4th Chapter Virtual LAN VLAN
Lab Environment:
The number of employees in the Benet Shanghai branch has reached 100 people, with its network equipment. The current network environment leads to more broadcasts, slower speeds, and is not secure. The company hopes to divide the network according to the department, and can guarantee certain network security.
Its network planning is as follows:
? PC1 and PC3 are finance department, belong to VLAN2, name is Caiwu, its IP address is 192.168.0.2/24, 192.168.0.3/24
? PC2 and PC5 for the sales department, belonging to the VLAN3, named Xiaoshou, whose IP address is 192.168.1.2/24, 192.168.1.3/24
? PC4 and PC6 for the production department, belonging to the VLAN4, named Shengchan, whose IP address is 192.168.2.2/24, 192.168.2.3/2
The link between the three switches is trunk. Configure the switch to manage IP addresses with VLAN1,SW1, SW2 and SW3 IP addresses of 192.168.100.1/24, 192.168.100.2/24, 192.168.100.3/24, respectively
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image002 "border=" 0 "alt=" clip_ image002 "src=" Http://s3.51cto.com/wyfs02/M01/77/93/wKiom1ZpipjQWQNMAABG7PLR2wU818.png "height=" 121 "/>
Specific steps:
1. Create vlan2 on SW1, named Caiwu and Vlan3, named Xiaoshou. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image004 "border=" 0 "alt=" clip_ image004 "src=" Http://s3.51cto.com/wyfs02/M01/77/91/wKioL1ZpipqiFE8FAAAfpMp9AUo389.png "height=" "/>"
2. Create vlan2 on SW2, named Caiwu and Vlan4, named Shengchan. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image006 "border=" 0 "alt=" clip_ image006 "src=" Http://s3.51cto.com/wyfs02/M02/77/91/wKioL1ZpipvTKOfOAAAgSO8g1GA381.png "height=" "/>
3. Create vlan3 on SW3, named Xiaoshou and Vlan4, named Shengchan. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image008 "border=" 0 "alt=" clip_ image008 "src=" Http://s3.51cto.com/wyfs02/M01/77/93/wKiom1ZpipzSKwy2AAAg_tQeqGg388.png "height=" "/>
4. Add the F0/1 interface of the SW1 to the vlan2, and the F0/2 interface into the VLAN3. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image010 "border=" 0 "alt=" clip_ image010 "src=" http://s3.51cto.com/wyfs02/M00/77/91/wKioL1Zpip2yXFchAAApTusnHbU449.png "height="/>
5. Add the F0/1 interface of the SW2 to the vlan2, and the F0/2 interface into the VLAN4. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image012 "border=" 0 "alt=" clip_ image012 "src=" Http://s3.51cto.com/wyfs02/M02/77/93/wKiom1Zpip3TXFCxAAAl6xpg7nc618.png "height=" "/>"
6. Add the F0/1 interface of the SW3 to the VLAN3, and the F0/2 interface into the VLAN4. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image014 "border=" 0 "alt=" clip_ image014 "src=" http://s3.51cto.com/wyfs02/M00/77/93/wKiom1Zpip7gByTZAAAm1BwvS8g134.png "height="/>
7. Configure an IP address on the SW1 for the vlan1. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image016 "border=" 0 "alt=" clip_ image016 "src=" http://s3.51cto.com/wyfs02/M00/77/93/wKiom1Zpip_CY2g9AAAaJEANBKU375.png "height="/>
8. Change the SW1 F0/14 interface to trunk mode. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image018 "border=" 0 "alt=" clip_ image018 "src=" http://s3.51cto.com/wyfs02/M01/77/93/wKiom1Zpip_RUwySAAANqiBhbJc354.png "height="/>
9. turn on the SW1 F0/1 interface to the F0/14 interface (the simulator requires this step and the real machine is not required). :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image020 "border=" 0 "alt=" clip_ image020 "src=" http://s3.51cto.com/wyfs02/M00/77/92/wKioL1ZpiqDyXxc4AAALnc-1yq0703.png "height="/>
Configure an IP address for vlan1 on the SW2. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image022 "border=" 0 "alt=" clip_ image022 "src=" Http://s3.51cto.com/wyfs02/M01/77/92/wKioL1ZpiqGTveKfAAAWDFnkEpg036.png "height=" "/>"
