一、实验拓扑¶
二、实验需求¶
1、配置交换机S1、S2连接终端的基于接口划分VLAN 2、为保证安全性,配置交换机S2连接特殊PC基于MAC地址划分VLAN 3、S3、S4可以互通
三、实验配置¶
1、设备命名
[Huawei]sysname S1
[Huawei]sysname R1
[Huawei]sysname S3
[Huawei]sysname S4
[Huawei]sysname S2
[Huawei]sysname R3
2、配置各自接口地址
[R1-GigabitEthernet0/0/1]ip address 10.1.2.1 24
[R3-GigabitEthernet0/0/2]ip address 10.1.10.1 24
3、配置S3、S4的三层接口地址
[S3]vlan 3
[S3-vlan3]quit
[S3]interface Vlanif 3
[S3-Vlanif3]ip address 10.1.3.1 24
[S4]vlan 3
[S4-vlan3]quit
[S4]interface Vlanif 3
[S4-Vlanif3]ip address 10.1.3.2 24
4、配置交换机S3和S4的接口为Access接口,并将接口划入对应的VLAN
[S3]interface GigabitEthernet 0/0/1
[S3-GigabitEthernet0/0/2]port link-type access
[S3-GigabitEthernet0/0/2]port default vlan 3
[S4]interface GigabitEthernet 0/0/2
[S4-GigabitEthernet0/0/2]port link-type access
[S4-GigabitEthernet0/0/2]port default vlan 3
5、配置交换机S1和S2连接终端的接口为Access接口,并将接口划入对应的VLAN
[S1]vlan batch 2 3 10
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 2
[S1]interface Ethernet 0/0/13
[S1-Ethernet0/0/13]port link-type access
[S1-Ethernet0/0/13]port default vlan 3
[S2]vlan batch 2 3 10
[S2]interface Ethernet 0/0/14
[S2-Ethernet0/0/14]port link-type access
[S2-Ethernet0/0/14]port default vlan 3
6、配置交换机S1和S2互联接口为Trunk接口,并放行相应的VLAN
[S1]interface Ethernet 0/0/10
[S1-Ethernet0/0/10]port link-type trunk
[S1-Ethernet0/0/10]port trunk allow-pass vlan 2 3
[S1-Ethernet0/0/10]undo port trunk allow-pass vlan 1
[S2]interface Ethernet 0/0/10
[S2-Ethernet0/0/10]port link-type trunk
[S2-Ethernet0/0/10]port trunk allow-pass vlan 2 3
[S2-Ethernet0/0/10]undo port trunk allow-pass vlan 1
7、路由器R3模拟特殊业务PC配置基于MAC地址划分VLAN
#将特殊业务PC与VLAN10关联
[S2-vlan10]mac-vlan mac-address 5489-98f6-2d86
#配置交换机S2的GigabitEthernet0/0/1为Hybrid接口,并允许基于MAC地址划分的VLAN通过当前Hybrid接口
[S2]interface GigabitEthernet0/0/1
[S2-GigabitEthernet0/0/1]port link-type hybrid
[S2-GigabitEthernet0/0/1]port hybrid untagged vlan 10
#使能GE0/0/1接口基于MAC地址划分VLAN功能
[S2-GigabitEthernet0/0/1]mac-vlan enable
#S1、S2互联接口放行VLAN10
[S1]interface Ethernet 0/0/10
[S1-Ethernet0/0/10]port link-type trunk
[S1-Ethernet0/0/10]port trunk allow-pass vlan 10
[S2]interface Ethernet 0/0/10
[S2-Ethernet0/0/10]port link-type trunk
[S2-Ethernet0/0/10]port trunk allow-pass vlan 10
8、查看配置信息
[S1] display vlan
The total number of vlans is : 4
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
VID Type Ports
1 common UT: Eth0/0/1(D) Eth0/0/2(D) Eth0/0/3(D) Eth0/0/4(D)
Eth0/0/5(D) Eth0/0/6(D) Eth0/0/7(D) Eth0/0/8(D)
Eth0/0/9(D) Eth0/0/11(D) Eth0/0/12(D) Eth0/0/14(D)
Eth0/0/15(D) Eth0/0/16(D) Eth0/0/17(D) Eth0/0/18(D)
Eth0/0/19(D) Eth0/0/20(D) Eth0/0/21(D) Eth0/0/22(D)
GE0/0/2(D)
2 common UT: GE0/0/1(U)
TG: Eth0/0/10(U)
3 common UT: Eth0/0/13(U)
TG: Eth0/0/10(U)
10 common TG: Eth0/0/10(U)
VID Status Property MAC-LRN Statistics Description
1 enable default enable disable VLAN 0001
2 enable default enable disable VLAN 0002
3 enable default enable disable VLAN 0003
10 enable default enable disable VLAN 0010
9、测试结果
[S3] ping 10.1.3.2
PING 10.1.3.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.3.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.3.2: bytes=56 Sequence=2 ttl=255 time=90 ms
Reply from 10.1.3.2: bytes=56 Sequence=3 ttl=255 time=80 ms
Reply from 10.1.3.2: bytes=56 Sequence=4 ttl=255 time=70 ms
Reply from 10.1.3.2: bytes=56 Sequence=5 ttl=255 time=100 ms
--- 10.1.3.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 70/86/100 ms