今天分享一个在工作中常常遇到特殊组网需求在(列如:WLAN组网中常常遇到),
mac-vlan根据每台主机的mac地址来分配划分vlan,相当于是对每台主机的mac地址进行vlan划分。
mac-vlan的优点在于,将mac地址与vlan绑定,绑定后该mac地址对应的设备可以随意切换端口,mac地址对应的vlan不会改变。
mac-vlan能够实现灵活的接入控制。列如在大的会议厅办公但是要求本部门的员工只能连接本部门的vlan上网办公,这就需要用到hybrid接口。
华为交换默认hybrid接口,这个接口比较特殊,hybrid端口可以允许多个VLAN的数据帧通过,可以接收和发送多个vlan的数据帧,一般用于交换机之间的连接(也可以用于终端接入)。
hybrid对接收不带tag标签的报文出处理方式:
打上缺省的VLAN ID,当缺省VLAN ID 在允许通过的VLAN ID列表里时,接收该报文。
打上缺省的VLAN ID,当缺省VLAN ID不在允许通过的VILAN ID列表里时,丢弃该报文。
hybrid对接收带tag标签的报文出处理方式:
当VLAN ID在接口允许通过的VLAN ID列表里时,接收该报文。
当VLAN ID不在接口允许通过的VLAN ID列表里时,接收该报文。
当VLAN ID是该接口允许通过的VLAN ID时,发送该报文,可以通过命令设置发送时是否携带Tag标签。
演示拓扑图
核心交换机配置
#
sysname HX
#
vlan batch 10 20 30 99
#
dhcp enable
#
vlan 10
mac-vlan mac-address 5489-982d-6f0b priority 0
vlan 20
mac-vlan mac-address 5489-980c-40c9 priority 0
vlan 30
mac-vlan mac-address 5489-9888-304d priority 0
#
ip pool jishubu
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool shengchanbu
gateway-list 192.168.30.1
network 192.168.30.0 mask 255.255.255.0
dns-list 8.8.8.8
#
ip pool shichangbu
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select global
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
dhcp select global
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
dhcp select global
#
interface Vlanif99
ip address 192.168.99.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 30 99
mac-vlan enable
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 99
mac-vlan enable
#
接入交换1 配置
#
sysname jr1
#
vlan batch 10 20 30 99
#
interface Vlanif99
ip address 192.168.99.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/2
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/3
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
接入交换机2 配置
#
sysname jr2
#
vlan batch 10 20 30 99
#
interface Vlanif99
ip address 192.168.99.3 255.255.255.0
#
iterface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 99
mac-vlan enable
#
interface GigabitEthernet0/0/2
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/3
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/4
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/5
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/6
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/7
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/8
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/9
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/10
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/11
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/12
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/13
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/14
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/15
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/16
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/17
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/18
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/19
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
interface GigabitEthernet0/0/20
port hybrid untagged vlan 10 20 30
mac-vlan enable
#
测试在三个部门的终端pc可以在交换机1和交换机2上切换使用他们的vlan
不会变。
![在苹果iPhone手机上编写ios越狱插件deb[超简单] - 鹿快](https://img.lukuai.com/blogimg/20251123/23f740f048644a198a64e73eeaa43e60.jpg)
- 最新
- 最热
只看作者