Cisco 的基本配置实例之四----vlan的规划及配置(核心交换机)

4、vlan的规划及配置

在本节中我们讲解vlan的规划及具体的配置命令。在此例中我们用的是vtp(VLAN Trunking Protocol)server的模式,在这种模式中我们需要配置核心交换机的vtp模式为server,各接入交换机的vtp模式为cilent,那么配置完成后接入交换机就会通过trunk口自动从核心交换机学习到所有的vlan配置信息。在接入交换机中只需要添加相应的端口即可,这样易于管理与部署。具体的配置命令我们通过两小节来演示:

 

4.1 核心交换机的相关配置

(这是一台已经配置好了的交换机,但这并不会影响我们的演示效果。所有我们新作的配置会在演示结束后清除。)

TEST#sh vlan        # 显示已经有的vlan信息,并且同时显示了各端口所属的vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                              active    Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/16

2    firewall                             active    Gi1/1

10   Engineering                         active    Gi3/9, Gi3/10

20   Procurement                        active    Gi3/19

30   QAQC                            active   

40   Operation                        active   

50   Yard                                  active    Gi3/18

60   BM                              active   

70   HRAD                              active   

80   Facility                          active   

100  Finance                        active   

110  GO                             active   

120  Wlan                            active   

150  Server                         active    Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8

160  Client                             active    Gi3/11, Gi3/15
View Code

 

# 从这行往下是为其他协议预留的vlan号段,这些不必理会。

1002 fddi-default                     act/unsup 1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0  

2    enet  100002     1500  -      -      -        -    -        0      0  

10   enet  100010     1500  -      -      -        -    -        0      0  

20   enet  100020     1500  -      -      -        -    -        0      0  

30   enet  100030     1500  -      -      -        -    -        0      0  

40   enet  100040     1500  -      -      -        -    -        0      0  

50   enet  100050     1500  -      -      -        -    -        0      0  

60   enet  100060     1500  -      -      -        -    -        0      0  

70   enet  100070     1500  -      -      -        -    -        0      0  

80   enet  100080     1500  -      -      -        -    -        0      0  

100  enet  100100     1500  -      -      -        -    -        0      0  

110  enet  100110     1500  -      -      -        -    -        0      0  

120  enet  100120     1500  -      -      -        -    -        0      0  

150  enet  100150     1500  -      -      -        -    -        0      0  

160  enet  100160     1500  -      -      -        -    -        0      0   

1002 fddi  101002     1500  -      -      -        -    -        0      0  

1003 tr    101003     1500  -      -      -        -    -        0      0  

1004 fdnet 101004       1500  -      -      -        ieee  -        0      0  
View Code

TEST#conf

TEST(config)#vlan 200               # 我们新建一个vlan号为200的vlan

TEST(config-vlan)#name test              # 给这个vlan命名,这样便于日常的管理。

TEST(config-vlan)#END             # 建好vlan后退出到特权模式中

TEST#show ip int brief        

# 显示目前有的端口配置状态,我们会发现此时并没有vlan200的相关信息

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet1          unassigned      YES NVRAM  down                  down   

