三层交换机vlan配置范例(共10页).doc

《三层交换机vlan配置范例(共10页).doc》由会员分享，可在线阅读，更多相关《三层交换机vlan配置范例(共10页).doc（10页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、精选优质文档-倾情为你奉上这个配置没有任何问题。只要你能看明白，记住关键的命令，相信你已经对三层有更深的认识。*网络基本情况网络拓扑结构为:中心交换机采用Cisco Catalyst 4006-S3，Supervisor Engine III G引擎位于第1插槽，用于实现三层交换;1块24口1000Base-T模块位于第2插槽，用于连接网络服务器;1块6端口1000Base-X模块位于第3插槽，用于连接6台骨干交换机。一台交换机采用Cisco Catalyst 3550-24-EMI，并安装1块1000Base-X GBIC千兆模块。一台交换机采用Cisco Catalyst 3550-24-

2、SMI，也安装1块1000Base-X GBIC千兆模块。另外四台交换机采用Cisco Catalyst 2950G-24-SMI，安装1块1000Base-T GBIC千兆模块。所有服务器划分为一个VLAN，即VLAN 50。四台Catalyst 2950G-24-SMI交换机也只划分为一个VLAN，分别为VLAN 60、VLAN 70、VLAN 80和VLAN 90。Catalyst 3550-24-EMI划分为4个VLAN，分别为VLAN 10、VLAN 20、VLAN 30和VLAN 40。Catalyst 3550-24-SMI划分2个VLAN，分别为VLAN 60和VLAN 80，

3、与另外两台Catalyst 2950G-24-SMI交换机分别位于同一VLAN。*实例分析*由于所有Catalyst 2950G交换机都是一个独立的VLAN，因此，必须先在这些交换机上创建VLAN(VLAN 60VLAN 90)，并将所有端口都指定至该VLAN。然后，再在Catalyst 4006交换机相应端口上分别创建VLAN。Catalyst 4006的1000Base-X端口分别与各Catalyst 2950G的1000Base-X端口连接。其中，GigabitEthernet3/2端口连接至1号Catalyst 2950交换机(VLAN 60)，GigabitEthernet3/3端口

4、连接至2号Catalyst 2950交换机(VLAN 70)，GigabitEthernet3/4端口连接至3号Catalyst 2950交换机(VLAN 80)，GigabitEthernet3/5端口连接至4号Catalyst 2950交换机(VLAN 90)，GigabitEthernet3/6端口连接至6号楼交换机(VLAN 80)。由于在Catalyst 3550-24-EMI上划分有4个VLAN(VLAN 10VLAN 40)，而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/1端口连接，因此，必须在Cataly

5、st 4006与Catalyst 3550-24- EMI之间创建一个Trunk。同样，在Catalyst 3550-24-SMI上划分有2个VLAN(VLAN 60和VLAN 80)，而4个VLAN都需借助于一条1000Base-X链路实现与Catalyst 4006的GigabitEthernet3/6端口连接，因此，必须在Catalyst 4006与Catalyst 3550-24- EMI之间创建一个Trunk。另外，所有服务器均连接至Catalyst 4006的1000Base-T模块，并单独成为一个VLAN(VLAN 90)，因此，也必须为这些交换机创建一个VLAN，并将所有端口指

6、定至该VLAN。需要注意的是，考虑到网络管理的需要，也可以剩余几个RJ-45端口(如21至24端口)不指定至任何VLAN，从而便于连接网络管理设备。默认状态下，所有端口都属于VLAN1，而且也只有在VLAN1中才能实现对网络中所有设备的管理。*配置清单*Cisco Catalyst 4006交换机配置清单Current configuration : 5594 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryp

7、tionservice compress-config!hostname hsnc!boot system bootflash:cat4000-is-mz.121-8a.EW1.binno logging consoleenable secret level 1 5 $1$rkQW$1HKyKdN5f.Ri5zxeoF8Yv/!ip subnet-zero!interface GigabitEthernet1/1no snmp trap link-status!-不为Supervisor Engine III G引擎中的1000Base-X插槽指定VLANinterface GigabitEt

