Trunk, hybrid, access configuration and application on the vswitch
The link type of the Ethernet port: Access type: the port can only belong to one vlan and is generally used to connect to a computer. Trunk type: the port can belong to an end vlan and can receive and send multiple vlan packets, which are mostly used between switches. Hybrid Type: the port can belong to multiple VLANs and can receive and send packets from multiple VLANs. It can be used between switches or to connect to user hosts. The three types of ports www.2cto.com can exist on one device. However, you cannot directly switch between the Trunk port and the Hybrid port. Instead, you can only set it to Access port and another type of port. For example, the Trunk port cannot be directly set to the Hybrid port, but can only be set to the Access port and then to the Hybrid port. Command for setting the link type of each port: operation Command to set port to Access port link-type access set port to Hybrid port www.2cto.com port link-type hybrid set port to Trunk port link-type trunk recovery port to the default link type the difference between the Access port undo port link-type hybrid port and trunk port: the Hybrid port allows messages of multiple VLANs to be sent without tags, while the Trunk port only allows messages of the default VLAN to be sent without tags. Set the default vlan id for an Ethernet port: the Access port belongs to only one VLAN. Therefore, its default VLAN is the VLAN where it is located. You do not need to set it. The Hybrid and Trunk ports belong to multiple VLANs, therefore, you need to set the default vlan id. If the default vlan id is set for the port, when the port receives a packet without a VLAN Tag, the packet is forwarded to the port of the default VLAN; when a port sends a packet with a VLAN Tag, if the vlan id of the packet is the same as the default vlan id of the port, the system removes the VLAN Tag of the packet and then sends the packet. Default vlan id setting commands: set the default VLAN IDport of the Hybrid port hybrid pvid vlan vlan_id to set the default VLAN IDport of the Trunk port trunk pvid vlan ID to restore the default vlan id of the Hybrid port to the default undo port hybrid pvid to restore the default port the default value of vlan id is undo port trunk pvid port: note: The default vlan id of the Hybrid port or Trunk port must be consistent with the default vlan id of the connected peer switch, or the port cannot forward packets normally. Note: 1. On an Ethernet switch, the Trunk and Hybrid ports cannot be set at the same time. 2. The Trunk port cannot be configured with the isolate-user-vlan at the same time. The Hybrid port can be configured with the isolate-user-vlan at the same time. However, if the default VLAN is a vlan mapped to isolate-user-VLAN, the default vlan id can be modified only after the ing is removed. 3. when configuring the Trunk port or Hybrid port and sending multiple VLAN packets using the Trunk port or Hybrid port, note that the default vlan id (PVID of the port) of the local port and the peer port) be consistent. 4. When isolate-user-vlan is used on a vswitch For L2 port isolation, the link type of the port involved in this configuration is automatically changed to Hybrid. 5. The application of the Hybrid port is flexible, mainly to meet some special application requirements. Most of these requirements are on switches that cannot issue access control rules. The processing mechanism for sending and receiving packets through the Hybrid port is used to implement layer-2 Access Control between PCs in the same network segment. Hybrid simple case analysis: configuration steps: [Switch-Ethernet0/1] int e0/1 [Switch-Ethernet0/1] port link-type hybrid [Switch-Ethernet0/1] port hybrid pvid vlan 10 [Switch-Ethernet0/1] port hybrid vlan 10 20 untagged [Switch-Ethernet0/1] int e0/2 [Switch-Ethernet0/2] port link-type hybrid [Switch-Ethernet0/2] port hybrid pvid vlan 20 [Switch-Ethernet0/2] port hybrid vlan 10 20 untagged in this case, the connected pcs under inter e0/1 and inter e0/2 can communicate with each other, but the round-trip vlan Is different. Analysis of pc1's access to pc2 process: the data sent by pc1 is sent to the switch by marking vlan10 in pvid vlan10 of inter0/1, the switch finds that inter e0/2 allows vlan 10 Data to pass, so the data is forwarded to inter e0/2, because vlan 10 on inter e0/2 is untagged, the switch removes the vlan10 mark on the data packet and sends it to pc2 in the form of a normal package. In this case, pc1-& gt; p2 uses the data sent from vlan10pc2 to access pc1: www.2cto.com pc2, the pvid vlan20 of inter0/2 encapsulates the vlan20 label and sends it to the switch. The switch finds that inter e0/1 allows vlan 20 Data to pass through, so the data is forwarded to inter e0/1, because vlan 20 on inter e0/1 is untagged, the switch removes the vlan20 mark on the data packet and sends it to pc1 as a normal package. 