4、vlan的规划及配置
在本节中我们讲解vlan的规划及具体的配置命令。在此例中我们用的是vtp(VLAN Trunking Protocol)server的模式,在这种模式中我们需要配置核心交换机的vtp模式为server,各接入交换机的vtp模式为cilent,那么配置完成后接入交换机就会通过trunk口自动从核心交换机学习到所有的vlan配置信息。在接入交换机中只需要添加相应的端口即可,这样易于管理与部署。具体的配置命令我们通过两小节来演示:
4.1 核心交换机的相关配置
(这是一台已经配置好了的交换机,但这并不会影响我们的演示效果。所有我们新作的配置会在演示结束后清除。)
TEST#sh vlan # 显示已经有的vlan信息,并且同时显示了各端口所属的vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
default active Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi3/, Gi3/, Gi3/
firewall active Gi1/
Engineering active Gi3/, Gi3/
Procurement active Gi3/
QAQC active
Operation active
Yard active Gi3/
BM active
HRAD active
Facility active
Finance active
GO active
Wlan active
Server active Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/
Client active Gi3/, Gi3/
# 从这行往下是为其他协议预留的vlan号段,这些不必理会。
fddi-default act/unsup token-ring-default act/unsup
fddinet-default act/unsup
trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
fddi - - - - -
tr - - - - -
fdnet - - - ieee -
TEST#conf
TEST(config)#vlan 200 # 我们新建一个vlan号为200的vlan
TEST(config-vlan)#name test # 给这个vlan命名,这样便于日常的管理。
TEST(config-vlan)#END # 建好vlan后退出到特权模式中
TEST#show ip int brief
# 显示目前有的端口配置状态,我们会发现此时并没有vlan200的相关信息
Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES NVRAM down down Vlan1 192.168.113.254 YES NVRAM up up Vlan2 172.16.0.2 YES NVRAM up up Vlan10 192.168.101.254 YES NVRAM up up Vlan20 192.168.102.254 YES NVRAM up up Vlan30 192.168.103.254 YES NVRAM up up Vlan40 192.168.104.254 YES NVRAM up up Vlan50 192.168.105.254 YES NVRAM up up Vlan60 192.168.106.254 YES NVRAM up up Vlan70 192.168.107.254 YES NVRAM up up Vlan80 192.168.108.254 YES NVRAM up up Vlan100 192.168.110.254 YES NVRAM up up Vlan110 192.168.111.254 YES NVRAM up up Vlan120 192.168.112.254 YES NVRAM up up Vlan150 192.168.100.254 YES NVRAM up up Vlan160 192.168.115.254 YES NVRAM up up GigabitEthernet1/ unassigned YES unset up up GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset up up GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset down down
TEST#sh vlan # 显示一下vlan信息
# 这个是我们新建好的vlan,但是vlan中没有任何端口。
fddi-default act/unsup
token-ring-default act/unsup
fddinet-default act/unsup
trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
fddi - - - - -
TEST#conf t
TEST(config)#interface gigabitEthernet 1/2 # 进入端口配置模式,配置gigabitEthernet 1/2这个端口
TEST(config-if)#switchport access vlan 200 # 将此端口加入到刚才建好的vlan200中
TEST(config-if)#end
TEST#sh vlan # 退出来验证一下
TEST#sh ip int brief # 再显示一下所有端口的状态,我们会发现同样没有vlan200的相关信息。
Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES NVRAM down down Vlan1 192.168.113.254 YES NVRAM up up Vlan2 172.16.0.2 YES NVRAM up up Vlan10 192.168.101.254 YES NVRAM up up Vlan20 192.168.102.254 YES NVRAM up up Vlan30 192.168.103.254 YES NVRAM up up Vlan40 192.168.104.254 YES NVRAM up up Vlan50 192.168.105.254 YES NVRAM up up Vlan60 192.168.106.254 YES NVRAM up up Vlan70 192.168.107.254 YES NVRAM up up Vlan80 192.168.108.254 YES NVRAM up up Vlan100 192.168.110.254 YES NVRAM up up Vlan110 192.168.111.254 YES NVRAM up up Vlan120 192.168.112.254 YES NVRAM up up Vlan150 192.168.100.254 YES NVRAM up up Vlan160 192.168.115.254 YES NVRAM up up GigabitEthernet1/ unassigned YES unset up up GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset up up GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset down down
TEST#conf t
TEST(config)#int vlan 200 # 给这个vlan添加相应的ip地址,注意此处的语法
TEST(config-if)#ip add 10.10.10.0.1 255.255.255.0 # 配置vlan 200 的ip地址
TEST(config-if)#no shut # 使能此端口
TEST(config-if)#end
TEST#sh ip int b
# 重新显示一下所有端口的状态,我们会发现已经有了vlan200的端口信息了。
Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES NVRAM down down Vlan1 192.168.113.254 YES NVRAM up up Vlan2 172.16.0.2 YES NVRAM up up Vlan10 192.168.101.254 YES NVRAM up up Vlan20 192.168.102.254 YES NVRAM up up Vlan30 192.168.103.254 YES NVRAM up up Vlan40 192.168.104.254 YES NVRAM up up Vlan50 192.168.105.254 YES NVRAM up up Vlan60 192.168.106.254 YES NVRAM up up Vlan70 192.168.107.254 YES NVRAM up up Vlan80 192.168.108.254 YES NVRAM up up Vlan100 192.168.110.254 YES NVRAM up up Vlan110 192.168.111.254 YES NVRAM up up Vlan120 192.168.112.254 YES NVRAM up up Vlan150 192.168.100.254 YES NVRAM up up Vlan160 192.168.115.254 YES NVRAM up up Vlan200 10.10.0.1 YES manual up up GigabitEthernet1/ unassigned YES unset up up GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset up up GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet1/ unassigned YES unset down down GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up GigabitEthernet3/ unassigned YES unset up up
## 小结一下:在刚才的配置过程中,端口Gi1/2下面所连接的电脑的网关就是vlan200的地址——10.10.0.1。下面所连的电脑找到相应的网关后在会去找具体的路由,这些我们下节会讲解。
TEST#show inter trunk
# 显示当前交换机中的trunk接口。作为trunk接口的端口下联的是接入层(或者是汇聚层)的交换机。
TEST#conf t
TEST(config)#int gi1/15 # 我们以gi1/15来说明,如何将此端口配置成trunk接口
TEST(config-if)#switchport mode trunk # 首先定义此接口的模式为trunk
TEST(config-if)#switchport trunk encapsulation ?
