|
預(yù)備知識: Tag,,untag以及交換機的各種端口模式是網(wǎng)絡(luò)工程技術(shù)人員調(diào)試交換機時接觸最多的概念了,然而筆者發(fā)現(xiàn)在實際工作中技術(shù)人員往往對這些概念似懂非懂,,筆者根據(jù)自己的理解再結(jié)合一個案例,,試圖向大家闡明這些概念 untag就是普通的ethernet報文,普通PC機的網(wǎng)卡是可以識別這樣的報文進行通訊,; tag報文結(jié)構(gòu)的變化是在源mac地址和目的mac地址之后,加上了4bytes的vlan信息,,也就是vlan tag頭,;一般來說這樣的報文普通PC機的網(wǎng)卡是不能識別的 帶802.1Q的幀是在標準以太網(wǎng)幀上插入了4個字節(jié)的標識。其中包含: 2個字節(jié)的協(xié)議標識符(TPID),,當(dāng)前置0x8100的固定值,,表明該幀帶有802.1Q的標記信息。 2個字節(jié)的標記控制信息(TCI),,包含了三個域,。 Priority域,占3bits,,表示報文的優(yōu)先級,,取值0到7,7為最高優(yōu)先級,,0為最低優(yōu)先級,。該域被802.1p采用。 規(guī)范格式指示符(CFI)域,,占1bit,,0表示規(guī)范格式,應(yīng)用于以太網(wǎng),;1表示非規(guī)范格式,,應(yīng)用于Token Ring,。 VLAN ID域,占12bit,,用于標示VLAN的歸屬,。 以太網(wǎng)端口的三種鏈路類型:Access、Hybrid和Trunk: Access類型的端口只能屬于1個VLAN,,一般用于連接計算機的端口,; Trunk類型的端口可以允許多個VLAN通過,可以接收和發(fā)送多個VLAN的報文,,一般用于交換機之間連接的端口,; Hybrid類型的端口可以允許多個VLAN通過,可以接收和發(fā)送多個VLAN的報文,,可以用于交換機之間連接,,也可以用于連接用戶的計算機。 Hybrid端口和Trunk端口在接收數(shù)據(jù)時,,處理方法是一樣的,,唯一不同之處在于發(fā)送數(shù)據(jù)時:Hybrid端口可以允許多個VLAN的報文發(fā)送時不打標簽,而Trunk端口只允許缺省VLAN的報文發(fā)送時不打標簽,。 在這里大家要理解端口的缺省VLAN這個概念 Access端口只屬于1個VLAN,,所以它的缺省VLAN就是它所在的VLAN,不用設(shè)置,; Hybrid端口和Trunk端口屬于多個VLAN,,所以需要設(shè)置缺省VLAN ID。缺省情況下,,Hybrid端口和Trunk端口的缺省VLAN為VLAN 1 如果設(shè)置了端口的缺省VLAN ID,,當(dāng)端口接收到不帶VLAN Tag的報文后,則將報文轉(zhuǎn)發(fā)到屬于缺省VLAN的端口,;當(dāng)端口發(fā)送帶有VLAN Tag的報文時,,如果該報文的VLAN ID與端口缺省的VLAN ID相同,則系統(tǒng)將去掉報文的VLAN Tag,,然后再發(fā)送該報文,。 注:對于華為交換機缺省VLAN被稱為“Pvid Vlan”, 對于思科交換機缺省VLAN被稱為“Native Vlan” 交換機接口出入數(shù)據(jù)處理過程: Acess端口收報文: 收到一個報文,判斷是否有VLAN信息:如果沒有則打上端口的PVID,,并進行交換轉(zhuǎn)發(fā),如果有則直接丟棄(缺?。?br> Acess端口發(fā)報文: 將報文的VLAN信息剝離,直接發(fā)送出去 trunk端口收報文: 收到一個報文,,判斷是否有VLAN信息:如果沒有則打上端口的PVID,,并進行交換轉(zhuǎn)發(fā),如果有判斷該trunk端口是否允許該 VLAN的數(shù)據(jù)進入:如果可以則轉(zhuǎn)發(fā),,否則丟棄 trunk端口發(fā)報文: 比較端口的PVID和將要發(fā)送報文的VLAN信息,,如果兩者相等則剝離VLAN信息,,再發(fā)送,如果不相等則直接發(fā)送 hybrid端口收報文: 收到一個報文,判斷是否有VLAN信息:如果沒有則打上端口的PVID,,并進行交換轉(zhuǎn)發(fā),,如果有則判斷該hybrid端口是否允許該VLAN的數(shù)據(jù)進入:如果可以則轉(zhuǎn)發(fā),否則丟棄(此時端口上的untag配置是不用考慮的,,untag配置只對發(fā)送報文時起作用) hybrid端口發(fā)報文: 1,、判斷該VLAN在本端口的屬性(disp interface 即可看到該端口對哪些VLAN是untag,哪些VLAN是tag) 2,、如果是untag則剝離VLAN信息,,再發(fā)送,如果是tag則直接發(fā)送 以下案例可以幫助大家深入理解華為交換機的hybrid端口模式 [Switch-Ethernet0/1]int e0/1 [Switch-Ethernet0/1]port link-type hybrid [Switch-Ethernet0/1]port hybrid pvid vlan 10 [Switch-Ethernet0/1]port hybrid vlan 10 20 untagged [Switch-Ethernet0/1] int e0/2 [Switch-Ethernet0/2]port link-type hybrid [Switch-Ethernet0/2]port hybrid pvid vlan 20 [Switch-Ethernet0/2]port hybrid vlan 10 20 untagged 此時inter e0/1和inter e0/2下的所接的PC是可以互通的,,但互通時數(shù)據(jù)所走的往返vlan是不同的,。 