[SWitch A]gVrp//全局模式下启动 GVRP
GVRP is enabled globally.
[SWitch A]interface ethernet0/17
[SWitch A-Ethernet0/17]port link-type trunk//把端口类型设置为Trunk
[SWitch A-Ethernet0/17]port trunk permit Vlan all
Please Wait...........................................Done.
[SWitch A-Ethernet0/17]gVrp//在Trunk端口上启用GVRP
GVRP is enabled on port Ethernet0/17.
[SWitch A-Ethernet0/17]quit
[SWitch A]
在SWitch B上配置命令:
< H3C>system-VieW
System VieW:return to User VieW With Ctrl+Z.
[H3C]sysname SWitch B
[SWitch B]gVrp
GVRP is enabled globally.
[SWitch B]interface Ethernet0/17
[SWitch B-Ethernet0/17]port link-type trunk
[SWitch B-Ethernet0/17]port trunk permit Vlan all
Please Wait...........................................Done.
[SWitch B-Ethernet0/17]gVrp
GVRP is enabled on port Ethernet0/17.
[SWitch B-Ethernet0/17]quit
[SWitch B]
(2)在SWitch B上创建两个VLAN
[SWitch B]Vlan 5
[SWitch B-Vlan5]name Sell Department
[SWitch B-Vlan5]deion Sell Department
[SWitch B-Vlan5]quit
[SWitch B]Vlan6
[SWitch B-Vlan6]name Project Department
[SWitch B-Vlan6]deion Project Department
[SWitch B-Vlan6]quit
[SWitch B]
(3)在两台交换机上查看VLAN信息
[SWitch B]display Vlan
Total3VLANexist(s).
The folloWingVLANs exist:
1(default),5,6
[SWitch B]display Vlan static//交换机 SWitch B 查看静态VLAN
Total3staticVLANexist(s).
The folloWing staticVLANs exist:
1(default),5,6
[SWitch B]display Vlan dynamic
No dynamic Vlans exist!
[SWitch B]
[SWitch A]display Vlan static
Total1staticVLANexist(s).
The folloWing staticVLANs exist:
1(default)
[SWitch A]display Vlan
Total3VLANexist(s).
The folloWingVLANs exist:
1(default),5,6
[SWitch A]display Vlan dynamic//交换机 SWitch A 可以查看到两个动态VLAN
Total2dynamicVLANexist(s).
The folloWing dynamicVLANs exist:
5,6
[SWitch A]display Vlan static
Total1staticVLANexist(s).
The folloWing staticVLANs exist:
1(default)
[SWitch A]
(4)把端口划分到相应的VLAN中
[SWitch A]interface ethernet0/18
[SWitch A-Ethernet0/18]port link-type access
[SWitch A-Ethernet0/18]port access Vlan 5//若把某个交换机端口加入某个动态VLAN时,该//动态VLAN自动变成了本交换机上的静态VLANDynamicVLANis configured,noW changed to static!
[SWitch A-Ethernet0/18]quit
[SWitch A]Vlan6
DynamicVLANis configured,noW changed to static!
[SWitch A-Vlan6]port ethernet0/19 to ethernet0/22
[SWitch A-Vlan6]
[SWitch A]management-Vlan 5
[SWitch A]interface Vlan-interface 5
[SWitch A-Vlan-interface5]
%Apr2000:07:54:6152009 SWitch A L2INF/5/VLANIF LINK STATUS CHANGE:Vlan-inter-face5 is UP
[SWitch A-Vlan-interface5]ip address10.1.5.2255.255.255.0
[SWitch A-Vlan-interface5]
%Apr2000:08∶10∶2902009 SWitch A IFNET/5/UPDOWN:Line protocol on the interface Vlan-in-terface5 is UP
(5)查看GVRP信息
[SWitch B]display gVrp status
GVRP is enabled.
[SWitch B]
[SWitch B]display gVrp statistics interface Ethernet0/17
GVRP statistics on port Ethernet0/17
GVRP Status:Enabled
GVRP Failed Registrations:0
GVRP Last Pdu Origin:000f-e207-f5e2
GVRP Registration Type:Normal
[SWitch B]display garp timer
GARP timers on port Ethernet0/1
Garp Join Time:20centiseconds
Garp LeaVe Time:60centiseconds
Garp LeaVeAll Time:1000centiseconds
Garp Hold Time:10centiseconds
GARP timers on port Ethernet0/2
Garp Join Time:20centiseconds
Garp LeaVe Time:60centiseconds
Garp LeaVeAll Time:1000centiseconds
Garp Hold Time:10centiseconds
8.3.7任务5isolate-user-VLAN配置
1.isolate-user-VLAN概述
isolate-user-VLAN是利用Hybrid端口对多个VLAN的报文去除VLANTag的特性,通过对MAC地址表项在各VLAN的MAC地址表间进行复制的方法,实现对网络中VLAN资源的节约。
isolate-user-VLAN采用二层VLAN结构,在交换机上需要设置两类VLAN:isolate-user-VLAN和SecondaryVLAN。
一个 isolate-user-VLAN可以和多个SecondaryVLAN对应。通过设定端口的Hybrid属性,可以使所有SecondaryVLAN中包含的端口和交换机的上行端口都属于isolate-user-VLAN。同时在上行端口处设定在转发所有SecondaryVLAN的报文时都去掉VLANTag。
这样对上层交换机来说,从下层设备收到的报文全部是不携带VLANTag的,所以不必关心下层的VLAN配置,可以在本地重新规划VLAN结构,节约了VLAN资源。
2.组网需求
PC1,PC2,PC3和SerVer分属不同的VLAN,但属于同一个网段。三个计算机之间禁止互访,但是都可以访问同网段的服务器。
3.网络拓扑
4.配置步骤
(1)进入系统视图
< SWitch>system-VieW
(2)创建(进入)VLAN10,将 E0/1加入到VLAN10
[SWitch]Vlan10
[SWitch-Vlan10]port Ethernet0/1
(3)创建(进入)VLAN20,将 E0/2加入到VLAN20
[SWitch]Vlan20
[SWitch-Vlan20]port Ethernet0/2
(4)创建(进入)VLAN30,将 E0/3加入到VLAN30
[SWitch]Vlan30
[SWitch-Vlan30]port Ethernet0/3
(5)创建(进入)VLAN100,将 E0/4加入到VLAN100
[SWitch]Vlan100
[SWitch-Vlan100]port Ethernet0/4
(6)将VLAN100配置为Isolate-user-VLAN
[SWitch-Vlan100]Isolate-user-VLANenable
(7)在系统视图模式下,配置Isolate-user-VLAN与各个 secondaryVLAN之间的映射关系
[SWitch]isolate-user-Vlan100secondary102030
5.结果验证(略)
8.4实训思考
本实训主要是在三层交换机上实现VLAN间互通,现在设置实训环境,要求利用路由器实现VLAN间互相访问。
某公司网络中有许多内部流量,一些流量集中在销售部,一些流量集中在财务部,销售部的流量没有必要传送给财务部,同样,财务部的流量也没有必要传送给销售部。因为VLAN可以在二层交换机上分割广播数据包,所以决定划分不同VLAN管理这些流量,即可满足要求,但是有时候仍需要两个部门互相通信,遂决定加装一个路由器来实现。其具体实现方法是在路由器上为每一个VLAN设置一个子接口,封装ISL(允许交换机快速以太网端口连接,而且是Trunk)或者802.1Q协议。请设计网络拓扑图并写出网络配置过程。