三层交换机vlan配置范例.docx
《三层交换机vlan配置范例.docx》由会员分享,可在线阅读,更多相关《三层交换机vlan配置范例.docx(14页珍藏版)》请在冰豆网上搜索。
三层交换机vlan配置范例
这个配置没有任何问题。
只要你能看明白,记住关键的命令,相信你已经对三层有更深的认识。
****************************************************************
网络基本情况
网络拓扑结构为:
中心交换机采用CiscoCatalyst4006-S3,
SupervisorEngineIIIG引擎位于第1插槽,用于实现三层交换;1块24口
1000Base-T模块位于第2插槽,用于连接网络服务器;1块6端口1000Base-X模块位
于第3插槽,用于连接6台骨干交换机。
一台交换机采用CiscoCatalyst3550-
24-EMI,并安装1块1000Base-XGBIC千兆模块。
一台交换机采用Cisco
Catalyst3550-24-SMI,也安装1块1000Base-XGBIC千兆模块。
另外四台交换机
采用CiscoCatalyst2950G-24-SMI,安装1块1000Base-TGBIC千兆模块。
所有服务器划分为一个VLAN,即VLAN50。
四台Catalyst2950G-24-SMI交换机也只划分为一个VLAN,分别为VLAN60、VLAN70、VLAN80和VLAN90。
Catalyst3550-24-EMI划分为4个VLAN,分别为VLAN10、VLAN20、VLAN30和
VLAN40。
Catalyst3550-24-SMI划分2个VLAN,分别为VLAN60和VLAN80,与另
外两台Catalyst2950G-24-SMI交换机分别位于同一VLAN。
***************************实例分析****************************
由于所有Catalyst2950G交换机都是一个独立的VLAN,因此,必须先在
这些交换机上创建VLAN(VLAN60~VLAN90),并将所有端口都指定至该VLAN。
然
后,再在Catalyst4006交换机相应端口上分别创建VLAN。
Catalyst4006的
1000Base-X端口分别与各Catalyst2950G的1000Base-X端口连接。
其中,
GigabitEthernet3/2端口连接至1号Catalyst2950交换机(VLAN60),GigabitEthernet3/3端口连接至2号Catalyst2950交换机(VLAN70),GigabitEthernet3/4端口连接至3号Catalyst2950交换机(VLAN80),GigabitEthernet3/5端口连接至4号Catalyst2950交换机(VLAN90),GigabitEthernet3/6端口连接至6号楼交换机(VLAN80)。
由于在Catalyst3550-24-EMI上划分有4个VLAN(VLAN10~VLAN40),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst4006的GigabitEthernet3/1端口连接,因此,必须在Catalyst4006与Catalyst3550-24-EMI之间创建一个Trunk。
同样,在Catalyst3550-24-SMI上划分有2个VLAN(VLAN60和VLAN80),而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst4006的GigabitEthernet3/6端口连接,因此,必须在Catalyst4006与Catalyst3550-24-EMI之间创建一个Trunk。
另外,所有服务器均连接至Catalyst4006的1000Base-T模块,并单独成为一个VLAN(VLAN90),因此,也必须为这些交换机创建一个VLAN,并将所有端口指定至该VLAN。
需要注意的是,考虑到网络管理的需要,也可以剩余几个RJ-45端口(如21至24端口)不指定至任何VLAN,从而便于连接网络管理设备。
默认状态下,所有端口都属于VLAN1,而且也只有在VLAN1中才能实现对网络中所有设备的管理。
***************************配置清单******************************
●CiscoCatalyst4006交换机配置清单
Currentconfiguration:
5594bytes
!
version12.1
noservicepad
servicetimestampsdebuguptime
servicetimestampsloguptime
noservicepassword-encryption
servicecompress-config
!
hostnamehsnc
!
bootsystembootflash:
cat4000-is-mz.121-8a.EW1.bin
nologgingconsole
enablesecretlevel15$1$rkQW$1HKyKdN5f.Ri5zxeoF8Yv/
!
ipsubnet-zero
!
!
!
interfaceGigabitEthernet1/1
nosnmptraplink-status
!
--不为SupervisorEngineIIIG引擎中的1000Base-X插槽指定VLAN
interfaceGigabitEthernet1/2
nosnmptraplink-status
!
!
interfaceGigabitEthernet2/1
switchportaccessvlan50
nosnmptraplink-status
!
--将端口GigabitEthernet2/1指定至VLAN50
!
interfaceGigabitEthernet2/2
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/3
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/4
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/5
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/6
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/7
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/8
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/9
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/10
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/11
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/12
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/13
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/14
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/15
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/16
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/17
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/18
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/19
switchportaccessvlan50
nosnmptraplink-status
!
interfaceGigabitEthernet2/20
switchportaccessvlan50
nosnmptraplink-status
!
--不将GigabitEthernet2/20~24指定至任何VLAN
!
interfaceGigabitEthernet3/1
switchporttrunkencapsulationdot1q
!
--启用802.1QTrunk封装协议,即在该端口创建Trunk
switchporttrunkallowedvlan1-80
!
--允许vlan1-90在该中继线通讯
!
--可以拒绝或允许某个VLAN访问该Trunk
!
--确保未被授权的VLAN通过该Trunk,实现VLAN的访问安全
switchportmodetrunk
!
--将该端口设置为Trunk
descriptionnetcenter
nosnmptraplink-status
!
interfaceGigabitEthernet3/2
switchportaccessvlan60
nosnmptraplink-status
!
