- 积分
- 16841
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
一、实验环境
& T. d- l/ r4 e9 [- c- p5 c# g0 A2 b3 E, r+ @: |0 D1 b% Y
4 L' N# V" Z+ c5 J) @1 V二、创建VLAN
6 ]2 U% L! G" A$ l; a( i- `[huawei]sy AC1: `! q# `5 C7 u& E' F
[AC1]un in en
( ~ a3 j/ |5 ^) F$ s[AC1]vlan batch 100 101 102 8002 Q ^( e8 h$ s5 C3 ^, p8 p
/ L: z9 [& p z1 C3 {" x9 xinterface GigabitEthernet0/0/3
* K9 S7 d' b7 Z9 @: s port link-type access
6 G% }7 l7 b! L3 Y0 R port default vlan 800
! N* C1 U" ?' n' l& S, Q+ {3 z q+ A0 W! r. t/ p( S
+ Y/ }- i2 z Z' W' C( x4 u" Y
interface Vlanif800
4 N. ^3 U0 I: c0 r/ \$ } ip address 192.168.240.1 255.255.255.2523 {1 i. }* K$ y7 f
q' s! J$ B( V0 D$ `8 {
e' u s2 S) N三、AP上线- D. T* W4 A6 g, p, Q& h1 r
AP与AC之间打trunk。将管理vlan100设为trunk的本征vlan。
5 Q+ t9 [3 [5 }
- y. {' L4 x# x. `' f: _8 Z* B什么是本征vlan?
+ ?$ P) D: }4 \! J. h& p3 r5 g, A3 x" d. P9 n
关于本征vlan的概念总是忘记,重新搜索了一下加深一下记忆,总结了几条:/ U j5 w5 N3 `( c, _5 l! s/ f. h( f
1、本征vlan默认是vlan1,并且是可以修改的,修改后,不加tag的帧全都送给本征vlan来在中继端口上传输;: z- [& s9 @0 z$ E, a
2、交换机的access口是不存在本征vlan的概念的,这个概念只存在中继端口上;/ x" |% \- O) E2 m' U: F6 Z* ?
3、本来所有经过中继口上的帧都应该打上标记的,中继通过allow vlan *** 来放行相关vlan通行,但是交换机之间不管存在穿越帧,还存在交换机之间协商信息的帧,如果将这些帧打上tag,也就是那些交换机管理信息,那么这些信息传递到目的地,并不需要送往对应vlan中,而是让交换机接收的信息,那么这时候就需要本征vlan了,不打tag的帧全送到本征vlan进行传送;
3 L. } w9 t9 G# _2 N7 E, }8 z. q) L4、本征vlan收到带tag的帧是会丢弃的。( ^' p) ^4 q) S; `' K4 W
. j+ G- J0 f! r, o* c- ^- @7 L
默认情况下,Trunk 端口的缺省VLAN 为VLAN1。对 Trunk 端口,执行undo vlan 命令删除端口的缺省VLAN 后,端口的缺省VLAN 配置不会改变的,即使用已经不存在的VLAN 作为缺省VLAN。
# C `! c/ H) V; I1 ?4 O+ |' q9 s8 v& A- a' m0 V3 u
interface GigabitEthernet0/0/15 Z4 C+ h/ ?5 {: Q( K$ K
port link-type trunk! f& {& n; t0 u; G
port trunk pvid vlan 100 #将vlan100配置为本征vlan0 p3 H2 O( R) @# n, G; {) f0 p- B
port trunk allow-pass vlan 100 to 101 #允许vlan100和vlan101通过
# T! a5 Q, }- C( M( D! G) }# M q
7 B' T' V) h$ O; k8 c4 v! w7 Q$ H1 n" Y0 |
interface GigabitEthernet0/0/26 B5 e; d7 {; k8 N" r+ ]
port link-type trunk* a) V% L5 Y r" G l( x
port trunk pvid vlan 100 #将vlan100配置为本征vlan( S% V' w$ {3 p! m2 K
port trunk allow-pass vlan 100 to 102 #允许vlan100和vlan101通过" T- E$ X4 J2 Y0 ]. r& X2 P7 h+ f
q& f) x* g- u( o9 W
7 P# {) r8 e% r4 p" u0 P+ D% h ^, l" u注意事项:将vlan100配置为本征vlan,目的是使得AP发来的不打tag的DHCP请求报文,归为vlan100的流量,从而使得AP获取到IP地址。AP和AC之间交互的管理流量都是不打tag的。
6 a3 b* y- K8 S7 K! j* ?7 k7 I/ `0 l+ a9 l
查看一下vlan接口信息
) F$ U8 g/ H) p* ~: \ ^9 v: f% Q; P+ q9 @. u) J; c) m! P4 M2 [" [! w
[AC1]dis port vlan
: h g5 U2 b8 w+ K. R, o6 uPort Link Type PVID Trunk VLAN List
8 s" w/ B$ X1 A1 F. ^! r) N/ T-------------------------------------------------------------------------------
8 n$ W% _. j& ~+ Y1 A' k( O: KGigabitEthernet0/0/1 trunk 100 1 100-101. T# H+ A5 L1 @& Z( s5 y) y
GigabitEthernet0/0/2 trunk 100 1 100-102" {+ `9 P2 R" H' A6 P) M
GigabitEthernet0/0/3 access 800 - 4 p7 M8 t3 P9 f3 p6 z/ V) X" J6 v
GigabitEthernet0/0/4 hybrid 1 -
