VLAN experiment

Stay-true2022-08-06 08:23:56

一、实验要求:

1、PC1和PC3所在接口为access ;属于vlan2 ;
PC2/4/5/6处于同一网段﹔其中PC2可以访问PC4/5/6,PC4可以访问PC5,不能访问PC6
2、PC5不能访问PC6
3、PC1/3与PC2/4/5/6不在同一个网段
4、所有PC通过DHCP获取IP地址,且PC1/3可以正常访问PC2/4/5/6
二、实验拓扑:

 三、实验配置:

三、实验分析:
1、PC1和PC3为access接口,且都在VLAN2,Therefore, the remaining hosts need to be not on the same network segment,It is implemented through sub-interfaces.
2、PC2/4/5/6都在同一个网段,And have permission settings,The interface type can be implemented in promiscuous mode.
3、All traffic between switches needs to pass through,So set its interface type to trunk模式,允许所有VLAN通过.
4、在SW1Connect to the router interface,将VLAN2Traffic is tagged,Turn strays to subinterfaces,The remaining traffic settings are not labeled,Go to the physical interface.
四、General configuration ideas:
1、LSW1—LSW3上进行创建VLAN.
2、PC1 PC3口为access模式,pvlan为VLAN2.
3、剩余pcAll connected ports are in promiscuous mode,pc4/5不能访问6,所以,在4,5Not allowed in the allow list6通过,在6The above settings are not allowed4,5通过.
4、interface between switches,设置为trunk模式,允许所有VLAN通过
5、The interface between the switch and the router,设置为混杂模式,并且设置对VLAN2Traffic is tagged.
6、配置DHCPThe address pool allows it to be allocatedIP地址.
五、配置步骤:
●LSW1配置:
创建VLAN2—VLAN5
[SW1]vlan batch 2 to 5
PC1connected port:为access模式,属于VLAN2

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 2
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 2

PC2connected port:为hybrid(混杂)模式,打标签为VLAN3,Set all traffic to enter without tagging

interface GigabitEthernet0/0/3
 port hybrid pvid vlan 3
 port hybrid untagged vlan 3 to 5
interface GigabitEthernet0/0/3
 port hybrid pvid vlan 3
 port hybrid untagged vlan 3 to 5

●LSW1与LSW2之间端口:为trunk模式,设置允许所有VLAN流量通过

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094

●LSW2配置:
创建VLAN2—VLAN5
[SW1]vlan batch 2 to 5

PC3connected port:为access模式,属于VLAN2

interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2

PC4connected port:为hybrid(混杂)模式,打标签VLAN4,设置VLAN3/4Traffic entering is not tagged,让VLAN5Traffic is not in the allow list.

interface GigabitEthernet0/0/4
 port hybrid pvid vlan 4
 port hybrid untagged vlan 3 to 4
interface GigabitEthernet0/0/4
 port hybrid pvid vlan 4
 port hybrid untagged vlan 3 to 4

LSW2与LSW1 和 LSW2与LSW3:接口为trunk模式,and let it pass allVLAN流量

interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
1
2
3
●LSW3配置:
创建VLAN2—VLAN5
[SW1]vlan batch 2 to 5

PC5connected port:打标签VLAN4,设置VLAN3/4Traffic entering is not tagged,让VLAN5Traffic is not in the allow list.


interface GigabitEthernet0/0/2
 port hybrid pvid vlan 4
 port hybrid untagged vlan 3 to 4
1
2
3
4
PC6connected port:打标签VLAN4,设置VLAN3/5Traffic entering is not tagged,让VLAN4Traffic is not in the allow list.

interface GigabitEthernet0/0/3
 port hybrid pvid vlan 5
 port hybrid untagged vlan 3 5
1
2
3
六、Complete the above basic configurationVLAN间路由配置
1、Configure subinterfaces on the router,And let the subinterface belongVLAN2.
2、Router subinterface traffic is goingVLAN2,A tag is required,所以VLAN2中的PCGoing to the sub-interface also needs to carry a label.
3、去往VLAN3/4/5的流量,Traffic on physical interfaces of routers does not carry labels,But since the switch interface defaultspvid是1,所以,This unlabeled traffic is marked as when it enters the switch from the router portVLAN1流量,And because the three interface modes are allowed by defaultVLAN1流量通过,So this part of the traffic can reach the correspondingVLAN的PC.

●交换机连接路由器的端口:
#Settings continue to carryVLAN2标签,不携带VLAN3/4/5的标签

interface GigabitEthernet0/0/4
 port hybrid tagged vlan 2
 port hybrid untagged vlan 3 to 5
1
2
3
●Finally configure the router:
<1>、开启DHCP地址池
dhcp enable
<2>、创建两个地址池
#为VLAN2创建地址池:

ip pool vlan2
 gateway-list 172.16.1.254 
 network 172.16.1.0 mask 255.255.255.0 
 dns-list 114.114.114.114
1
2
3
4
#为VLAN3/4/5/创建地址池

ip pool vlan
 gateway-list 172.16.2.254 
 network 172.16.2.0 mask 255.255.255.0 
 dns-list 8.8.8.8
1
2
3
4
●子接口配置:

interface GigabitEthernet0/0/0.1
 dot1q termination vid 2  --->标记为VLAN2流量
 ip address 172.16.1.254 255.255.255.0 
 arp broadcast enable    ------>记得开启arp广播机制
 dhcp select global
1
2
3
4
5
物理接口配置:

interface GigabitEthernet0/0/0
 ip address 172.16.2.254 255.255.255.0 
 dhcp select global
以上,就完成了VLAN的配置.
七、验证
1、在所有PC上点击DHCP自动获取地址,然后点击应用:

2、测试pc1访问pc3:

3、测试PC1访问外部pc

4、测试PC4访问PC6:

经测试:PC4/5不能访问PC6,The rest of the hosts are reachable from the entire network!Complete the assignment requirements.
 

 


thank
Similar articles