任务3
1、组网需求:
如下图所示,办公区的主机属于不同的网段 192.168.5.0/24 和192.168.50.0/24,Device C 在收到
来自办公区主机的报文时,根据报文的源IP 地址,使来自不同网段主机的报文分别在指定的VLAN
中传输。试验拓扑图如下:
2、配置步骤:
(1) 配置 Device C
配置子网192.168.5.0/24 与VLAN 100 关联。
<DeviceC> system-view
[DeviceC] vlan 100
[DeviceC-vlan100] ip-subnet-vlan ip 192.168.5.0 255.255.255.0
[DeviceC-vlan100] quit
配置子网192.168.50.0/24 与VLAN 200 关联。
[DeviceC] vlan 200
[DeviceC-vlan200] ip-subnet-vlan ip 192.168.50.0 255.255.255.0
[DeviceC-vlan200] quit
配置端口GigabitEthernet1/0/11 允许通过VLAN 100 的报文。
[DeviceC] interface ten-gigabitethernet 1/0/11
[DeviceC-Ten-GigabitEthernet1/0/11] port link-type hybrid
[DeviceC-Ten-GigabitEthernet1/0/11] port hybrid vlan 100 tagged
[DeviceC-Ten-GigabitEthernet1/0/11] quit
配置端口GigabitEthernet1/0/12 允许通过VLAN 200 的报文。
[DeviceC] interface ten-gigabitethernet 1/0/12
[DeviceC-Ten-GigabitEthernet1/0/12] port link-type hybrid
[DeviceC-Ten-GigabitEthernet1/0/12] port hybrid vlan 200 tagged
[DeviceC-Ten-GigabitEthernet1/0/12] quit
配置端口GigabitEthernet1/0/1 和基于IP 子网的VLAN 100、VLAN 200 关联。
[DeviceC] interface ten-gigabitethernet 1/0/1
[DeviceC-Ten-GigabitEthernet1/0/1] port link-type hybrid
[DeviceC-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 200 untagged
[DeviceC-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 100
[DeviceC-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 200
[DeviceC-Ten-GigabitEthernet1/0/1] quit
(2) 配置Device A 和Device B
配置Device A 和Device B 允许对应VLAN 通过。
3.验证配置如图所示:
任务4
组网需求
• Device B 上的VLAN 5 和VLAN 10 为Primary VLAN,其上行端口GigabitEthernet1/0/1
需要允许VLAN 5 和VLAN 10 的报文携带VLAN Tag 通过。
• Device B 的下行端口GigabitEthernet1/0/2 允许Secondary VLAN 2 通过,
GigabitEthernet1/0/3 允许Secondary VLAN 3 通过,VLAN 2 和VLAN 3 映射到Primary
VLAN 5。
• Device B 的下行端口GigabitEthernet1/0/6 允许Secondary VLAN 6 通过,
GigabitEthernet1/0/8 允许Secondary VLAN 8 通过,VLAN 6 和VLAN 8 映射到Primary
VLAN 10。
• 从 Device A 看,下接的Device B 只有VLAN 5 和VLAN 10。试验拓扑图如下:
配置步骤:
(1) 配置 Device B
配置VLAN 5 和VLAN 10 为Primary VLAN。
<DeviceB> system-view
[DeviceB] vlan 5
[DeviceB-vlan5] private-vlan primary
[DeviceB-vlan5] quit
[DeviceB] vlan 10
[DeviceB-vlan10] private-vlan primary
[DeviceB-vlan10] quit
创建Secondary VLAN 2、3、6、8。
[DeviceB] vlan 2 to 3
[DeviceB] vlan 6
[DeviceB-vlan6] quit
[DeviceB] vlan 8
[DeviceB-vlan8] quit
配置上行端口 GigabitEthernet1/0/1 在VLAN 5 和VLAN 10 中工作在trunk promiscuous 模
式。
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB- GigabitEthernet1/0/1] port private-vlan 5 10 trunk promiscuous
[DeviceB- GigabitEthernet1/0/1] quit
将下行端口 GigabitEthernet1/0/2 加入VLAN 2, GigabitEthernet1/0/3 加入VLAN 3,并
配置他们工作在host 模式。
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB- GigabitEthernet1/0/2] port access vlan 2
[DeviceB- GigabitEthernet1/0/2] port private-vlan host
[DeviceB- GigabitEthernet1/0/2] quit
[DeviceB] interface ten-gigabitethernet 1/0/3
[DeviceB- GigabitEthernet1/0/3] port access vlan 3
[DeviceB- GigabitEthernet1/0/3] port private-vlan host
[DeviceB- GigabitEthernet1/0/3] quit
配置Primary VLAN 5 和Secondary VLAN 2、3 间的映射关系。
[DeviceB] vlan 5
[DeviceB-vlan5] private-vlan secondary 2 to 3
[DeviceB-vlan5] quit
将下行端口 GigabitEthernet1/0/6 加入VLAN 6, GigabitEthernet1/0/8 加入VLAN 8,并
配置它们工作在host 模式。
[DeviceB] interface gigabitethernet 1/0/6
[DeviceB- GigabitEthernet1/0/6] port access vlan 6
[DeviceB- GigabitEthernet1/0/6] port private-vlan host
[DeviceB- GigabitEthernet1/0/6] quit
[DeviceB] interface gigabitethernet 1/0/8
[DeviceB- GigabitEthernet1/0/8] port access vlan 8
[DeviceB- GigabitEthernet1/0/8] port private-vlan host
[DeviceB- GigabitEthernet1/0/8] quit
配置Primary VLAN 10 和Secondary VLAN 6、8 间的映射关系。
[DeviceB] vlan 10
[DeviceB-vlan10] private-vlan secondary 6 8
[DeviceB-vlan10] quit
(2) 配置Device A
创建VLAN 5 和VLAN 10。
[DeviceA] vlan 5
[DeviceA-vlan5] quit
[DeviceA] vlan 10
[DeviceA-vlan10] quit
配置端口 GigabitEthernet1/0/1 为Hybrid 端口,并允许VLAN 5 和VLAN 10 携带Tag 通过。
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA- GigabitEthernet1/0/1] port link-type hybrid
[DeviceA- GigabitEthernet1/0/1] port hybrid vlan 5 10 tagged
[DeviceA- GigabitEthernet1/0/1] quit
3.验证配置如图所示:
