28-2 MUX VLAN配置

拓扑

使用MUX VLAN实现隔离业务流量和访客流量,VLAN10和VLAN20为业务流量,要求可以访问到服务器,访客VLAN30不允许访问服务器

image

配置

LSW2

#
vlan 100
 mux-vlan
 subordinate separate 30
 subordinate group 10 20
#
vlan 100
 mux-vlan
 subordinate separate 30
 subordinate group 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
 port mux-vlan enable
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
 port mux-vlan enable
#

LSW3

#
vlan batch 10 20 30 100
#
vlan 100
 mux-vlan
 subordinate separate 30
 subordinate group 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20
 port mux-vlan enable
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
 port mux-vlan enable
#

LSW6

#
vlan batch 10 20 30 100
#
vlan 100
 mux-vlan
 subordinate separate 30
 subordinate group 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 30
 port mux-vlan enable
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 30
 port mux-vlan enable
#

LSW1

#
vlan batch 10 20 30 100
#
vlan 100
 mux-vlan
 subordinate separate 30
 subordinate group 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan all
#

LSW4

#
vlan batch 10 20 30 100
#
vlan 100
 mux-vlan
 subordinate separate 30
 subordinate group 10 20
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 100
 port mux-vlan enable
#

验证

GROUP VLAN 访问 principal VLAN

PC1 ping Server1
image

分别在LSW4的GE0/0/1和GE0/0/2抓包
image
image

Separate VLAN 和 principal VLAN / GROUP VLAN通信

image

Separate VLAN内部通信

image

GROU VLAN之间通信

image

posted @   搞笑一下  阅读(25)  评论(0编辑  收藏  举报
相关博文:
·  28-3 QINQ配置实例
·  28-1 聚合VLAN配置
·  华为---MUX VLAN简介及示例配置
·  MUX VLAN
·  MUX-VLAN
阅读排行:
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 使用C#创建一个MCP客户端
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· ollama系列1:轻松3步本地部署deepseek,普通电脑可用
· 按钮权限的设计及实现
点击右上角即可分享
微信分享提示
AI IDE Trae