Vlan1                  192.168.113.254 YES NVRAM  up                    up     

Vlan2                  172.16.0.2      YES NVRAM  up                    up     

Vlan10                 192.168.101.254 YES NVRAM  up                    up     

Vlan20                 192.168.102.254 YES NVRAM  up                    up     

Vlan30                 192.168.103.254 YES NVRAM  up                    up     

Vlan40                 192.168.104.254 YES NVRAM  up                    up     

Vlan50                 192.168.105.254 YES NVRAM  up                    up     

Vlan60                 192.168.106.254 YES NVRAM  up                    up     

Vlan70                 192.168.107.254 YES NVRAM  up                    up     

Vlan80                 192.168.108.254 YES NVRAM  up                    up     

Vlan100                192.168.110.254 YES NVRAM  up                    up     

Vlan110                192.168.111.254 YES NVRAM  up                    up     

Vlan120                192.168.112.254 YES NVRAM  up                    up     

Vlan150                192.168.100.254 YES NVRAM  up                    up     

Vlan160                192.168.115.254 YES NVRAM  up                    up     

GigabitEthernet1/1     unassigned      YES unset  up                    up     

GigabitEthernet1/2     unassigned      YES unset  down                  down   

GigabitEthernet1/3     unassigned      YES unset  down                  down   

GigabitEthernet1/4     unassigned      YES unset  down                  down   

GigabitEthernet1/5     unassigned      YES unset  down                  down   

GigabitEthernet1/6     unassigned      YES unset  down                  down   

GigabitEthernet1/7     unassigned      YES unset  down                  down   

GigabitEthernet1/8     unassigned      YES unset  down                  down   

GigabitEthernet1/9     unassigned      YES unset  down                  down   

GigabitEthernet1/10    unassigned      YES unset  down                  down   

GigabitEthernet1/11    unassigned      YES unset  down                  down   

GigabitEthernet1/12    unassigned      YES unset  down                  down   

GigabitEthernet1/13    unassigned      YES unset  down                  down   

GigabitEthernet1/14    unassigned      YES unset  down                  down   

GigabitEthernet1/15    unassigned      YES unset  up                    up     

GigabitEthernet1/16    unassigned      YES unset  down                  down   

GigabitEthernet1/17    unassigned      YES unset  down                  down   

GigabitEthernet1/18    unassigned      YES unset  down                  down   

GigabitEthernet1/19    unassigned      YES unset  down                  down   

GigabitEthernet1/20    unassigned      YES unset  down                  down   

GigabitEthernet3/1     unassigned      YES unset  up                    up     

GigabitEthernet3/2     unassigned      YES unset  up                    up     

GigabitEthernet3/3     unassigned      YES unset  up                    up      

GigabitEthernet3/4     unassigned      YES unset  up                    up     

GigabitEthernet3/5     unassigned      YES unset  up                    up     

GigabitEthernet3/6     unassigned      YES unset  up                    up     

GigabitEthernet3/7     unassigned      YES unset  up                    up     

GigabitEthernet3/8     unassigned      YES unset  down                  down   

 
View Code

 TEST#sh vlan # 显示一下vlan信息

 View Code

 # 这个是我们新建好的vlan,但是vlan中没有任何端口。  

 

1002 fddi-default                       act/unsup

1003 token-ring-default                  act/unsup

1004 fddinet-default                     act/unsup

1005 trnet-default                       act/unsup

 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0  

2    enet  100002     1500  -      -      -        -    -        0      0  

10   enet  100010     1500  -      -      -        -    -        0      0  

20   enet  100020     1500  -      -      -        -    -        0      0  

30   enet  100030     1500  -      -      -        -    -        0      0  

40   enet  100040     1500  -      -      -        -    -        0      0  

50   enet  100050     1500  -      -      -        -    -        0      0  

60   enet  100060     1500  -      -      -        -    -        0      0  

70   enet  100070     1500  -      -      -        -    -        0      0  

80   enet  100080     1500  -      -      -        -    -        0      0  

100  enet  100100     1500  -      -      -        -    -        0      0  

110  enet  100110     1500  -      -      -        -    -        0      0  

120  enet  100120     1500  -      -      -        -    -        0      0  

150  enet  100150     1500  -      -      -        -    -        0      0  

160  enet  100160     1500  -      -      -        -    -        0      0  

200  enet  100200     1500  -      -      -        -    -        0      0  

1002 fddi  101002     1500  -      -      -        -    -        0      0  

 
View Code

 TEST#conf t

TEST(config)#interface gigabitEthernet 1/2       # 进入端口配置模式,配置gigabitEthernet 1/2这个端口

TEST(config-if)#switchport access vlan 200        # 将此端口加入到刚才建好的vlan200中

TEST(config-if)#end

TEST#sh vlan                                                  # 退出来验证一下

 TEST#sh ip int brief     # 再显示一下所有端口的状态,我们会发现同样没有vlan200的相关信息。

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet1          unassigned      YES NVRAM  down                  down   

