--------以下为原创内容,转载请注明出处,仅供交流学习用,不得用于商业目的.
by:小虫子(xiaook) http://goat.cublog.cn
本征VLAN是交换中一个不是很容易理解的概念,在网上看了一些文章但也说得不是很清楚,书上也没有多讲.找到CISCO的文档,所以引用了一下.今天也做了下NATIVE VLAN的小实验,以便更好的理解.
Native VLAN的作用:在Trunk链路使用802.1Q封装时,用Native VLAN指定哪个VLAN的数据不用做802.1Q标记,Native VLAN外的其它VLAN数据都会做802.1Q封装的标记.
为什么要使用Native VLAN:交换的管理流量以及未指定VLAN的流量,默认使用Native VLAN(默认为VLAN 1)来传送,这些流量不需要做802.1Q封装.
网上一般都是如上来描述Native VLAN,我也如是说,但看了又不是很明白,所以通过实验一看一下:
autostart = false
[localhost] port = 7200 udp = 10000 workingdir = d:\lab\3640\ [[3640]] image = d:\lab\c3640-telco-124-13.bin idlepc = 0x6100bf2c ram = 128 confreg = 0x2102 exec_area = 64 mmap = false # slot1 = NM-16ESW
[[2620]] image = d:\lab\c2600-i.120-7.bin ram = 20 confreg = 0x2102 idlepc = 0x802d0b80 exec_area = 64 mmap = false
# [[router TermServ]] # model=3640 # e0/0 = NIO_gen_eth:\Device\NPF_{1D0AB987-6689-4B46-8AF5-27395AD05B0B}
[[router R1]] image = d:\lab\c7200-adventerprisek9.124-6.T3.bin #需要带有ip plus特性的IOS,才支持VLAN间路由 idlepc = 0x613503b8 ram = 256 npe = npe-400 confreg = 0x2102 exec_area = 64 mmap = false f0/0 = SW1 f1/14 [[router SW1]] model=3640 slot1 = NM-16ESW f1/15 = SW2 f1/15
[[router SW2]] model=3640 slot1 = NM-16ESW
[[router PC1]] model=2620 f0/0 = SW2 f1/1 [[router PC2]] model=2620 f0/0 = SW2 f1/2 [[router PC3]] model=2620 f0/0 = SW2 f1/3 [[router PC4]] model=2620 f0/0 = SW1 f1/4 [[router PC5]] model=2620 f0/0 = SW1 f1/5 [[router PC6]] model=2620 f0/0 = SW1 f1/6
|
基本配置(略):
配置SW1为VTP SERVER,VTP DOMAIN CISCO,VTP PASSWORD CISCO
配置SW2为VTP CLIENT,VTP DOMAIN CISCO,VTP PASSWORD CISCO
配置SW1和SW2间的trunk
在SW1新建VLAN 14,VLAN 25, VLAN36
为PC1,PC2,PC4,PC5
把PC2和PC5分配到VLAN 25,并测试其连通性.
让PC1,PC4在VLAN 14中,在trunk设置中将VLAN14设置为Native VLAN.测试其连通性.
SW1#sh run int f1/15
Building configuration...
Current configuration : 90 bytes
!
interface FastEthernet1/15
switchport trunk native vlan 14
switchport mode trunk
end
SW1#
SW2的配置和SW1相同.
使用capture SW1 f1/15 vlantr.cap dynagen在SW1和SW2的Trunk的一端接口上抓包到dyangen的working目录里的vlantr.cap文件中.
在PC4,和PC5上分别ping PC1和PC2以分别得到,经过NATIVE VLAN和普通VLAN所传送的数据.
使用no caputre SW1 f1/15停止抓包.
使用开源嗅探器Wireshark打开刚才抓的包看一下,包的目录在dynagen的working目录,上面已经提到.
我使用了icmp过滤器(Filter),结果看起来简洁一点.
这是带802.1Q标记的数据包.
从下面可以看到802.1Q数据为4字节,
优先级为0,CFI为0,VLAN ID为25,类型为IP
整个数据帧的格式为:Protocols in frame: eth:vlan:ip:icmp:data
这是Native VLAN的数据包,里面不带802.1Q封装.
帧格式为:Protocols in frame: eth:ip:icmp:data
这就是Native VLAN的本质了.呵呵.
