HUAWEITECHNOLOGIESCO.,LTD.VLAN原理和配置Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page2前言随着网络中计算机的数量越来越多,传统的以太网络开始面临冲突严重、广播泛滥以及安全性无法保障等各种问题。VLAN(VirtualLocalAreaNetwork)即虚拟局域网,是将一个物理的局域网在逻辑上划分成多个广播域的技术。通过在交换机上配置VLAN,可以实现在同一个VLAN内的用户可以进行二层互访,而不同VLAN间的用户被二层隔离。这样既能够隔离广播域,又能够提升网络的安全性。Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page3学习目标学完本课程后,您应该能:理解VLAN的工作原理掌握VLAN的基本配置Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.传统以太网Page4随着主机数量的增加,共享网络中的冲突会越来越严重,交换网络中的广播也会越来越多。Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.VLAN技术Page5VLAN能够隔离广播域。VLAN1VLAN2Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.VLAN帧格式Page6没有携带Tag的帧携带Tag的帧0x8100PRICFIVLANID(12b)2bytes2bytesDMACDataSMACTypeFCS6bytes6bytes2bytes46-1500bytes4bytesDMACDataSMACTypeFCS6bytes6bytes2bytes46-1500bytes4bytesTagTPIDTCI4bytes通过Tag区分不同VLAN。Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.链路类型Page7TrunkAccessVLAN3VLAN2TrunkTrunkAccessAccessAccessAccess用户主机和交换机之间的链路为接入链路,交换机与交换机之间的链路为干道链路。Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.PVIDPage8PVID1PVID2PVID2PVID3PVID3PVID1PVID表示端口在缺省情况下所属的VLAN。缺省情况下,X7系列交换机每个端口的PVID是1。SWASWB主机A主机C主机B主机DVLAN2VLAN2VLAN3VLAN3Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.端口类型–AccessPage9主机A主机C主机BPVID10PVID10PVID2Frame10Access端口在收到数据后会添加VLANTag,VLANID和端口的PVID相同。Access端口在转发数据前会移除VLANTag。SWAG0/0/1G0/0/2G0/0/3Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.端口类型–TrunkPage10当Trunk端口收到帧时,如果该帧不包含Tag,将打上端口的PVID;如果该帧包含Tag,则不改变。当Trunk端口发送帧时,该帧的VLANID在Trunk的允许发送列表中:若与端口的PVID相同时,则剥离Tag发送;若与端口的PVID不同时,则直接发送。主机A主机C主机B主机DUntaggedFrame20SWASWBPVID1PVID20PVID1PVID20PVID1PVID1Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page11端口类型-HybridHybrid端口既可以连接主机,又可以连接交换机。Hybrid端口可以以Tagged或Untagged方式加入VLAN。G0/0/1主机A主机B服务器FrameG0/0/1Frame32UntaggedSWASWBG0/0/2G0/0/2G0/0/3UntaggedCopyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page12端口类型-HybridPVID1主机A主机B服务器FramePVID1Frame32UntaggedSWASWBPVID100PVID2PVID3UntaggedCopyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page13VLAN划分方法VLAN5VLAN10基于端口G0/0/1,G0/0/7G0/0/2G0/0/9基于MAC地址00-01-02-03-04-AA00-01-02-03-04-CC00-01-02-03-04-BB00-01-02-03-04-DD基于IP子网划分10.0.1.*10.0.2.*基于协议划分IPIPX基于策略10.0.1.*+G0/0/1+00-01-02-03-04-AA10.0.2.*+G0/0/2+00-01-02-03-04-BB主机A10.0.1.1主机D10.0.2.2主机B10.0.2.1主机C10.0.1.2SWA基于端口的VLAN划分方法在实际中最为常见。Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page14VLAN配置[SWA]vlan10[SWA-vlan10]quit[SWA]vlanbatch2to3Info:Thisoperationmaytakeafewseconds.Pleasewaitforamoment...done.主机A主机D主机B主机CSWASWBCopyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.配置验证Page15[SWA]displayvlanThetotalnumberofvlansis:4------------------------------------------------------------U:Up;D:Down;TG:Tagged;UT:Untagged;MP:Vlan-mapping;ST:Vlan-stacking;#:ProtocolTransparent-vlan;*:Management-vlan;--------------------------------------------------------------VIDTypePorts--------------------------------------------------------------1commonUT:GE0/0/1(U)……2common3common10common……Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page16配置Access端口[SWA]interfaceGigabitEthernet0/0/5[SWA-GigabitEthernet0/0/5]portlink-typeaccess[SWA-GigabitEthernet0/0/5]interfaceGigabitEthernet0/0/7[SWA-GigabitEthernet0/0/7]portlink-typeaccessSWASWBG0/0/1G0/0/7G0/0/5主机A主机D主机B主机CCopyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page17添加端口到VLAN[SWA]vlan2[SWA-vlan2]portGigabitEthernet0/0/7[SWA-vlan2]quit[SWA]interfaceGigabitEthernet0/0/5[SWA-GigabitEthernet0/0/5]portdefaultvlan3SWASWBG0/0/1G0/0/7G0/0/5主机A主机D主机B主机CCopyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.配置验证Page18[SWA]displayvlanThetotalnumberofvlansis:4------------------------------------------------------------U:Up;D:Down;TG:Tagged;UT:Untagged;MP:Vlan-mapping;ST:Vlan-stacking;#:ProtocolTransparent-vlan;*:Management-vlan;--------------------------------------------------------------VIDTypePorts--------------------------------------------------------------1commonUT:GE0/0/1(U)……2commonUT:GE0/0/7(U)3commonUT:GE0/0/5(U)10common……Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.Page19配置Trunk端口[SWA-GigabitEthernet0/0/1]portlink-typetrunk[SWA-GigabitEthernet0/0/1]porttrunkallow-passvlan23SWASWBG0/0/1G0/0/1主机A主机D主机B主机CCopyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.配置验证Page20[SWA]displayvlanThetotalnumberofvlansis:4------------------------------------------------------------U:Up;D:Down;TG:Tagged;UT:Untagged;MP:Vlan-mapping;ST:Vlan-stacking;#:ProtocolTransparent-vlan;*:Management-vlan;--------------------------------------------------------------VIDTypePorts--------------------------------------------------------------1commonUT:GE0/0/1(U)……2commonUT:GE0/0/7(D)TG:GE0/0/1(U)3commonUT:GE0/0/5(U)TG:GE0/0/1(U)10common……Copyright©2013HuaweiTechnologiesCo.,Ltd.Allrightsreserved.配置Hybrid端口Page21[SWA-GigabitEthernet0/0/1]portlink-typehybrid[SWA-GigabitEthernet0/0/1]porthybridtaggedvlan23100[SWA-GigabitEthernet0/0/2]porthybridpvidvlan2[SW