( f$ R$ }& o- Q, [! ~GigabitEthernet0/0/5 hybrid 1 -
6 T! s( Y$ T- a0 k1 F _5 B) \...6 V* C& V1 c$ r& {
9 m$ A6 M3 {9 ~; m, @7 e) t2 x
创建AP地址池7 M, @- U( M& @3 c
这里是基于接口的DHCP配置,用于给AP分配IP地址。
: l( i( C v) z5 a2 w. l2 P* U' [! Q P2 U
dhcp enable% [3 k6 j( u/ v% W+ k+ t
interface Vlanif100
+ ^, W) q) v, H2 z! n7 b ip address 192.168.100.1 255.255.255.04 A9 b J- ]8 X' x
dhcp select interface
9 s" y# ~% ^4 y$ ^& l/ x( j; f! Y dhcp server dns-list 114.114.114.114 8.8.8.8
. K, K( |) P5 x7 a
0 w \, j0 x& _验证AP上线3 u: ?2 F9 y w; I( J
在AC上查看
# C! I6 @9 @1 r% g. X5 _9 @* I
/ P0 U/ R) Z4 H* E$ ]4 [[AC1]dis ip pool interface Vlanif100 used ?, l" S K, d( b, \
Pool-name : Vlanif100
, R. N7 O A7 u3 n; u# h" i: t Pool-No : 0; i" s7 w* [, V( {& ]4 f
Lease : 1 Days 0 Hours 0 Minutes, O/ Z2 j& R% B2 @3 k$ H
Domain-name : -
J# u( x* o# m! p' c* y) ] DNS-server0 : 114.114.114.114
: B9 r% [" r2 R6 R' j3 J DNS-server1 : 8.8.8.8 ; {' ~, u" g9 N4 m
NBNS-server0 : -
7 R: O# c7 w7 s- l Netbios-type : - $ H) O4 E/ {. f% v9 E- |! S/ _
Position : Interface Status : Unlocked$ N5 o' M) R- N" R7 L+ B( M; o1 E
Gateway-0 : - $ x: V |3 Q& y* y: p# D
Network : 192.168.100.0& q! A6 l* ? R
Mask : 255.255.255.0
/ m" g! X9 c2 U5 t$ g4 e- n Logging : Disable
( L: S; I! i- C. A( W' P Conflicted address recycle interval: -
4 M( T1 O( o# i& z: F Address Statistic: Total :254 Used :2
}7 _6 U' Q% @ Idle :252 Expired :0
3 x7 _9 h* K* B2 j( v7 L Conflict :0 Disabled :0 ; O) n8 j/ k( p2 v4 S
( O: s& |+ f& g; N: j( w -------------------------------------------------------------------------------
S7 p- p0 F( E Network section
4 S0 Y+ y, D8 z8 Q9 H& d+ x Start End Total Used Idle(Expired) Conflict Disabled0 a a" U4 S* G- a' G1 @% K( H5 x
-------------------------------------------------------------------------------
# S# ^( M1 y v+ f3 C* S 192.168.100.1 192.168.100.254 254 2 252(0) 0 0; F" {7 H, w8 {1 D3 ^/ F
-------------------------------------------------------------------------------. ?* C* ?2 ~. p; s' M* L/ T4 y' s
Client-ID format as follows:
0 ]) P. m) s# a* S; i6 ?5 ` DHCP : mac-address PPPoE : mac-address 0 q ?8 N; O$ g1 ?9 z, N, I
IPSec : user-id/portnumber/vrf PPP : interface index
% U" J. c* h1 t6 e" s& Z L2TP : cpu-slot/session-id SSL-VPN : user-id/session-id
) l) e: K0 _) q) f$ Z L9 m2 |1 i7 Q -------------------------------------------------------------------------------
3 _$ p, q5 d( D$ e; M3 d9 H0 n Index IP Client-ID Type Left Status
6 o4 A% t& D% G5 @ d% N -------------------------------------------------------------------------------9 T9 e! w3 i: V' c* F. z
83 192.168.100.84 00e0-fc59-48f0 DHCP 85055 Used
$ O6 T$ h) j9 `, n+ G7 ] 156 192.168.100.157 00e0-fcd9-2cc0 DHCP 85055 Used
+ S+ b4 F5 d4 j) Y& \1 U) R! b6 G -------------------------------------------------------------------------------
( O! y& q& I; ]8 M8 N& ^3 ?
