Chng 7: nh tuyn gia cc VLAN

1. Gii thiu Mi VLAN l mt min broadcast. Do , mi host trong VLAN ch lin lc c vi cc server v cc my khc trong cng mt VLAN. Nu mt my trong mt VLAN mun lin lc vi mt host thuc mt VLAN khc th n phi thng qua thit b lp 3 nh l router Router trong cu trc VLAN thc hin ngn chn qung b (broadcast), bo mt v qun l cc traffic mng. Switch layer 2 khng th chuyn mch cc traffic gia cc VLAN vi nhau. Giao thng gia cc VLAN phi c nh tuyn qua thit b layer 3 nh router. Gi s ta chia trn switch 3 vlan, nu ta dng 3 con router nh tuyn cho 3 vlan ny th qu cng knh v khng tit kim. Ta s dng 1 interface (fastethernet tr ln) kt ni vi mt port (fastethernet tr ln) trn switch v cu hnh ng ny lm ng trunking (trunk layer 3) nh tuyn cho cc vlan. ng kt ni cho php mang lu lng ca nhiu VLAN gi l kt ni trunk lp 3. N khng phi l ca ring VLAN no.Ta c th cu hnh mt ng trunk vn chuyn lu thng cho tt c VLAN hoc mt s VLAN no . Trunking layer 3 i hi interface trn VLAN phi c th hot ng tc Fast Ethernet tr ln. Physical interface v logical interface ng trunk c u im l lm gim s lng port cn s dng ca router v switch. iu ny khng ch tit kim tin bc m cn gip cho cu hnh bt phc tp. Kt ni trunk trn router c kh nng m rng vi s lng ln VLAN. Nu mi VLAN phi c mt kt ni vt l th khng th p ng c khi s lng VLAN ln. Mt cng vt l c th c chia thnh nhiu cng logic. Mi cng logic tng ng vi mt vlan v c t mt a ch IP ca vlan . Mi VLAN l mt IP subnet ring, do cng logic thuc vlan no th c a ch ip trong subnet ca vlan . 2. M t bi lab v hnh

Page 1

Cu hinh y u 2900XL switch ! hostname 2900xl ! interface FastEthernet0/1 switchport mode trunk ! !-- Nu ban cu hinh trunking theo chun 802.1q thi phai cu hinh trn cng giao tip Fa0/1 la: !-- interface FastEthernet0/1 !-- switchport trunk encapsulation dot1q !-- switchport mode trunk ! interface FastEthernet0/2 switchport access vlan 2 ! interface VLAN1 ip address 10.10.10.2 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 10.10.10.1 ! end Router 2600 Series: ! hostname c2600 ! no logging console enable password mysecret ! ip subnet-zero ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation isl 1 ip address 10.10.10.1 255.255.255.0
Page 2

!-- Nu cu hinh theo chun 802.1Q thi se cu hinh trn cng giao tip F0/0.1 la: !-- interface FastEthernet0/0.1 !-- encapsulation dot1Q 1 native !-- ip address 10.10.10.1 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation isl 2 ip address 10.10.11.1 255.255.255.0 ! ! Nu cu hinh theo chun 802.1Q thi se cu hinh trn cng giao tip F0/0.2 la: !-- interface FastEthernet0/0.2 !-- encapsulation dot1Q 2 !-- ip address 10.10.11.1 255.255.255.0 ! end Cac bc thc hin Switch2900 1. Vao ch privileged mode, cu hinh mt khu telnet cho switch switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. switch(config)#hostname 2900xl 2900xl(config)#enable password mysecret 2900xl(config)#line vty 0 4 2900xl(config-line)#login 2900xl(config-line)#password mysecret 2900xl(config-line)#exit 2900xl(config)#no logging console 2900xl(config)#^Z 2. Gan ia chi IP va default gateway cho VLAN1 cho tin vic quan tri 2900xl#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 2900xl(config)#int vlan 1 2900xl(config-if)#ip address 10.10.10.2 255.255.255.0 2900xl(config-if)#exit 2900xl(config)#ip default-gateway 10.10.10.1 2900xl(config)#end 3. Thit lp vtp transparent mode 2900xl#vlan database 2900xl(vlan)#vtp transparent
Page 3

Setting device to VTP TRANSPARENT mode. 4. To mi VLAN2 trong c s d liu VLAN ca switch. VLAN1 mc inh a co sn 2900xl(vlan)#vlan 2 VLAN 2 added: Name: VLAN0002 2900xl(vlan)#exit APPLY completed. Exiting.... 5. Kich hoat trunking trn cng giao tip Fa0/1 2900xl#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 2900xl(config)#int fastEthernet 0/1 2900xl(config-if)#switchport mode trunk 6. Encapsulation trunking bng s dung isl hay dot1q 2900xl(config-if)#switchport trunk encapsulation isl (2900xl(config-if)#switchport trunk encapsulation dot1q) + Trong trng hp switch 2950 chi h tr 802.1q encapsulation va t ng kich hoat khi thit lp trunking cho cng giao tip nay bng cach s dung lnh switchport mode trunk. + Trn switch 2900xl, mc inh native VLAN la 1, ban co th thay i native VLAN bng lnh: 2900xl(config-if)#switchport trunk native vlan <vlan ID> 7. Cho phep tt ca cac VLAN c chuyn qua kt ni trunk: 2900xl(config-if)#switchport trunk allowed vlan all 2900xl(config-if)#exit 8. Gan cng Fa0/2 va VLAN 2. 2900xl(config)#int fastEthernet 0/2 2900xl(config-if)#switchport access vlan 2 2900xl(config-if)#spanning-tree portfast 2900xl(config-if)#exit + Cng fa0/3 mc inh a thuc VLAN1 nn khng cn thc hin apply vao VLAN 1 9. Lu cu hinh 2900xl#write memory Building configuration...
Page 4