--将端口GigabitEthernet3/2指定至VLAN60
!
interfaceGigabitEthernet3/3
switchportaccessvlan70
nosnmptraplink-status
!
--将端口GigabitEthernet3/3指定至VLAN70
!
interfaceGigabitEthernet3/4
switchportaccessvlan80
nosnmptraplink-status
!
--将端口GigabitEthernet3/4指定至VLAN80
!
interfaceGigabitEthernet3/5
switchportaccessvlan90
nosnmptraplink-status
!
--将端口GigabitEthernet3/5指定至VLAN90
!
interfaceGigabitEthernet3/6
switchporttrunkencapsulationdot1q
!
--启用802.1QTrunk封装协议,即在该端口创建Trunk
switchporttrunkallowedvlan1-80
!
--允许vlan1-90在该中继线通讯
!
--可以拒绝或允许某个VLAN访问该Trunk
!
--从而确保未被授权的VLAN通过该Trunk,实现VLAN访问安全
switchportmodetrunk
!
--将该端口设置为Trunk
descriptionnetcenter
nosnmptraplink-status
!
interfaceVlan1
descriptionnetmanger
noipaddress
!
!
--对VLAN1进行描述
interfaceVlan10
descriptionnetworkcenter
noipaddress
!
--对VLAN2进行描述
!
interfaceVlan20
descriptioncomputercenter
noipaddress
!
interfaceVlan30
descriptionnetworklab
noipaddress
!
interfaceVlan40
descriptionhuaxuelou
noipaddress
!
interfaceVlan50
descriptionwulilou
noipaddress
!
interfaceVlan60
descriptionshengwulou
noipaddress
!
interfaceVlan70
descriptionzhongwenxi
noipaddress
!
interfaceVlan80
descriptiontushuguan
noipaddress
!
!
linecon0
stopbits1
linevty04
passwordaaa
login
!
end
●CiscoCatalyst3550-EMI配置清单
Buildingconfiguration...
Currentconfiguration:
4055bytes
!
version12.1
noservicepad
servicetimestampsdebuguptime
servicetimestampsloguptime
noservicepassword-encryption
!
hostnameoffice
!
enablesecret5$1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ipsubnet-zero
!
!
spanning-treeextendsystem-id
!
!
!
interfaceFastEthernet0/1
switchportaccessvlan10
!
--将端口FastEthernet0/1指定至VLAN10
noipaddress
!
interfaceFastEthernet0/2
switchportaccessvlan10
noipaddress
!
interfaceFastEthernet0/3
switchportaccessvlan10
noipaddress
!
interfaceFastEthernet0/4
switchportaccessvlan10
noipaddress
!
interfaceFastEthernet0/5
switchportaccessvlan10
noipaddress
!
interfaceFastEthernet0/6
switchportaccessvlan20
noipaddress
!
--将端口FastEthernet0/6指定至VLAN20
!
interfaceFastEthernet0/7
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/8
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/9
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/10
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/11
switchportaccessvlan30
noipaddress
!
--将端口FastEthernet0/6指定至VLAN30
!
interfaceFastEthernet0/12
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/13
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/14
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/15
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/16
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/17
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/18
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/19
switchportaccessvlan40
noipaddress
!
--将端口FastEthernet0/6指定至VLAN40
!
interfaceFastEthernet0/20
switchportaccessvlan40
noipaddress
!
interfaceFastEthernet0/21
switchportaccessvlan40
noipaddress
!
interfaceFastEthernet0/22
switchportaccessvlan30
noipaddress
!
interfaceFastEthernet0/23
switchportaccessvlan40
noipaddress
!
interfaceFastEthernet0/24
switchportaccessvlan40
noipaddress
!
interfaceGigabitEthernet0/1
switchporttrunkencapsulationdot1q
!
--启用802.1QTrunk封装协议,即在该端口创建Trunk
switchporttrunkallowedvlan1-80
!
--允许vlan1-80在该中继线通讯
switchportmodetrunk
!
--将该端口设置为Trunk
noipaddress
!
interfaceGigabitEthernet0/2
noipaddress
!
interfaceVlan1
ipaddress172.16.100.12255.255.255.0
!
--LAN1指定IP地址
noiproute-cache
noipmroute-cache
!
ipclassless
iphttpserver
!
!
!
!
linecon0
linevty04
passwordaaa
login
linevty515
login
!
end
●CiscoCatalyst3550-SMI配置清单
Buildingconfiguration...
Currentconfiguration:
4055bytes
!
version12.1
noservicepad
servicetimestampsdebuguptime
servicetimestampsloguptime
noservicepassword-encryption
!
hostnameoffice
!
enablesecret5$1$p0fU$JeyPOM0RuL.Fqfe71efHF1
!
ipsubnet-zero
!
!
spanning-treeextendsystem-id
!
!
!
interfaceFastEthernet0/1
switchportaccessvlan60
!
--将端口FastEthernet0/1指定至VLAN60
noipaddress
!
interfaceFastEthernet0/2
switchportaccessvlan60
noipaddress
!
interfaceFastEthernet0/3
switchportaccessvlan60
noipaddress
!
interfaceFastEthernet0/4
switchportaccessvlan60
noipaddress
!
interfaceFastEthernet0/5
switchportaccessvlan60
noipaddress
!
interfaceFastEthernet0/6
switchportaccessvlan20
noipaddress
!
--将端口FastEthernet0/6指定至VLAN20
!
interfaceFastEthernet0/7
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/8
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/9
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/10
switchportaccessvlan20
noipaddress
!
interfaceFastEthernet0/11
switchportaccessvl
升级会员 