实验目的
实现不同VLAN间通过VLANif通信

拓扑图

怎么给vf设置vlan_怎么给vf设置vlan

划分VLAN
SW5

[SW5]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW5]int g0/0/1
[SW5-GigabitEthernet0/0/1]port link-type access
[SW5-GigabitEthernet0/0/1]port default vlan 10
[SW5-GigabitEthernet0/0/1]int g0/0/2
[SW5-GigabitEthernet0/0/2]port link-type access
[SW5-GigabitEthernet0/0/2]port default vlan 20
[SW5-GigabitEthernet0/0/2]int g0/0/3
[SW5-GigabitEthernet0/0/3]port link-type trunk
[SW5-GigabitEthernet0/0/3]port trunk allow-pass vlan 40

SW6

[SW6]vlan batch 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW6]int g0/0/2
[SW6-GigabitEthernet0/0/2]port link-type access
[SW6-GigabitEthernet0/0/2]port default vlan 30
[SW6-GigabitEthernet0/0/2]int g0/0/1
[SW6-GigabitEthernet0/0/1]port link-type trunk
[SW6-GigabitEthernet0/0/1]port trunk allow-pass vlan 40

配置VLANif的IP
SW5

[SW5]int vlanif 10
[SW5-Vlanif10]ip address 192.168.1.254 24
[SW5-Vlanif10]int vlanif 20
[SW5-Vlanif20]ip address 192.168.2.254 24
[SW5-Vlanif20]int vlanif 40
[SW5-Vlanif40]ip address 12.1.1.1 24

SW6

[SW6]int vlanif 30
[SW6-Vlanif30]ip address 192.168.3.254 24
[SW6-Vlanif30]int vlanif 40
[SW6-Vlanif40]ip address 12.1.1.2 24

R1

PC>ping 192.168.2.1

Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
From 192.168.2.1: bytes=32 seq=1 ttl=127 time=62 ms
From 192.168.2.1: bytes=32 seq=2 ttl=127 time=31 ms
From 192.168.2.1: bytes=32 seq=3 ttl=127 time=32 ms

设置静态路由

[SW5]ip route-static 192.168.3.0 24 12.1.1.2

[SW6]ip route-static 192.168.1.0 24 12.1.1.1
[SW6]ip route-static 192.168.2.0 24 12.1.1.1

测试
R1

PC>ping 192.168.3.1

Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
From 192.168.3.1: bytes=32 seq=1 ttl=126 time=78 ms
From 192.168.3.1: bytes=32 seq=2 ttl=126 time=62 ms
From 192.168.3.1: bytes=32 seq=3 ttl=126 time=47 ms

链路聚合的注意事项

怎么给vf设置vlan_Time_02

lacp(常用)
优点:双方相互交互端口状态信息,端口状态仍能保持一致
缺点:不同厂家对接可能因为协议报文的处理机制等不同产生对接异常

Manual
优点:不同厂家之间不用担心报文协商
缺点:单根纤芯发生故障时,可能出现收端正常的一方端口处于UP,而出现单通,这种情况一般要求端口匹配

链路聚合:
1、增加带宽;
2、提高了链路的可靠性、实现负载均衡;
3、在一定程度上消除了STP;做了链路聚合之后,就是一个逻辑上的一条链路;包括VLAN等的相关配置都可在该逻辑链路上进行;

在链路聚合没有设置时0/0/1作为DP和RP  0/0/2和0/0/3作为AP不转发 为了解决STP的AP弊端采用链路聚合
链路聚合可结合trunk需要先设置trunk再设置链路聚合

[SW5]stp mode stp
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW5]int e	
[SW5]int Eth-Trunk ?
  <0-63>  Eth-Trunk interface number

[SW5]int Eth-Trunk 1
[SW5-Eth-Trunk1]mode ?
  lacp-static  Static working mode   //动态交互模式
  manual       Manual working mode   //手工模式不会交互报文  (默认)
[SW5-Eth-Trunk1]trunkport GigabitEthernet 0/0/3 to 0/0/5   //多个接口加入

