Article From:https://www.cnblogs.com/ricksteves/p/9688287.html

Every knight-errant reviews the basic knowledge of VLAN, have you ever thought about how to divide 4094 VLAN, which way is easy to use and simple? The careful little editor made a special arrangement to play for your heroes.

VLANThe way of division is:

Ø Interface partitioningVLAN VLAN ID is allocated according to the switch interface. The configuration is simple and can be used in various scenarios.

Ø Be based onMACDivideVLAN: VLAN ID is allocated according to the source MAC address of the message. A scenario often used in user location changes without reconfiguring VLAN.

Ø Subnet partitionVLAN VLAN ID is allocated according to the source IP address of the message. Generally used for unified management of the same segment users.

Ø Protocol partitionVLAN VLAN ID is allocated according to the protocol type of the message. It is suitable for unified management of users with the same application or service.

Ø Partition based on matching strategyVLANVLAN ID is allocated according to the specified policy, such as the source MAC of the matching message, the source IP and the port. It is suitable for scenarios with high security requirements.

Several kinds of divisionVLANIn various ways, based on interface partitionVLAN,Is the most commonly used and the simplest way, then how to configure and how to use it?

Before configuring it, review the link types commonly used by ports.

access:For switches andPCTo be connected;

trunk:It is used for connecting switches and switches.

hybrid:That is, it can be used for switches andPCIt can also be connected to switches and switches. UsehubLink switches are often used in this type.

OK, the following Xiaobian takes actual networking as an example to explain the configuration of VLAN based on interface partition.

Scenario 1: A switch two users, how to partition VLAN through the interface to achieve isolation (VLAN is for broadcast domain isolation, you guys have not forgotten it)

Ø Let’s see if two PCs in the same network segment are directly connected to the switch without dividing the VLAN. Is it possible to ping?

From the above picture, we can see that it can be Ping connected. Why?

Because of default, the interface of HUAWEI switch is added by default.VLAN 1,Two setsPCDirectly connected to the switch, as long as it belongs to the same network segment, it can be interconnected.

Ø So how can we achieve isolation through VLAN? Just add the interface to different VLAN. For example, switches GE0/0/1 and GE0/0/2 ports add VLAN 10 and VLAN 20 to access type respectively.

Ø At this point, the two PC interfaces are divided into different VLAN, and the interconnection can not be Ping connected, thus achieving isolation.

 

Scene description 2: Cross switch4How can a user partition by interface?VLANAchieve isolation and interoperability?

The following figure: by default, the 4 PC belong to the same network segment, and they can connect to each other through Ping. Assuming that PC1 and PC2 belong to the same department, PC3 and PC4 belong to the same department. How to configure VLAN based on interface to realize mutual access between the same department and not between different departmentsWhat?

Ø The two users of the same department divide PC1 and PC2 into the same VLAN100. The GE0/0/1 ports of switch 1 GE0/0/1 and switch 2 are added to VLAN100 with access type respectively.

Ø Two users in another department, PC3 and PC4, are divided into another VLAN 200.

Ø The port GE0/0/3 of two connected switches is added to VLAN 100 and VLAN 200 with trunk port respectively to realize the communication across switches.

Ø In this way, users PC1 and PC3 in the same department can be interoperable, and users PC2 and PC4 in different departments can not be interoperable.

OK,The typical application scenario is over. Have you seen the two scenes above?VLANAnd port numbers are relatively small, and in real networking, there are often more than one configuration.VLAN,Multiple ports. Is there any way to complete the configuration quickly? Next, I’ll introduce the batch configuration and quick recovery port.VLANDefault configuration method.

1、Batch creationVLAN

< Huawei > system-view

[Huawei]vlan batch 2 to 100

2、Batch port addingVLAN

[Huawei] port-group group-member GigabitEthernet 0/0/10 to GigabitEthernet 0/0/20

[Huawei-port-group]port link-type access

[Huawei-port-group]port default vlan 100

3、Quick recovery portVLANDefault configuration

To quickly restore the default configuration of port VLAN, you must know what the default configuration is. HUAWEI switches, by default, all ports are only VLAN1.

Now, let’s take a look at how to quickly restore the default configuration under the 3 link types.

Ø accessMouth: step by step, the order isundo port default vlan

Ø trunkAnd hybridge port: three steps to do, first restore the PVID configuration, then delete all the VLANs under the port, and then add the default VLAN1. The specific orders are as follows:

 trunk

 hybrid

undo port trunk pvid vlan

 

undo port trunk allow-pass vlan all

port trunk allow-pass vlan 1

undo port hybrid pvid vlan
undo port hybrid vlan all
port hybrid untagged vlan 1

Leave a Reply

Your email address will not be published. Required fields are marked *