LAB目的：

熟練掌握VLAN操作及原理，實現相同VLAN間能ping通，不同VLAN間無法ping通

網路裝置型別：cisco switch

拓撲圖：

網路配置資訊：

實際應用中的需求：

1）技術部間可以網路互訪，技術部與財務部間無法訪問

2）只通過二層技術進行不同部門之間網路隔離

3）終端IP地址無閘道器設定，並配置靜態IP地址

具體LAB配置如下：

cisco分佈交換機1配置：

 1 Switch>en
 2 Switch#configure 
 3 Configuring from terminal, memory, or network [terminal]? 
 4
 
 Enter configuration commands, one per line.  End with CNTL/Z.
 5 Switch(config)#vlan 10
 6 Switch(config-vlan)#exit
 7 Switch(config)#vlan 20
 8 Switch(config-vlan)#exit
 9 Switch(config)#interface  fastEthernet 0/1
10 Switch(config-if)#switchport mode access 
11 Switch(config-if)#switchport access vlan 10
 

12 Switch(config-if)#exit
13 Switch(config)#interface  fastEthernet 0/2
14 Switch(config-if)#switchport access vlan 20
15 Switch(config-if)#exit
16 Switch(config)#interface  gigabitEthernet 0/1
17 Switch(config-if)#switchport mode trunk 
18 %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1
 
, changed state to down
19 
20 %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
21 
22 Switch(config-if)#switchport trunk allowed vlan 10
23 Switch(config-if)#exit
24 Switch(config)#exit
25 Switch#
26 %SYS-5-CONFIG_I: Configured from console by console
27 
28 Switch#write
29 Building configuration...
30 [OK]

cisco分佈交換機2配置：

 1 Switch>en
 2 Switch#configure 
 3 Configuring from terminal, memory, or network [terminal]? 
 4 Enter configuration commands, one per line.  End with CNTL/Z.
 5 Switch(config)#vlan 10
 6 Switch(config-vlan)#exit
 7 Switch(config)#interface fastEthernet 0/1
 8 Switch(config-if)#switchport access vlan 10
 9 Switch(config-if)#exit
10 Switch(config)#interface gigabitEthernet 0/1
11 Switch(config-if)#switchport mode trunk 
12 Switch(config-if)#switchport trunk allowed vlan 10
13 Switch(config-if)#end
14 %SYS-5-CONFIG_I: Configured from console by console
15 
16 Switch#write
17 Building configuration...
18 [OK]
19 Switch#
20 %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
21 
22 %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

技術部PC1訪問技術部PC2結果如下：

 1 Packet Tracer PC Command Line 1.0
 2 C:\>ping 192.168.10.2
 3 
 4 Pinging 192.168.10.2 with 32 bytes of data:
 5 
 6 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128
 7 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128
 8 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128
 9 Reply from 192.168.10.2: bytes=32 time<1ms TTL=128
10 
11 Ping statistics for 192.168.10.2:
12     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
13 Approximate round trip times in milli-seconds:
14     Minimum = 0ms, Maximum = 0ms, Average = 0ms

技術部PC1訪問財務部PC3結果如下：

 1 C:\>ping 192.168.20.1
 2 
 3 Pinging 192.168.20.1 with 32 bytes of data:
 4 
 5 Request timed out.
 6 Request timed out.
 7 Request timed out.
 8 
 9 Ping statistics for 192.168.20.1:
10     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

至此實驗已完成

此時再看下每個終端獲取的MAC地址及IP地址對應關係快取資訊：

技術部PC1:

1 C:\>arp -a                                                   #所含有技術部PC2的MAC地址資訊
2   Internet Address      Physical Address      Type
3   192.168.10.2          0001.967d.b74c        dynamic

技術部PC2:

1 C:\>arp -a
2   Internet Address      Physical Address      Type           #所含有技術部PC1的MAC地址資訊
3   192.168.10.1          00e0.8f39.152a        dynamic

財務部PC2:

1 C:\>arp -a                 #沒有任何MAC地址資訊
2 No ARP Entries Found

通過上述實驗總結如下：

1）同一vlan可以互訪，是在同一個二層廣播中，並且通過MAC地址轉發資料幀，資料幀封裝了上層協議資訊（IP地址）

2）二層交換機只工作在資料鏈路層

本文來自部落格園，作者：網路衝浪者，轉載請註明原文連結：https://www.cnblogs.com/baktomcat/p/15864277.html