Vlan1                  192.168.113.254 YES NVRAM  up                    up     

Vlan2                  172.16.0.2      YES NVRAM  up                    up     

Vlan10                 192.168.101.254 YES NVRAM  up                    up     

Vlan20                 192.168.102.254 YES NVRAM  up                    up     

Vlan30                 192.168.103.254 YES NVRAM  up                    up     

Vlan40                 192.168.104.254 YES NVRAM  up                    up     

Vlan50                 192.168.105.254 YES NVRAM  up                    up     

Vlan60                 192.168.106.254 YES NVRAM  up                    up     

Vlan70                 192.168.107.254 YES NVRAM  up                    up     

Vlan80                 192.168.108.254 YES NVRAM  up                    up     

Vlan100                192.168.110.254 YES NVRAM  up                    up     

Vlan110                192.168.111.254 YES NVRAM  up                    up     

Vlan120                192.168.112.254 YES NVRAM  up                    up     

Vlan150                192.168.100.254 YES NVRAM  up                    up     

Vlan160                192.168.115.254 YES NVRAM  up                    up     

GigabitEthernet1/1     unassigned      YES unset  up                    up     

GigabitEthernet1/2     unassigned      YES unset  down                  down   

GigabitEthernet1/3     unassigned      YES unset  down                  down   

GigabitEthernet1/4     unassigned      YES unset  down                  down   

GigabitEthernet1/5     unassigned      YES unset  down                  down   

GigabitEthernet1/6     unassigned      YES unset  down                  down   

GigabitEthernet1/7     unassigned      YES unset  down                  down   

GigabitEthernet1/8     unassigned      YES unset  down                  down   

GigabitEthernet1/9     unassigned      YES unset  down                  down   

GigabitEthernet1/10    unassigned      YES unset  down                  down   

GigabitEthernet1/11    unassigned      YES unset  down                  down   

GigabitEthernet1/12    unassigned      YES unset  down                  down   

GigabitEthernet1/13    unassigned      YES unset  down                  down   

GigabitEthernet1/14    unassigned      YES unset  down                  down   

GigabitEthernet1/15    unassigned      YES unset  up                    up     

GigabitEthernet1/16    unassigned      YES unset  down                  down   

GigabitEthernet1/17    unassigned      YES unset  down                  down   

GigabitEthernet1/18    unassigned      YES unset  down                  down   

GigabitEthernet1/19    unassigned      YES unset  down                  down   

GigabitEthernet1/20    unassigned      YES unset  down                  down   

GigabitEthernet3/1     unassigned      YES unset  up                    up     

GigabitEthernet3/2     unassigned      YES unset  up                    up     

GigabitEthernet3/3     unassigned      YES unset  up                    up     

GigabitEthernet3/4     unassigned      YES unset  up                    up     

GigabitEthernet3/5     unassigned      YES unset  up                    up     

GigabitEthernet3/6     unassigned      YES unset  up                    up     

GigabitEthernet3/7     unassigned      YES unset  up                    up     

GigabitEthernet3/8     unassigned      YES unset  down                  down   

 
View Code

 TEST#conf t

TEST(config)#int vlan 200           # 给这个vlan添加相应的ip地址,注意此处的语法

TEST(config-if)#ip add 10.10.10.0.1 255.255.255.0   # 配置vlan 200 的ip地址

TEST(config-if)#no shut                                                 # 使能此端口

TEST(config-if)#end

TEST#sh ip int b                        

# 重新显示一下所有端口的状态,我们会发现已经有了vlan200的端口信息了。

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet1          unassigned      YES NVRAM  down                  down   

