H3C三层交换机划分VLAN示例

网络/网站/web 1.1k 字

很久很久之前搞Linux端口转发时,借了一台三层交换机,我拿到手还没拆包装箱。不知道是不是因为工作上的这个原因而买的。不过后来实现的端口转发和三层交换机完全不搭边,就不了了之了。现在领导安排我查查广播风暴的事情,在同一网段里测试过了,就想在不同网段里试试,于是又借了这一台。

这次是认真学习了一些配置命令,不过网上大把这类的资料,这里根据资料结合自己的实践,记录一下。 这次要做的是将三层交换机划分3个vlan,分别是192.168.1、2、3段。

下面是默认普通权限的提示符: 

1
<H3C>sys

创建vlan 10并进入,加入1~8 

1
2
3
[H3C]vlan 10  
[H3C-vlan10]port e1/0/1 to e1/0/8
[H3C-vlan10]q

创建vlan 20,加入9~16 

1
2
3
[H3C]vlan 20
[H3C-vlan20]port e1/0/9 to e1/0/16
[H3C-vlan20]q

创建vlan 30,加入17~24 

1
2
3
[H3C]vlan 30
[H3C-vlan30]port e1/0/17 to e1/0/24
[H3C-vlan30]q

显示有哪些vlan 

1
2
3
4
[H3C]dis vlan
Total 4 VLAN exist(s).
The following VLANs exist:
  1(default), 10, 20, 30,

每个VLAN分别添加IP、子网掩码: 

1
2
3
4
5
6
7
8
9
10
11
12
[H3C]int vlan 10
[H3C-Vlan-interface10]ip addr 192.168.1.254 255.255.255.0
[H3C-Vlan-interface10]quit

[H3C]int vlan 20
[H3C-Vlan-interface20]ip addr 192.168.2.254 255.255.255.0
[H3C-Vlan-interface20]quit

[H3C]int vlan 30                       
[H3C-Vlan-interface30]ip addr 192.168.3.254 255.255.255.0
[H3C-Vlan-interface30]quit                              
[H3C]

这里添加的vlan的IP,结合后面的验证,是接入设备的网关地址。
在接入vlan的设备上设置好IP和网关,信息如下: 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
root@localhost:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
root@localhost:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 88:55:33:44:11:88 
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: ff90::3411:89ff:fe0d:f987/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:939 errors:0 dropped:0 overruns:0 frame:0
          TX packets:277 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:86165 (86.1 KB)  TX bytes:47595 (47.5 KB)
          Memory:90400000-9041ffff

在该设备上ping vlan20中的设备,是ping得通的,抓包信息如下: 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
root@localhost:~# tcpdump net 192.168.2.101
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:28:55.413927 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 699346371:699346567, ack 3447371143, win 255, length 196
11:28:55.413972 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 196:248, ack 1, win 255, length 52
11:29:04.427973 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 3648:3908, ack 1, win 255, length 260
11:29:06.430510 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 4168:4428, ack 1, win 255, length 260
11:29:06.501987 IP 192.168.2.101 > 192.168.1.100: ICMP echo request, id 1, seq 108, length 40
11:29:06.502120 IP 192.168.1.100 > 192.168.2.101: ICMP echo reply, id 1, seq 108, length 40
11:29:06.630739 IP 192.168.2.101.59431 > 192.168.1.100.ssh: Flags [.], ack 4428, win 251, length 0
11:29:07.431587 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 4428:4592, ack 1, win 255, length 164
11:29:07.431637 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 4592:4740, ack 1, win 255, length 148
11:29:07.432016 IP 192.168.1.100.ssh > 192.168.2.101.59431: Flags [P.], seq 4740:5020, ack 1, win 255, length 280
11:29:07.504812 IP 192.168.2.101 > 192.168.1.100: ICMP echo request, id 1, seq 109, length 40
11:29:07.504935 IP 192.168.1.100 > 192.168.2.101: ICMP echo reply, id 1, seq 109, length 40

在该交换机上搞个环路,能检测到有冲突: 

1
2
3
%Jan  1 07:12:31:498 2010 H3C ARP/5/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address f0fe-f1fa-5cfe1 connected to Ethernet1/0/5 in VLAN 10 and the device with MAC address ffde-f11c-3414 connected to Ethernet1/0/3 in VLAN 10 are using the same IP address 192.168.1.101.
%Jan  1 07:12:31:888 2010 H3C ARP/5/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address f0de-f1eb-5e31 connected to Ethernet1/0/3 in VLAN 10 and the device with MAC address ffde-f1eb-1378 connected to Ethernet1/0/5 in VLAN 10 are using the same IP address 192.168.1.101.
%Jan  1 07:12:32:269 2010 H3C ARP/5/ARP_DUPLICATE_IPADDR_DETECT: Detected an IP address conflict. The device with MAC address f0ee-f1eb-5e31 connected to Ethernet1/0/5 in VLAN 10 and the de