2900xl# Router 2600 Series 1. Vao privileged mode cu hinh mt khu telnet cho router Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname c2600 c2600(config)#enable password mysecret c2600(config)#line vty 0 4 c2600(config-line)#login c2600(config-line)#password mysecret c2600(config-line)#exit c2600(config)#no logging console c2600(config)#^Z c2600#configure terminal Enter configuration commands, one per line. End with CNTL/Z. 2. Chon cng fa0/0 cu hinh trunk, c2600(config)#int fastEthernet 0/0 c2600(config-if)#no shut c2600(config-if)#exit 3. Kich hoat trunking trn sub-interface Fa0/0.1 va encapsulation bng isl c2600(config)#int fastEthernet 0/0.1 c2600(config-subif)#encapsulation isl 1 + Trong trng hp dng giao thc dot1q, ban cn am bao native VLAN hai u kt ni trunk l ging nhau (mc inh trn switch 2900XL la VLAN 1). c2600(config-subif)#encapsulation dot1Q 1 ? native Make this is native vlan <cr> c2600(config-subif)#encapsulation dot1Q 1 native 4. Cu hinh thng tin lp 3 cho sub-interface Fa0/0.1 c2600(config-subif)#ip address 10.10.10.1 255.255.255.0 c2600(config-subif)#exit 5. Kich hoat trunking trn sub-interface Fa0/0.2 va encapsulation bng isl c2600(config)#int fastEthernet 0/0.2
Page 5

c2600(config-subif)#encapsulation isl 2 (hay bng dot1q: c2600(config-subif)#encapsulation dot1Q 2) 6. Cu hinh thng tin Layer 3 cho sub-interface Fa0/0.2 c2600(config-subif)#ip address 10.10.11.1 255.255.255.0 c2600(config-subif)#exit c2600(config)#^Z 7. Lu cu hinh c2600#write memory Building configuration... [OK] c2600# Kim tra Catalyst 2900xl Switch 1. Dung lnh show int FastEthernet <module/port> switchport kim tra trang thai port va am bao native VLAN ca 2 u kt ni trunk l ging nhau: 2900xl#show int fastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 1,2 Pruning VLANs Enabled: 2-1001 Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none Appliance trust: none Trong trng hp 802.1q trunking, output se nh sau 2900xl#show int fastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled
Page 6

Administrative mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 1,2 Pruning VLANs Enabled: 2-1001 Priority for untagged frames: 0 Override vlan tag priority: FALSE Voice VLAN: none 2. Dung lnh show vlan kim tra cac cng ca switch (ports) xem co thuc v ung VLAN. Trong bi ny, ta chu y chi co cng Fa0/2 l thuc v VLAN 2, cac cng con lai ca switch thuc v VLAN 1 2900xl#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Gi0/1, Gi0/2 2 VLAN0002 active Fa0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active ... 3. Lnh show vtp status dung kim tra VLAN trunking protocol (VTP) trn switch. Trong bi lab ny, ta dung transparent mode. 2900xl#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 254 Number of existing VLANs : 6 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xC3 0x71 0xF9 0x77 0x2B 0xAC 0x5C 0x97
Page 7

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Cisco 2600 Router 1. Lnh show vlan cho bit thng tin Layer2/Layer3 c cu hinh cho mi VLAN: c2600#show vlan Virtual LAN ID: 1 (Inter Switch Link Encapsulation) vLAN Trunk Interface: FastEthernet0/0.1 Protocols Configured: Address: Received: Transmitted: IP 10.10.10.1 40 38 Virtual LAN ID: 2 (Inter Switch Link Encapsulation) vLAN Trunk Interface: FastEthernet0/0.2 Protocols Configured: Address: Received: Transmitted: IP 10.10.11.1 9 9 i vi 802.1Q trunking, output co dang sau: c2600#show vlan Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet0/0.1 This is configured as native Vlan for the following interface(s): FastEthernet0/0 Protocols Configured: Address: Received: Transmitted: IP 10.10.10.1 0 2 Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet0/0.2 Protocols Configured: Address: Received: Transmitted: IP 10.10.11.1 42 19 i vi Cisco IOS version trc 12.1(3)T, output co dang sau: c2600#show vlan Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet0/0.2 Protocols Configured: Address: Received: Transmitted: IP 10.10.11.1 6 4 2. Kim tra trang thai cac cng bng lnh show interface: c2600#show interfaces fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0)
Page 8

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:07, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo ... c2600#show interfaces fastEthernet 0/0.1 FastEthernet0/0.1 is up, line protocol is up Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0) Internet address is 10.10.10.1/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ISL Virtual LAN, Color 1. ARP type: ARPA, ARP Timeout 04:00:00 c2600#show interfaces fastEthernet 0/0.2 FastEthernet0/0.2 is up, line protocol is up Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0) Internet address is 10.10.11.1/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ISL Virtual LAN, Color 2. ARP type: ARPA, ARP Timeout 04:00:00 i vi 802.1Q trunking, output co dang: c2600#show interfaces fastEthernet 0/0.1 FastEthernet0/0.1 is up, line protocol is up Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0) Internet address is 10.10.10.1/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation 802.1Q Virtual LAN, Vlan ID 1. ARP type: ARPA, ARP Timeout 04:00:00 c2600#show interfaces fastEthernet 0/0.2 FastEthernet0/0.2 is up, line protocol is up Hardware is AmdFE, address is 0003.e36f.41e0 (bia 0003.e36f.41e0) Internet address is 10.10.11.1/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255

Page 9

Encapsulation 802.1Q Virtual LAN, Vlan ID 2. ARP type: ARPA, ARP Timeout 04:00:00 Ngun: Internet

Page 10