One . Change the SW2 F0/14 and F0/15 two interfaces to the trunk interface. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image024 "border=" 0 "alt=" clip_ image024 "src=" Http://s3.51cto.com/wyfs02/M02/77/92/wKioL1ZpiqHAYQRyAAASr10h2FE605.png "height=" "/>"
the SW2 F0/1 interface to the F0/15 interface is turned on (the simulator requires this step, the real machine is not required). :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image026 "border=" 0 "alt=" clip_ image026 "src=" Http://s3.51cto.com/wyfs02/M02/77/92/wKioL1ZpiqLSkWG_AAAQUJQNunc411.png "height=" "/>"
Configure an IP address on the SW3 for Vlan1. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image028 "border=" 0 "alt=" clip_ image028 "src=" http://s3.51cto.com/wyfs02/M00/77/92/wKioL1ZpiqORWNCEAAAWgXetT4M167.png "height="/>
Change the F0/15 interface of the SW3 to the trunk interface. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image030 "border=" 0 "alt=" clip_ image030 "src=" Http://s3.51cto.com/wyfs02/M01/77/93/wKiom1ZpiqbiAWbpAAAO1B4HNHc809.png "height=" "/>"
SW3 The F0/1 interface to the F0/15 interface is turned on (the simulator requires this step, the real machine is not required). :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image032 "border=" 0 "alt=" clip_ image032 "src=" Http://s3.51cto.com/wyfs02/M01/77/92/wKioL1ZpiqeiNp9vAAAQPX0NMmQ720.png "height=" "/>"
Configure IP address for PC1:192.168.0.2/24,PC2 Configure IP Address: 192.168.1.2/24,PC3 Configure IP Address: 192.168.0.3/ 24,PC4 Configure IP Address: 192.168.2.2/24,PC5 Configure IP Address: 192.168.1.3/24,PC6 Configure IP Address: 192.168.2.3/24. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image034 "border=" 0 "alt=" clip_ image034 "src=" Http://s3.51cto.com/wyfs02/M02/77/92/wKioL1ZpiqjTTjNhAAA15BLCy7w558.png "height=" 137 "/>
At this time, when the same network segment of the host to ping each other, found that only PC2 and PC5 can not ping, PC1 and PC3 can ping, PC4 and PC6 can ping through. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image036 "border=" 0 "alt=" clip_ image036 "src=" Http://s3.51cto.com/wyfs02/M01/77/93/wKiom1ZpiqqT4BZ2AAAxKaSUV8w762.png "height=" 119 "/>
because the interfaces connecting PC2 and PC5 belong to Vlan3, and VLAN3 is not created on SW2, data cannot be forwarded, as long as SW2 is created on VLAN3. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image038 "border=" 0 "alt=" clip_ image038 "src=" http://s3.51cto.com/wyfs02/M01/77/92/wKioL1ZpiqvAdYMpAAAPoryFYNQ393.png "height="/>
When we let PC2 go to pingPC5, I found that I could communicate. :
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image040 "border=" 0 "alt=" clip_ image040 "src=" http://s3.51cto.com/wyfs02/M02/77/92/wKioL1ZpiqyhOOykAAAXdKcjOgA187.png "height="/>
the concept and advantages of N- VLAN
? Physical separation: physically dividing the network into several small networks, and then using a routing device that can isolate the broadcast to connect the different networks to achieve communication.
? Logical separation: logically dividing the network into several small virtual networks, VLAN (virtual local area network). VLANs work in the data link layer of the OSI Reference Model, where a VLAN is a switched network in which all users are in the same broadcast domain and each VLAN communicates through a routed device connection.
Benefits of using VLAN technology:
1. controlling the broadcast
2. Enhance network security
3. Simplify network management
n types of VLANs
1. static VLAN
Static VLANs, also known as Port-based VLANs, are the most common way of implementing VLANs today. is to explicitly specify which VLAN the port of the switch belongs to, which needs to be manually configured by the network administrator. When the user host is connected to the switch port, it is assigned to the corresponding VLAN.
