8 장 . VLAN 과 Inter-VLAN 라우팅

Download 8 장 . VLAN 과  Inter-VLAN  라우팅

Post on 19-Mar-2016

77 views

Category:

Documents

9 download

Embed Size (px)

DESCRIPTION

8 . VLAN Inter-VLAN . 2012 2 . . ? LAN L2 : MAC L3 : IP - PowerPoint PPT Presentation

TRANSCRIPT

<p>8. VLAN Inter-VLAN 2012 2 ? LAN L2 : MAC L3 : IP L4 : TCP, UDP RTP( ) . .L7 : URL, , . , QoS, </p> <p> , , (access) : . Port security, VLAN, PoE(Power of Ethernet), Link Aggregation, QoS (distribution) : . ACL, IP , , QoS (core) : . . MAC </p> <p>1. MAC </p> <p>2. PC PC </p> <p>3. PC </p> <p>4. PC . PC </p> <p>5. MAC . MAC Aging time 300 MAC Switch#show mac Mac Address Table-------------------------------------------</p> <p>Vlan Mac Address Type Ports---- ----------- -------- -----</p> <p> 1 0003.e48b.297b DYNAMIC Fa0/3 1 0005.5e70.4557 DYNAMIC Fa0/4 1 000c.cfb2.e824 DYNAMIC Fa0/5 1 00d0.bc01.1d48 DYNAMIC Fa0/2 1 00e0.f9d8.7976 DYNAMIC Fa0/1VLAN VLAN VLAN VLAN L3 VLAN 1 VLAN() VLAN Switch#show vlan</p> <p>VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig1/1, Gig1/21002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup </p> <p>VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 VLAN 1 VLAN1002~1005 VLAN1~1001 VLAN Trunk </p> <p>VLAN SW1(config)#vlan 10SW1(config-vlan)#name VLAN_10SW1(config-vlan)#exitSW1(config)#vlan 20SW1(config-vlan)#name VLAN_20SW1(config-vlan)#exitSW1(config)#vlan 30SW1(config-vlan)#name VLAN_30SW1(config-vlan)#exit</p> <p>SW1(config)#interface FastEthernet0/1SW1(config-if)#switchport access vlan 20SW1(config-if)#exitSW1(config)#interface FastEthernet0/2SW1(config-if)#switchport access vlan 10SW1(config-if)#exitSW1(config)#interface FastEthernet0/3SW1(config-if)#switchport access vlan 30SW1(config-if)#exitSW2(config)#vlan 10SW2(config-vlan)#name VLAN_10SW2(config-vlan)#exitSW2(config)#vlan 20SW2(config-vlan)#name VLAN_20SW2(config-vlan)#exitSW2(config)#vlan 30SW2(config-vlan)#name VLAN_30SW2(config-vlan)#exit</p> <p>SW2(config)#interface FastEthernet0/2SW2(config-if)#switchport access vlan 10SW2(config-if)#exitSW2(config)#interface FastEthernet0/3SW2(config-if)#switchport access vlan 30SW2(config-if)#exitSW2(config)#interface FastEthernet0/4SW2(config-if)#switchport access vlan 10SW2(config-if)#exitVLAN VLAN VLAN Trunk SW1 3 VLAN SW2 2 VLAN SW1 SW2 Trunk VLAN VLAN ID VLAN Trunk SW2(config)#interface FastEthernet0/1SW2(config-if)#switchport mode trunkSW1(config)#interface FastEthernet0/4SW1(config-if)#switchport mode trunkTrunk SW1(config)#do show interfaces trunkPort Mode Encapsulation Status Native vlanFa0/4 on 802.1q trunking 1</p> <p>Port Vlans allowed on trunkFa0/4 1-1005</p> <p>Port Vlans allowed and active in management domainFa0/4 1,10,20,30</p> <p>Port Vlans in spanning tree forwarding state and not prunedFa0/4 1,10,20,30802.1q : VLAN 3 VLAN VLAN 802.1q: L2, L3 VLAN ID VLAN ISL(Inter-Switch Link): L3 VLAN ID Native VLAN VLAN PC Native VLAN </p> <p> Native VLAN 1 </p> <p> Native VLAN 10 Native VLAN SW1(config)#int fa0/4SW1(config-if)#switchport trunk native vlan 10</p> <p>SW2(config-if)#int fa0/1SW2(config-if)#switchport trunk native vlan 10DTP(Dynamic Trunking Protocol) 802.1q ISL Switchport mode trunk: Switchport mode dynamic auto: on, desirable Switchport mode dynamic desirable: on, auto, desirable Switchport nonegotiate: DTP Switchport trunk allowed vlan: VLAN DTP VLAN PC .L3 () Inter-VLAN</p> <p>Inter-VLANSwitch(config)#vlan 10Switch(config-vlan)#name InfocommSwitch(config-vlan)#exitSwitch(config)#vlan 70Switch(config-vlan)#name SecuritySwitch(config-vlan)#exit</p> <p>Switch(config)#interface FastEthernet0/1Switch(config-if)#switchport access vlan 10Switch(config-if)#exitSwitch(config)#interface FastEthernet0/2Switch(config-if)#switchport access vlan 70Switch(config-if)#exitSwitch(config)#interface FastEthernet0/3Switch(config-if)#switchport access vlan 10Switch(config-if)#exitSwitch(config)#interface FastEthernet0/4Switch(config-if)#switchport access vlan 70Router(vlan)#vlan 