VLAN(Virtual Local Area Network)即虚拟局域网,是将一个物理的LAN在逻辑上划分成多个广播域的通信技术。每个VLAN是一个广播域,VLAN内的主机间通信就和在一个LAN内一样,而VLAN间则不能直接互通,这样,广播报文就被限制在一个VLAN内。
Access接口大部分情况只能收发Untagged帧,且只能为Untagged帧添加唯一VLAN的Tag。交换机内部只处理Tagged帧,所以Access接口需要给收到的数据帧添加VLAN Tag,也就必须配置缺省VLAN。配置缺省VLAN后,该Access接口也就加入了该VLAN。当Access接口收到带有Tag的帧,并且帧中VID与PVID相同时,Access接口也能接收并处理该帧。
实验要求
- PC1和PC3所在的接口为access;属于 vlan2;
- PC2、PC4、PC5、PC6处于同一网段;其中PC2可以访问PC4、PC5、PC6;但PC4可以访问PC5,不能访问PC6
- PC5不能访问PC6
- PC1、PC3与PC2、PC4、PC5、PC6不在同一网段
- 所有PC通过DHCP获取IP地址,且PC1与PC3可以正常访问PC2、PC4、PC5、PC6
拓扑图
SW1
[Huawei]vlan batch 2 to 5
[Huawei]int g 0/0/1 #设置接口直接属于VLAN2且为access
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/1]int g 0/0/2 #设置混合模式,属于vlan3且能访问3 4 5
[Huawei-GigabitEthernet0/0/2]port hybrid pvid vlan 3
[Huawei-GigabitEthernet0/0/2]port hybrid untagged vlan 3 4 5
[Huawei-GigabitEthernet0/0/2]int g 0/0/3 #允许所有vlan访问
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]int g 0/0/4 #vlan2带标签进入,而vlan345属于同一个网段脱标签进入
[Huawei-GigabitEthernet0/0/4]port hybrid tagged vlan 2
[Huawei-GigabitEthernet0/0/4]port hybrid untagged vlan 3 4 5
SW2
[Huawei]vlan batch 2 to 5
[Huawei]int g 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type access
[Huawei-GigabitEthernet0/0/1]port default vlan 2
[Huawei-GigabitEthernet0/0/1]int g 0/0/2 #设置属于vlan4且能访问3、4
[Huawei-GigabitEthernet0/0/2]port hybrid pvid vlan 4
[Huawei-GigabitEthernet0/0/2]port hybrid untagged vlan 3 4
[Huawei-GigabitEthernet0/0/2]int g 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/3]int g 0/0/4
[Huawei-GigabitEthernet0/0/4]port link-type trunk
[Huawei-GigabitEthernet0/0/4]port trunk allow-pass vlan all
SW3
[Huawei]vlan batch 2 to 5
[Huawei]int g 0/0/1 #设置属于vlan4,且允许访问3 4(不能访问VLAN5 即PC6)
[Huawei-GigabitEthernet0/0/1]port hybrid pvid vlan 4
[Huawei-GigabitEthernet0/0/1]port hybrid untagged vlan 3 4
[Huawei-GigabitEthernet0/0/1]int g 0/0/2
[Huawei-GigabitEthernet0/0/2]port hybrid pvid vlan 5
[Huawei-GigabitEthernet0/0/2]port hybrid untagged vlan 3 5
[Huawei-GigabitEthernet0/0/2]int g 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type trunk
[Huawei-GigabitEthernet0/0/3]port trunk allow-pass vlan all
R1
[Huawei]dhcp enable
[Huawei]ip pool v2 #VLAN2的IP
[Huawei-ip-pool-v2]gateway-list 192.168.2.1
[Huawei-ip-pool-v2]network 192.168.2.0 mask 255.255.255.0
[Huawei-ip-pool-v2]dns-list 8.8.8.8
[Huawei-ip-pool-v2]q
[Huawei]ip pool v1 #VLAN3 4 5的IP池
[Huawei-ip-pool-v1]gateway-list 192.168.1.1
[Huawei-ip-pool-v1]network 192.168.1.0 mask 255.255.255.0
[Huawei-ip-pool-v1]dns-list 8.8.8.8
[Huawei-ip-pool-v1]q
[Huawei]int g 0/0/0 #配置物理接口当作vlan 3 4 5的网关
[Huawei-GigabitEthernet0/0/0]ip ad 192.168.1.1 24
[Huawei-GigabitEthernet0/0/0]dhcp select global
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int g 0/0/0.1 #配置子接口作为vlan2的网关
[Huawei-GigabitEthernet0/0/0.1]dot1q termination vid 2
[Huawei-GigabitEthernet0/0/0.1]ip ad 192.168.2.1 24
[Huawei-GigabitEthernet0/0/0.1]arp broadcast enable
[Huawei-GigabitEthernet0/0/0.1]dhcp select global
测试
选择DHCP并‘应用’之后,查看各PC的IP获取情况:
PC1
可以正常访问PC2、PC4、PC5、PC6
PC2
PC2可以访问PC4、PC5、PC6
PC3
可以正常访问PC2、PC4、PC5、PC6
PC4
PC4可以访问PC5,不能访问PC6
PC5
PC5不能访问PC6
PC6
