网站服务是指,泉州专业网站营销,有没有高质量的网站都懂的,做视频类网站需要哪些许可3.4 Trunk进阶配置实验目的#xff1a;1、掌握Native vlan和Allow vlan的配置。2、理解Native vlan和Allow vlan的功能。实验拓扑#xff1a;实验步骤#xff1a;1、依据图中拓扑配置4台主机的IP地址#xff0c;其中PC通过路由器模拟#xff0c;配置如下#xff1a;PC1(c… 3.4 Trunk进阶配置实验目的1、掌握Native vlan和Allow vlan的配置。2、理解Native vlan和Allow vlan的功能。实验拓扑实验步骤1、依据图中拓扑配置4台主机的IP地址其中PC通过路由器模拟配置如下PC1(config)#int f0/0PC1(config-if)#no shutdownPC1(config-if)#ip address 192.168.1.1 255.255.255.0PC1(config-if)#exitPC2(config)#int f0/0PC2(config-if)#no shutdownPC2(config-if)#ip address 192.168.1.2 255.255.255.0PC2(config-if)#exitPC3(config)#int f0/0PC3(config-if)#no shutdownPC3(config-if)#ip address 192.168.2.3 255.255.255.0PC3(config-if)#exitPC4(config)#int f0/0PC4(config-if)#no shutdownPC4(config-if)#ip address 192.168.2.4 255.255.255.0PC4(config-if)#exit2、根据图中拓扑在交换机SW1和SW2上创建VLAN然后将接口放置到对应VLAN中如下SW1上配置SW1#vlan databaseSW1(vlan)#vlan 10 name VLAN_10SW1(vlan)#vlan 20 name VLAN_20SW1(vlan)#exitSW1(config)#int f0/2SW1(config-if-range)#switchport mode accessSW1(config-if-range)#switchport access vlan 10SW1(config-if-range)#exitSW1(config)#int f0/3SW1(config-if-range)#switchport mode accessSW1(config-if-range)#switchport access vlan 20SW1(config-if-range)#exitSW2上配置SW2#vlan databaseSW2(vlan)#vlan 10 name VLAN_10SW2(vlan)#vlan 20 name VLAN_20SW2(vlan)#exitSW2(config)#int f0/2SW2(config-if-range)#switchport mode accessSW2(config-if-range)#switchport access vlan 10SW2(config-if-range)#exitSW2(config)#int f0/3SW2(config-if-range)#switchport mode accessSW2(config-if-range)#switchport access vlan 20SW2(config-if-range)#exit 查看VLAN信息如下SW1#show vlan-switch briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1,Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/1510 VLAN_10 active Fa0/220 VLAN_20 active Fa0/31002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active SW2#show vlan-switch briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1,Fa0/4, Fa0/5, Fa0/6, Fa0/7Fa0/8, Fa0/9, Fa0/10, Fa0/11Fa0/12, Fa0/13, Fa0/14, Fa0/1510 VLAN0010 active Fa0/220 VLAN0020 active Fa0/31002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active 此时SW1和SW2上不同交换机已经创建并且不同接口放置在对应VLAN中。3、部署Trunk技术并实现Trunk优化。默认情况下Trunk上native vlan为1即从vlan1的数据不打标签要求将native vlan改为10其次Trunk 允许所有的vlan数据通过要求只允许vlan 10和20通过。配置如下SW1(config)#int f0/0SW1(config-if)#switchport trunk encapsulation dot1qSW1(config-if)#switchport mode trunkSW1(config-if)#switchport trunk native vlan 10[PL1]SW1(config-if)#switchport trunk allowed 1,1002-1005,10,20[PL2]SW1(config-if)#exitSW2配置如下SW2(config)#int f0/0SW2(config-if)#switchport trunk encapsulation dot1qSW2(config-if)#switchport mode trunkSW2(config-if)#switchport trunk native vlan 10SW2(config-if)#switchport trunk allowed vlan 1,1002-1005,10,20SW2(config-if)#exit 查看Trunk链路状态如下SW1#show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/0 on 802.1q trunking 10Port Vlans allowed on trunkFa0/0 1,10,20,1002-1005Port Vlans allowed and active in management domainFa0/0 1,10,20Port Vlans in spanning tree forwarding state and not prunedFa0/0 1,10,20 可以看到native vlan从1变成10而allow vlan则只允许vlan10、20和其他默认vlan数据通过。4、进入Trunk优化测试要验证native vlan的效果可以通过抓包来达到例如先让PC1 ping PC2并在trunk上抓包PC1#ping 192.168.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max 28/42/64 ms 底层数据分组如下 再让PC3 ping PC4并抓包如下PC3#ping 192.168.2.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max 28/40/60 ms 底层数据分组如下 从上面对比可以看出一般的vlan经过trunk链路需要打上标签而native vlan无需打上标签。5、验证Allow vlan功能将允许的vlan改为只允许vlan20通过配置如下SW1(config)#int f0/0SW1(config-if)#switchport trunk allowed vlan 1,20,1002-1005SW1(config-if)#exitSW2(config)#int f0/0SW2(config-if)#switchport trunk allowed vlan 1,20,1002-1005SW2(config-if)#exit 此时让PC1 ping PC2如下PC1#ping 192.168.1.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:.....Success rate is 0 percent (0/5) 再让PC3 ping PC4如下PC3#ping 192.168.2.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max 24/36/60 ms 从上面可以看出没有被allow的vlan没法通过trunk链路 通过以上两种trunk优化的部署我们可以得出 ①Native vlan可以使得特定vlan在经过trunk的时候无需打上标签交换机全局只允许一个native vlan默认为native vlan 1一般将native vlan修改为需要大数据处理的vlan由此可以减轻交换机的压力。另外交换机双方的native vlan必须一致否则由于Cisco交换机开启CDP协议若检测到不一致则链路会down ②Allow vlan可以使特定的vlan在trunk上面跑通过此技术可以限制一些垃圾数据如广播泛洪的影响达到流量优化。 此实验完成。 [PL1]将默认的Native vlan从1修改为10. [PL2]默认trunk允许所有vlan,此处修改为允许10和20除此之外还需要将默认的1,1002-1005加入有些设备则可以直接通过Switchport trunk allowed 10,20PingingLab·高品质IT教育提供商CCIE 实验室·IT项目实战·高端人才定制深圳拼客信息科技有限公司·广州大学城外环西路站新浪微博拼客科技PingingLab PingingLab-陈鑫杰PingingLab微信公众号pinginglab PingingLab技术交流群240920680 转载于:https://blog.51cto.com/chenxinjie/1274504
