/1
[[router SW1]]
model=3640
slot1 = NM-16ESW
f1/2 = SW2 f1/1
f1/3 = SW3 f1/1
f1/4 = SW4 f1/1
[[router SW2]]
model=3640
slot1 = NM-16ESW
#本来想用VPC软件来模拟PC的,但没试成功。
#在dynagen自带的以太交换机上,是成功的。NM-16ESW交换模块上不行,我没找到原因?以后再试下
# f1/2 = NIO_udp:30000:127.0.0.1:20000 #VPC1
# f1/3 = NIO_udp:30001:127.0.0.1:20001 #VPC2
# f1/4 = nio_udp:30002:127.0.0.1:20002 #VPC3
[[router SW3]]
model=3640
slot1 = NM-16ESW
[[router SW4]]
model=3640
slot1 = NM-16ESW
[[router PC1]]
model=2620
f0/0 = SW2 f1/2
[[router PC2]]
model=2620
f0/0 = SW2 f1/3
[[router PC3]]
model=2620
f0/0 = SW2 f1/4
[[router PC4]]
model=2620
f0/0 = SW3 f1/2
[[router PC5]]
model=2620
f0/0 = SW3 f1/3
[[router PC6]]
model=2620
f0/0 = SW3 f1/4
[[router PC7]]
model=2620
f0/0 = SW4 f1/2
[[router PC8]]
model=2620
f0/0 = SW4 f1/3
[[router PC9]]
model=2620
f0/0 = SW4 f1/4
|
配置VTP模式及trunk端口:
SW1#vlan database
SW1(vlan)#vtp server
Device mode already VTP SERVER.
SW1(vlan)#vtp domain cisco
Changing VTP domain name from NULL to cisco
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#confi t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f1/2
SW1(config-if)#sw mo tr
SW1(config)#int f1/3
SW1(config-if)#sw mo tr
SW1(config-if)#int f1/4
SW1(config-if)#sw mo tr
SW1#sh int tr
Port Mode Encapsulation Status Native vlan
Fa1/2 on 802.1q trunking 1
Fa1/3 on 802.1q trunking 1
Fa1/4 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa1/2 1-1005
Fa1/3 1-1005
Fa1/4 1-1005
Port Vlans allowed and active in management domain
Fa1/2 1
Fa1/3 1
Fa1/4 1
Port Vlans in spanning tree forwarding state and not pruned
Fa1/2 1
Fa1/3 none
Fa1/4 none
SW1#
SW1#sh vtp stat
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 256
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x89 0x5D 0x37 0xD0 0x91 0x71 0xF7 0x96 VTP同步成功(Trunk生效)后,各交换机的此数值相同.反之则不成功
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
SW1#
SW2#vlan da
SW2(vlan)#
SW2(vlan)#vtp client
Setting device to VTP CLIENT mode.
SW2(vlan)#vtp domain cisco
Changing VTP domain name from NULL to cisco
SW2(vlan)#exit
In CLIENT state, no apply attempted.
Exiting....
SW2#sh vtp stat
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 256
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x89 0x5D 0x37 0xD0 0x91 0x71 0xF7 0x96
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
SW2#
SW2(config-line)#int f1/1
W2(config-if)#sw mo tr
SW2(config-if)#
*Mar 1 00:09:18.215: %DTP-5-TRUNKPORTON: Port Fa1/1 has become dot1q trunk
SW2(config-if)#do sh int tr
Port Mode Encapsulation Status Native vlan
Fa1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa1/1 1-1005
Port Vlans allowed and active in management domain
Fa1/1 1
Port Vlans in spanning tree forwarding state and not pruned
Fa1/1 none
SW2(config-if)#end
SW2#sh vtp stat
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 256
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x89 0x5D 0x37 0xD0 0x91 0x71 0xF7 0x96
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
SW2#
创建VLAN:
SW1#vlan da
SW1(vlan)#vlan 11
VLAN 11 added:
Name: VLAN0011
SW1(vlan)#vlan 12
VLAN 12 added:
Name: VLAN0012
SW1(vlan)#vlan 13
VLAN 13 added:
Name: VLAN0013
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#sh vtp stat
VTP Version : 2
Configuration Revision : 1 每次修改便revision值加一
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xD6 0x3B 0xED 0x81 0x07 0x28 0xEE 0x0D 修改VLAN后MD5值会变化
Configuration last modified by 0.0.0.0 at 3-1-02 00:43:22
Local updater ID is 0.0.0.0 (no valid interface found)
SW1#show vlan #交换模块查看vlan的命令与交换机不同
% Ambiguous command: "show vlan"
SW1#show vlan-switch #使用这个命令查看VLAN
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/1, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/10
Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
11 VLAN0011 active
12 VLAN0012 active
13 VLAN0013 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
11 enet 100011 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
13 enet 100013 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
SW1#
VLAN信息已经传播到交换机SW2
SW2#show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/2, Fa1/3, Fa1/4
Fa1/5, Fa1/6, Fa1/7, Fa1/8
Fa1/9, Fa1/10, Fa1/11, Fa1/12
Fa1/13, Fa1/14, Fa1/15
11 VLAN0011 active
12 VLAN0012 active
13 VLAN0013 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#
设置VTP密码:
SW1#vlan dat
SW1(vlan)#vtp password cisco
Setting device VLAN database password to cisco.