Vlan1                  192.168.113.254 YES NVRAM  up                    up     

Vlan2                  172.16.0.2      YES NVRAM  up                    up     

Vlan10                 192.168.101.254 YES NVRAM  up                    up     

Vlan20                 192.168.102.254 YES NVRAM  up                    up     

Vlan30                 192.168.103.254 YES NVRAM  up                    up     

Vlan40                 192.168.104.254 YES NVRAM  up                    up     

Vlan50                 192.168.105.254 YES NVRAM  up                    up     

Vlan60                 192.168.106.254 YES NVRAM  up                    up     

Vlan70                 192.168.107.254 YES NVRAM  up                    up     

Vlan80                 192.168.108.254 YES NVRAM  up                    up     

Vlan100                192.168.110.254 YES NVRAM  up                    up     

Vlan110                192.168.111.254 YES NVRAM  up                    up     

Vlan120                192.168.112.254 YES NVRAM  up                    up     

Vlan150                192.168.100.254 YES NVRAM  up                    up     

Vlan160                192.168.115.254 YES NVRAM  up                    up     

Vlan200                10.10.0.1       YES manual up                    up     

GigabitEthernet1/1     unassigned      YES unset  up                    up     

GigabitEthernet1/2     unassigned      YES unset  down                  down   

GigabitEthernet1/3     unassigned      YES unset  down                  down   

GigabitEthernet1/4     unassigned      YES unset  down                  down   

GigabitEthernet1/5     unassigned      YES unset  down                  down   

GigabitEthernet1/6     unassigned      YES unset  down                  down   

GigabitEthernet1/7     unassigned      YES unset  down                  down   

GigabitEthernet1/8     unassigned      YES unset  down                  down   

GigabitEthernet1/9     unassigned      YES unset  down                  down   

GigabitEthernet1/10    unassigned      YES unset  down                  down   

GigabitEthernet1/11    unassigned      YES unset  down                  down   

GigabitEthernet1/12    unassigned      YES unset  down                  down   

GigabitEthernet1/13    unassigned      YES unset  down                  down   

GigabitEthernet1/14    unassigned      YES unset  down                  down   

GigabitEthernet1/15    unassigned      YES unset  up                    up     

GigabitEthernet1/16    unassigned      YES unset  down                  down   

GigabitEthernet1/17    unassigned      YES unset  down                  down   

GigabitEthernet1/18    unassigned      YES unset  down                  down   

GigabitEthernet1/19    unassigned      YES unset  down                  down   

GigabitEthernet1/20    unassigned      YES unset  down                  down   

GigabitEthernet3/1     unassigned      YES unset  up                    up     

GigabitEthernet3/2     unassigned      YES unset  up                    up     

GigabitEthernet3/3     unassigned      YES unset  up                    up     

GigabitEthernet3/4     unassigned      YES unset  up                    up     

GigabitEthernet3/5     unassigned      YES unset  up                    up     

GigabitEthernet3/6     unassigned      YES unset  up                    up     

GigabitEthernet3/7     unassigned      YES unset  up                    up     
View Code

 

## 小结一下:在刚才的配置过程中,端口Gi1/2下面所连接的电脑的网关就是vlan200的地址——10.10.0.1。下面所连的电脑找到相应的网关后在会去找具体的路由,这些我们下节会讲解。

 TEST#show inter trunk       

# 显示当前交换机中的trunk接口。作为trunk接口的端口下联的是接入层(或者是汇聚层)的交换机

 View Code

 TEST#conf t

TEST(config)#int gi1/15              # 我们以gi1/15来说明,如何将此端口配置成trunk接口

TEST(config-if)#switchport mode trunk # 首先定义此接口的模式为trunk

TEST(config-if)#switchport trunk encapsulation ?     

# 然后定义trunk口的封装类型,此处选择dot1q也叫802.1q,为通用封装类型

  dot1q             Interface uses only 802.1q trunking encapsulation when trunking

  isl                      Interface uses only ISL trunking encapsulation when trunking

  negotiate          Device will negotiate trunking encapsulation with peer on interface

 

TEST(config-if)#switchport trunk encapsulation dot1q    # 回车后就将此trunk口的封装类型定义成了dot1q

## 小结一下:刚才配置的是如何将下联接入层交换机的端口配置成trunk模式,并且如何将此trunk口封装成特定的类型,接下来我们介绍如何配置此核心交换机的VTP的一些相关设置。

TEST(config)#vtp  mode server    # 首先我们在全局配置模式中将vtp的mode设置成server

TEST(config)#vtp domain pjoe      # 然后配置vtp的domain,所有的交换机应该在一个domain中,此例中我们定义的doamin为pjoe

 TEST(config)#vtp password pjoeserver   # 配置此vtp的介入密码,这样可以防止未授权的交换机随便加入到这个domian中来。

TEST#sh vtp status                                   # 配置完毕后显示一下vtp的状态

VTP Version                        : 2

Configuration Revision                       : 22

Maximum VLANs supported locally    : 1005

Number of existing VLANs           : 20

VTP Operating Mode              : Server    #  vtp的模式为server模式

VTP Domain Name                 : pjoe      #  vtp的域名是pjoe

VTP Pruning Mode                : Disabled

VTP V2 Mode                      : Disabled

VTP Traps Generation                : Enabled

MD5 digest                      : 0x00 0xB3 0x21 0xB7 0x56 0xD7 0x06 0x4F  

# 此处表示的是vtp的密码(已加密)

Configuration last modified by 192.168.113.254 at 12-3-07 22:52:46

Local updater ID is 192.168.113.254 on interface Vl1 (lowest numbered VLAN interface found)

TEST#      ## 小结一下:经过以上的配置就将核心交换机的vtp等的配置工作完成了,只需要再配置好接入交换机的相关vtp参数和对应的trunk接口,接入交换机就能够从核心交换机上获取到所有的vlan信息,而不需要重新建立各个vlan。

 TEST#sh vlan        # 接下来我们去掉新增加的vlan,先显示一下。

 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                           active    Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/12, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/14,

