虛擬局域網(wǎng)(VLAN)

1、虛擬局域網(wǎng)（VLAN）目標(biāo)n 基于安全和管理的需要，能夠正確的為交換機配置各種密碼，和管理IP、網(wǎng)關(guān)等n 能夠根據(jù)實際的需求，在Cisco 交換機上正確劃分基于端口的靜態(tài)VLANn 理解VLAN 的含義 n 了解劃分VLAN 的作用 n 理解VLAN 的工作原理 配置主機名n Switch>enn Switch#conf tn Switch(config)# hostname sw1n sw1(config)#查看交換機的配置n sw1# show running-configversion 12.1no service padservice timestamps debug uptim

2、eservice timestamps log uptimeno service password-encryption!hostname sw1配置enable明文口令n sw1(config)#enable password cisco n sw1(config)#exitn sw1#show running-config 檢驗enable口令的作用n sw1# exit Press RETURN to get started.n sw1>enable Password:ciscon sw1#配置enable加密口令n sw1(config)# enable secret cisco

3、labn sw1#show running-configversion 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname sw1!enable secret 5 $1$e1k3$tmDh/6EG9c5enGXDjjj7j/enable password cisco!檢驗enable加密口令的作用n sw1# exit Press RETURN to get started.n sw1>enable Pas

4、sword:ciscolabn sw1#配置Console口令n sw1(config)#line console 0n sw1(config-line)#password 123n sw1(config-line)#loginn sw1#show runinterface Vlan1 no ip address no ip route-cache shutdown!ip http server!line con 0 password 123 login登錄口令的輸入Switch con0 is now availablePress RETURN to get started.User Acc

5、ess VerificationPassword:123Switch>enPassword:ciscolabSwitch#配置管理用IP地址與網(wǎng)關(guān)21n sw1(config)# interface vlan 1nn sw1(config-if)# no shutdownn sw1# show running-config!interface FastEthernet0/24 no ip address!interface Vlan1 no ip route-cache!ip http server配置管理用IP地址與網(wǎng)關(guān)22n查看MAC地址表n sw1#show mac-address

6、-table Mac Address Table-Vlan Mac Address Type Ports- - - -Total Mac Addresses for this criterion: 6使用CDP協(xié)議31n sw1#show cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries traffic CDP statistics | Output modifiers <cr

7、>使用CDP協(xié)議32n sw1#show cdp neighborCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDR1 Fas 0/19 139 R 2621XM Fas 0/0使用CDP協(xié)議33n sw1#show cdp neighbors detail-Devic

8、e ID: R1Entry address(es):Platform: cisco 2621XM, Capabilities: RouterInterface: FastEthernet0/19, Port ID (outgoing port): FastEthernet0/0Holdtime : 143 secVersion :Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-IS-M), Version 12.2(21), RELEASE SOFTWARE (fc3)Copyright (c

9、) 1986-2003 by cisco Systems, Inc.Compiled Tue 02-Dec-03 16:06 by kellmilladvertisement version: 2Duplex: full保存交換機的配置n sw1# copy running-config startup-config或 n sw1# writeBuilding configuration.OK恢復(fù)設(shè)備出廠默認(rèn)值n sw1# erase startup-configErasing the nvram filesystem will remove all configuration files!

10、Continue? confirmOKErase of nvram: completen sw1#reloadProceed with reload? confirmVLAN概述n 什么是VLANn Virtual LAN（虛擬局域網(wǎng)）是物理設(shè)備上連接的不受物理位置限制的用戶的一個邏輯組。n 為什么引入VLANn 交換機分割了沖突域，但是不能分割廣播域 n 隨著交換機端口數(shù)量的增多，網(wǎng)絡(luò)中廣播增多，降低了網(wǎng)絡(luò)的效率 n 為了分割廣播域，引入了VLAN VLAN的作用n VLAN的作用n 廣播控制 n 安全性 n 帶寬利用 n 延遲 VLAN的種類n 基于端口劃分的靜態(tài)VLAN n 基于MAC地

11、址劃分的動態(tài)VLANl 基于端口劃分的靜態(tài)VLANl 基于MAC地址劃分的動態(tài)VLANCisco交換機上靜態(tài)VLAN的配置n 配置VLAN的步驟n 創(chuàng)建VLANn 將端口加入到相應(yīng)的VLAN 中 n 驗證 創(chuàng)建VLANn 創(chuàng)建VLAN有以下2種方法n 在全局配置模式下創(chuàng)建VLANn 進(jìn)入VLAN 數(shù)據(jù)庫中創(chuàng)建VLAN 在全局配置模式下創(chuàng)建VLANn Switch(config)#vlan vlan-idn Switch(config-vlan)#name vlan-name進(jìn)入VLAN 數(shù)據(jù)庫創(chuàng)建VLANn Switch#vlan databasen Switch(vlan)#vlan 2VL

12、AN 2 added: Name: VLAN0002n Switch(vlan)#exitAPPLY completed.Exiting.刪除已創(chuàng)建的VLANn Switch#vlan databasen Switch(vlan)#no vlan 2Deleting VLAN 2.或：n Switch(config)#no vlan 2將端口加入VLANn Switch(config)# interface f0/1n Switch(config-if)# switchport access vlan vlan-idn Switch(config-if)# no switchport acce

13、ss vlan vlan-idn 也可以同時將多個端口添加到某個VLAN中：Switch(config)# interface range f0/1 10 Switch(config-if-range)# switchport access vlan vlan-id 驗證VLAN的配置n Switch# show vlan briefn Switch# show vlan id vlan-idVLAN配置實例Switch#vlan databaseSwitch(vlan)#vlan 2 name v2VLAN 2 added: Name: v2Switch(vlan)#exitAPPLY co

14、mpleted.Exiting.Switch#config terminalSwitch(config)#interface range f0/5 - 10Switch(config-if-range)#switchport access vlan 2查看VLAN配置n Switch#show vlan briefVLAN Name Status Ports- - - -1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19,

15、 Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/242 v2 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/101002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active其他常用命令n 其他常用命令n 指定/刪除VLAN描述字符n description stringn no descriptionn 查看VLAN設(shè)置n show vlan vlan_id n 開啟/關(guān)閉VL

16、AN接口n shutdownn no shutdownIOS使用技巧n ？的使用n Tab鍵的使用n 使用命令簡寫n 使用緩存命令？的使用31n Switch# ？Exec commands: access-enable Create a temporary Access-List entry access-template Create a temporary Access-List entry archive manage archive files cd Change current directory clear Reset functions clock Manage the sys

17、tem clock cns CNS subsystem configure Enter configuration mode connect Open a terminal connection copy Copy from one file to another debug Debugging functions (see also 'undebug') delete Delete a file dir List files on a filesystem disable Turn off privileged commands disconnect Disconnect a

18、n existing network connection dot1x IEEE 802.1X commands enable Turn on privileged commands . .？的使用32n Switch(config)#s?scheduler service shutdown snmp snmp-serverspanning-tree stackmaker system？的使用33n Switch(config)#spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions loopguard Spanning tree loopguard options mode Spanning tree operating mode pathcost Spanning tree pathcost options portfast Spanning tree portfast options uplinkfast Enable UplinkFast Feature vlan VLAN