8、hernet1/2no snmp trap link-status!interface GigabitEthernet2/1switchport access vlan 50no snmp trap link-status!-将端口GigabitEthernet2/1指定至VLAN 50!interface GigabitEthernet2/2switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/3switchport access vlan 50no snmp trap link-status

9、!interface GigabitEthernet2/4switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/5switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/6switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/7switchport access vlan 50no snmp trap

10、 link-status!interface GigabitEthernet2/8switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/9switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/10switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/11switchport access vlan

11、50no snmp trap link-status!interface GigabitEthernet2/12switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/13switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/14switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/15switchp

12、ort access vlan 50no snmp trap link-status!interface GigabitEthernet2/16switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/17switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/18switchport access vlan 50no snmp trap link-status!interface GigabitEth

13、ernet2/19switchport access vlan 50no snmp trap link-status!interface GigabitEthernet2/20switchport access vlan 50no snmp trap link-status!-不将GigabitEthernet2/2024指定至任何VLAN!interface GigabitEthernet3/1switchport trunk encapsulation dot1q！-启用802.1Q Trunk封装协议，即在该端口创建Trunkswitchport trunk allowed vlan 1

14、-80！-允许vlan 1-90在该中继线通讯！-可以拒绝或允许某个VLAN访问该Trunk！-确保未被授权的VLAN通过该Trunk，实现VLAN的访问安全switchport mode trunk！-将该端口设置为Trunk description netcenterno snmp trap link-status!interface GigabitEthernet3/2switchport access vlan 60no snmp trap link-status!-将端口GigabitEthernet3/2指定至VLAN 60!interface GigabitEthernet3/3

15、switchport access vlan 70no snmp trap link-status!-将端口GigabitEthernet3/3指定至VLAN 70!interface GigabitEthernet3/4switchport access vlan 80no snmp trap link-status!-将端口GigabitEthernet3/4指定至VLAN 80!interface GigabitEthernet3/5switchport access vlan 90no snmp trap link-status!-将端口GigabitEthernet3/5指定至VLA

16、N 90!interface GigabitEthernet3/6switchport trunk encapsulation dot1q！-启用802.1Q Trunk封装协议，即在该端口创建Trunkswitchport trunk allowed vlan 1-80！-允许vlan 1-90在该中继线通讯！-可以拒绝或允许某个VLAN访问该Trunk！-从而确保未被授权的VLAN通过该Trunk，实现VLAN访问安全switchport mode trunk！-将该端口设置为Trunk description netcenterno snmp trap link-status!inter

17、face Vlan1description netmangerno ip address!-对VLAN1进行描述interface Vlan10description network centerno ip address!-对VLAN2进行描述!interface Vlan20description computer centerno ip address!interface Vlan30description network labno ip address!interface Vlan40description huaxuelouno ip address!interface Vlan5

18、0description wulilouno ip address!interface Vlan60description shengwulouno ip address!interface Vlan70description zhongwenxino ip address!interface Vlan80description tushuguanno ip address!line con 0stopbits 1line vty 0 4password aaalogin!endCisco Catalyst 3550-EMI配置清单Building configuration.Current

19、configuration : 4055 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname office!enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1!ip subnet-zero!spanning-tree extend system-id!interface FastEthernet0/1switchport access vlan

20、 10!-将端口FastEthernet0/1指定至VLAN 10no ip address!interface FastEthernet0/2switchport access vlan 10no ip address!interface FastEthernet0/3switchport access vlan 10no ip address!interface FastEthernet0/4switchport access vlan 10no ip address!interface FastEthernet0/5switchport access vlan 10no ip addre

21、ss!interface FastEthernet0/6switchport access vlan 20no ip address!-将端口FastEthernet0/6指定至VLAN 20!interface FastEthernet0/7switchport access vlan 20no ip address!interface FastEthernet0/8switchport access vlan 20no ip address!interface FastEthernet0/9switchport access vlan 20no ip address!interface F

