网络拓扑

VLAN绑定MAC地址的应用_Ethernet


通过vlan设置Host-5只能被Host-1访问,Host-6只能被Host-2访问。

假设接入SW-1的接口不固定(后续则无法用接口绑定VLAN的方式去做)。

SW-1接口为随机,连接用户主机,类型为Hybrid。

SW-2接口Ethernet 0/0/1,VLAN ID为10,接口类型为access。

SW-2接口Ethernet 0/0/2,VLAN ID为20,接口类型为access。

SW-2、SW-3接口GE 0/0/2,VLAN ID为10、20,接口类型为trunk。

SW-3接口GE 0/0/1,VLAN ID为1(交换机初始有一个,其他的不再写),接口类型为hybrid。

Host-1的ip192.168.64.11/24,VLAN ID规划到10。
Host-2的ip192.168.64.12/24,VLAN ID规划到20。
Host-5的ip192.168.64.13/24,VLAN ID规划到10。
Host-6的ip192.168.64.14/24,VLAN ID规划到20。

SW-1不做配置,因为接入位置不固定。

配置SW-2接口绑定VLAN。

<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]sysname SW-2
[SW-2]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW-2]interface Ethernet 0/0/1
[SW-2-Ethernet0/0/1]port link-type access 
[SW-2-Ethernet0/0/1]port default vlan 10
[SW-2-Ethernet0/0/1]quit
[SW-2]interface Ethernet 0/0/2
[SW-2-Ethernet0/0/2]port link-type access 
[SW-2-Ethernet0/0/2]port default vlan 20
[SW-2-Ethernet0/0/2]quit
[SW-2]interface GigabitEthernet 0/0/2
[SW-2-GigabitEthernet0/0/2]port link-type  trunk 
[SW-2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[SW-2-GigabitEthernet0/0/2]quit
[SW-2]quit
<SW-2>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Now saving the current configuration to the slot 0.
Save the configuration successfully.

配置交换机SW-3,VLAN分别绑定MAC地址。

<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable 
Info: Information center is disabled.
[Huawei]sysname SW-3
[SW-3]vlan batch 10 20 //建立两个VLAN
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW-3]vlan 10
[SW-3-vlan10]mac-vlan mac-address 5489-985D-731B  //VLAN10绑定Host-1MAC地址
[SW-3-vlan10]quit
[SW-3]vlan 20
[SW-3-vlan20]mac-vlan mac-address 5489-9819-2BBC  //VLAN20绑定Host-2MAC地址
[SW-3-vlan20]quit
[SW-3]interface GigabitEthernet 0/0/1
[SW-3-GigabitEthernet0/0/1]mac-vlan enable  //使当前接口是基于mac划分VLAN的,普通帧进入接口会根据mac vlan对应表,加上vlan相应标记
Info: This operation may take a few seconds. Please wait for a moment...done.	
[SW-3-GigabitEthernet0/0/1]port link-type hybrid 
[SW-3-GigabitEthernet0/0/1]port hybrid untagged vlan 10 20  //允许VLAN10、20帧通过,并发送出接口时去掉VLAN标记
[SW-3-GigabitEthernet0/0/1]quit
[SW-3]interface GigabitEthernet 0/0/2
[SW-3-GigabitEthernet0/0/2]port link-type trunk 
[SW-3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20
[SW-3-GigabitEthernet0/0/2]quit
[SW-3]quit
<SW-3>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]
Error: Please choose 'YES' or 'NO' first before pressing 'Enter'. [Y/N]:
Error: Please choose 'YES' or 'NO' first before pressing 'Enter'. [Y/N]:y
Info: Please input the file name ( *.cfg, *.zip ) [vrpcfg.zip]:
Now saving the current configuration to the slot 0.
Save the configuration successfully.

测试用Host-1可以与Host-5通信,不能和Host-6通信。

测试用Host-2可以与Host-6通信,不能和Host-5通信。

VLAN绑定MAC地址的应用_Ethernet_02


VLAN绑定MAC地址的应用_java_03