2    firewall                        active    Gi1/1

10   Engineering                       active    Gi3/9, Gi3/10

20   Procurement                      active    Gi3/19

30   QAQC                         active   

40   Operation                              active   

50   Yard                            active    Gi3/18

60   BM                              active   

70   HRAD                           active   

80   Facility                          active   

100  Finance                          active   

110  GO                              active   

120  Wlan                            active   

150  Server                         active    Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8

160  Client                           active    Gi3/11, Gi3/15

200  test                              active    Gi1/2

1002 fddi-default                       act/unsup

1003 token-ring-default                  act/unsup

1004 fddinet-default                     act/unsup

1005 trnet-default                       act/unsup

 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0  

2    enet  100002     1500  -      -      -        -    -        0      0  

10   enet  100010     1500  -      -      -        -    -        0      0  

20   enet  100020     1500  -      -      -        -    -        0      0  

30   enet  100030     1500  -      -      -        -    -        0      0   

40   enet  100040     1500  -      -      -        -    -        0      0  

50   enet  100050     1500  -      -      -        -    -        0      0  

60   enet  100060     1500  -      -      -        -    -        0      0  

70   enet  100070     1500  -      -      -        -    -        0      0  

80   enet  100080     1500  -      -      -        -    -        0      0  

100  enet  100100     1500  -      -      -        -    -        0      0  

110  enet  100110     1500  -      -      -        -    -        0      0  

120  enet  100120     1500  -      -      -        -    -        0      0  

150  enet  100150     1500  -      -      -        -    -          0      0  

160  enet  100160     1500  -      -      -        -    -          0      0  

200  enet  100200     1500  -      -      -        -    -          0      0  

1002 fddi  101002     1500  -      -      -        -    -           0      0  

1003 tr    101003     1500  -      -      -        -    -           0      0  
View Code

TEST#conf t

Enter configuration commands, one per line.  End with CNTL/Z.  #删除vlan 及重新划分的方法步骤!

TEST(config)#no vlan 200                  # 第一步,删除vlan200

TEST(config)#no int vlan 200             # 第二步,删除int vlan200 ,经过这两步就可以彻底的删除vlan200了

 TEST(config)int gi1/2                        # 进入到gi1/2这个端口中

TEST(config-if)#switchport access vlan 1    # 将这个端口重新划分到vlan1中

TEST(config-if)#end

TEST#shv vlan     

# 确认一下,我们成功的将gi1/2回归到vlan1中,并且删除掉了vlan200

 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                           active    Gi1/2, Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi1/7, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/13, Gi1/14, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi3/12, Gi3/13, Gi3/16

2    firewall                           active    Gi1/1

10   Engineering                      active    Gi3/9, Gi3/10

20   Procurement                       active    Gi3/19

30   QAQC                           active   

40   Operation                        active   

50   Yard                            active    Gi3/18

60   BM                              active   

70   HRAD                         active   

80   Facility                          active   

100  Finance                           active   

110  GO                               active   

120  Wlan                             active   

150  Server                         active    Gi3/1, Gi3/2, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8

160  Client                             active    Gi3/11, Gi3/15

1002 fddi-default                        act/unsup

1003 token-ring-default                  act/unsup

1004 fddinet-default                     act/unsup

1005 trnet-default                       act/unsup

 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -          0      0  

2    enet  100002     1500  -      -      -        -    -          0      0  

10   enet  100010     1500  -      -      -        -    -          0      0  

20   enet  100020     1500  -      -      -        -    -          0      0  

30   enet  100030     1500  -      -      -        -    -          0      0  

40   enet  100040     1500  -      -      -        -    -          0      0  

50   enet  100050     1500  -      -      -        -    -          0      0  

60   enet  100060     1500  -      -      -        -    -          0      0  

70   enet  100070     1500  -      -      -        -    -          0      0  

80   enet  100080     1500  -      -      -        -    -          0      0  

100  enet  100100     1500  -      -      -        -    -          0      0   

110  enet  100110     1500  -      -      -        -    -           0      0  

120  enet  100120     1500  -      -      -        -    -          0      0  

150  enet  100150     1500  -      -      -        -    -          0      0  

160  enet  100160     1500  -      -      -        -    -          0      0  

1002 fddi  101002     1500  -      -      -        -    -            0      0  

1003 tr    101003     1500  -      -      -        -    -           0      0  

1004 fdnet 101004     1500  -      -      -        ieee -              0      0  

 
View Code

 

posted @ 2017-12-26 10:35  方面盘  阅读(6766)  评论(0编辑  收藏  举报