# 然后定义trunk口的封装类型,此处选择dot1q也叫802.1q,为通用封装类型
dot1q Interface uses only 802.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
negotiate Device will negotiate trunking encapsulation with peer on interface
TEST(config-if)#switchport trunk encapsulation dot1q # 回车后就将此trunk口的封装类型定义成了dot1q
## 小结一下:刚才配置的是如何将下联接入层交换机的端口配置成trunk模式,并且如何将此trunk口封装成特定的类型,接下来我们介绍如何配置此核心交换机的VTP的一些相关设置。
TEST(config)#vtp mode server # 首先我们在全局配置模式中将vtp的mode设置成server
TEST(config)#vtp domain pjoe # 然后配置vtp的domain,所有的交换机应该在一个domain中,此例中我们定义的doamin为pjoe
TEST(config)#vtp password pjoeserver # 配置此vtp的介入密码,这样可以防止未授权的交换机随便加入到这个domian中来。
TEST#sh vtp status # 配置完毕后显示一下vtp的状态
VTP Version : 2
Configuration Revision : 22
Maximum VLANs supported locally : 1005
Number of existing VLANs : 20
VTP Operating Mode : Server # vtp的模式为server模式
VTP Domain Name : pjoe # vtp的域名是pjoe
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Enabled
MD5 digest : 0x00 0xB3 0x21 0xB7 0x56 0xD7 0x06 0x4F
# 此处表示的是vtp的密码(已加密)
Configuration last modified by 192.168.113.254 at 12-3-07 22:52:46
Local updater ID is 192.168.113.254 on interface Vl1 (lowest numbered VLAN interface found)
TEST# ## 小结一下:经过以上的配置就将核心交换机的vtp等的配置工作完成了,只需要再配置好接入交换机的相关vtp参数和对应的trunk接口,接入交换机就能够从核心交换机上获取到所有的vlan信息,而不需要重新建立各个vlan。
TEST#sh vlan # 接下来我们去掉新增加的vlan,先显示一下。
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
default active Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi3/, Gi3/, Gi3/,
firewall active Gi1/
Engineering active Gi3/, Gi3/
Procurement active Gi3/
QAQC active
Operation active
Yard active Gi3/
BM active
HRAD active
Facility active
Finance active
GO active
Wlan active
Server active Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/
Client active Gi3/, Gi3/
test active Gi1/
fddi-default act/unsup
token-ring-default act/unsup
fddinet-default act/unsup
trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
fddi - - - - -
tr - - - - -
TEST#conf t
Enter configuration commands, one per line. End with CNTL/Z. #删除vlan 及重新划分的方法步骤!
TEST(config)#no vlan 200 # 第一步,删除vlan200
TEST(config)#no int vlan 200 # 第二步,删除int vlan200 ,经过这两步就可以彻底的删除vlan200了
TEST(config)int gi1/2 # 进入到gi1/2这个端口中
TEST(config-if)#switchport access vlan 1 # 将这个端口重新划分到vlan1中
TEST(config-if)#end
TEST#shv vlan
# 确认一下,我们成功的将gi1/2回归到vlan1中,并且删除掉了vlan200
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
default active Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi1/, Gi3/, Gi3/, Gi3/
firewall active Gi1/
Engineering active Gi3/, Gi3/
Procurement active Gi3/
QAQC active
Operation active
Yard active Gi3/
BM active
HRAD active
Facility active
Finance active
GO active
Wlan active
Server active Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/, Gi3/
Client active Gi3/, Gi3/
fddi-default act/unsup
token-ring-default act/unsup
fddinet-default act/unsup
trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
enet - - - - -
fddi - - - - -
tr - - - - -
fdnet - - - ieee -