% m1 V# h' G0 |但是现在我们没法分清楚哪个是AP1、AP2,接下来我们可以到AP上分别去查看。
H/ p) D4 e5 } z
: |& ?+ S; Z0 A, K2 _* D: b; h9 U8 S我们看到AP1拿到的地址是192.168.100.84
5 [) d( k; a. l9 R- X) U% S! d$ I& i
& T8 S* F5 j' A#在AP1上查看
" E0 G( J: e$ s# T- @[Huawei]dis ip in b
1 [2 S6 R& k6 I/ P+ k9 a; V6 f, q*down: administratively down, u* ?3 s U+ K9 N6 |2 s
^down: standby$ r; K7 ]" d- f$ h8 z
(l): loopback
) H( j `: f) r+ b3 r9 k" t(s): spoofing: U- I! ` c! N- ~0 e
(E): E-Trunk down
# F# z" s# v7 {/ {! r; a7 s9 P) YThe number of interface that is UP in Physical is 2
% P5 ]3 j% T# R. M' h, v: q/ @( lThe number of interface that is DOWN in Physical is 0& a- \$ l& K O; e
The number of interface that is UP in Protocol is 2
$ h$ }+ {/ _; F2 ~The number of interface that is DOWN in Protocol is 0
8 x- \& ~" G- u- |0 r0 w
6 p/ h9 e% M; ]3 a+ }Interface IP Address/Mask Physical Protocol
& U1 K3 v, b7 R) hNULL0 unassigned up up(s) / I8 L( T0 ^& ]. q. n- V) z) ] O6 B" [+ ~
Vlanif1 192.168.100.84/24 up up, {8 O& c+ Q, K6 N
6 T) Y n, d( p2 H[Huawei]ping 192.168.100.13 E: z" u0 n( I
PING 192.168.100.1: 56 data bytes, press CTRL_C to break$ j1 Y0 M5 T) |( m
Reply from 192.168.100.1: bytes=56 Sequence=1 ttl=255 time=110 ms9 v+ ?, ]6 i7 {/ G7 D* L T
Reply from 192.168.100.1: bytes=56 Sequence=2 ttl=255 time=1 ms
" ` w* x" b+ V5 z) { Reply from 192.168.100.1: bytes=56 Sequence=3 ttl=255 time=1 ms0 {0 z& y* u: |: m: K' k! i
Reply from 192.168.100.1: bytes=56 Sequence=4 ttl=255 time=1 ms
: v# m0 u3 T, m Reply from 192.168.100.1: bytes=56 Sequence=5 ttl=255 time=10 ms
5 @# L- C! W o3 Q) H$ b K/ ~) m$ ^- O) Y+ |
--- 192.168.100.1 ping statistics ---
! m/ o9 d( e$ T6 l3 S: i2 E) m 5 packet(s) transmitted
I* T( s9 g8 ^ s1 q 5 packet(s) received
7 N" K3 m1 c( ~. v( e9 } 0.00% packet loss0 d' v+ B* h# {
round-trip min/avg/max = 1/24/110 ms! Q5 H0 y' H: F4 D: o% _1 h
; I% p; i f8 x5 K1 wAP2拿到了192.168.100.157
2 ?# T* }2 f, i( i( M( I/ K! K0 J/ k
在AP2上查看
& H8 e, \: r$ E6 t<Huawei>dis ip in b
- _! |' [0 y9 T# t5 C% ?0 T*down: administratively down
4 ^( [7 t4 a: n5 t; L% a^down: standby( a3 {& t9 C/ u# c) [7 c9 L: k
(l): loopback
/ L( i, J/ z U8 R(s): spoofing: `7 M9 q8 |! h
(E): E-Trunk down
* v. Y% a" L! GThe number of interface that is UP in Physical is 2
, G& [( Y+ u/ [( PThe number of interface that is DOWN in Physical is 0' G/ ]' g" Z" H' @$ N# N
The number of interface that is UP in Protocol is 2
) x3 F; p- E4 RThe number of interface that is DOWN in Protocol is 0& k, e, J! G4 y: u4 {$ g$ s
) z- o+ D, O, }3 Y: f! m+ T
Interface IP Address/Mask Physical Protocol ; ?$ g, n. Q8 Y5 S' d
NULL0 unassigned up up(s) 2 X5 o8 [0 j8 z/ v3 ^* ]
Vlanif1 192.168.100.157/24 up up / @% y0 i9 g: a/ I, Z2 T- N# x
! Y: M2 t& Z4 p我们看到AP1拿到的地址是192.168.100.84,现在我们可以在AC上ping一下1 w$ F" y Y1 h& S