2-& gt; pc1 follows vlan20. Note: tags are common ethernet packets. The packet structure is changed after the source mac address and target mac address, and the vlan information of 4 bytes is added, that is, the vlan tag header; untag is a common ethernet packet, 4 bytes less than the tag packet. Simple Application of the trunk link: configuration procedure: Switch1Switch (config) # int f0/1 Switch (config-if) # switchport mode trunkSwitch (config-if) # simple application of switchport trunk allowed vlan allSwitch2Switch (config) # int f0/1 Switch (config-if) # switchport mode trunkSwitch (config-if) # switchport trunk allowed all access link: switch2 configuration: Switch # conf tSwitch (config) # vlan 10 Switch (config-vlan) # exitSwitch (config) # int f0/1 Switch (config-if) # switchport mode access Switch (config-if) # switchport access vlan 10 Switch (config) # int f0/2 Switch (config-if) # switchport mode accessSwitch (config-if) # switchport access vlan 10 Switch3 configuration: Switch # conf tSwitch (config) # vlan 10 Switch (config-vlan) # exitSwitch (config) # int f0/1 Switch (config-if) # switchport mode accessSwitch (config-if) # switchport access vlan 10 Switch (config) # int f0/2 Switch (config-if) # switchport mode accessSwitch (confi G-if) # switchport access vlan 10 project practice: project requirements: 1. PC1, PC2, and PC3 are connected to the E0/1, E0/2, and E0/3 Ports of the L2 Switch SwitchA respectively. The ports belong to VLAN10, vlan20, and vlan30; PC4 and PC5 connect to the E0/1 and E0/2 ports of the L2 Switch SwitchB respectively. The ports belong to VLAN10 and vlan20; 2. switchA connects to the port E0/3 of SwitchB through the port E0/3; the port E0/3 of SwitchA and the port E0/3 of SwitchB are not the Trunk port; 3. the IP address of PC1 is 10.1.1.1/24, the IP address of PC2 is 10.1.1.2/24, the IP address of PC3 is 10.1.1.3/24, the IP address of PC4 is 10.1.1.4/24, and the IP address of PC5 is 10.1.1.5/24, communication between hosts is now required. Configuration steps: SwitchA configurations: 1. Create (enter) VLAN10 and Add E0/1 to VLAN10
[SwitchA] vlan 10
[SwitchA-vlan10] port Ethernet 0/1 2. Create (in) VLAN20, Add E0/2 To VLAN20
[SwitchA] vlan 20
[SwitchA-vlan20] port Ethernet 0/23. Create (in) VLAN30, Add E0/3 to VLAN30
[SwitchA] vlan 30
[SwitchA-vlan30] port Ethernet 0/34. Create (in) VLAN100, add G2/1 to VLAN100
[SwitchA] vlan 100
[SwitchA-vlan100] port GigabitEthernet 2/15. Configure port E0/1 as the Hybrid port to receive packets sent from VLAN20, 30, and 100
[SwitchA] interface Ethernet 0/1 [SwitchA-Ethernet0/1] port link-type hybrid front E0/1 added to VLAN10, here, we set its port type to hybrid [SwitchA-Ethernet0/1] port hybribrid vlan 20 30 100 untagged. Here there is no operation instruction on vlan 10, 10 is actually the pvid6of the hybrid port. The configured port E0/2 is the Hybrid port, which can receive packets sent from VLAN10 and 100.
[SwitchA] API Ethernet 0/2
[SwitchA-Ethernet0/2] port link-type hybrid
[SwitchA-Ethernet0/2] port hybrid vlan 10 100 untagged7. Configure port E0/3 as the Hybrid port to receive packets sent from VLAN10 and 100
[SwitchA] API Ethernet 0/3
[SwitchA-Ethernet0/3] port link-type hybrid
[SwitchA-Ethernet0/3] port hybrid vlan 10 100 untagged8. Configure port G2/1 as the Hybrid port to receive packets sent from VLAN10, 20, and 30
[SwitchA] interface GigabitEthernet 2/1
[SwitchA-GigabitEthernet2/1] port link-type hybrid
[SwitchA-GigabitEthernet2/1] port hybrid vlan 10 20 30 untagged [note] for the Hybrid port, it can belong to multiple VLANs at the same time. These VLANs are the PVID of the Hybrid port and the manually configured "untagged" and "tagged" VLAN. Be sure to pay attention to the VLAN configuration of the corresponding port to ensure that the packets can be sent and received by the port. In a L2 network, this application controls access permissions for hosts with the same network segment. Configurations related to SwitchB: 1. Create (enter) VLAN10 and Add E0/1 to VLAN10
[SwitchB] vlan 10
[SwitchB-vlan10] port Ethernet 0/12. Create (in) VLAN20, Add E0/2 To VLAN20
[SwitchB] vlan 20
[SwitchB-vlan20] port Ethernet 0/23. Configure port G1/1 as the Hybrid port to receive and transparently transmit packets sent from VLAN10 and 20
[SwitchB] interface GigabitEthernet 2/1
[SwitchB-GigabitEthernet2/1] port link-type hybrid
[SwitchB-GigabitEthernet2/1] port hybrid vlan 10 20 tagged extra-curricular Extension: add the current Ethernet port to the specified VLAN. The Access port can only be added to one VLAN. The Hybrid port and the Trunk port can be added to multiple VLANs. Perform the following settings in the Ethernet port view. Command to add the current Access port to the specified VLANport access vlan vlan_id Add the current Hybrid port to the specified VLANport hybrid vlan vlan_id_list {tagged | untagged} Add the current Trunk port to the specified VLANport trunk permit {vlan_id_list | all}: Delete the current Access port from the specified VLAN undo port access vlan Delete the current Hybrid port from the specified VLAN undo port hybrid vlan vlan_id_list Delete the current Trunk port from the specified VLAN undo port trunk permit vlan
