1、实验环境
公司的员工人数已达到 100 人,其网络设备如图12.13所示,现在的网络环境导致广播较多网速慢,并且也不安全,公司希望按照部门划分网络,并且能够保证一定的网络安全性
图12.13 实验案例二拓扑图
其网络规划如下
- PC1和 PC3 为财务部,属于 VLAN 2,名称为 caiw,IP地址分别为 192.168.0.2/24,192.168.0.3/24.
- PC2和PC5为销售部,属于VLAN 3,名称为 xiaoshou,其P地址分别为192.168.1.2/24,192.168.1.3/24.
- PC4 和PC6 为生产部,属于VLAN4,名称为 shengchan,其P地址分别为 192.168.2.2/24,192.168.2.3/24.
三台交换机之间的链路为 Trunk。配置交换机管理的IP地址用VLAN1,SW1.SW2与SW3的IP地址分别为192.168.100.1/24、192.168.100.2/24,192.168.1003/24
2、需求描述
使用 VLAN 技术将整个网络从逻辑上划分为若干个小的虚拟局域网,并且保证不同的 VLAN 之间不能相互访问。
3、推荐步骤
- 在交换机上添加 VLAN。
- 添加端口到相应的 VLAN 中。
- 配置交换机的 P地址。
- 验证相同 VLAN 的主机可以通信:不同 VLAN 的主机不能通信,交换机的IP地址通信正常
4、实验步骤
1、配置PC端IP地址
剩下的PC电脑如上图所示配置IP地址。
2、在交换机添加VLAN
SW1
SW1(config)#vlan 2
SW1(config-vlan)#name caiwu
SW1(config-vlan)#exit
SW1(config)#vlan 3
SW1(config-vlan)#name xiaoshou
SW1(config-vlan)#exit
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
2 caiwu active
3 xiaoshou active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW1#SW2
SW2(config)#vlan 2
SW2(config-vlan)#name caiwu
SW2(config-vlan)#exit
SW2(config)#vlan 4
SW2(config-vlan)#name shengchan
SW2(config-vlan)#exit
SW2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
2 caiwu active
4 shengchan active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#SW3
SW3(config)#vlan 3
SW3(config-vlan)#name xiaoshou
SW3(config-vlan)#exit
SW3(config)#vlan 4
SW3(config-vlan)#name shengchan
SW3(config-vlan)#exit
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
3 xiaoshou active
4 shengchan active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW3#3.添加端口到相应的VLAN中
SW1
SW1(config)#interface fastEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 2
SW1(config-if)#exit
SW1(config)#interface fastEthernet 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 3
SW1(config-if)#exit
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
2 caiwu active Fa0/1
3 xiaoshou active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW1#SW2
SW2(config)#interface fastEthernet 0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 2
SW2(config-if)#exit
SW2(config)#interface fastEthernet 0/2
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 4
SW2(config-if)#exit
SW2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
2 caiwu active Fa0/1
4 shengchan active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#SW3
SW3(config)#interface fastEthernet 0/1
SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 3
SW3(config-if)#exit
SW3(config)#interface fastEthernet 0/2
SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 4
SW3(config-if)#exit
SW3#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
3 xiaoshou active Fa0/1
4 shengchan active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW3#4、配置交换机IP地址并配置Trunk
SW1
SW1(config)#interface vlan 1
SW1(config-if)#ip address 192.168.100.1 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW1(config)#interface fastEthernet 0/14
SW1(config-if)#switchport mode trunk
SW1(config-if)#exit
SW1(config)#SW2
SW2(config)#interface vlan 1
SW2(config-if)#ip address 192.168.100.2 255.255.255.0
SW2(config-if)#no shutdown
SW2(config-if)#exit
SW2(config)#interface fastEthernet 0/15
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit
SW2(config)#SW3
SW3(config)#interface vlan 1
SW3(config-if)#ip address 192.168.100.3 255.255.255.0
SW3(config-if)#no shutdown
SW3(config-if)#exit
SW3(config)#
5.验证相同 VLAN 的主机可以通信:不同 VLAN 的主机不能通信,交换机的IP地址通信正常
5.1相同VLAN通信
PC1和PC3
PC2和PC5
此时我们发现PC2和PC5是不通信的
如果我们把三台交换机把没有创建的VLAN 创建出来。例如:SW1创建VLAN 4、SW2创建VLAN 3、SW3创建VLAN2。
SW1(config)#vlan 4 //添加VLAN 4
SW1(config-vlan)#name shengchan
SW1(config-vlan)#exit
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig0/1, Gig0/2
2 caiwu active Fa0/1
3 xiaoshou active Fa0/2
4 shengchan active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW1#SW2和SW3同上步骤添加,再去ping PC2和PC5
此时PC2和PC5就能相通了。
PC4和PC6
5.2 不同VLAN通信
PC1和PC2
PC3和PC4
PC5和PC6
5.3 交换机通信
SW2和SW3同以上步骤。
至此实验结束。
