Catalog

Network security

vlan： Virtual machine lan

acl： A firewall

vlan Implementation in simulator

Realization vlan step ：

One 、 establish vlan

Check out the existing vlan

  Two 、 Connect different pc The interface of the machine is put into different vlan.

1、 Enter to divide vlan The interface of

2、 Change the interface type to access

3、 Talk about the division of interfaces into different vlan

Network security

vlan： Virtual machine lan

principle ： Put the real LAN , Divided into multiple virtual LANs , This can realize different virtual LANs （vlan） The isolation .

effect ： Limit the spread of the virus , For example, a computer is infected with a virus , If not set vlan, It may infect all computers , Set up vlan after , It can only infect the area where the computer is located vlan, other vlan Your computer is safe .

acl： A firewall

vlan Implementation in simulator

vlan Need to be configured in the switch , Create... In the switch vlan, And put different interfaces into different vlan.

  No configuration vlan when , Switch interface twice pc Can visit each other , At this time, one pc The machine is infected with a virus , The other one will also be infected , Therefore, you need to configure vlan.

Realization vlan step ：

1、 Create in switch vlan

2、 Put two computers into different vlan

One 、 establish vlan

vlan vlan name 
 example ： establish vlan 20

 After the command line enters the system view , Input vlan 20

 Batch creation vlan：
vlan batch  Enter the to be created vlan name   Each is separated by a space 

  establish vlan 10 and vlan 20

  Once created , We want to see what vlan, You can enter commands ,display vlan

Check out the existing vlan

display vlan

  Two 、 Connect different pc The interface of the machine is put into different vlan.

Be careful ： The division is different vlan Not will pc Machine put in vlan, Instead, it will connect pc Put the interface of the machine into vlan Implement interface isolation .

1、 Enter to divide vlan The interface of

int  The interface name 

2、 Change the interface type to access

 Change the interface to access Interface 
port link-type access

 Change the interface to trunk Interface 
port link-type trunk

Why modify the interface type , Because switches have many interface types , Each type is used to connect different machines .

There are mainly two kinds ：

access Interface ： Used to connect terminal 、 The computer 、 The printer

trunk Interface ： Used to connect other Switch , When connecting other switches, change the interface to trunk Interface .

trunk The function of the interface is to mark data packets vlan label , Let another switch know to which vlan Of .

3、 Talk about the division of interfaces into different vlan

port default  Which one do you want to divide into vlan

 example : take 0/0/1 The interface is divided into vlan10
port default vlan 10

  Check it out. vlan What interfaces are there in

  We can see 0/0/1 The interface has been divided into vlan 10

Same method , Put another interface into vlan 20

  The two interfaces have been put into different vlan. These two pc The machine has been vlan Isolation , It's already impassable .

  We can see , The host is not reachable .

Realize data communication between two switches （trunk Interface ）

 trunk Function of interface ：

Set the port connected by the two switches to trunk Interface , because trunk The interface can mark the data vlan label , Let another switch know which one to send data to vlan.

Implementation steps ：

In the following steps, the interface between the two switches should be set , That is, set it twice

1、 Set the interface to trunk Interface

port link-type trunk

2、 Set the vlan（ That's what vlan Data packets can be sent through this interface ）

# Allow all vlan adopt 
port trunk allow-pass vlan all

# It can also be put through separately vlan
 example ： Let go vlan 10  and vlan 20
port trunk allow-pass vlan 10
port trunk allow-pass vlan 20

  example ：

  Another switch operates the same ：

1、 Set the interface to trunk Interface

2、 Set the allowed vlan

Set the trunk After the interface , Connect other pc The port of the machine is set to access Interface , And divided into vlan in .（ There are operation steps ）