close
VLAN(Virtual Local Area Network)虛擬區域網路,是以邏輯連線取代區域網路所定義的實體連線,VLAN提供了邏輯分割區域網路的方法來切割LAN,也可控制LAN的大小,讓管理時更加有彈性。
Access Port & Trunk Port
每個Switch Port有兩種運作模式,一種是Access Mode,另一種是Trunk Mode,當設定為Access Mode時該Port只能指派給一個VLAN,也只允許所屬VLAN的封包通過,如果是Trunk Port,則允許任何VLAN封包通過(在預設情況下)。
查看VLAN狀態:show vlan brief
Switch#show vlan brief #先查看目前VLAN狀態 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
建立VLAN
Switch(config)#vlan 2 #建立編號2的VLAN Switch(config-vlan)#name newvlan #將VLAN 2取名為newvlan(非必要) Switch(config-vlan)#end #切換回enable模式 %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan brief #查看VLAN狀態 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 2 newvlan active #VLAN編號為2,名稱為剛設定的newvlan
將Port指定至VLAN中:switchport access
Switch(config)#interface range fastEthernet 0/11-20 #使用interface range一次設定fastEthernet 0/11-20 Switch(config-if-range)#switchport access vlan 2 #將Port指定為VLAN 2 Switch(config-if-range)#end #切換至enable模式 %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan brief #查看VLAN狀態 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/21, Fa0/22 Fa0/23, Fa0/24 2 newvlan active Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20 #fastEthernet 0/11-20已指定至VLAN 2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
設定Port Mode: switchport mode
Switch(config)#interface fastEthernet 0/24 #進入FastEthernet0/24介面設定 Switch(config-if)#switchport mode trunk #將Port設定為Trunk Mode Switch(config-if)#end #切換至enable模式 %SYS-5-CONFIG_I: Configured from console by console Switch#show vlan brief #查看VLAN狀態 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/21, Fa0/22 Fa0/23 #Fa0/24消失了 2 newvlan active Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active
查看trunk狀態
Switch#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/24 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/24 1-1005 Port Vlans allowed and active in management domain Fa0/24 1,2 Port Vlans in spanning tree forwarding state and not pruned Fa0/24 1,2
在上圖的網路中,即使PC0.PC1的IP和PC2.PC3是在同一個網段中,因為分屬於不同VLAN所以無法互通。
C:\Users>ipconfig #查看目前PC0之IP設定
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::20B:BEFF:FED1:9803
IP Address......................: 192.168.0.1
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 0.0.0.0
C:\Users>ping 192.168.0.2 #ping PC1 192.168.0.2
Pinging 192.168.0.2 with 32 bytes of data:
Reply from 192.168.0.2: bytes=32 time=0ms TTL=128
Reply from 192.168.0.2: bytes=32 time=0ms TTL=128
Reply from 192.168.0.2: bytes=32 time=0ms TTL=128
Reply from 192.168.0.2: bytes=32 time=0ms TTL=128
Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
可正常連線
C:\Users>ping 192.168.0.3 #ping PC2 192.168.0.3
Pinging 192.168.0.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
即使同網段但因不同VLAN,所以無法線
C:\Users>ping 192.168.0.4 #ping PC3 192.168.0.4
Pinging 192.168.0.4 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.4:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
即使同網段但因不同VLAN,所以無法線
文章標籤
全站熱搜
留言列表
我的點點滴滴 (2)
