第1章 VLAN 典型配置指导
1.1 基于端口的VLAN 典型配置指导
1.1.1 组网图
Host1Host2
Server2
Server1
图1-1 基于端口的VLAN 组网示意图
1.1.2 应用要求
●
如基于端口的VLAN 组网示意图所示,Switch A 和Switch B 分别连接了不同部门使用的Host1/Host2和Server1/Server2。
●
为保证部门间数据的二层隔离,现要求将Host1和Server1划分到VLAN100中,Host2和Server2划分到VLAN200中。并分别为两个VLAN 设置描述字符为“Dept1”和“Dept2”。
●
在
SwitchA 上配置VLAN 接口,对Host1发往Server2的数据进行三层转发。
1.1.3 适用产品、版本
表1-1 配置适用的产品与软硬件版本关系
1.1.4 配置过程和解释
●配置Switch A
# 创建VLAN100,并配置VLAN100的描述字符串为“Dept1”,将端口
GigabitEthernet1/0/1加入到VLAN100。
[SwitchA] vlan 100
[SwitchA-vlan100] description Dept1
[SwitchA-vlan100] port GigabitEthernet 1/0/1
[SwitchA-vlan100] quit
# 创建VLAN200,并配置VLAN200的描述字符串为“Dept2”。
[SwitchA] vlan 200
[SwitchA-vlan200] description Dept2
[SwitchA-vlan200] quit
# 创建VLAN100和VLAN200的接口,IP地址分别配置为192.168.1.1和
192.168.2.1,用来对Host1发往Server2的报文进行三层转发。
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 192.168.1.1 24
[SwitchA-Vlan-interface100] quit
[SwitchA] interface Vlan-interface 200
[SwitchA-Vlan-interface200] ip address 192.168.2.1 24
●配置Switch B
# 创建VLAN100,并配置VLAN100的描述字符串为“Dept1”,将端口
GigabitEthernet1/0/13加入到VLAN100。
[SwitchB] vlan 100
[SwitchB-vlan100] description Dept1
[SwitchB-vlan100] port GigabitEthernet 1/0/13
[SwitchB-vlan100] quit
# 创建VLAN200,并配置VLAN200的描述字符串为“Dept2”,将端口
GigabitEthernet1/0/11和GigabitEthernet1/0/12加入到VLAN200。
[SwitchB] vlan 200
[SwitchB-vlan200] description Dept2
[SwotchB-vlan200] port GigabitEthernet1/0/11 GigabitEthernet 1/0/12
[SwitchB-vlan200] quit
●配置Switch A和Switch B之间的链路
由于Switch A和Switch B之间的链路需要同时传输VLAN100和VLAN200的
数据,所以可以配置两端的端口为Trunk端口,且允许这两个VLAN的报文通
过。
# 配置Switch A的GigabitEthernet1/0/2端口。
[SwitchA] interface GigabitEthernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 100 200
# 配置Switch B的GigabitEthernet1/0/10端口。
[SwitchB] interface GigabitEthernet 1/0/10
[SwitchB-GigabitEthernet1/0/10] port link-type trunk
[SwitchB-GigabitEthernet1/0/10] port trunk permit vlan 100 200
1.1.5 完整配置
●SwitchA上的配置
#
vlan 100
description dept1
#
vlan 200
description dept2
#
interface Vlan-interface 100
ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface 200
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 100
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 100 200
●SwitchB上的配置
#
vlan 100
description dept1
#
vlan 200
description dept2
#
interface GigabitEthernet1/0/10
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/11
port access vlan 100
#
interface GigabitEthernet1/0/12
port access vlan 200
#
interface GigabitEthernet1/0/13
port access vlan 100
1.1.6 配置注意事项
无
1.2 基于MAC 的VLAN 典型配置指导
1.2.1 组网图
SwitchA
SwitchB
图1-2 基于MAC 的VLAN 组网示意图
1.2.2 应用要求
●
如基于MAC 的VLAN 组网示意图所示,SwitchA 和SwitchB 的GigabitEthernet1/0/1端口分别连接到两个会议室,Laptop1和Laptop2是会议用笔记本电脑,会在两个会议室间移动使用。
●
Laptop1和Laptop2分别属于两个部门,两个部门间使用VLAN100和VLAN200进行隔离。现要求这两台笔记本电脑无论在哪个会议室使用,均只能访问自己部门的服务器,即Server1和Server2。
●
Laptop1和Laptop2的MAC 地址分别为000d-88f8-4e71、0014-222c-aa69。
1.2.3 适用产品、版本
表1-2 配置适用的产品与软硬件版本关系
1.2.4 配置过程和解释
●
SwitchA 的配置
# 创建VLAN100和VLAN200,并将GigabitEthernet1/0/2配置为Trunk端口,
允许VLAN100和VLAN200的报文通过。
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] quit