This mapping of ports and VLANs is only valid locally, and this information cannot be shared between switches.
2. Dynamic VLAN
There are many ways to implement dynamic VLAN, and the most common method is to implement dynamic VLAN based on MAC address. A dynamic VLAN based on a MAC address that is automatically assigned to the appropriate VLAN based on the host's MAC address. The Great Advantage of this VLAN partitioning approach is that VLANs do not have to be reconfigured when the user is physically moving, that is, when switching from one switch to another. However, the disadvantage of this method is that all users must be configured when initializing, and if there are hundreds of or even thousands of users, the configuration task will be very heavy. Therefore, this partitioning method does not usually apply to large local area networks.
n Create a VLAN
? VLAN database configuration mode. This mode only supports VLAN normal range (1-1005).
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image041 "border=" 0 "alt=" clip_ image041 "src=" Http://s3.51cto.com/wyfs02/M02/77/92/wKioL1ZpiqzDMJL3AABNNf7oVoo574.png "height=" 102 "/>
? global configuration mode. This mode not only supports VLAN normal range, but also can configure VLAN database configuration mode to not configure the extended range of VLANs. 650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image043 "border=" 0 "alt=" clip_ image043 "src=" Http://s3.51cto.com/wyfs02/M01/77/93/wKiom1Zpiq2iC5RSAAAnrTlRR5Y738.png "height=" "/>"
To delete a VLAN with ID 20, you need to use the No VLAN vlan-id command. The following procedures are performed:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image045 "border=" 0 "alt=" clip_ image045 "src=" http://s3.51cto.com/wyfs02/M00/77/92/wKioL1Zpiq6hE8r6AAAnK0yh_o8158.png "height="/>
VLANs can also be removed from the VLAN database. The following procedures are performed:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image046 "border=" 0 "alt=" clip_ image046 "src=" Http://s3.51cto.com/wyfs02/M01/77/92/wKioL1Zpiq-zCu_OAABYAQlqmOE112.png "height=" "/>"
? Add the port of the switch to the appropriate VLAN
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image048 "border=" 0 "alt=" clip_ image048 "src=" http://s3.51cto.com/wyfs02/M02/77/92/wKioL1Zpiq_A1CqDAAAsjp9RXDM993.png "height="/>
You can use the command default interface Interface-id to restore the interface to the default configuration state.
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image049 "border=" 0 "alt=" clip_ image049 "src=" http://s3.51cto.com/wyfs02/M02/77/93/wKiom1ZpirDCizNIAAAUufp16_U409.png "height="/>
? commands for viewing VLAN information
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image050 "border=" 0 "alt=" clip_ image050 "src=" http://s3.51cto.com/wyfs02/M02/77/92/wKioL1ZpirCzVKyeAAAUuRwlkaw024.png "height="/>
Commands to view a VLAN information
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image051 "border=" 0 "alt=" clip_ image051 "src=" Http://s3.51cto.com/wyfs02/M00/77/92/wKioL1ZpirHjeboqAAAPIFP9zzQ180.png "height=" "/>"
the role of the n Trunk
Trunk (trunk, trunk) is the function of enabling the same VLAN to communicate across switches
In a switched network, there are two types of links: access link and trunk link
? Access link: usually belongs to a VLAN. The link between the host and the switch is the access link.
? Trunk Link: Multiple VLANs can be hosted. The link between the two switches is the trunk link. A relay link is typically used to connect a switch to other switch navigation, or to connect the switch to the router.
the identity of the n VLAN
1. ISL(inter-switch link, inter-switch link)
ISL is the Cisco private tag method, the ISL header encapsulation is 26 bytes, the CRC (Cyclic redundancy check, cyclic redundancy check) tail is four bytes, a total of 30 bytes.
ISL simply encapsulates the frame without modifying any of the contents of the frame.
2. ieee802.1q
802.1q is a public labeling method, and other vendors ' products support this labeling method. Regardless of the marking method used, the devices on both sides of the link must use the same tagging method.
The 802.1q uses an internal tagging mechanism. The relay device inserts a four-byte tag into the data frame and recalculates the FCS.
This four-byte marker header contains the following:
? The 2-byte Tag protocol identifier (TPID) contains a fixed value for the 0x8100, which indicates that the frame has a 802.1q tag information.