链路聚合加BPDU保护加边缘端口

怎么给vf设置vlan_Max_03

加入到聚合链路

[SW8]int eth-trunk 1
[SW8-Eth-Trunk1]mode manual load-balance
[SW8-Eth-Trunk1]trunkport g0/0/1
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW8-Eth-Trunk1]trunkport g0/0/2
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW8-Eth-Trunk1]trunkport g0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW9]int Eth-Trunk 1
[SW9-Eth-Trunk1]mode manual load-balance
[SW9-Eth-Trunk1]trunkport g0/0/1
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW9-Eth-Trunk1]trunkport g0/0/2
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW9-Eth-Trunk1]trunkport g0/0/3
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW9-Eth-Trunk1]dis eth-trunk
Eth-Trunk1's state information is:
WorkingMode: NORMAL         Hash arithmetic: According to SIP-XOR-DIP         
Least Active-linknumber: 1  Max Bandwidth-affected-linknumber: 8              
Operate status: up          Number Of Up Port In Trunk: 3                     
--------------------------------------------------------------------------------
PortName                      Status      Weight 
GigabitEthernet0/0/1          Up          1      
GigabitEthernet0/0/2          Up          1      
GigabitEthernet0/0/3          Up          1

华为

配置BPDU保护
交换机上启动了BPDU保护功能后,如果边缘端口收到BPDU,边缘端口将被shutdown,但是边缘端口属性不变,因此不会影响网络中生成树拓扑,从而避免业务中断。同时交换机上会打印如下日志信息,并通知网管:

MSTP/4/BPDU_PROTECTION:This edged-port [port-name] that enabled BPDU-Protection will be shutdown, because it received BPDU packet!

使能设备BPDU保护

[SW8]stp bpdu-protection

[SW9]stp bpdu-protection

接口下开启

[SW8]int g0/0/4
[SW8-GigabitEthernet0/0/4]stp edged-port enable

[SW9]int g0/0/4
[SW9-GigabitEthernet0/0/4]stp edged-port enable

怎么给vf设置vlan_怎么给vf设置vlan_04

边缘端口
边缘端口:在生成树的网络中,连接终端端口建议设置为边缘端口,可以跳过30S的转发延迟时间;
华为:开启全局边缘端口前,先将交换机之间互连的端口disable边缘端口功能;

[SW8]int Eth-Trunk 1
[SW8-Eth-Trunk1]stp edged-port disable  //配置当前端口为非边缘端口
[SW8]stp edged-port default  //配置交换机所有端口为边缘端口

注意
配置命令stp edged-port default时,本设备上所有端口将变为边缘端口。在网络拓扑计算过程中,可能导致网络成环,请慎用。

思科

链路聚合
思科:创建链路捆绑时,所有的物理接口必须先shutdown; 配置完成后,在10S内同时开启两端的逻辑接口;
//创建链路捆绑:手工模式

Switch(config-if-range)#channel-group 12 mode on 
Creating a port-channel interface Port-channel 12
//进入逻辑接口
Switch(config)#interface port-channel 12
//验证:
Switch#show spanning-tree
VLAN0001
 Spanning tree enabled protocol ieee
 Root ID Priority 32769
 Address aabb.cc00.1000
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
 Address aabb.cc00.1000
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Aging Time 15 sec
Interface Role Sts Cost Prio.Nbr Type
Et0/1 Desg FWD 100 128.2 P2p Edge 
Po12 Desg FWD 47 128.65 P2p
//验证以太通道的详细信息;Switch#show etherchannel summary 
Flags: D - down P - bundled in port-channel
 I - stand-alone s - suspended
 H - Hot-standby (LACP only)
 R - Layer3 S - Layer2
 U - in use N - not in use, no aggregation
 f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
12 Po12(SU) - Et0/0(P) Et0/2(P) Et0/3(P) .

思科:默认全局开启边缘端口功能时,trunk链路不会被设置成边缘端口,与华为不同;

//全局模式下设置边缘端口功能;
spanning-tree portfast edge default
Switch(config-if)#spanning-tree portfast edge
 //接口下设置边缘端口的命令;
//全局开启BPDU保护功能;
Switch(config)#spanning-tree portfast edge bpduguard default
*Jun 9 12:23:45.778: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Ethernet0/2 with
BPDU Guard enabled. Disabling port.
Switch#
*Jun 9 12:23:45.778: %PM-4-ERR_DISABLE: bpduguard error detected on Et0/2, putting Et0/2 in err
disable state
*Jun 9 12:23:46.786: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/2, changed state
to down
Switch#
*Jun 9 12:23:47.787: %LINK-3-UPDOWN: Interface Ethernet0/2, changed state to down//最终状态为err-disable状态(非正常出错导致的关闭)
Switch(config)#interface e0/2
Switch(config-if)#shutdown
Switch(config-if)#no shutdown
//处理err-disable状态,逻辑是先shutdown该接口,处理完成后,再开启接口;注意;