--------以下为原创内容,转载请注明出处,仅供交流学习用,不得用于商业目的.
by:小虫子(xiaook) http://goat.cublog.cn
本征VLAN是交换中一个不是很容易理解的概念,在网上看了一些文章但也说得不是很清楚,书上也没有多讲.找到CISCO的文档,所以引用了一下.今天也做了下NATIVE VLAN的小实验,以便更好的理解.
Native VLAN的作用:在Trunk链路使用802.1Q封装时,用Native VLAN指定哪个VLAN的数据不用做802.1Q标记,Native VLAN外的其它VLAN数据都会做802.1Q封装的标记.
为什么要使用Native VLAN:交换的管理流量以及未指定VLAN的流量,默认使用Native VLAN(默认为VLAN 1)来传送,这些流量不需要做802.1Q封装.
网上一般都是如上来描述Native VLAN,我也如是说,但看了又不是很明白,所以通过实验一看一下:
|
autostart = false
[localhost]
port = 7200
udp = 10000
workingdir = d:\lab\3640\
[[3640]]
image = d:\lab\c3640-telco-124-13.bin
idlepc = 0x6100bf2c
ram = 128
confreg = 0x2102
exec_area = 64
mmap = false
# slot1 = NM-16ESW
[[2620]]
image = d:\lab\c2600-i.120-7.bin
ram = 20
confreg = 0x2102
idlepc = 0x802d0b80
exec_area = 64
mmap = false
# [[router TermServ]]
# model=3640
# e0/0 = NIO_gen_eth:\Device\NPF_{1D0AB987-6689-4B46-8AF5-27395AD05B0B}
[[router R1]]
image = d:\lab\c7200-adventerprisek9.124-6.T3.bin #需要带有ip plus特性的IOS,才支持VLAN间路由
idlepc = 0x613503b8
ram = 256
npe = npe-400
confreg = 0x2102
exec_area = 64
mmap = false
f0/0 = SW1 f1/14
[[router SW1]]
model=3640
slot1 = NM-16ESW
f1/15 = SW2 f1/15
[[router SW2]]
model=3640
slot1 = NM-16ESW
[[router PC1]]
model=2620
f0/0 = SW2 f1/1
[[router PC2]]
model=2620
f0/0 = SW2 f1/2
[[router PC3]]
model=2620
f0/0 = SW2 f1/3
[[router PC4]]
model=2620
f0/0 = SW1 f1/4
[[router PC5]]
model=2620
f0/0 = SW1 f1/5
[[router PC6]]
model=2620
f0/0 = SW1 f1/6
|
基本配置(略):
配置SW1为VTP SERVER,VTP DOMAIN CISCO,VTP PASSWORD CISCO
配置SW2为VTP CLIENT,VTP DOMAIN CISCO,VTP PASSWORD CISCO
配置SW1和SW2间的trunk
在SW1新建VLAN 14,VLAN 25, VLAN36
为PC1,PC2,PC4,PC5
把PC2和PC5分配到VLAN 25,并测试其连通性.
让PC1,PC4在VLAN 14中,在trunk设置中将VLAN14设置为Native VLAN.测试其连通性.
SW1#sh run int f1/15
Building configuration...
Current configuration : 90 bytes
!
interface FastEthernet1/15
switchport trunk native vlan 14
switchport mode trunk
end
SW1#
SW2的配置和SW1相同.
使用capture SW1 f1/15 vlantr.cap dynagen在SW1和SW2的Trunk的一端接口上抓包到dyangen的working目录里的vlantr.cap文件中.
在PC4,和PC5上分别ping PC1和PC2以分别得到,经过NATIVE VLAN和普通VLAN所传送的数据.
使用no caputre SW1 f1/15停止抓包.
使用开源嗅探器Wireshark打开刚才抓的包看一下,包的目录在dynagen的working目录,上面已经提到.
我使用了icmp过滤器(Filter),结果看起来简洁一点.
这是带802.1Q标记的数据包.
从下面可以看到802.1Q数据为4字节,
优先级为0,CFI为0,VLAN ID为25,类型为IP
整个数据帧的格式为:Protocols in frame: eth:vlan:ip:icmp:data
这是Native VLAN的数据包,里面不带802.1Q封装.
帧格式为:Protocols in frame: eth:ip:icmp:data
这就是Native VLAN的本质了.呵呵.
最后帖上各设备的配置:
|
PC1#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC1
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.14.1 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
login
!
end
PC1#
|
|
PC2#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC2
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.25.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
PC2#
|
|
PC4#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC4
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.14.4 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
PC4#
|
|
PC5#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PC5
!
!
!
!
!
!
memory-size iomem 15
ip subnet-zero
no ip routing
!
!
!
!
interface FastEthernet0/0
ip address 10.0.25.5 255.255.255.0
no ip directed-broadcast
no ip route-cache
duplex auto
speed auto
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
PC5#
|
|
SW1#sh run
Building configuration...
Current configuration : 960 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
switchport access vlan 14
!
interface FastEthernet1/5
switchport access vlan 25
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport trunk native vlan 14
switchport mode trunk
!
interface Vlan1
no ip address
!
ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end
SW1#
|
|
SW2#sh run
Building configuration...
Current configuration : 960 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
interface FastEthernet1/0
!
interface FastEthernet1/1
switchport access vlan 14
!
interface FastEthernet1/2
switchport access vlan 25
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
switchport trunk native vlan 14
switchport mode trunk
!
interface Vlan1
no ip address
!
ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end
SW2#
|
摘自文档:
Native VLAN
Each physical port has a parameter called PVID.
Every 802.1Q port is assigned a PVID value that is of its native VLAN
ID (default is VLAN 1). All untagged frames are assigned to the LAN
specified in the PVID parameter. When a tagged frame is received by a
port, the tag is respected. If the frame is untagged, the value
contained in the PVID is considered as a tag. Because the frame is
untagged and the PVID is tagged to allow the coexistence, as shown in ,
on the same pieces of cable of VLAN-aware bridge/stations and of
VLAN-unaware bridges/stations. Consider, for example, the two stations
connected to the central trunk link in the lower part of .
They are VLAN-unaware and they will be associated to the VLAN C,
because the PVIDs of the VLAN-aware bridges are equal to VLAN C.
Because the VLAN-unaware stations will send only untagged frames, when
the VLAN-aware bridge devices receive these untagged frames they will
assign them to VLAN C.
Figure 76 Native VLAN
阅读(6989) | 评论(0) | 转发(1) |