? The 2-byte tag control information (TCI) contains the following elements:
U 3-bit user precedence (priority): 802.1q does not use this field.
U 1-bit canonical format identifier (CFI): CFI is commonly used for Ethernet and Token Ring networks. In Ethernet, the value of CFI is typically set to 0.
U 12-bit VLAN identifier (VLAN ID): This field uniquely identifies the VLAN to which the frame belongs. A VLAN ID can uniquely identify 4,096 VLANs, but VLAN0 and VLAN 4095 are reserved.
3. Native VLAN
802.1q at design time, in order to be compatible with a hybrid deployment of a switch that does not support VLANs, a native VLAN is specifically designed that allows the switch to be forwarded from the trunk port to the tagged frame. On the Cisco Catalyst Switch, the default native VLAN is VLAN 1, but can be configured. The data frame of the Native VLAN is unmarked in the trunk link.
For trunk ports between two devices, the same native VLAN configuration is required on both sides of the link.
Note: Native VLAN is a concept in 802.1q, there is no Native vlan in ISL, that is, ISL is VLAN-tagged for all data frames on the trunk link.
n Troubleshooting the Trunk
1. Interface Mode
To ensure that the trunk mode of at least one side of the link should be trunk or desirable. The trunk configuration of the interface can be verified by using the command show interface Interface-id trunk.
2. Package Type
Ensure that the trunk package type is compatible at both ends of the link.
3. Native VLAN
If you are using a 802.1q package, make sure that the native VLAN configuration is the same on both sides of the trunk link.
n what is Ethernetchannel
The Ethernetchannel increases the link bandwidth by bundling multiple Ethernet links, and runs a mechanism to bind multiple network ports into a single logical link. The Ethernet channel can bundle up to 8 physical links, where the physical link can be twisted or fiber connected.
However, the Ethernet channel must follow some of the following rules :
? The ports that participate in the bundle must belong to the same VLAN. If it is in relay mode, all ports participating in the bundle are required to be in trunk mode. And the same allowed VLAN range is configured on all ports. If the permitted VLAN range for all trunks in the channel is not the same, the trunk port of a VLAN is not allowed to discard packets from that VLAN, and the port of that VLAN is allowed to transmit data for it.
? If the port is configured for trunk mode, then all ports in the channel should be configured in the same trunk mode at both ends of the link.
? The physical parameter settings for all ports participating in the bundle must be the same and should have the same speed and full/version duplex mode settings.
n configuration of the Ethernet channel
Configure the Ethernet channel in the topology shown.
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image052 "border=" 0 "alt=" clip_ image052 "src=" http://s3.51cto.com/wyfs02/M02/77/93/wKiom1ZpirHBpduXAAAgZzD8nbs654.png "height="/>
The configuration on switch A is as follows:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image053 "border=" 0 "alt=" clip_ image053 "src=" Http://s3.51cto.com/wyfs02/M01/77/92/wKioL1ZpirLgi2CxAAAzCNppB6Y906.png "height=" "/>
Switch B is configured in the same way as a.
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image054 "border=" 0 "alt=" clip_ image054 "src=" Http://s3.51cto.com/wyfs02/M00/77/93/wKiom1ZpirKh_DzvAAAy-DP2gCM116.png "height=" "/>
View the configuration of the Ethernet channel and display the following to indicate that the configuration is correct.
Switch A:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;margin:0px;padding-left:0px ;p adding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image055 "border=" 0 "alt=" clip_ image055 "src=" Http://s3.51cto.com/wyfs02/M01/77/93/wKiom1ZpirPDycwNAABDKStt32M796.png "height=" "/>
Switch B:
650) this.width=650; "Style=" background-image:none;border-bottom:0px;border-left:0px;padding-left:0px; padding-right:0px;border-top:0px;border-right:0px;padding-top:0px; "title=" clip_image056 "border=" 0 "alt=" clip_ image056 "src=" Http://s3.51cto.com/wyfs02/M02/77/93/wKiom1ZpirTAN9U2AABD5VfgzVg677.png "height=" Bayi "/>
Virtual LAN VLAN
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
