配置要求:@H_403_10@
某公司拥有多个部门且位于同一个网段,现将不同部门划分到不同的VLAN中,不同部门的用户之间需要互通@H_403_10@
实现不同部门的二层隔离、三层互通@H_403_10@
思路:super-VLAN只能配置在三层交换机上,SUPER-VLAN为全局VLAN 可减少IP地址的浪费。@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
一:批量创建VLAN 2 3 4@H_403_10@@H_403_10@
@H_403_10@@H_403_10@
[Huawei]vlan batch 2 4@H_403_10@
@H_403_10@
[Huawei]qut@H_403_10@
@H_403_10@
@H_403_10@
二:设置VLAN 4为super vlan 并允许VLAN 2和3@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
[Huawei]vlan 4@H_403_10@
[Huawei-vlan4]aggregate-vlan@H_403_10@
[Huawei-vlan4]access-vlan 2 to 3@H_403_10@
[Huawei-vlan4]quit@H_403_10@
@H_403_10@
@H_403_10@
三:配置GigabitEthernet 0/0/1和GigabitEthernet 0/0/2口为ACCESS接口 并加入VLAN 2中@H_403_10@
注意:三层的默认端口为hybrid接口,需要更改为access接口@H_403_10@
@H_403_10@
@H_403_10@使用端口组port-group配置会更加快速@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
[Huawei]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/2@H_403_10@
[Huawei-port-group]undo shut@H_403_10@
[Huawei-GigabitEthernet0/0/1]undo shutdown@H_403_10@
[Huawei-GigabitEthernet0/0/2]undo shutdown@H_403_10@
@H_403_10@
@H_403_10@
[Huawei-GigabitEthernet0/0/1]port link-type access@H_403_10@
[Huawei-GigabitEthernet0/0/2]port link-type access@H_403_10@
[Huawei-GigabitEthernet0/0/1]port default vlan 2@H_403_10@
[Huawei-GigabitEthernet0/0/2]port default vlan 2@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
三:配置GigabitEthernet 0/0/3和GigabitEthernet 0/0/4口为ACCESS接口 并加入VLAN 3中@H_403_10@
@H_403_10@
@H_403_10@
[Huawei]port-group group-member GigabitEthernet 0/0/3 to GigabitEthernet 0/0/4@H_403_10@
[Huawei-port-group]undo shut@H_403_10@
[Huawei-GigabitEthernet0/0/3]undo shutdown@H_403_10@
[Huawei-GigabitEthernet0/0/4]undo shutdown@H_403_10@
@H_403_10@
[Huawei-port-group]port link-type access@H_403_10@
[Huawei-GigabitEthernet0/0/3]port link-type access@H_403_10@
[Huawei-GigabitEthernet0/0/4]port link-type access@H_403_10@
[Huawei-port-group]port default vlan 3@H_403_10@
[Huawei-GigabitEthernet0/0/3]port default vlan 3@H_403_10@
[Huawei-GigabitEthernet0/0/4]port default vlan 3@H_403_10@
@H_403_10@
@H_403_10@
四:在vlanif 4中开启arp-proxy功能,并配置VLAN 2 和3 的网关地址@H_403_10@
@H_403_10@
@H_403_10@
[Huawei]int Vlanif 4@H_403_10@
[Huawei-Vlanif4]ip add 192.168.10.1 255.255.255.0@H_403_10@
[Huawei-Vlanif4]arp-proxy inter-sub-vlan-proxy enable@H_403_10@
[Huawei-Vlanif4]quit@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
全局配置命令:@H_403_10@
@H_403_10@
[Huawei]dis current-configuration@H_403_10@
@H_403_10@
vlan batch 2 to 4@H_403_10@
#@H_403_10@
@H_403_10@
vlan 4@H_403_10@
aggregate-vlan@H_403_10@
access-vlan 2 to 3@H_403_10@
@H_403_10@
@H_403_10@
interface Vlanif4@H_403_10@
ip address 192.168.10.1 255.255.255.0@H_403_10@
arp-proxy inter-sub-vlan-proxy enable@H_403_10@
#@H_403_10@
interface GigabitEthernet0/0/1@H_403_10@
port link-type access@H_403_10@
port default vlan 2@H_403_10@
#@H_403_10@
interface GigabitEthernet0/0/2@H_403_10@
port link-type access@H_403_10@
port default vlan 2@H_403_10@
#@H_403_10@
interface GigabitEthernet0/0/3@H_403_10@
port link-type access@H_403_10@
port default vlan 3@H_403_10@
#@H_403_10@
interface GigabitEthernet0/0/4@H_403_10@
port link-type access@H_403_10@
port default vlan 3@H_403_10@
#@H_403_10@
@H_403_10@
@H_403_10@
清除某个端口全部配置的命令:@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
@H_403_10@
[Huawei]clear configuration interface GigabitEthernet 0/0/4@H_403_10@
@H_403_10@
@H_403_10@
永远端口组和临时端口组在配置上的区别:@H_403_10@
@H_403_10@
永远端口组的创建:@H_403_10@
[Huawei]port-group1@H_403_10@
[Huawei-group-1]group-memberGigabitEthernet0/0/1toGigabitEthernet0/0/3@H_403_10@
临时端口组的创建:@H_403_10@
[Huawei]port-group group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/4@H_403_10@
@H_403_10@
去掉永远端口组的命令:(临时端口组在退出后自动删除)@H_403_10@
@H_403_10@
[Huawei]undo port-group 1@H_403_10@