22、astEthernet0/10switchport access vlan 20no ip address!interface FastEthernet0/11switchport access vlan 30no ip address!-将端口FastEthernet0/6指定至VLAN 30!interface FastEthernet0/12switchport access vlan 30no ip address!interface FastEthernet0/13switchport access vlan 30no ip address!interface FastEtherne

23、t0/14switchport access vlan 30no ip address!interface FastEthernet0/15switchport access vlan 30no ip address!interface FastEthernet0/16switchport access vlan 30no ip address!interface FastEthernet0/17switchport access vlan 30no ip address!interface FastEthernet0/18switchport access vlan 30no ip addr

24、ess!interface FastEthernet0/19switchport access vlan 40no ip address!-将端口FastEthernet0/6指定至VLAN 40!interface FastEthernet0/20switchport access vlan 40no ip address!interface FastEthernet0/21switchport access vlan 40no ip address!interface FastEthernet0/22switchport access vlan 30no ip address!interf

25、ace FastEthernet0/23switchport access vlan 40no ip address!interface FastEthernet0/24switchport access vlan 40no ip address!interface GigabitEthernet0/1switchport trunk encapsulation dot1q！-启用802.1Q Trunk封装协议，即在该端口创建Trunkswitchport trunk allowed vlan 1-80！-允许vlan 1-80在该中继线通讯switchport mode trunk！-将该

26、端口设置为Trunk no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 172.16.100.12 255.255.255.0!-LAN1指定IP地址no ip route-cacheno ip mroute-cache!ip classlessip http server!line con 0line vty 0 4password aaaloginline vty 5 15login!endCisco Catalyst 3550-SMI配置清单Building configur

27、ation.Current configuration : 4055 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname office!enable secret 5 $1$p0fU$JeyPOM0RuL.Fqfe71efHF1!ip subnet-zero!spanning-tree extend system-id!interface FastEthernet0/1switchpo

28、rt access vlan 60!-将端口FastEthernet0/1指定至VLAN 60no ip address!interface FastEthernet0/2switchport access vlan 60no ip address!interface FastEthernet0/3switchport access vlan 60no ip address!interface FastEthernet0/4switchport access vlan 60no ip address!interface FastEthernet0/5switchport access vlan

29、 60no ip address!interface FastEthernet0/6switchport access vlan 20no ip address!-将端口FastEthernet0/6指定至VLAN 20!interface FastEthernet0/7switchport access vlan 20no ip address!interface FastEthernet0/8switchport access vlan 20no ip address!interface FastEthernet0/9switchport access vlan 20no ip addre

30、ss!interface FastEthernet0/10switchport access vlan 20no ip address!interface FastEthernet0/11switchport access vlan 80no ip address!-将端口FastEthernet0/6指定至VLAN 80!interface FastEthernet0/12switchport access vlan 80no ip address!interface FastEthernet0/13switchport access vlan 80no ip address!interfa

31、ce FastEthernet0/14switchport access vlan 80no ip address!interface FastEthernet0/15switchport access vlan 80no ip address!interface FastEthernet0/16switchport access vlan 80no ip address!interface FastEthernet0/17switchport access vlan 80no ip address!interface FastEthernet0/18switchport access vla

32、n 80no ip address!interface FastEthernet0/19switchport access vlan 80no ip address!-将端口FastEthernet0/6指定至VLAN 80!interface FastEthernet0/20switchport access vlan 80no ip address!interface FastEthernet0/21switchport access vlan 80no ip address!interface FastEthernet0/22switchport access vlan 80no ip

33、address!interface FastEthernet0/23switchport access vlan 80no ip address!interface FastEthernet0/24switchport access vlan 80no ip address!interface GigabitEthernet0/1switchport trunk encapsulation dot1q！-启用802.1Q Trunk封装协议，即在该端口创建Trunkswitchport trunk allowed vlan 1-80！-允许vlan 1-80在该中继线通讯switchport mode trunk！-从将该端口设置为Trunk no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1ip address 172.16.100.13 255.255.255.0!-为LAN1指定IP地址no ip route-cacheno ip mroute-cache!ip classlessip http server!line con 0line vty 0 4password aaaloginline vty 5 15login!end专心-专注-专业