以下以inter e0/1下的所接的pc1訪問inter e0/2下的所接的pc2為例進行說明 pc1所發(fā)出的數(shù)據(jù),由inter0/1所在的pvid vlan10封裝vlan10的標記后送入交換機,,交換機發(fā)現(xiàn)inter e0/2允許vlan 10的數(shù)據(jù)通過,,于是數(shù)據(jù)被轉(zhuǎn)發(fā)到inter e0/2上,由于inter e0/2上vlan 10是untagged的,,于是交換機此時去除數(shù)據(jù)包上vlan10的標記,,以普通包的形式發(fā)給pc2,此時pc1->p2走的是vlan10 再來分析pc2給pc1回包的過程,,pc2所發(fā)出的數(shù)據(jù),,由inter0/2所在的pvid vlan20封裝vlan20的標記后送入交換機,交換機發(fā)現(xiàn)inter e0/1允許vlan 20的數(shù)據(jù)通過,,于是數(shù)據(jù)被轉(zhuǎn)發(fā)到inter e0/1上,由于inter e0/1上vlan 20是untagged的,,于是交換機此時去除數(shù)據(jù)包上vlan20的標記,,以普通包的形式發(fā)給pc1,此時pc2->pc1走的是vlan20 華為H3C 3100vlan隔離配置 interface vlan 1 ip address 192.168.1.1 255.255.255.0 quit ip route-static 0.0.0.0 0.0.0.0 192.168.1.254 vlan 1 port Ethernet 1/0/1 quit vlan 2 port Ethernet 1/0/2 quit vlan 3 port Ethernet 1/0/3 quit vlan 4 port Ethernet 1/0/4 quit vlan 5 port Ethernet 1/0/5 quit vlan 6 port Ethernet 1/0/6 quit vlan 7 port Ethernet 1/0/7 quit vlan 8 port Ethernet 1/0/8 quit vlan 9 port Ethernet 1/0/9 quit vlan 10 port Ethernet 1/0/10 quit vlan 11 port Ethernet 1/0/11 quit vlan 12 port Ethernet 1/0/12 quit vlan 13 port Ethernet 1/0/13 quit vlan 14 port Ethernet 1/0/14 quit vlan 15 port Ethernet 1/0/15 quit vlan 16 port Ethernet 1/0/16 quit vlan 17 port Ethernet 1/0/17 quit vlan 18 port Ethernet 1/0/18 quit vlan 19 port Ethernet 1/0/19 quit vlan 20 port Ethernet 1/0/20 quit vlan 21 port Ethernet 1/0/21 quit vlan 22 port Ethernet 1/0/22 quit vlan 23 port Ethernet 1/0/23 quit vlan 24 port Ethernet 1/0/24 quit interface Ethernet 1/0/1 port link-type hybrid port hybrid pvid vlan 1 port hybrid vlan 1 to 24 untagged quit interface Ethernet 1/0/2 port link-type hybrid port hybrid pvid vlan 2 port hybrid vlan 2 1 untagged quit interface Ethernet 1/0/3 port link-type hybrid port hybrid pvid vlan 3 port hybrid vlan 3 1 untagged quit interface Ethernet 1/0/4 port link-type hybrid port hybrid pvid vlan 4 port hybrid vlan 4 1 untagged