[SwitchA] interface GigabitEthernet1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-GigabitEthernet1/0/2] port trunk permit vlan 100 200
[SwitchA-GigabitEthernet1/0/2] quit
# 将GigabitEthernet1/0/1配置为Hybrid端口,并使其在发送VLAN100和
VLAN200的报文时去掉VLAN Tag。
[SwitchA] interface GigabitEthernet1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
[SwitchA-GigabitEthernet1/0/1] quit
# 创建Laptop1的MAC地址与VLAN100的关联,创建Laptop2的MAC地址
与VLAN200的关联,开启GigabitEthernet1/0/1端口的MAC-VLAN功能。
[SwitchA] mac-vlan mac-address 000d-88f8-4e71 vlan 100
[SwitchA] mac-vlan mac-address 0014-222c-aa69 vlan 200
[SwitchA] interface GigabitEthernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] mac-vlan enable
●SwitchB的配置
SwitchB的配置与SwitchA完全一致,这里不再赘述。
●Core Switch的配置
# 创建VLAN100和VLAN200,并将GigabitEthernet1/0/13和
GigabitVLANEthernet
1/0/14端口分别加入这两个VLAN。
[CoreSwitch] vlan 100
[CoreSwitch-vlan100] port gigabitethernet 1/0/13
[CoreSwitch-vlan100] quit
[CoreSwitch] vlan 200
[CoreSwitch-vlan200] port gigabitethernet 1/0/14
[CoreSwitch-vlan200] quit
# 配置GigabitEthernet1/0/3和GigabitEthernet1/0/4端口为Trunk端口,均允
许VLAN100和VLAN200的报文通过。
[CoreSwitch] interface GigabitEthernet1/0/3
[CoreSwitch-GigabitEthernet1/0/3] port link-type trunk
[CoreSwitch-GigabitEthernet1/0/3] port trunk permit vlan 100 200
[CoreSwitch-GigabitEthernet1/0/3] quit
[CoreSwitch] interface GigabitEthernet1/0/4
[CoreSwitch-GigabitEthernet1/0/4] port link-type trunk
[CoreSwitch-GigabitEthernet1/0/4] port trunk permit vlan 100 200
[CoreSwitch-GigabitEthernet1/0/4] quit
1.2.5 完整配置
●SwitchA的配置
#
mac-vlan mac-address 000d-88f8-4e71 vlan 100 priority 0
mac-vlan mac-address 0014-222c-aa69 vlan 200 priority 0
#
vlan 100
#
vlan 200
#
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 100 200 untagged
mac-vlan enable
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan 1 100 200
SwitchB的配置与SwitchA完全一致,这里不再赘述。
Core Switch的配置
#
vlan 100
#
vlan 200
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/4
port link-type trunk
port trunk permit vlan 1 100 200
#
interface GigabitEthernet1/0/13
port access vlan 100
#
interface GigabitEthernet1/0/14
port access vlan 200
1.2.6 配置注意事项
基于MAC的VLAN只能在Hybrid端口上配置。
1.3 基于协议的VLAN典型配置指导
1.3.1 组网图
IPv4 server IPv6 server
Office Lab
图1-3基于协议的VLAN组网示意图
1.3.2 应用要求
如基于协议的VLAN组网示意图所示,通过配置交换机的协议VLAN功能,使办公
区和实验室中基于IPv4网络和基于IPv6网络的主机能分别与处在不同VLAN
内的对应服务器进行通信,且两种网络协议的报文能够通过VLAN进行隔离,
其中IPv4网络使用VLAN100,IPv6网络使用VLAN200。
1.3.3 适用产品、版本
表1-3配置适用的产品与软硬件版本关系
1.3.4 配置过程和解释
上行端口的配置
# 创建VLAN100,将端口GigabitEthernet1/0/11加入VLAN100
[Sysname] vlan 100
[Sysname-vlan100] port GigabitEthernet 1/0/11
# 创建VLAN200,将端口GigabitEthernet1/0/12加入VLAN200
[Sysname-vlan100] quit
[Sysname] vlan 200
[Sysname-vlan200] port GigabitEthernet 1/0/12
配置协议模板并与下行端口绑定
# 创建VLAN200和VLAN100的协议模板,分别匹配IPv4和IPv6协议。
[Sysname-vlan200] protocol-vlan ipv6
[Sysname-vlan200] quit
[Sysname] vlan100
[Sysname-vlan100] protocol-vlan ipv4
[Sysname-vlan100] quit
# 配置端口GigabitEthernet1/0/1为Hybrid端口,并在转发VLAN100和
VLAN200的报文时去掉VLAN Tag。
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
# 配置端口GigabitEthernet1/0/1分别与VLAN100的协议模板0,VLAN200
的协议模板0进行绑定。
[Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 100 0
[Sysname-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 200 0