{Vlan_id_list | all} note that the VLAN added to the Access port must already exist and cannot be VLAN 1. the VLAN added to the Hybrid port must already exist; the VLAN added to the Trunk port cannot be VLAN 1. After this configuration is executed, the current Ethernet port can forward packets of the specified VLAN. The Hybrid and Trunk ports can be added to multiple VLANs to achieve interconnection between the VLANs on the vswitch and the same VLAN on the peer vswitch. The Hybrid port can also be used to set which VLAN packets are tagged and which are not tagged, laying the foundation for implementing different processing processes for different VLAN packets. Broadcast-suppression: You can use the broadcast-suppression command to limit the size of broadcast traffic allowed on the port. When the broadcast traffic exceeds the value set by the user, the system discards broadcast traffic to reduce the proportion of broadcast traffic to a reasonable range, effectively suppressing broadcast storms, avoiding network congestion, and ensuring the normal operation of network services. The wire speed percentage of the maximum broadcast traffic on the port is used as the parameter. The smaller the percentage, the smaller the broadcast traffic that is allowed to pass. When the percentage is 100, the broadcast storm suppression is not performed on the port. Flow-control: when both the local and peer switches enable the flow control function, if the local switch is congested, it will send messages to the peer switch, notifying the peer switch to temporarily stop sending messages. After receiving the message, the peer switch will suspend sending packets to the local end to avoid packet loss. Copy the configurations of some ports to other ports: to make it easier to make the configurations of some ports consistent with those of the specified ports, you can use the copy configuration command to copy the configurations of the specified ports to other ports. Configuration that can be copied includes VLAN, QoS, STP, and port configuration. VLAN configuration includes the VLAN that can be passed on the port and the default vlan id of the port. QoS configuration includes: port speed limit, port priority, and default 802.1p priority. STP configurations include: STP enabling/disabling of the port, and link properties (such as point-to-point or non-point-to-point) connected to the port), STP priority, path overhead, packet transmission rate limit, loop protection, root protection, and edge port. Port configuration includes the link type, port rate, and duplex mode of the port. Note: If you configure the copied source as an aggregation group ID, the system uses the port with the smallest port number in the aggregation group as the source. If the copied destination is configured as the aggregation group ID, the configurations of all ports in the aggregation group are changed to the same as those of the source group. Benefits of VLAN Technology: isolated broadcast: broadcast packets in a switched network can be greatly reduced through isolation of broadcast domains, thus improving bandwidth utilization. Security: By dividing VLANs in a L2 network, you can isolate data between different VLANs in a L2 network. Fault Isolation: Through VLAN division, devices are divided into different broadcast domains, which can reduce the impact of network faults, such as arp viruses or arp attacks. Common vlan fault analysis: the host in the VLAN cannot communicate with other VLANs, probably because: 1.>; incorrect gateway, IP address, and subnet mask settings on the host 2.>; the port connected to the host is divided into the wrong VLAN3.>; the Trunk port on the switch is set incorrectly, for example, the default VLAN settings do not match, and the allowed VLAN list is incorrect. 4.>; the IP address and subnet mask of the vro subinterface or layer-3 Switch SVI port are set incorrectly. 5.>; router or layer-3 switch may need to add a route vlan to another subnet troubleshooting method: from the low layer (Physical Layer) Gradually troubleshooting, such as the port and cable no fault, then: 1.>; check whether the network settings of the host are correct. 2.>; use the show vlan command to confirm that the ports in the VLAN are correctly divided. 3.>; run the show interface trunk command to check whether the Trunk settings at both ends of the Trunk link match and are correct. 4.>; use the show interface command to determine whether the correct IP address and subnet mask are set. 5.>; run the show ip route command to confirm that all subnets are correctly displayed in the routing table. 6.>; run the show interface subinterface command to check whether the sub-interface of the vro encapsulates 802.1Q correctly and specifies the correct VLAN7.>. Run the show interface command, check whether the port speed and duplex settings of the host and switch match