quit interface Ethernet 1/0/5 port link-type hybrid port hybrid pvid vlan 5 port hybrid vlan 5 1 untagged quit interface Ethernet 1/0/6 port link-type hybrid port hybrid pvid vlan 6 port hybrid vlan 6 1 untagged quit interface Ethernet 1/0/7 port link-type hybrid port hybrid pvid vlan 7 port hybrid vlan 7 1 untagged quit interface Ethernet 1/0/8 port link-type hybrid port hybrid pvid vlan 8 port hybrid vlan 8 1 untagged quit interface Ethernet 1/0/9 port link-type hybrid port hybrid pvid vlan 9 port hybrid vlan 9 1 untagged quit interface Ethernet 1/0/10 port link-type hybrid port hybrid pvid vlan 10 port hybrid vlan 10 1 untagged quit interface Ethernet 1/0/11 port link-type hybrid port hybrid pvid vlan 11 port hybrid vlan 11 1 untagged quit interface Ethernet 1/0/12 port link-type hybrid port hybrid pvid vlan 12 port hybrid vlan 12 1 untagged quit interface Ethernet 1/0/13 port link-type hybrid port hybrid pvid vlan 13 port hybrid vlan 13 1 untagged quit interface Ethernet 1/0/14 port link-type hybrid port hybrid pvid vlan 14 port hybrid vlan 14 1 untagged quit interface Ethernet 1/0/15 port link-type hybrid port hybrid pvid vlan 15 port hybrid vlan 15 1 untagged quit interface Ethernet 1/0/16 port link-type hybrid port hybrid pvid vlan 16 port hybrid vlan 16 1 untagged quit interface Ethernet 1/0/17 port link-type hybrid port hybrid pvid vlan 17 port hybrid vlan 17 1 untagged quit interface Ethernet 1/0/18 port link-type hybrid port hybrid pvid vlan 18 port hybrid vlan 18 1 untagged quit interface Ethernet 1/0/19 port link-type hybrid port hybrid pvid vlan 19 port hybrid vlan 19 1 untagged quit interface Ethernet 1/0/20 port link-type hybrid port hybrid pvid vlan 20 port hybrid vlan 20 1 untagged quit interface Ethernet 1/0/21 port link-type hybrid port hybrid pvid vlan 21 port hybrid vlan 21 1 untagged quit interface Ethernet 1/0/22 port link-type hybrid port hybrid pvid vlan 22 port hybrid vlan 22 1 untagged quit interface Ethernet 1/0/23 port link-type hybrid port hybrid pvid vlan 23 port hybrid vlan 23 1 untagged quit interface Ethernet 1/0/24 port link-type hybrid port hybrid pvid vlan 24 port hybrid vlan 24 1 untagged quit 直接在終端打開,,粘上去就可以了,,基本功能是,每個端口用VLAN隔離,,一口為上聯(lián)口 |
|
|