10 name InfocommVLAN 10 modified: Name: InfocommRouter(vlan)#vlan 70 name SecurityVLAN 70 modified: Name: Security</p> <p>Router(config)#interface FastEthernet0/0Router(config-if)#ip address 1.1.1.1 255.255.255.0Router(config-if)#exitRouter(config)#interface FastEthernet0/1Router(config-if)#ip address 2.2.2.1 255.255.255.0VLAN ? ---(router-on-a-stick) Inter-VLAN VLAN SVI(Switch Virtual Interface)------</p> <p>--- 1 SW1(config)#interface FastEthernet0/5SW1(config-if)#switchport mode trunk Router(config)#interface FastEthernet0/0Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#int fa0/0.10Router(config-subif)#encapsulation dot1q 10Router(config-subif)#ip add 1.1.1.1 255.255.255.0Router(config-subif)#exitRouter(config)#int fa0/0.20Router(config-subif)#encapsulation dot1q 20Router(config-subif)#ip add 2.2.2.1 255.255.255.0Router(config-subif)#exitRouter(config)#int fa0/0.30Router(config-subif)#encapsulation dot1q 30Router(config-subif)#ip add 3.3.3.1 255.255.255.0Router(config-subif)#exit---Router(config)#do show ip int briefInterface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset up up FastEthernet0/0.10 1.1.1.1 YES manual up up FastEthernet0/0.20 2.2.2.1 YES manual up up FastEthernet0/0.30 3.3.3.1 YES manual up upRouter(config)#do show ip route</p> <p>Gateway of last resort is not set</p> <p> 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, FastEthernet0/0.10 2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0 is directly connected, FastEthernet0/0.20 3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, FastEthernet0/0.30Port-Security? L2 : L2 MAC Port-Security 1 fa0/1 1 , 1 fa0/1 .Port-Security </p> <p>Switch(config)#interface FastEthernet0/1Switch(config-if)#switchport mode accessSwitch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security maximum 1Switch(config-if)#switchport port-security violation shutdown 2PC1 PC1 PC0 Port-Security Switch(config-if)#int fa0/1Switch(config-if)#switchport mode accessSwitch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 1Switch(config-if)#switchport port-security mac-address 00E0.B0BD.828DFound duplicate mac-address 00e0.b0bd.828d.Switch(config-if)#switchport port-security violation shutdownSwitchport port-security violation [restrict|protect|shutdown]Protect: Restrict: protect Shutdown: </p> <p> Port-Security VLAN SW1(config)#vlan 10SW1(config-vlan)#name VLAN_10SW1(config-vlan)#exitSW1(config)#vlan 20SW1(config-vlan)#name VLAN_20SW1(config-vlan)#exitSW1(config)#vlan 30SW1(config-vlan)#name VLAN_30SW1(config-vlan)#exit SW1(config)#interface FastEthernet0/4SW1(config-if)#switchport mode trunk VLAN SW1(config)#interface FastEthernet0/1SW1(config-if)#switchport access vlan 20SW1(config-if)#exitSW1(config)#interface FastEthernet0/2SW1(config-if)#switchport access vlan 10SW1(config-if)#exitSW1(config)#interface FastEthernet0/3SW1(config-if)#switchport access vlan 30SW1(config-if)#exitNative VLAN SW2(config-if)#int fa0/1SW2(config-if)#switchport trunk native vlan 10 Inter-VLAN </p> <p>Router(vlan)#vlan 10 name InfocommVLAN 10 modified: Name: InfocommRouter(vlan)#vlan 70 name SecurityVLAN 70 modified: Name: Security</p> <p>Router(config)#interface FastEthernet0/0Router(config-if)#ip address 1.1.1.1 255.255.255.0Router(config-if)#exitRouter(config)#interface FastEthernet0/1Router(config-if)#ip address 2.2.2.1 255.255.255.0 </p> <p>Router(config)#interface FastEthernet0/0Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#int fa0/0.10Router(config-subif)#encapsulation dot1q 10Router(config-subif)#ip add 1.1.1.1 255.255.255.0Router(config-subif)#exitRouter(config)#int fa0/0.20Router(config-subif)#encapsulation dot1q 20Router(config-subif)#ip add 2.2.2.1 255.255.255.0Router(config-subif)#exitRouter(config)#int fa0/0.30Router(config-subif)#encapsulation dot1q 30Router(config-subif)#ip add 3.3.3.1 255.255.255.0Router(config-subif)#exit1. 8-4 VLAN VLAN .2. 8-12 VLAN PC . 3. VLAN VLAN . 8 4. VLAN PC . 8 </p>