Shulou(Shulou.com)06/01 Report--

Chapter 4 Virtual Local area Network VLAN

Experimental environment:

The number of employees in Benet Shanghai has reached 100, and its network equipment is shown in the figure. The current network environment leads to more broadcasts, slow network speed, and insecure. The company hopes to divide the network according to the department, and can ensure a certain degree of network security.

The network planning is as follows:

? PC1 and PC3 are the Finance Department, belonging to VLAN2, with the name caiwu, and their IP addresses are 192.168.0.2 and 192.168.0.3, respectively.

? PC2 and PC5 are the sales department, belonging to VLAN3 and the name is xiaoshou. Their IP addresses are 192.168.1.2 and 192.168.1.3, respectively.

? PC4 and PC6 are the production department, belonging to VLAN4, the name is shengchan, and their IP addresses are 192.168.2.2 and 192.168.2.3, respectively.

The link between the three switches is Trunk. The IP addresses of VLAN1,SW1, SW2 and SW3 for switch management are 192.168.100.1, 192.168.100.2, and 192.168.100.3, respectively.

Specific steps:

1. Create a vlan2 on SW1, named caiwu and vlan3, and named xiaoshou. As shown in the figure:

two。 Create a vlan2 on SW2, named caiwu and vlan4, and named shengchan. As shown in the figure:

3. Create a vlan3 on SW3, named xiaoshou and vlan4, and named shengchan. As shown in the figure:

4. Add the F0ram 1 interface of SW1 to the vlan2, and the F0swap 2 interface to the vlan3. As shown in the figure:

5. Add the F0ram 1 interface of SW2 to the vlan2, and the F0swap 2 interface to the vlan4. As shown in the figure:

6. Add the F0ram 1 interface of SW3 to the vlan3, and the F0swap 2 interface to the vlan4. As shown in the figure:

7. Configure vlan1 with an IP address on SW1. As shown in the figure:

8. Change the F0ram 14 interface of SW1 to trunk mode. As shown in the figure:

9. Turn on both the F0Uniq1 interface of SW1 and the F0Unix14 interface (this process is required for simulators, but not for real machines). As shown in the figure:

10. Configure vlan1 with an IP address on SW2. As shown in the figure:

11. Change the interfaces of SW2 F0Compact 14 and F0ap15 to trunk interfaces. As shown in the figure:

twelve。 Turn on both the F0Uniq1 interface of SW2 and the F0Unix 15 interface (this process is required for simulators, but not for real machines). As shown in the figure:

13. Configure vlan1 with an IP address on SW3. As shown in the figure:

14. Change the F0ram 15 interface of SW3 to the trunk interface. As shown in the figure:

15. Turn on both the F0Uniq1 interface of SW3 and the F0Unix 15 interface (this process is required for simulators, but not for real machines). As shown in the figure:

16. Configure PC1 with IP address: 192.168.0.2CP2 configuration IP address: 192.168.1.2CP3 configuration IP address: 192.168.0.3Universe PC4 configuration IP address: 192.168.2.2Comp24quarter PC5 configuration IP address: 192.168.1.3CP6 configuration IP address: 192.168.2.3 pint 24. As shown in the figure:

17. At this time, when the hosts with the same network segment ping each other, it is found that only PC2 and PC5 can not ping, PC1 and PC3 can ping, PC4 and PC6 can ping. As shown in the figure:

18. Because the interface that connects PC2 and PC5 belongs to vlan3, and there is no vlan3 created on SW2, you cannot forward data, just create a vlan3 on SW2. As shown in the figure:

19. When I asked PC2 to go to pingPC5, I found that I could communicate. As shown in the figure:

The concept and advantages of n VLAN

? Physical separation: physically divide the network into several small networks, and then use routing devices that can isolate broadcasts to connect different networks to achieve communication.

? Logical separation: the network is logically divided into several small virtual networks, namely VLAN (Virtual Local Area Network, virtual local area network). VLAN works at the data link layer of the OSI reference model. A VLAN is a switched network in which all users are in the same broadcast domain and each VLAN communicates through routing devices.

Benefits of using VLAN technology:

1. Control broadcast

two。 Enhance network security

3. Simplify network management

Types of n VLAN

1. Static VLAN

Static VLAN, also known as port-based VLAN, is the most common way to implement VLAN. It is to specify which VLAN the switch port belongs to, which needs to be manually configured by the network administrator. When the user host is connected to the switch port, it is assigned to the corresponding VLAN.

This port-to-VLAN mapping is only valid locally, and this information cannot be shared between switches.

two。 Dynamic VLAN

There are many ways to realize dynamic VLAN. At present, the most common method is dynamic VLAN based on MAC address. Dynamic VLAN based on MAC addresses is automatically assigned to the appropriate VLAN based on the host's MAC address. The biggest advantage of this VLAN partitioning method is that when the user's physical location moves, that is, when switching from one switch to another, the VLAN does not have to be reconfigured. But the disadvantage of this approach is that all users must be configured during initialization, and if there are hundreds or even thousands of users, the configuration task will be very onerous. Therefore, this partition method is usually not suitable for large local area networks.

