Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Basic knowledge of VLAN

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

VLAN:virtual local area network, virtual local area network

-background:

Can split different WANs in layer 2 networks

Thus, the fault isolation and fast location can be realized.

-function: reduce waste of resources; improve security

-definition:

A VLAN is a network segment, and its members

Hosts can be located in different physical locations

-Management:

Create

Delete

Modify

VLAN configuration:

1. Create a VLAN:

SW (config) # vlan 12

2. Configure the port mode:

SW (config) # interface fas0/1

SW (config) # switchport mode access

3. Put the port into the VLAN:

SW (config) # interface fas0/1

SW (config) # switchport access vlan 12

4. Verification and testing:

SW# show vlan brief

SW# show mac-address-table

Note:

With the concept of VLAN, the working principle of the switch must be modified.

The concept of VLAN is taken into account in the process of table formation and table lookup.

Trunk Link:

Data from multiple VLAN can be transmitted simultaneously on the same link.

By default, all VLAN data is allowed to pass through.

The data of each VLAN is distinguished by the label of vlan.

The data on the link is tagged.

(the data on the link in Access mode is untagged)

-configuration:

Interface fas0/24

Switchport mode trunk

-verify:

Show interface truck

SW1#show interface trunk

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-1005 / / theoretically allowed vlan for this trunk link

Port Vlans allowed and active in management domain

Fa0/24 1J 12J 34100200 / / the VLAN that really exists in the current network and is allowed

Port Vlans in spanning tree forwarding state and not pruned

The VLAN that can really communicate on the current link is Fa0/24 1pm 12pm 34100200 / /.

Encapsulation, which is the encapsulation protocol of trunk.

-ISL

Inter switch link, the link between switches

Cisco Private Agreement

Add 30 bytes to the original data; 26-byte ISL header + 4-byte ISL tail

-802.1q

Also known as dot1q

Common standard

Only add 4 bytes to the original data, where only 12bit represents the vlan number.

So, the range of vlan numbers is: 0-4095, a total of 4096

Native vlan, that is, local vlan or native vlan

-Local vlan, which is a special vlan

# the usual vlan data need to be tagged after trunk

However, the data of native vlan, through trunk, does not need to be labeled.

# under trunk link, native vlan is 1

-change the native vlan on the trunk link:

Interface fsa0/24

Switchport trunk native vlan (XX)

Traffic security control on Ttunk links:

SW (config) # interface fas0/24

SW (config-if) # switchport trunkallowed vlan?

WORD / / indicates that only vlan is allowed for this link. At this time, word means vlan is good.

Add / / means to add the following vlan number to the existing trunk allowed vlan list

All / / this is the default action, and all vlan are allowed to pass on the machine vlan link

Except / / indicates that the link allows all other vlan unexpectedly for the vlan following this parameter

None / / indicates that the link does not allow any vlan to pass

Remove / / indicates that the vlan of the parameters following the link will be removed from the existing vlan list

Note:

You must ensure that the vlan databases on all switches throughout the network are exactly the same.

Trunk configuration mode:

1. Static configuration

2. Automatic configuration

Both sides of the link, by sending DTP messages, trunk link negotiation

DTP- dynamic trunk protocol, dynamic Trunk Road Protocol

By default, the DTP function on the port is enabled by default

Interface fas0/24 switchport mode dynamic auto / desirable auto: automatically, can only accept requests passively; desirable: indicates dynamic expectation, and can send requests actively, that is, when a trunk link is dynamically formed, as long as both parties are not auto, the trunk link can be formed successfully

Verify the command:

Show interface fas0/12 switchport

/ / View the detailed layer 2 switching configuration information of a port

For the final working mode of a switch port, there are only two types of 1, trunk 2 and access. For security reasons, we usually use ports that are not in dynamic mode or ports and trunk ports that are not normally used. All turn off the DTP function interface send 0amp4 switchport nonegotiate / / disable the DTP function of the port:-verify: show interface sends 0amp4 switchport

Deletion of VLAN:

1. Remove the port

Interface

Delete all VLAN

1. Remove the port

2. Delete VLAN

# delete one by one

# Delete VLAN database files

SW#dir / / lists the storage paths and files of the current device

SW#delete vlan.dat / / Delete vlan database files

File type storage location

IOS-flash

Running-config-RAM

Startup-config-NVRAM

Vlan.dat

-flash

Note:

Usually when a switch device is restored to the factory configuration / initialization configuration

Delete "startup-config" and "vlan.dat" at the same time

Delete startup configuration file-sw# erase startup-config erase nvram delete nvram:startup-config

VLAN database remains consistent

1. Manual configuration

2. Automatic configuration

-VTP (virtual trunk protocol)

Automatic synchronization of VLAN information between different switches in the same domain

-switch role

VTP Server-server mode:

1. The default VTP mode of the switch

2. All operations can be performed on VLAN in this mode:

3. The switch in this mode will have its own VLAN

All information, through the VTP message, along the trunk

Link transmission out

VTP Client-client mode:

1. The switch cannot perform any VLAN operations in this mode:

2. You can only accept VLAN messages sent from the server.

VTP Transparent-transparent mode

1. It has the same function as the switch in server mode.

However, will not change their own VLAN information

Pass it to other switches

2. When receiving VTP messages from other switches

These messages will be fully transmitted to the following equipment.

Note:

The prerequisite for the success of all of the above operations is:

All devices must be in the same VTP domain

By default, the VTP domain name is null, which is empty. There is no domain name.

In the absence of a domain name, even VTP server will not go out

Transmit any information.

And the trunk link between the switches must be intact. On VTP server, every time the VLAN information changes, the configuration version number of the VTP will be increased by 1; the higher the VTP configuration version number, the newer the VLAN information. The switch gives priority to the latest VLAN information. Configuring VTP mode to "transparent mode" or changing the VTP domain name will cause the VTP configuration version number to quickly "return to zero".

Configuration commands:

Vtp domain {name}

Vtp mode server / client / transparent

Vtp password {password}

Verify the command:

Show vtp status: view VTP related information, such as pattern and configuration version number, domain name

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report