' Z' H- \& X' |. L( Q# \
[AC1]ping 192.168.100.84
$ b/ b3 Q/ c- l6 Z F/ _# A PING 192.168.100.84: 56 data bytes, press CTRL_C to break
. g# a" Q/ w% u5 ^/ m Reply from 192.168.100.84: bytes=56 Sequence=1 ttl=255 time=1 ms
' b7 o% O8 E3 U' A4 f Reply from 192.168.100.84: bytes=56 Sequence=2 ttl=255 time=1 ms$ `) X! s1 q4 q0 g, _) Y) B+ M6 ]
Reply from 192.168.100.84: bytes=56 Sequence=3 ttl=255 time=10 ms( Z' |$ F% y7 k; z
Reply from 192.168.100.84: bytes=56 Sequence=4 ttl=255 time=1 ms6 L5 G a3 t5 c- F9 [
Reply from 192.168.100.84: bytes=56 Sequence=5 ttl=255 time=1 ms
6 S0 h) O$ i; E- u
% \: y5 Q; w6 [) q) R --- 192.168.100.84 ping statistics ---
( Z, A! j3 B+ ?0 v/ d 5 packet(s) transmitted
' x# d+ h" Q4 H, c u$ e 5 packet(s) received% @9 _5 E- `- z0 U6 W
0.00% packet loss0 M# _7 T- r- z4 V% [- S
round-trip min/avg/max = 1/2/10 ms$ K- u& g. s; n4 |( P$ A
, s7 O5 r9 u) v5 K1 r
[AC1]ping 192.168.100.157
' L) ]+ u `3 k4 P% z, P+ ^" D PING 192.168.100.157: 56 data bytes, press CTRL_C to break
3 H5 c9 D" E& ~0 W0 w+ w" y Reply from 192.168.100.157: bytes=56 Sequence=1 ttl=255 time=1 ms
6 z* O' R6 C1 p" G* \- y) \ Reply from 192.168.100.157: bytes=56 Sequence=2 ttl=255 time=1 ms+ ?( r) E9 j6 Q+ Y2 @) y$ O
Reply from 192.168.100.157: bytes=56 Sequence=3 ttl=255 time=1 ms
+ i, c) i0 D% w, l: D; a- t% _ Reply from 192.168.100.157: bytes=56 Sequence=4 ttl=255 time=10 ms p6 }6 u8 a; ~, c' {
Reply from 192.168.100.157: bytes=56 Sequence=5 ttl=255 time=1 ms1 `! {9 G6 U6 g( f0 f! l
4 v) X( Z, z9 M --- 192.168.100.157 ping statistics ---
& G6 t6 M. S z% L 5 packet(s) transmitted# K, s, K! \8 U
5 packet(s) received
2 }- m) z1 E& ~, M 0.00% packet loss
. H7 \. c4 d5 B& X round-trip min/avg/max = 1/2/10 ms, O: G$ y' e9 f, k4 G, m1 P
T( I) I& }9 H: Q5 N: T3 l: }
& `0 t& q7 j% y5 ^) c四、创建用户群地址池
/ Y+ V9 ]& b- T1 Z8 I. G用户群A的DHCP4 `; n8 A7 [1 b" J6 t
用于给用户群A分配IP地址
6 L3 T* c# \5 B) s& r: }4 U1 l/ y" X; p& C/ H9 t R
interface Vlanif101
4 W" t) s' D4 u# \ ip address 192.168.101.1 255.255.255.0
: E/ Q' z I4 C6 y3 R; C5 | dhcp select interface" ]8 n1 ?! B' U: H, a4 N
dhcp server dns-list 114.114.114.114 8.8.8.87 s8 Q+ F+ D# C2 N6 I8 v5 ?
7 f# U% e6 ?+ X7 o用户群B的DHCP( @' r ^. a; R- P* N* u
用于给用户群A分配IP地址+ y' ^! ~& z+ o' C$ N: u
. O( u4 E. W( h: T7 c
interface Vlanif102: k N* I. W2 Q2 B
ip address 192.168.102.1 255.255.255.0
# S( Y0 O7 a, w, j5 @+ P7 B5 d/ P dhcp select interface
8 E, c3 r2 }- @2 J! \ k2 R dhcp server dns-list 114.114.114.114 8.8.8.8) K9 W% X5 T0 s) g" }$ b
* Z! n6 j: V) ~3 }: [
5 h/ Y p6 {# k
7 N6 G: w- a' n7 g$ k0 f; E# } |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2022-3-16 10:00:02
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