# 同理配置端口GigabitEthernet1/0/2为Hybrid端口,在转发VLAN100和
VLAN200的报文时去掉VLAN Tag,并与VLAN100和VLAN200的协议模板
0进行绑定
[Sysname] interface GigabitEthernet 1/0/2
[Sysname-GigabitEthernet1/0/2] port link-type hybrid
[Sysname-GigabitEthernet1/0/2] port hybrid vlan 100 200 untagged
[Sysname-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 100 0
[Sysname-GigabitEthernet1/0/2] port hybrid protocol-vlan vlan 200 0 1.3.5 完整配置
#
vlan 100
protocol-vlan 0 ipv4
#
vlan 200
protocol-vlan 0 ipv6
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid protocol-vlan vlan 100 0
port hybrid protocol-vlan vlan 200 0
#
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid protocol-vlan vlan 100 0
port hybrid protocol-vlan vlan 200 0
#
interface Ethernet1/0/11
port access vlan 100
#
interface Ethernet1/0/12
port access vlan 200
1.3.6 配置注意事项
无
1.4 基于IP 子网的VLAN 典型配置指导
1.4.1 组网图
10.200.50.1
192.168.5.1
Router A Router B 图1-4 基于IP 子网的VLAN 组网示意图
1.4.2 应用要求
如基于IP 子网的VLAN 组网示意图所示,办公区内的主机被配置到两个不同的网段(192.168.5.0/24和10.200.50.0/24)中,要求通过配置IP 子网VLAN 功能,使交换机能够将从GigabitEthernet1/0/1端口收到的报文根据源主机所属网段的不同,分别在不同的VLAN 内传输,并到达指定的网关(RouterA 和RouterB )。 其中192.168.5.0/24网段的报文分发到VLAN100中传输,10.200.50.0/24网段的报文分发到VLAN200中传输。
1.4.3 适用产品、版本
表1-4 配置适用的产品与软硬件版本关系
1.4.4 配置过程和解释
●上行端口的配置
# 创建VLAN100,将端口GigabitEthernet1/0/12加入VLAN100
[Sysname] vlan 100
[Sysname-vlan100] port GigabitEthernet 1/0/12
# 创建VLAN200,将端口GigabitEthernet1/0/11加入VLAN200
[Sysname-vlan100] quit
[Sysname] vlan 200
[Sysname-vlan200] port GigabitEthernet 1/0/11
●配置IP子网VLAN并与下行端口绑定
# 将10.200.50.0/24网段与VLAN200进行关联,将192.168.5.0/24网段与
VLAN100进行关联
[Sysname-vlan200] ip-subnet-vlan ip 10.200.50.0 255.255.255.0
[Sysname-vlan200] quit
[Sysname] vlan100
[Sysname-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0
# 配置端口GigabitEthernet1/0/1为Hybrid端口,并在转发VLAN100和
VLAN200的报文时去掉VLAN Tag。
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
# 配置端口GigabitEthernet1/0/1分别与VLAN100和VLAN200的子网进行关
联。
[Sysname-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 100
[Sysname-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 200 1.4.5 完整配置
#
vlan 100
ip-subnet-vlan 0 ip 192.168.5.0 255.255.255.0
#
vlan 200
ip-subnet-vlan 0 ip 10.200.50.0 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 1 100 200 untagged
port hybrid ip-subnet-vlan vlan 100
port hybrid ip-subnet-vlan vlan 200
#
interface Ethernet1/0/11
port access vlan 200
#
interface Ethernet1/0/12
port access vlan 100
无
1.5 Isolate-user-vlan典型配置指导
1.5.1 组网图
图1-5Isolate-user-vlan组网示意图
1.5.2 应用要求
●DeviceB和DeviceC在初始状态下分别位于两个独立的网络中,并根据
自身情况创建了相应的VLAN;由于网络规划的变更,现要求使用DeviceA
将DeviceB和DeviceC连通。
●出于安全性的考虑,要求DeviceB和DeviceC所连接的设备间不能直接
通信,如Isolate-user-vlan组网示意图所示,由于这两台设备本地创建的VLAN
编号有重复,HostA和HostC处在同一个VLAN中,存在一定安全隐患。
因此需要使用Isolate-user-vlan功能,使DeviceB和DeviceC上配置的
VLAN2/VLAN3和VLAN3/VLAN4仅在本地有效,DeviceA使用VLAN5
和VLAN6对这两个网络进行划分,而无需考虑这两个网络内部VLAN的
配置。
●DeviceA使用VLAN接口对两个网络间的报文进行三层转发。
1.5.3 适用产品、版本
表1-5配置适用的产品与软硬件版本关系
●配置DeviceB
# 配置Isolate-user-vlan。
[DeviceB] vlan 5
[DeviceB-vlan5] isolate-user-vlan enable
[DeviceB-vlan5] port GigabitEthernet 2/0/5
[DeviceB-vlan5] quit
# 配置Secondary VLAN。
[DeviceB] vlan 3
[DeviceB-vlan3] port GigabitEthernet 2/0/1
[DeviceB-vlan3] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port GigabitEthernet 2/0/2
[DeviceB-vlan2] quit
# 配置Isolate-user-vlan和Secondary VLAN间的映射关系。
[DeviceB] isolate-user-vlan 5 secondary 2 to 3
●配置DeviceC
# 配置Isolate-user-vlan。
[DeviceC] vlan 6
[DeviceC-vlan6] isolate-user-vlan enable
[DeviceC-vlan6] port GigabitEthernet 2/0/5
[DeviceC-vlan6] quit
# 配置Secondary VLAN。
[DeviceC] vlan 3
[DeviceC-vlan3] port GigabitEthernet 2/0/3
[DeviceC-vlan3] quit
[DeviceC] vlan 4
[DeviceC-vlan4] port GigabitEthernet 2/0/4
# 配置Isolate-user-vlan和Secondary VLAN间的映射关系。
[DeviceC-vlan4] quit
[DeviceC] isolate-user-vlan 6 secondary 3 to 4
●配置DeviceA
# 创建VLAN5和VLAN6,并将GigabitEthernet2/0/1和GigabitEthernet2/0/2端口分别加入VLAN5和VLAN6,本例中以这两个端口为Access端口为例进行配置。
[DeviceA] vlan 5
[DeviceA-vlan5] port GigabitEthernet 2/0/1
[DeviceA-vlan5] quit
[DeviceA] vlan 6
[DeviceA-vlan6] port GigabitEthernet 2/0/2
[DeviceA-vlan6] quit
# 创建VLAN5和VLAN6的接口,使两个网络间的数据可以通过Device A进行三层转发,IP地址分别为192.168.0.1和192.168.1.1。
[DeviceA] interface Vlan-interface 5
[DeviceA-Vlan-interface5] ip address 192.168.0.1 24
[DeviceA-Vlan-interface5] quit
[DeviceA] interface Vlan-interface 6
[DeviceA-Vlan-interface6] ip address 192.168.1.1 24
用户也可以将GigabitEthernet2/0/1和GigabitEthernet2/0/2端口配置为Trunk
端口或Hybrid端口,只需要保证这两个端口分别在发送VLAN5和VLAN6的
报文时去掉VLAN Tag即可。
1.5.5 完整配置
●DeviceB的完整配置
#
vlan 2 to 3
#
vlan 5
isolate-user-vlan enable
#
interface GigabitEthernet2/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 3 5 untagged
port hybrid pvid vlan 3
#
interface GigabitEthernet2/0/2
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 5 untagged
port hybrid pvid vlan 2
#
interface GigabitEthernet2/0/5
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 3 5 untagged
port hybrid pvid vlan 5
#
isolate-user-vlan 5 secondary 2 3
●DeviceC的完整配置
#
vlan 3 to 4
#
vlan 6
isolate-user-vlan enable
#
interface GigabitEthernet2/0/3
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 3 6 untagged
port hybrid pvid vlan 3
#
interface GigabitEthernet2/0/4
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 4 6 untagged
port hybrid pvid vlan 4
#
interface GigabitEthernet2/0/5
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 3 4 6 untagged
port hybrid pvid vlan 6
#
isolate-user-vlan 50 secondary 2 3
●DeviceA的完整配置
#
vlan 5 to 6
#
interface Vlan-interface 5
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface 6
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port access vlan 5
#
interface GigabitEthernet2/0/2
port access vlan 6
1.5.6 配置注意事项
无
1.2 DHCP服务器接口地址池典型配置指导 1.2.1 组网图 图1-2 DHCP服务器接口地址池配置举例 1.2.2 应用要求 ●Switch A作为DHCP服务器,其VLAN接口1的IP地址为192.168.0.1/24; ●客户端属于VLAN1,通过DHCP方式动态获取IP地址; ●DHCP服务器通过接口地址池为MAC地址为000D-88F7-0001的客户文件服务器分配固定的IP地址192.168.0.10/24,为其它客户端主机分配192.168.0.0/24网段的IP地址,有效期限为10天。DNS服务器地址为192.168.0.20/24,WINS服务器地址为192.168.0.30/24。 1.2.3 适用产品、版本 表1-2 配置适用的产品与软硬件版本关系 1.2.4 配置过程和解释 # 使能DHCP服务
[SwitchA-Vlan-interface1] ip address 192.168.0.1 24 # 配置VLAN接口1工作在DHCP接口地址池模式 [SwitchA-Vlan-interface1] dhcp select interface # 配置DHCP接口地址池中的静态绑定地址 [SwitchA-Vlan-interface1] dhcp server static-bind ip-address 192.168.0.10 mac-address 000D-88F7-0001 # 配置DHCP接口地址池的地址池范围、DNS服务器地址、WINS服务器地址 [SwitchA-Vlan-interface1] dhcp server expired day 10 [SwitchA-Vlan-interface1] dhcp server dns-list 192.168.0.20 [SwitchA-Vlan-interface1] dhcp server nbns-list 192.168.0.30 [SwitchA-Vlan-interface1] quit 1.2.5 完整配置 # interface Vlan-interface1 ip address 192.168.0.1 255.255.255.0 dhcp select interface dhcp server static-bind ip-address 192.168.1.10 mac-address 000d-88f7-0001 dhcp server dns-list 192.168.0.20 dhcp server nbns-list 192.168.0.30 dhcp server expired day 10 # dhcp server forbidden-ip 192.168.0.10 dhcp server forbidden-ip 192.168.0.20 dhcp server forbidden-ip 192.168.0.30 # 1.2.6 配置注意事项 当DHCP服务器采用接口地址池模式分配地址时,在接口地址池中的地址分配完之后,将会从包含该接口地址池网段的全局地址池中挑选IP地址分配给客户端,从而导致获取到全局地址池地址的客户端与获取到接口地址池地址的客户端处在不同网段,无法正常进行通信。 故在本例中,建议从VLAN接口1申请IP地址的客户端数目不要超过250个。
Vlan端口的基本划分配置 使用vlan的好处: 便于管理,避免大范围网络风暴,安全性较好,提高网络传输效能 创建vlan10,vlan20 [Huawei]vlan 10 [Huawei-vlan10]vlan 20 将相应的端口设为access模式然后划分到相应的vlan当中[Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]port link-type access [Huawei-GigabitEthernet0/0/1]port default vlan 10 [Huawei-GigabitEthernet0/0/1]quit [Huawei]int g0/0/2 [Huawei-GigabitEthernet0/0/1]port link-type access [Huawei-GigabitEthernet0/0/1]port default vlan 20 [Huawei-GigabitEthernet0/0/1]quit [Huawei]int g0/0/3 [Huawei-GigabitEthernet0/0/1]port link-type access [Huawei-GigabitEthernet0/0/1]port default vlan 10 [Huawei-GigabitEthernet0/0/1]quit [Huawei]int g0/0/4 [Huawei-GigabitEthernet0/0/1]port link-type access [Huawei-GigabitEthernet0/0/1]port default vlan 20 [Huawei-GigabitEthernet0/0/1]quit [Huawei]quit
telnet 远程登录交换机典型配置指导
[H3C-luser-guest]password simple 123456 [H3C-luser-guest]service-type telnet level 3 [H3C-luser-guest]quit [H3C]user-interface vty 0 [H3C-ui-vty0]authentication-mode scheme [H3C-ui-vty0]quit [H3C]save The configuration will be written to the device. Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename unchanged press the enter key): Now saving current configuration to the device. Saving configuration. Please wait... ... Unit1 save configuration flash:/20111025.cfg successfully [H3C] %Apr 3 17:39:34:984 2000 H3C CFM/3/CFM_LOG:- 1 -Unit1 saved
华为S5700划分VLAN配置方案 公司新加一台S5700的交换机扩展网络段,之前的网络结构是路由器CISCO2800下面级联交换机,端口FastEthernet0/0 IP地址192.168.1.254,作为网关,级联的交换机都不做配置。结构图如下: 现在加入一台三层交换机S5700,划分几个VLAN vlan2:192.168.7.254 255.255.255.0 vlan3:192.168.8.254 255.255.255.0 vlan4:192.168.9.254 255.255.255.0 vlan100:192.168.1.254 255.255.255.0 vlan1000:192.168.100.253 255.255.255.0 增加的几个网段,整个网络结构也只有S5700这块有变动,其他地方没做改动,从上面两图可以看出来。 然后是我的基本配置: [Quidway]system-view [Quidway]sysname Switch [Switch]vlan 100 [Switch-vlan100]description admin_Vlan [Switch-vlan100]quit [Switch]aaa [Switch-aaa]local-user **** password cipher **** info: A new user added [Switch-aaa]local-user **** service-type telnet [Switch-aaa]local-user **** privilege level 15 [Switch-aaa]quit [Switch]user-interface vty 0 4 [Switch-ui-vty0-4]authentication-mode aaa [Switch-ui-vty0-4]return
