Shulou(Shulou.com)06/03 Report--

I. Topology diagram

Second, networking requirements

1. As shown in the figure above, there are many users connected to the switch of an enterprise, and the same business users access the enterprise network through different devices.

two。 For the security of communication and to avoid broadcast storm, enterprises want the same business users can access each other, different business users can not directly access.

3. VLAN can be configured on the switch to divide the interfaces connected by users with the same business into the same VLAN. In this way, users belonging to different VLAN can not communicate with each other directly, and users in the same VLAN can communicate with each other directly.

Fig. 1 VLAN group network diagram based on interface

Third, the idea of configuration

Use the following ideas to configure VLAN:

1. Create VLAN, add the interface that connects users to VLAN, and achieve layer 2 traffic isolation between different business users.

2, the communication of the same user is realized by configuring the link type of An and B and through VLAN.

(first configure the access link with interfaces G0UniUniGUP 1 and G0UniUniGUP 2 of An and B, and then configure the trunk link with interface G0UniUniverse 3)

Fourth, practical operation:

Set up the map and divide the VLAN

Configure lsw1

User view

Undo terminal monitor (to undo unnecessary prompts)

Revoke terminal monitoring

System-view

System view

[Huawei] sysname 1 (user name changed to 1)

Example 1

[1] vlan batch 2 3 (create VLAN)

VLAN batch 2 3

[1] interface GigabitEthernet 0amp 0Uniq1 (enter interface 0Uniqq1)

Gigabit Ethernet interface 0UniUniplex 1

[1-GigabitEthernet0/0/1] port link-type access (enters access mode)

Port link type access

[1-GigabitEthernet0/0/1] port default vlan 2 (join VLAN2)

Default port vlan 2

[1-GigabitEthernet0/0/1] quit (exit mode)

Exit; return to the upper level.

[1] interface GigabitEthernet 0amp 0Uniq2 (enter interface 0UniUnix 0AG2)

Gigabit Ethernet interface 0Compact 0Compact 2

[1-GigabitEthernet0/0/2] port link-type access (enter access)

Port link type access

[1-GigabitEthernet0/0/2] port default vlan 3 (join VLAN3)

Default port VLAN3

[1-GigabitEthernet0/0/2] quit (exit mode)

Exit; return to the upper level.

[1] interface GigabitEthernet 0ram 0ram 3 (enter interface 0ram 0swap 3)

Gigabit Ethernet interface 0Compact 0Compact 3

[1-GigabitEthernet0/0/3] port link-type trunk (enters trunk mode)

Trunk of port link type

[1-GigabitEthernet0/0/3] port trunk allow-pass vlan all (via VLAN)

Port trunk allows all VLAN to pass through

View the configuration of VLAN: display VLAN

Configure lsw2

User view

Undo terminal monitor (to undo unnecessary prompts)

Revoke terminal monitoring

System-view

System view

[Huawei] sysname 2 (user name changed to 2)

Example 2

[2] vlan batch 2 3 (create VLAN)

VLAN batch 2 3

[2] interface GigabitEthernet 0Uniqq1 (enter interface 0Uniqq1)

Gigabit Ethernet interface 0UniUniplex 1

[2-GigabitEthernet0/0/1] port link-type access (enters access mode)

Port link type access

[2-GigabitEthernet0/0/1] port default vlan 2 (join VLAN2)

Default port vlan 2

[2-GigabitEthernet0/0/1] quit (exit mode)

Exit; return to the upper level.

[2] interface GigabitEthernet 0UniUnix 2 (enter interface 0UniUnix 0Accord 2)

Gigabit Ethernet interface 0Compact 0Compact 2

[2-GigabitEthernet0/0/2] port link-type access (enters access mode)

Port link type access

[2-GigabitEthernet0/0/2] port default vlan 3 (join VLAN3)

Default port VLAN3

[2-GigabitEthernet0/0/2] quit (exit mode)

Exit; return to the upper level.

[2] interface GigabitEthernet 0ram 0ram 3 (enter interface 0ram 0swap 3)

Gigabit Ethernet interface 0Compact 0Compact 3

[2-GigabitEthernet0/0/3] port link-type trunk (enters trunk mode)

Trunk of port link type

[2-GigabitEthernet0/0/3] port trunk allow-pass vlan all (via VLAN)

Port trunk allows all VLAN to pass through

View VLAN configuration: display VLAN

Finally, it is tested that the same VLAN can communicate, but different VLAN cannot communicate.

PC-2 can be pinged with pc-1, but pc-3 and pc-4 cannot be ping.

PC-1 can be pinged with pc-2, but pc-3 and pc-4 cannot be ping.

PC-4 can be pinged with pc-3, but pc-1 and pc-2 cannot be ping.

PC-3 can be pinged with pc-4, but pc-1 and pc-2 cannot be ping.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.