最后帖上各设备的配置:
PC1#sh run Building configuration...
Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PC1 ! ! ! ! ! ! memory-size iomem 15 ip subnet-zero no ip routing ! ! ! ! interface FastEthernet0/0 ip address 10.0.14.1 255.255.255.0 no ip directed-broadcast no ip route-cache duplex auto speed auto ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 login ! end
PC1#
|
PC2#sh run Building configuration...
Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PC2 ! ! ! ! ! ! memory-size iomem 15 ip subnet-zero no ip routing ! ! ! ! interface FastEthernet0/0 ip address 10.0.25.2 255.255.255.0 no ip directed-broadcast no ip route-cache duplex auto speed auto ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 ! no scheduler allocate end
PC2#
|
PC4#sh run Building configuration...
Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PC4 ! ! ! ! ! ! memory-size iomem 15 ip subnet-zero no ip routing ! ! ! ! interface FastEthernet0/0 ip address 10.0.14.4 255.255.255.0 no ip directed-broadcast no ip route-cache duplex auto speed auto ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 ! no scheduler allocate end
PC4#
|
PC5#sh run Building configuration...
Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PC5 ! ! ! ! ! ! memory-size iomem 15 ip subnet-zero no ip routing ! ! ! ! interface FastEthernet0/0 ip address 10.0.25.5 255.255.255.0 no ip directed-broadcast no ip route-cache duplex auto speed auto ! ip classless no ip http server ! ! line con 0 exec-timeout 0 0 logging synchronous transport input none line aux 0 line vty 0 4 ! no scheduler allocate end
PC5#
|
SW1#sh run Building configuration...
Current configuration : 960 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SW1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef ! ! ! ! ! ! ! interface FastEthernet1/0 ! interface FastEthernet1/1 ! interface FastEthernet1/2 ! interface FastEthernet1/3 ! interface FastEthernet1/4 switchport access vlan 14 ! interface FastEthernet1/5 switchport access vlan 25 ! interface FastEthernet1/6 ! interface FastEthernet1/7 ! interface FastEthernet1/8 ! interface FastEthernet1/9 ! interface FastEthernet1/10 ! interface FastEthernet1/11 ! interface FastEthernet1/12 ! interface FastEthernet1/13 ! interface FastEthernet1/14 ! interface FastEthernet1/15 switchport trunk native vlan 14 switchport mode trunk ! interface Vlan1 no ip address ! ip http server ! ! ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! end
SW1#
|
SW2#sh run Building configuration...
Current configuration : 960 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SW2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef ! ! ! ! ! ! ! interface FastEthernet1/0 ! interface FastEthernet1/1 switchport access vlan 14 ! interface FastEthernet1/2 switchport access vlan 25 ! interface FastEthernet1/3 ! interface FastEthernet1/4 ! interface FastEthernet1/5 ! interface FastEthernet1/6 ! interface FastEthernet1/7 ! interface FastEthernet1/8 ! interface FastEthernet1/9 ! interface FastEthernet1/10 ! interface FastEthernet1/11 ! interface FastEthernet1/12 ! interface FastEthernet1/13 ! interface FastEthernet1/14 ! interface FastEthernet1/15 switchport trunk native vlan 14 switchport mode trunk ! interface Vlan1 no ip address ! ip http server ! ! ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! end
SW2#
|
摘自文档:
Native VLAN
Each physical port has a parameter called PVID.
Every 802.1Q port is assigned a PVID value that is of its native VLAN
ID (default is VLAN 1). All untagged frames are assigned to the LAN
specified in the PVID parameter. When a tagged frame is received by a
port, the tag is respected. If the frame is untagged, the value
contained in the PVID is considered as a tag. Because the frame is
untagged and the PVID is tagged to allow the coexistence, as shown in ,
on the same pieces of cable of VLAN-aware bridge/stations and of
VLAN-unaware bridges/stations. Consider, for example, the two stations
connected to the central trunk link in the lower part of .
They are VLAN-unaware and they will be associated to the VLAN C,
because the PVIDs of the VLAN-aware bridges are equal to VLAN C.
Because the VLAN-unaware stations will send only untagged frames, when
the VLAN-aware bridge devices receive these untagged frames they will
assign them to VLAN C.
Figure 76 Native VLAN
阅读(7000) | 评论(0) | 转发(1) |