链路聚合典型配置指导(版本切换前) 链路聚合是将多个物理以太网端口聚合在一起形成一个逻辑上的聚合组,使用链路聚合服务 的上层实体把同一聚合组内的多条物理链路视为一条逻辑链路。 链路聚合可以实现出/入负荷在聚合组中各个成员端口之间分担,以增加带宽。同时,同一 聚合组的各个成员端口之间彼此动态备份,提高了连接可靠性。 组网图 链路聚合配置示例图 应用要求 设备Switch A用3个端口聚合接入设备Switch B,从而实现出/入负荷在各成 员端口中分担。 Switch A 的接入端口为GigabitEthernet1/0/1 ?GigabitEthernet1/0/3 。 适用产品、版本 配置过程和解释 说明: 以下只列出对Switch A的配置,对Switch B也需要作相同的配置,才能实现链路聚合。 配置聚合组,实现端口的负载分担(下面两种方式任选其一) 采用手工聚合方式 #创建手工聚合组1。
[SwitchA-GigabitEthernet1/0/1] interface GigabitEthernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-aggregation group 1 [SwitchA-GigabitEthernet1/0/2] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port link-aggregation group 1 采用静态LACP聚合方式 #创建静态LACP聚合组1。
目录 1 IRF典型配置举例 ······························································································································· 1-1 1.1 简介 ··················································································································································· 1-1 1.2 使用限制············································································································································ 1-1 1.2.1 硬件限制 ································································································································· 1-1 1.2.2 软件限制 ································································································································· 1-1 1.2.3 单板使用限制 ·························································································································· 1-1 1.2.4 IRF端口连接限制 ···················································································································· 1-1 1.3 选择MAD检测方式····························································································································· 1-2 1.4 使用四台设备搭建IRF典型配置举例(LACP MAD检测方式) ························································· 1-2 1.4.1 适用产品和版本 ······················································································································ 1-2 1.4.2 组网需求 ································································································································· 1-2 1.4.3 搭建IRF的配置························································································································ 1-3 1.4.4 LACP MAD配置 ······················································································································ 1-8 1.4.5 业务配置 ······························································································································· 1-10 1.4.6 验证配置 ······························································································································· 1-14 1.4.7 配置文件 ······························································································································· 1-16 1.5 使用四台设备搭建IRF典型配置举例(BFD MAD检测方式)·························································· 1-21 1.5.1 适用产品和版本 ···················································································································· 1-21 1.5.2 组网需求 ······························································································································· 1-21 1.5.3 搭建IRF的配置······················································································································ 1-22 1.5.4 BFD MAD配置 ······················································································································ 1-26 1.5.5 业务配置 ······························································································································· 1-28 1.5.6 验证配置 ······························································································································· 1-33 1.5.7 配置文件 ······························································································································· 1-35
实现两台交换机划分VLAN配置
实验九:两台交换机划分VLAN配置 实验目标: 理解虚拟VLAN基本配置; 掌握一般交换机按端口划分VLAN的配置方法; 掌握Tag VLAN配置方法 实验背景: 某一公司内财务部,销售部的PC通过2台交换机实现通信:要求财务部和销售部的PC机可以互通,但是为了数据安全起见,销售部和财务部需要进行互相隔离,现要在交换机上做适当配置来实现这一标准。 技术原理: VLAN是指在一个物理网段内,进行逻辑的划分,划分成若干个虚拟局域网,VLAN最大的特性是不受物理位置的限制,可以进行灵活的划分。VLAN具备了一个物理网段所具备的特性。相同VLAN内的主机之间可以直接通信,不同VLAN间的主机之间相互访问必须经路由设备进行转发,广播数据包只可以在本VLAN内进行广播,不能传输到其他VLAN中。 portVLAN是实现VLAN的方式之一,他利用交换机的端口进行VLAN划分,一个端口只能属于一个VLAN。
实验步骤:新建packet tracer拓扑图 划分VLAN 将端口划分到相应VLAN中 设置VLAN Trunk属性 测试 实验设备: Switch_2960 2台;PC4台;直连线 交换机和PC机配置过程如下: Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname Switch1
Switch1(config)#vlan 2 Switch1(config-vlan)#exit Switch1(config)#vlan 3 Switch1(config-vlan)#exit Switch1(config)#int f0/1 Switch1(config-if)#switchport access vlan 2 Switch1(config-if)#exit Switch1(config)#int f0/2 Switch1(config-if)#switchport access vlan 3 Switch1(config-if)#exit Switch1(config)#int f0/24 Switch1(config-if)#switchport mode trunk (红色的是交换机自动生成的参数代码) %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up Switch(config-if)#end %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan
EPON灵活QINQ典型配置指导手册 编号: 版本:V1.0 编制:技术中心热线部 审核:熊志军 批准: 瑞斯康达科技发展股份有限公司
文档修订记录 文档说明: 本文档主要用于指导工程师完成EPON灵活QINQ典型配置,本文以某商用网络为例,介绍了新在EPON系统上具体的配置操作步骤和注意事项。
前言 读者对象: 本文档适合ISCOM5000系列EPON设备灵活QinQ操作维护管理人员使用,主要面向各区域工程师。本文档介绍ISCOM5000系列EPON设备根据灵活QinQ的配置、常用故障排查方法、FAQ 等内容。 编写时间:2010年3月 相关参考手册: ISCOM 5000 EPON设备主要手册及用途如下
目录 前言 (3) 一、Q-IN-Q概述 (6) 二、技术介绍 (6) 2.1 QinQ报文格式 (6) 2.2 QinQ封装 (7) 2.2.1 基于端口的QinQ封装 (7) 2.2.2 基于流的QinQ封装 (7) 三、典型案例配置 (8) 3.1 EPON交换端口VLAN配置 (8) 3.2 根据以太网报文类型灵活Q-IN-Q 应用拓扑 (10) 3.3三种数据的业务流向及处理过程 (12) 3.4配置流程 (13) 3.5 具体数据配置流程: (14) 1) 创建加载板卡 (14) 2) 在olt上配置数据业务,创建vlan ,修改TPID值 (14) 3)配置3槽位PON板第一个PON口 (14) 4)配置上联GE口(PORT 11) (15) 5)配置上联GE口(PORT 12) (15) 6)配置网管地址及网关 (15) 7)EPON 以太网报文类型灵活Q-IN-Q配置实例 (15) 8)灵活Q-IN-Q抓包样本 (15) 四、常见故障处理FAQ (16) EPON以太网报文类型灵活Q-IN-Q常见FAQ (16) Q1:在配置根据以太网报文的灵活Q-IN-Q时,若两种数据存在一样的以太网报文类 型,该怎么区分? (16) Q2:为什么从OLT上无法PING通EOC及交换机的网管地址,而经过USR或者BRAS 的网管服务器可以PING通EOC、交换机及OLT。 (16) Q3:为什么同一台电脑在测试过一个业务后,马上测试另外一种业务,该电脑会存在
