Switch#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. Switch(vlan)# *Mar 1 00:29:54.407: %SYS-5-CONFIG_I: Configured from console by console Switch(vlan)#show VLAN ISL Id: 1 Name: default Media Type: Ethernet VLAN 802.10 Id: 100001 State: Operational MTU: 1500 Backup CRF Mode: Disabled Remote SPAN VLAN: No VLAN ISL Id: 2 Name: server Media Type: Ethernet VLAN 802.10 Id: 100002 State: Operational MTU: 1500 Backup CRF Mode: Disabled Remote SPAN VLAN: No VLAN ISL Id: 3 Name: office Media Type: Ethernet VLAN 802.10 Id: 100003 State: Operational MTU: 1500 Backup CRF Mode: Disabled Remote SPAN VLAN: No VLAN ISL Id: 1002 Name: fddi-default Media Type: FDDI VLAN 802.10 Id: 101002 State: Operational MTU: 1500 Backup CRF Mode: Disabled Remote SPAN VLAN: No VLAN ISL Id: 1003 Name: token-ring-default Media Type: Token Ring VLAN 802.10 Id: 101003 State: Operational MTU: 1500 Maximum ARE Hop Count: 7 Maximum STE Hop Count: 7 Backup CRF Mode: Disabled Remote SPAN VLAN: No VLAN ISL Id: 1004 Name: fddinet-default Media Type: FDDI Net VLAN 802.10 Id: 101004 State: Operational MTU: 1500 STP Type: IEEE Backup CRF Mode: Disabled Remote SPAN VLAN: No VLAN ISL Id: 1005 Name: trnet-default Media Type: Token Ring Net VLAN 802.10 Id: 101005 State: Operational MTU: 1500 STP Type: IBM Backup CRF Mode: Disabled Remote SPAN VLAN: No Switch(vlan)#
路由器配製
Router#configure terminal Router(config)#interface f0/0 Router(config-if)#no shutdown Router(config-if)#interface f0/0.1 --------------- 創建子介面1 Router(config-subif)#encapsulation dot1q 2 ------ 2為VLAN號 對應VLAN 2 Router(config-subif)#ip address 10.10.11.1 255.255.255.0 Router(config-if)#interface f0/0.2 ---------------- 創建子介面2 Router(config-subif)#encapsulation dot1q 3 ------- 3為VLAN號 對應VLAN 3 Router(config-subif)#ip address 10.10.10.1 255.255.255.0 路由器已經配製完畢,可以在Router#show run 看一下當前的配製,用Router#show interfaces 看當前連接埠的狀態,f0/0.1 和f0/0.2兩個子 介面是否為up狀態。
交換機配製
Switch#vlan database Switch(vlan)#vlan 2 name 財務部 ------- 創建vlan 2為財務部 Switch(vlan)#vlan 3 name 市場部----------創建vlan 3為市場部 Switch(vlan)#exit Switch configure terminal Switch(coning)#interface range f0/2 - 9 Switch(coning-if)#switch port access vlan 2 ------- 將f0/-f0/9連接埠分到vlan 2中 Switch(config-if)#interface range f0/10 - 14 Switch(config-if)#switchport access vlan 3 --------將端f0/10至f0/14口3分到vlan 3中 Switch(config-if)#interface f0/1 Switch(config-if)#switchport trunk encapsulation dot1q ------將連接埠封裝 Switch(config-if)#switchport mode trunk -------- 將連接埠配製為trunk模式
客戶端配製:
WorKstation 1 配製為:10.10.11.3 255.255.255.0 網關:10.10.11.1 Workstation 2 配製為:10.10.10.3 255.255.255.0 網關:10.10.10.1
3560交換機VLAN間路由的具體設置
路由, VLAN, 交換機, 設置 在3560交換機上劃三個VLAN,並且要求其中兩個VLAN間能夠互相訪問,操作如下,請指點:
過程 12.1. Switch VLan 配置步驟
激活vlan路由
Switch1#config t Switch1(config)#ip routing
創建三個VLAN
Switch1# Switch1#vlan database Switch1(vlan)#vlan 2 Switch1(vlan)#vlan 3 Switch1(vlan)#vlan 10 Switch1(vlan)#exit
給VLAN分配IP
Switch1#config t Switch1(config)#config vlan2 Switch1(config-if)#ip address 192.168.2.1 255.255.255.0 Switch1(config-if)#no shutdown Switch1#config t Switch1(config)#config vlan3 Switch1(config-if)#ip address 192.168.3.1 255.255.255.0 Switch1(config-if)#no shutdown
配VTP
Switch1# Switch1#config t Switch1(config)#vtp domain SMG Switch1(config)#vtp mode server Switch1(config)#end
交換機通往路由器的介面配IP
Switch1# Switch1#config t Switch1(config)#interface fastethernet0/1 Switch1(config-if)#no switchport Switch1(config-if)#ip address 200.1.1.1 255.255.255.0 Switch1(config-if)#no shutdown
交換機配置預設路由
Switch1# Switch1#config t Switch(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2
把VLAN號分配給IP介面
Switch1# Switch1#config t Switch1(config)#interface fastethernet0/2 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan2 Switch1(config-if)#spanning-tree portfast … … Switch1# Switch1#config t Switch1(config)#interface fastethernet0/13 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport access vlan3 Switch1(config-if)#spanning-tree portfast
配訪問控制列表ACL禁VLAN3子網的客戶機訪問伺服器
Switch1# Switch1#config t Switch1(config)#access-list 1 deny 192.168.3.0 0.0.0.255 Switch1(config)#access-list 1 permit any Switch1(config)#interface fastethernet0/13 (此介面接伺服器) Switch1(config-if)#ip access-group 1 out
檢查上述配置
Switch1#show vlan Switch1#show ip route Switch1#show interface gigabitethernet0/1 switchport Switch1#show run Switch1#show vtp status
存配置
Switch1#copy running-config startup-config
VLAN Trunking Protocol(VLAN 中繼協議)
Server
Switch# config terminal Switch(config)# vtp mode server Switch(config)# vtp domain cisco Switch(config)# vtp password mypassword Switch(config)# end
Switch# vlan database Switch(vlan)# vtp server Switch(vlan)# vtp domain cisco Switch(vlan)# vtp password mypassword Switch(vlan)# exit APPLY completed. Exiting.... Switch#
2960#conf t 2960(config)#int f0/15 2960(config-if)#switchport mode trunk 2960(config-if)#end 2960#vlan database 2960(vlan)#vtp client 2960(vlan)#vtp domain eng_group 2960(vlan)#vtp password mypassword 2960(vlan)#exit
cisco3750>en cisco3750#conf t cisco3750(config)#vtp domain cisco(創建域名) cisco3750(config)#vtp password 123(設置密碼) cisco3750(config)#vtp mode server(改成伺服器模式) cisco3750(config-if)#int g0/0(進入千兆連接埠) cisco3750(config-if)#switchport trunk encapsulation dot1q(封裝) cisco3750(config-if)#switch mode trunk(改成trunk模式) 3560>en 3560#conf t 3560(config)#vtp domain cisco(要以前面一致) 3560(config)#vtp password 123(要以前面一致) 3560(config)#vtp mode client(改成客戶機模式)
3750G-1.240#show vtp stat VTP Version : 2 Configuration Revision : 4 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : cisco VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x5D 0x64 0xFF 0xB1 0x87 0xF7 0x5B 0x0E Configuration last modified by 0.0.0.0 at 3-1-93 00:17:47 Local updater ID is 0.0.0.0 (no valid interface found) 3750G-1.240#show vtp password VTP Password: 123