N create VLAN

? VLAN database configuration mode. This mode only supports the VLAN normal range (1-1005).

? Global configuration mode. This mode not only supports the normal range of VLAN, but also can configure extended range VLAN that cannot be configured in VLAN database configuration mode.

To delete a VLAN with ID 20, you need to use the no vlan vlan-id command. The implementation process is as follows:

You can also delete VLAN from the VLAN database. The implementation process is as follows:

? Add the switch port to the corresponding VLAN

You can use the command default interface interface-id to restore the interface to the default configuration state.

? Commands for viewing VLAN information

Command to view a VLAN information

The role of n Trunk

The function of Trunk (trunk, trunk) is to enable the same VLAN to communicate across the switch.

In a switched network, there are two types of links: access links and trunk links

? Access link: usually belongs to a VLAN. The link between the host and the switch is the access link.

? Trunk link: can carry multiple VLAN. The link between the two switches is the trunk link. Trunk links are typically used to connect one switch to another switch for navigation, or to connect the switch to a router.

Identification of n VLAN

1. ISL (Inter-Switch Link, inter-switch link)

ISL is Cisco's proprietary marking method, the ISL header encapsulation is 26 bytes, and the CRC (Cyclic Redundancy Check) tail is four bytes, a total of 30 bytes.

ISL simply encapsulates the frame and does not modify anything in the frame.

2. IEEE802.1q

802.1q is a public tagging method, which is also supported by products of other vendors. No matter which marking method is used, the devices on both sides of the link should use the same marking method.

802.1q uses an internal tagging mechanism. The relay device inserts a four-byte tag into the data frame and recalculates the FCS.

The four-byte tag header contains the following:

The 2-byte marking protocol identifier (TPID) contains a fixed value of 0x8100, which indicates that the frame has 802.1q tagging information.

The 2-byte tag control information (TCI) contains the following elements:

U 3-bit user priority (Priority): 802.1q does not use this field.

U 1-bit canonical format identifier (CFI): CFI is commonly used in Ethernet and token ring networks. In Ethernet, the value of CFI is usually set to 0.

U 12-bit VLAN identifier (VLAN ID): this field uniquely identifies the VLAN to which the frame belongs. VLAN ID can uniquely identify 4096 VLAN, but VLAN0 and VLAN 4095 are retained.

3. Native VLAN

802.1q is designed to be compatible with mixed deployments with switches that do not support VLAN, and a Native VLAN is specifically designed to allow the switch to forward tagged frames from the Trunk port. On Cisco Catalyst switches, the default Native VLAN is VLAN 1, but it can be configured. The data frame of Native VLAN is not tagged in the Trunk link.

For Trunk ports between two devices, the same Native VLAN configuration is required on both sides of the link.

Note: Native VLAN is a concept in 802.1q, and there is no Native VLAN in ISL, that is, ISL tags all data frames on the Trunk link with VLAN.

N Trunk troubleshooting

1. Interface mode

Make sure that the Trunk mode of at least one side of the link should be Trunk or desirable. The Trunk configuration of the interface can be verified by using the command show interface interface-id trunk.

two。 Encapsulation type

Ensure that the Trunk encapsulation types on both sides of the link are compatible.

3. Native VLAN

If 802.1q encapsulation is used, make sure that the Native VLAN configuration is the same on both sides of the Trunk link.

N what is EthernetChannel

EthernetChannel increases link bandwidth by bundling multiple Ethernet links and runs a mechanism that binds multiple Ethernet ports into a single logical link. Ethernet channels can be bundled with up to eight physical links, which can be twisted-pair or fiber-optic.

However, Ethernet channels must follow the following rules:

? The ports participating in the bundle must belong to the same VLAN. If you are in trunk mode, all ports participating in the bundling are required to be in trunk mode. And the same permitted VLAN range is configured on all ports. If the permitted VLAN ranges of all trunks in the channel are different, the trunk port of a VLAN is not allowed to drop packets of that VLAN, but the port of the VLAN is allowed to transmit data for it.

? If the port is configured in trunk mode, all ports in the channel should be configured to the same trunk mode at both ends of the link.

? All ports participating in the bundling must have the same physical parameter settings and should have the same speed and full / version duplex mode settings.

N configuration of Ethernet channel

Configure the Ethernet channel in the topology shown in the figure below.

The configuration on switch An is as follows:

Switch B is configured in the same way as A.

View the configuration of the Ethernet channel and display the following to indicate that the configuration is correct.

Switch A:

Switch B:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.