| 知乎专栏 | 多维度架构 |
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#
*Mar 1 00:29:54.407: %SYS-5-CONFIG_I: Configured from console by console
Switch(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 2
Name: server
Media Type: Ethernet
VLAN 802.10 Id: 100002
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 3
Name: office
Media Type: Ethernet
VLAN 802.10 Id: 100003
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 1002
Name: fddi-default
Media Type: FDDI
VLAN 802.10 Id: 101002
State: Operational
MTU: 1500
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 1003
Name: token-ring-default
Media Type: Token Ring
VLAN 802.10 Id: 101003
State: Operational
MTU: 1500
Maximum ARE Hop Count: 7
Maximum STE Hop Count: 7
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 1004
Name: fddinet-default
Media Type: FDDI Net
VLAN 802.10 Id: 101004
State: Operational
MTU: 1500
STP Type: IEEE
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
VLAN ISL Id: 1005
Name: trnet-default
Media Type: Token Ring Net
VLAN 802.10 Id: 101005
State: Operational
MTU: 1500
STP Type: IBM
Backup CRF Mode: Disabled
Remote SPAN VLAN: No
Switch(vlan)#
路由器配制
Router#configure terminal Router(config)#interface f0/0 Router(config-if)#no shutdown Router(config-if)#interface f0/0.1 --------------- 创建子接口1 Router(config-subif)#encapsulation dot1q 2 ------ 2为VLAN号 对应VLAN 2 Router(config-subif)#ip address 10.10.11.1 255.255.255.0 Router(config-if)#interface f0/0.2 ---------------- 创建子接口2 Router(config-subif)#encapsulation dot1q 3 ------- 3为VLAN号 对应VLAN 3 Router(config-subif)#ip address 10.10.10.1 255.255.255.0 路由器已经配制完毕,可以在Router#show run 看一下当前的配制,用Router#show interfaces 看当前端口的状态,f0/0.1 和f0/0.2两个子 接口是否为up状态。
交换机配制
Switch#vlan database Switch(vlan)#vlan 2 name 财务部 ------- 创建vlan 2为财务部 Switch(vlan)#vlan 3 name 市场部----------创建vlan 3为市场部 Switch(vlan)#exit Switch configure terminal Switch(coning)#interface range f0/2 - 9 Switch(coning-if)#switch port access vlan 2 ------- 将f0/-f0/9端口分到vlan 2中 Switch(config-if)#interface range f0/10 - 14 Switch(config-if)#switchport access vlan 3 --------将端f0/10至f0/14口3分到vlan 3中 Switch(config-if)#interface f0/1 Switch(config-if)#switchport trunk encapsulation dot1q ------将端口封装 Switch(config-if)#switchport mode trunk -------- 将端口配制为trunk模式
客户端配制:
WorKstation 1 配制为:10.10.11.3 255.255.255.0 网关:10.10.11.1 Workstation 2 配制为:10.10.10.3 255.255.255.0 网关:10.10.10.1
3560交换机VLAN间路由的具体设置
路由, VLAN, 交换机, 设置 在3560交换机上划三个VLAN,并且要求其中两个VLAN间能够互相访问,操作如下,请指点:
过程 11.1. Switch VLan 配置步骤
激活vlan路由
Switch1#config t Switch1(config)#ip routing
创建三个VLAN
Switch1# Switch1#vlan database Switch1(vlan)#vlan 2 Switch1(vlan)#vlan 3 Switch1(vlan)#vlan 10 Switch1(vlan)#exit
给VLAN分配IP
Switch1#config t Switch1(config)#config vlan2 Switch1(config-if)#ip address 192.168.2.1 255.255.255.0 Switch1(config-if)#no shutdown Switch1#config t Switch1(config)#config vlan3 Switch1(config-if)#ip address 192.168.3.1 255.255.255.0 Switch1(config-if)#no shutdown
配VTP
Switch1# Switch1#config t Switch1(config)#vtp domain SMG Switch1(config)#vtp mode server Switch1(config)#end
交换机通往路由器的接口配IP
Switch1# Switch1#config t Switch1(config)#interface fastethernet0/1 Switch1(config-if)#no switchport Switch1(config-if)#ip address 200.1.1.1 255.255.255.0 Switch1(config-if)#no shutdown
交换机配置缺省路由
Switch1# Switch1#config t Switch(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2
把VLAN号分配给IP接口
Switch1# Switch1#config t Switch1(config)#interface fastethernet0/2 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan2 Switch1(config-if)#spanning-tree portfast … … Switch1# Switch1#config t Switch1(config)#interface fastethernet0/13 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan3 Switch1(config-if)#spanning-tree portfast
配访问控制列表ACL禁VLAN3子网的客户机访问服务器
Switch1# Switch1#config t Switch1(config)#access-list 1 deny 192.168.3.0 0.0.0.255 Switch1(config)#access-list 1 permit any Switch1(config)#interface fastethernet0/13 (此接口接服务器) Switch1(config-if)#ip access-group 1 out
检查上述配置
Switch1#show vlan Switch1#show ip route Switch1#show interface gigabitethernet0/1 switchport Switch1#show run Switch1#show vtp status
存配置
Switch1#copy running-config startup-config
VLAN Trunking Protocol(VLAN 中继协议)
Server
Switch# config terminal Switch(config)# vtp mode server Switch(config)# vtp domain cisco Switch(config)# vtp password mypassword Switch(config)# end
Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# vtp domain cisco Switch(vlan)# vtp password mypassword Switch(vlan)# exit APPLY completed. Exiting.... Switch#
2960#conf t 2960(config)#int f0/15 2960(config-if)#switchport mode trunk 2960(config-if)#end 2960#vlan database 2960(vlan)#vtp client 2960(vlan)#vtp domain eng_group 2960(vlan)#vtp password mypassword 2960(vlan)#exit
cisco3750>en cisco3750#conf t cisco3750(config)#vtp domain cisco(创建域名) cisco3750(config)#vtp password 123(设置密码) cisco3750(config)#vtp mode server(改成服务器模式) cisco3750(config-if)#int g0/0(进入千兆端口) cisco3750(config-if)#switchport trunk encapsulation dot1q(封装) cisco3750(config-if)#switch mode trunk(改成trunk模式) 3560>en 3560#conf t 3560(config)#vtp domain cisco(要以前面一致) 3560(config)#vtp password 123(要以前面一致) 3560(config)#vtp mode client(改成客户机模式)
3750G-1.240#show vtp stat VTP Version : 2 Configuration Revision : 4 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : cisco VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x5D 0x64 0xFF 0xB1 0x87 0xF7 0x5B 0x0E Configuration last modified by 0.0.0.0 at 3-1-93 00:17:47 Local updater ID is 0.0.0.0 (no valid interface found) 3750G-1.240#show vtp password VTP Password: 123