一、创建vlan和划分vlan 1、创建vlan的操作命令如下所示。 Switch(config)#vlan 10 //创建vlan10,并进入vlan配置模式,no vlan 10 为删除vlan10. Switch(config-vlan)#name aaa //为vlan指定名称为aaa 2、将交换机端口成员添加到对应的vlan操作命令如下所示。 Switch(config)#interface range fastethernet0/1-5 //从全局配置模式进入到端口范围配置模式。 Switch(config-if-range)#switchport access vlan 10 //设置交换机端口fastethernet0/1、0/2、0/3、0/4、0/5允许访问vlan10,即1-5号端口添加到vlan10中,no swithport access vlan10 可以从vlan10 删除端口成员。 Switch(config-if-range)#exit Switch(config)#end Switch#show vlan //通过以上配置以后,可以使用show vlan命令来验证vlan 配置情况。 二、跨交换机vlan配置trunk 1、交换机A配置trunk如下 SwitchA(config)#interface fastethernet 0/24 SwitchA(config-if)#switchport mode trunk //设置交换机A的端口fastethernet 0/24为trunk模式。工作在trunk模式下的端口称为trunk 端口,trunk端口可以通过多个vlan的流量,通过trunk端口之间的互连,可以实现不同交换机上相同vlan的互通。 SwitchA(config-if)#switchport trunk allowed vlan 10,20 //设置trunk端口允许通过的vlan。 1、交换机B配置trunk如下 SwitchB(config)#interface fastethernet 0/24 SwitchB(config-if)#switchport mode trunk //设置交换机B的端口fastethernet 0/24为trunk模式。工作在trunk模式下的端口称为trunk 端口,trunk端口可以通过多个vlan的流量,通过trunk端口之间的互连,可以实现不同交换机上相同vlan的互通。 SwitchB(config-if)#switchport trunk allowed vlan 10,20 //设置trunk端口允许通过的vlan。
1.1 高级IPv4 ACL典型配置指导 高级IPv4 ACL可以使用报文的源IP地址信息、目的IP地址信息、IP承载的 协议类型、协议的特性(例如TCP或UDP的源端口、目的端口,ICMP协议 的消息类型、消息码等)等信息来制定匹配规则。 高级IPv4 ACL支持对三种报文优先级的分析处理: ●ToS(Type of Service,服务类型)优先级 ●IP优先级 ●DSCP(Differentiated Services CodePoint,差分服务编码点)优先级 用户可以利用高级IPv4 ACL定义比基本IPv4 ACL更准确、更丰富、更灵活的 匹配规则。 高级IPv4 ACL的序号取值范围为3000~3999。 1.1.1 组网图 总裁办公室 192.168.1.0/24 研发部门 192.168.2.0/24192.168.3.0/24 图1-1配置高级IPv4 ACL组网图 1.1.2 应用要求 公司企业网通过交换机(以S5500-EI为例)实现各部门之间的互连。要求配 置高级IPv4 ACL,禁止研发部门和市场部门在上班时间(8:00至18:00)访问 工资查询服务器(IP地址为192.168.4.1),而总裁办公室不受限制,可以随 时访问。
1.1.3 适用产品、版本 表1-1配置适用的产品与软硬件版本关系 1.1.4 配置过程和解释 (1) 定义工作时间段 # 定义8:00至18:00的周期时间段。
华为链路聚合典型配置 指导 文稿归稿存档编号:[KKUY-KKIO69-OTM243-OLUI129-G00I-FDQS58-
链路聚合典型配置指导(版本切换前) 链路聚合是将多个物理以太网端口聚合在一起形成一个逻辑上 的聚合组,使用链路聚合服务的上层实体把同一聚合组内的多 条物理链路视为一条逻辑链路。 链路聚合可以实现出/入负荷在聚合组中各个成员端口之间分 担,以增加带宽。同时,同一聚合组的各个成员端口之间彼此 动态备份,提高了连接可靠性。 组网图 链路聚合配置示例图 应用要求 设备Switch A用3个端口聚合接入设备Switch B,从而实现出/入负荷在各成员端口中分担。 Switch A的接入端口为GigabitEthernet1/0/1~ GigabitEthernet1/0/3。 适用产品、版本 配置适用的产品与软硬件版本关系
配置过程和解释 说明: 以下只列出对Switch A的配置,对Switch B也需要作相同的配置,才能实现链路聚合。 配置聚合组,实现端口的负载分担(下面两种方式任选其一) 采用手工聚合方式 # 创建手工聚合组1。
华为配置基于接口划分VLAN示例 组网需求 某企业有很多部门,要求业务相同部门之间的员工可以互相访问,业务不同部门之间的员工不能互相访问。 如图所示,某企业包含4个部门。部门1通过SwitchA与Switch的接口Eth0/0/1相连。部门2通过SwitchB与Switch的接口Eth0/0/2相连。部门3通过SwitchC与Switch的接口Eth0/0/3相连。部门4通过SwitchD与Switch的接口Eth0/0/4相连。要求: VLAN2内的部门1、部门2与VLAN3内的部门3、部门4互相隔离。 VLAN2内的部门1与部门2可以互相访问。 VLAN3内的部门3与部门4可以互相访问。 图1 配置干道链路组网图 配置思路 采用如下的思路配置VLAN: 创建VLAN。 将接口加入VLAN。 数据准备
为完成此配置例,需准备如下的数据: 接口Ethernet0/0/1、Ethernet0/0/2属于VLAN2。 接口Ethernet0/0/3、Ethernet0/0/4属于VLAN3。 操作步骤 配置Switch # 创建VLAN2。
链路聚合典型配置指导(版本切换前) 链路聚合是将多个物理以太网端口聚合在一起形成一个逻辑上的聚合组,使用 链路聚合服务的上层实体把同一聚合组内的多条物理链路视为一条逻辑链路。 链路聚合可以实现出/入负荷在聚合组中各个成员端口之间分担,以增加带宽。 同时,同一聚合组的各个成员端口之间彼此动态备份,提高了连接可靠性。组网图 链路聚合配置示例图 应用要求 设备Switch A用3个端口聚合接入设备Switch B,从而实现出/入负荷在各成员端口中分担。 Switch A的接入端口为GigabitEthernet1/0/1~GigabitEthernet1/0/3。 适用产品、版本 配置适用的产品与软硬件版本关系 配置过程和解释 说明: 以下只列出对Switch A的配置,对Switch B也需要作相同的配置,才能实现链路聚合。 配置聚合组,实现端口的负载分担(下面两种方式任选其一) 采用手工聚合方式 # 创建手工聚合组1。
[SwitchA-GigabitEthernet1/0/1] interface GigabitEthernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-aggregation group 1 [SwitchA-GigabitEthernet1/0/2] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port link-aggregation group 1 采用静态LACP聚合方式 # 创建静态LACP聚合组1。