Exchange technology VLAN part VLAN experiment

Vlan Knowledge point ：

VLAN： Virtual LAN Layer 2 switching and router （ Three layer switch ） Logic divides a broadcast domain into multiple ;
Configuration ideas ：
1、 Create... On the switch vlan
2、 Each interface on the switch is divided into corresponding interfaces vlan in
3、trunk main rd
4、vlan Routing between — Single arm routing （ Router sub interface ） Three layer switch

The forwarding mechanism of the switch to the traffic ：
After the traffic enters the switch , First identify the source in the data frame MAC Address , Then the MAC The address is bound with the incoming interface of the traffic 、 Record , Generate MAC Address table — Re convert to CAM surface
Then view the target in the data frame MAC Address , stay CAM Find the corresponding record in the table , If there are records , Unicast forwarding by record interface ;
If there is no record, the flow will be flooded ; flooding — All outlets except the inlet of flow are duplicated ;
Default CAM In a mac After the last 300s place it on clipboard ;

MAC Address table and CAM The difference between — CAM Yes, it will MAC In the table MAC Address + Interface number +vlanid Convert to hash value , Then convert to binary format ; The point is to recognize faster ;

Huawei configuration ：

1、 establish vlan
[SWA]vlan 10
[SWA-vlan10]quit
[SWA]vlan batch 2 to 3 5 10 Batch creation vlan2-3,5,10

2、 Interface into vlan
Modify the interface mode of a single interface to access
[SWA]interface GigabitEthernet 0/0/5
[SWA-GigabitEthernet0/0/5]port link-type access
Batch change to access
[Huawei]port-group 1
[Huawei]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/10
[Huawei]port link-type access

A single interface is divided into vlan
SWA]interface GigabitEthernet0/0/5
[SWA-GigabitEthernet0/0/5]port default vlan 3
Batch divide the interface into vlan2
[Huawei]vlan 2
[Huawei-vlan2]port GigabitEthernet 0/0/1 to 0/0/2
3、trunk main rd
After entering the interface, modify the interface type to trunk Pattern ; Redefine the trunk The main road can be allowed to pass vlan; Default trunk Of the main road PVLAN- similar cisco Of native vlan by vlan1, Default pair vlan1 The flow is not marked , And others added to the Allow list can also be passed normally
[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all Allow all vlan adopt
[Huawei-GigabitEthernet0/0/1]port default vlan 3 modify trunk On the main road pvlan, Once pvlan Not by default vlan1 了 , Then you need to add a new... In the permission condition PVLAN; Now the original vlan1 No more pvlan, You need to manually add it to the Allow List ;

4、vlan Inter router
1) Single arm routing — A subinterface — The interface of the switch connecting the router is modified trunk Pattern
[RTA]interface GigabitEthernet0/0/1.1
[RTA-GigabitEthernet0/0/1.1]dot1q termination vid 2
[RTA-GigabitEthernet0/0/1.1]ip address 192.168.2.254 24
[RTA-GigabitEthernet0/0/1.1]arp broadcast enable
[RTA]interface GigabitEthernet0/0/1.2
[RTA-GigabitEthernet0/0/1.2]dot1q termination vid 3
[RTA-GigabitEthernet0/0/1.2]ip address 192.168.3.254 24
[RTA-GigabitEthernet0/0/1.2]arp broadcast enable

DHCP Pond configuration
dhcp enable Start globally first DHCP service
Then open the interface dhcp service , Each sub interface is opened separately
[r1]interface GigabitEthernet 0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global
Redefine the pond
ip pool v3
gateway-list 192.168.2.1
network 192.168.2.0 mask 255.255.255.0
dns-list 114.114.114.114
Huawei VLAN Some interface modes are explained ：
1、 As long as the traffic enters Huawei's equipment, it will be labeled immediately ;-- There are labels for the traffic forwarded inside Huawei devices
2、 All interfaces on Huawei equipment switches have forwarding permission lists , Only the traffic allowed by the forwarding permission list , To enter or transfer out from this interface ;
3、 When transferring out from an interface , In addition to viewing the Allow List , Whether or not to define the tag ;
4、 If a flow enters from an interface of the switch , No label , Will be marked with this interface pvlan id;
5、 If a certain traffic enters from an interface of the switch , There are labels , Will match the allowed list of the interface , If allowed, you can enter , If not allowed, it will be discarded ;
6、PC If a marked flow is received , Will discard ;

