|
VLAN聚合
只使用一个网段,却可以相互隔离(二层隔离)
[SW1-vlan100]dis this
vlan 100
aggregate-vlan
access-vlan 10 20
[SW2-vlan100]dis this
vlan 100
aggregate-vlan
access-vlan 10 20
[SW3-vlan100]dis this
vlan 100
aggregate-vlan
access-vlan 10 20
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]dis this
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
[SW1-GigabitEthernet0/0/1]int g0/0/2
[SW1-GigabitEthernet0/0/2]dis this
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
[SW1-GigabitEthernet0/0/2]int g0/0/3
[SW1-GigabitEthernet0/0/3]dis this
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]dis this
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]dis this
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
[SW2-GigabitEthernet0/0/2]int g0/0/3
[SW2-GigabitEthernet0/0/3]dis this
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]dis this
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
[SW3-GigabitEthernet0/0/1]int g0/0/3
[SW3-GigabitEthernet0/0/3]dis this
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
PC1pingPC4 在SW1 g0/0/2上抓包,发现数据包打的是10的标签,说明VLAN100只有网关的作用,不作为标签转换
PC1和PC2不能通信的原因:不同VLAN,ARP不能到达PC3
解决办法:
1、三层通信(无法实现,同网段通信,PC1只会直接请求PC2的Mac地址)
2、让PC1能请求到PC2的MAC地址(开启ARP代理)
[SW3-Vlanif100]dis this
interface Vlanif100
ip address 10.1.1.254 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
同网段不同VLAN通信
PC1-----网关------PC2
1、PC1发送ARP请求(目的IP为PC2)------- 被网关收到
2、网关收到之后也发送ARP请求(广播),目的IP为PC2-----PC2收到
3、PC2单播回复ARP响应给网关(IP:PC2,Mac:PC2)
4、网关给PC1单播回复ARP响应(IP:PC2,Mac:网关)
 最后PC1请求到的是网关的Mac地址
|