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#sh vtp stat
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xCA 0xCC 0x0C 0x6E 0xDC 0x16 0xF4 0x95 修改VTP密码也会使MD5值发生变化
Configuration last modified by 0.0.0.0 at 3-1-02 00:43:22
Local updater ID is 0.0.0.0 (no valid interface found)
SW2#vlan da
SW2(vlan)#vtp pass cisco 在VTP client设置密码后,从MD5值看出,数据库已经同步
Setting device VLAN database password to cisco.
SW2(vlan)#exit
In CLIENT state, no apply attempted.
Exiting....
SW2#sh vtp stat
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 8
VTP Operating Mode : Client
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xCA 0xCC 0x0C 0x6E 0xDC 0x16 0xF4 0x95
Configuration last modified by 0.0.0.0 at 3-1-02 00:43:22
从show vtp status中无法直接看出密码是否设置,只能看到MD5值不相同.造成VTP数据不同步时要检查:
1.VTP模式
2.VTP域名
3.线路trunk状态
4.密码是否相同
将端口分配到各VLAN:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f1/2
SW2(config-if)#sw mo ac
SW2(config-if)#sw access vlan 13
SW2(config-if)#int f1/3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 12
SW2(config-if)#int f1/4
SW2(config-if)#sw mo ac
SW2(config-if)#sw ac v 12
SW2(config-if)#do sh vlan-s b
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0, Fa1/5, Fa1/6, Fa1/7
Fa1/8, Fa1/9, Fa1/10, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
11 VLAN0011 active
12 VLAN0012 active Fa1/3, Fa1/4
13 VLAN0013 active Fa1/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2(config-if)#
配置VLAN间路由:
1.配置各PC的IP地址
PC1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PC1(config)#int f0/0
PC1(config-if)#ip add 10.0.3.10 255.255.255.0
PC1(config-if)#no shut
PC1(config-if)#end
PC1#wr
Building configuration...
[OK]
PC1#
2.配置各PC的网关
PC1(config)#ip default-gateway 10.0.3.1
3.测试同一VLAN中各PC的连通性
PC2#ping 10.0.2.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.2.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/20/40 ms
PC2#
4.配置VLAN路由器
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#line con 0
R1(config-line)#logg sync
R1(config-line)#no exec-t
R1(config-line)#int f0/0
R1(config-if)#no ip add
R1(config-if)#no shut
R1(config-if)#int f0/0.12
R1(config-subif)#en do 12
R1(config-subif)#ip add 10.0.2.1 255.255.255.0
R1(config-subif)#int f0/0.13
R1(config-subif)#ip add 10.0.3.1 255.255.255.0
% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.
R1(config-subif)#en do 13
R1(config-subif)#ip add 10.0.3.1 255.255.255.0
R1(config-subif)#end
R1#
5.测试VLAN间网络的连通性
PC3#ping 10.0.3.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.3.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/46/92 ms
PC3#
实验心得:
实验虽然简单,但也走了一些弯路,总结几条我的心得..
1.自己做拓朴,规划网络,从头开始配置所有设备,更能贴近实际环境和增加自己的排错能力.看别人做的实验都能够看得懂,而自己重头做肯定可以得到更多的东西.
2.交换机间及与VLAN路由器间的链路配置为trunk
3.只有带路IP PLUS特性的IOS才能支持VLAN间路由,否则表现为无法配置使用子接口.
4.各PC上的网关要指向各VLAN对应的路由器子接口IP
5.VLAN路由器不用配置静态或是动态路由,来支持VLAN间通信