No matter the interface is in any mode , All match the above 5 Bar rule ;
Access mode ： Only one is allowed VLAN adopt （ The Allow list cannot be defined directly ）;PVLAN Is to allow VLAN; And must not be marked
[sw1]interface GigabitEthernet 0/0/5
[sw1-GigabitEthernet0/0/5]port link-type access
[sw1-GigabitEthernet0/0/5]port default vlan 2

Relay mode ： all VLAN Can be manually added to the Allow List , Default only pvlan In the Allow List , And pvlan The output rule of is not marked
remember , other VLAN The rule is marked ;
[sw1]interface GigabitEthernet 0/0/6
[sw1-GigabitEthernet0/0/6]port link-type trunk
[sw1-GigabitEthernet0/0/6]port trunk pvid vlan 2
[sw1-GigabitEthernet0/0/6]port trunk allow-pass vlan all

Hybrid mode ： all VLAN Can be manually added to the Allow List , And can pass when allowed , Define whether to mark ;
Default PVLAN by VLAN1, The outbound rule is not marked ; once PVLAN Be modified , Then you need to add this manually VLAN To the Allow List , At the same time, you can define whether to mark ;
[sw1]interface GigabitEthernet 0/0/7
[sw1-GigabitEthernet0/0/7]port hybrid tagged vlan 2 to 3
[sw1-GigabitEthernet0/0/7]port hybrid untagged vlan 4 to 5

[sw1]display port vlan active View interface's VLAN Forwarding rules ;
Main interface ：
When a data frame enters from a switch interface , First pay attention to whether to carry vlan id;
1） carry — Focus on list , If permitted , The portable belt package enters
2） Not carried — encapsulation PVID Of VLAN No.1 enters
When the data frame goes out from a switch interface ; Then it must be in vlan list in
Pay more attention to whether to carry and package
U be stripped
T carry

---------------------------------------------------------------------------- The experiment begins -----------------------------------------------------------------------------------

The experimental requirements ：

The topology ：

First step , Divide Vlan, According to the title requirements , hold pc1 and pc3 Divided into vlan2,pc2 Divided into vlan3,pc4 and pc5 Divided into vlan4,pc6 Divided into vlan5

VLAN2：
[sw1]vlan batch 2 to 5
[sw1-Ethernet0/0/2]port link-type access 
[sw1-Ethernet0/0/2]port default vlan 2

[sw2]vlan batch 2 to 5
[sw2-Ethernet0/0/2] port link-type access
[sw2-Ethernet0/0/2] port default vlan 2

valn3：
[sw1]vlan batch 2 to 5
[sw1-Ethernet0/0/3]port link-type hybrid 
[sw1-Ethernet0/0/3]port hybrid untagged vlan 3 to 5
[sw1-Ethernet0/0/3]port hybrid pvid vlan 3

VLAN4：
[sw2-Ethernet0/0/3]port hybrid untagged vlan 3 to 4
[sw2-Ethernet0/0/3]port hybrid pvid vlan 4

[sw3-Ethernet0/0/2]port hybrid pvid vlan 4	
[sw3-Ethernet0/0/2]port hybrid untagged vlan 3 to 4

valn5：
[sw3-Ethernet0/0/3]port hybrid pvid vlan 5
[sw3-Ethernet0/0/3]port hybrid untagged vlan 3 5

The second step ： Configuration between switches trunk

sw1 and sw2 Between ：
[sw1-Ethernet0/0/4]port link-type trunk 
[sw1-Ethernet0/0/4]port trunk allow-pass vlan 2 to 5

[sw2-Ethernet0/0/4]port link-type trunk 
[sw2-Ethernet0/0/1]port trunk allow-pass vlan 2 to 5

sw2 and sw3 Between ：（ Use hybrid）
[sw2-Ethernet0/0/4]port hybrid tagged vlan 2 to 5
[sw3-Ethernet0/0/1]port hybrid tagged vlan 2 to 5

The third step ： stay R1 Configure on （ Interface network segment 、dhcp）

[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[r1-GigabitEthernet0/0/0]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2	
[r1-GigabitEthernet0/0/0.1]arp broadcast  enable 
[r1]dhcp enable 
[r1]ip pool a	
[r1-ip-pool-a]network 192.168.1.0 mask 24
[r1-ip-pool-a]gateway-list 192.168.1.1
[r1]ip pool v2
[r1-ip-pool-v2]network 192.168.2.0 mask 24
[r1-ip-pool-v2]gateway-list 192.168.2.1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]dhcp select global 
[r1-GigabitEthernet0/0/0]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global

Step four ： see pc Whether it is obtained normally IP（ With pc1 and pc2 For example ）
pc1

pc2

Step five ： test
pc1 Accessible 23456
pc2 Accessible 456
pc4 Accessible 5
pc4 inaccessible 6