虚拟局域网(VLAN)

1、虚拟局域网（VLAN）目标n 基于安全和管理的需要，能够正确的为交换机配置各种密码，和管理IP、网关等n 能够根据实际的需求，在Cisco 交换机上正确划分基于端口的静态VLANn 理解VLAN 的含义 n 了解划分VLAN 的作用 n 理解VLAN 的工作原理 配置主机名n Switch>enn Switch#conf tn Switch(config)# hostname sw1n sw1(config)#查看交换机的配置n sw1# show running-configversion 12.1no service padservice timestamps debug uptim

2、eservice timestamps log uptimeno service password-encryption!hostname sw1配置enable明文口令n sw1(config)#enable password cisco n sw1(config)#exitn sw1#show running-config 检验enable口令的作用n sw1# exit Press RETURN to get started.n sw1>enable Password:ciscon sw1#配置enable加密口令n sw1(config)# enable secret cisco

3、labn sw1#show running-configversion 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname sw1!enable secret 5 $1$e1k3$tmDh/6EG9c5enGXDjjj7j/enable password cisco!检验enable加密口令的作用n sw1# exit Press RETURN to get started.n sw1>enable Pas

4、sword:ciscolabn sw1#配置Console口令n sw1(config)#line console 0n sw1(config-line)#password 123n sw1(config-line)#loginn sw1#show runinterface Vlan1 no ip address no ip route-cache shutdown!ip http server!line con 0 password 123 login登录口令的输入Switch con0 is now availablePress RETURN to get started.User Acc

5、ess VerificationPassword:123Switch>enPassword:ciscolabSwitch#配置管理用IP地址与网关21n sw1(config)# interface vlan 1nn sw1(config-if)# no shutdownn sw1# show running-config!interface FastEthernet0/24 no ip address!interface Vlan1 no ip route-cache!ip http server配置管理用IP地址与网关22n查看MAC地址表n sw1#show mac-address

6、-table Mac Address Table-Vlan Mac Address Type Ports- - - -Total Mac Addresses for this criterion: 6使用CDP协议31n sw1#show cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries traffic CDP statistics | Output modifiers <cr

7、>使用CDP协议32n sw1#show cdp neighborCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - PhoneDevice ID Local Intrfce Holdtme Capability Platform Port IDR1 Fas 0/19 139 R 2621XM Fas 0/0使用CDP协议33n sw1#show cdp neighbors detail-Devic

8、e ID: R1Entry address(es):Platform: cisco 2621XM, Capabilities: RouterInterface: FastEthernet0/19, Port ID (outgoing port): FastEthernet0/0Holdtime : 143 secVersion :Cisco Internetwork Operating System SoftwareIOS (tm) C2600 Software (C2600-IS-M), Version 12.2(21), RELEASE SOFTWARE (fc3)Copyright (c

9、) 1986-2003 by cisco Systems, Inc.Compiled Tue 02-Dec-03 16:06 by kellmilladvertisement version: 2Duplex: full保存交换机的配置n sw1# copy running-config startup-config或 n sw1# writeBuilding configuration.OK恢复设备出厂默认值n sw1# erase startup-configErasing the nvram filesystem will remove all configuration files!

10、Continue? confirmOKErase of nvram: completen sw1#reloadProceed with reload? confirmVLAN概述n 什么是VLANn Virtual LAN（虚拟局域网）是物理设备上连接的不受物理位置限制的用户的一个逻辑组。n 为什么引入VLANn 交换机分割了冲突域，但是不能分割广播域 n 随着交换机端口数量的增多，网络中广播增多，降低了网络的效率 n 为了分割广播域，引入了VLAN VLAN的作用n VLAN的作用n 广播控制 n 安全性 n 带宽利用 n 延迟 VLAN的种类n 基于端口划分的静态VLAN n 基于MAC地

11、址划分的动态VLANl 基于端口划分的静态VLANl 基于MAC地址划分的动态VLANCisco交换机上静态VLAN的配置n 配置VLAN的步骤n 创建VLANn 将端口加入到相应的VLAN 中 n 验证 创建VLANn 创建VLAN有以下2种方法n 在全局配置模式下创建VLANn 进入VLAN 数据库中创建VLAN 在全局配置模式下创建VLANn Switch(config)#vlan vlan-idn Switch(config-vlan)#name vlan-name进入VLAN 数据库创建VLANn Switch#vlan databasen Switch(vlan)#vlan 2VL

12、AN 2 added: Name: VLAN0002n Switch(vlan)#exitAPPLY completed.Exiting.删除已创建的VLANn Switch#vlan databasen Switch(vlan)#no vlan 2Deleting VLAN 2.或：n Switch(config)#no vlan 2将端口加入VLANn Switch(config)# interface f0/1n Switch(config-if)# switchport access vlan vlan-idn Switch(config-if)# no switchport acce

13、ss vlan vlan-idn 也可以同时将多个端口添加到某个VLAN中：Switch(config)# interface range f0/1 10 Switch(config-if-range)# switchport access vlan vlan-id 验证VLAN的配置n Switch# show vlan briefn Switch# show vlan id vlan-idVLAN配置实例Switch#vlan databaseSwitch(vlan)#vlan 2 name v2VLAN 2 added: Name: v2Switch(vlan)#exitAPPLY co

14、mpleted.Exiting.Switch#config terminalSwitch(config)#interface range f0/5 - 10Switch(config-if-range)#switchport access vlan 2查看VLAN配置n Switch#show vlan briefVLAN Name Status Ports- - - -1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19,

15、 Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/242 v2 active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/101002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active其他常用命令n 其他常用命令n 指定/删除VLAN描述字符n description stringn no descriptionn 查看VLAN设置n show vlan vlan_id n 开启/关闭VL

16、AN接口n shutdownn no shutdownIOS使用技巧n ？的使用n Tab键的使用n 使用命令简写n 使用缓存命令？的使用31n Switch# ？Exec commands: access-enable Create a temporary Access-List entry access-template Create a temporary Access-List entry archive manage archive files cd Change current directory clear Reset functions clock Manage the sys

17、tem clock cns CNS subsystem configure Enter configuration mode connect Open a terminal connection copy Copy from one file to another debug Debugging functions (see also 'undebug') delete Delete a file dir List files on a filesystem disable Turn off privileged commands disconnect Disconnect a

18、n existing network connection dot1x IEEE 802.1X commands enable Turn on privileged commands . .？的使用32n Switch(config)#s?scheduler service shutdown snmp snmp-serverspanning-tree stackmaker system？的使用33n Switch(config)#spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions loopguard Spanning tree loopguard options mode Spanning tree operating mode pathcost Spanning tree pathcost options portfast Spanning tree portfast options uplinkfast Enable UplinkFast Feature vlan VLAN