跳到主要內容

Trunk 與 VTP

802.1Q Trunking


*Trunk不屬於任何VLAN,可以承載所有VLAN
*兩端設備Native VLAN要相同()
*Trunk Port不能使用Port-Security


|Dest|SRC|Len/Etype|Data(46-1500)|FCS|   Ethernet Frame

|Dest|SRC|Tag|Len/Etype|Data(46-1500)|FCS(重新演算)| 802.1Q Frame

Tag=  |EtherType(0x8100)|PRI|Token Ring Encapsulation Flag|VLAN ID|
Tag=  |-----------16Bit--------|3Bit|-------------------1Bit----------------|----12Bit--|
(總共4Byte)


Native VLAN (Native VLAN-->Untagged)
*預設為VLAN 1,只能有一個Native VLAN
*所有資料到Trunk都會加Tag,只有Native Vlan不加Tag
*802.1Q 才有

--------------------------------------------------------------------------------------------

查看介面Trunk的相關資訊

這個範例是兩台2950的Port 1對接

SW1#show interfaces fa 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none


Catalyst 2950預設是Dynamic desirable,不過在Cisco Packet Tracer 5.3.3預設居然是Dynamic Auto,而且也沒有下面這個指令

SW1#show interfaces fa 0/1 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       desirable    802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/1       1-4094

Port        Vlans allowed and active in management domain
Fa0/1       1

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1


若Port 1設成Access
SW1#show interfaces fa 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none


SW1#show interfaces fa 0/1 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       off          802.1q         not-trunking  1

Port      Vlans allowed on trunk
Fa0/1       1

Port        Vlans allowed and active in management domain
Fa0/1       1

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1



變更介面為Trunk
SW1(config)#interface fa 0/1
SW1(config-if)#switchport mode trunk


將介面恢復成預設值
SW1(config)#default interface fa 0/1




PS:
*Cisco 2950 不支援ISL封裝格式
*Cisco 2950預設為Dynamic Desirable

Switchport mode的4種參數

SW11(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally

SW11(config-if)#switchport mode dynamic ?
auto Set trunking mode dynamic negotiation parameter to AUTO
desirable Set trunking mode dynamic negotiation parameter to DESIRABLE



Trunk只允許特定的VLAN通過

TrunkTest(config)#interface fastEthernet 0/1
TrunkTest(config-if)#switchport trunk allowed vlan 1,3,5,8,10-12

其他參數
TrunkTest(config-if)#switchport trunk allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this port is in trunking mode
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs

remove remove VLANs from the current list


VTP (VLAN Trunking Protocol)


使用條件
1.CISCO 設備
2.相同VTP Domain
3.要形成802.1Q Trunking


VTP角色
1.Server
2.Client
3.Transparent

使用Multicast Frames傳送,預設每5分鐘傳送
-----------------------------------------------------------------------------------------------

VLAN 資料存在VLAN.dat
Membership存在Running-config
-----------------------------------------------------------------------------------------------
DTP
2950 Switch--->預設Dynamic Desirable
2960 Switch--->預設Dynamic Auto


狀況1
新的Switch若沒有任何設定,一但接到網路中,若與其他Switch形成Trunk,並且網路中有Switch的VTP  Mode為Server,那麼新的Switch會從那台Switch學到VLAN

PS:
VTP Domain設定後就無法清除,但可以變更名稱,除非erase starting-config

VTP Client若是Revision較高,也可以覆寫VTP Server的Database

VTP Password有分大小寫


VTP
SW2#show vtp status
VTP Version                     : 2 (代表有支援Version2,但不代表有啟用Version2)
Configuration Revision          : 0
Maximum VLANs supported locally : 128
Number of existing VLANs        : 5 (系統預設有5個VLAN,故此例還沒新增VLAN)
VTP Operating Mode              : Server
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled (沒有啟用Verssion2)
VTP Traps Generation            : Disabled
MD5 digest                      : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 10.0.30.2 on interface Vl1 (lowest numbered VLAN interface found)
(上次從10.0.30.2收到,可用Show CDP去查對接的設備)


介面因為某些原因歸屬到一個不存在的VLAN

Switch#show interfaces fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 88 (Inactive)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none



當兩台對接的Switch設為Access與Trunk時



未完...

留言

這個網誌中的熱門文章

使用Cisco L3 Switch做VLAN的Routing

目標: 讓VLAN100與VLAN200的電腦透過L3 Swtich做VLAN的Routing,並且可以互相存取資源與上網,另外再使用Windows Server 2012配發VLAN100,VLAN200的IP Firewall: 使用ASUS AP當Firewall,並設兩條Static Route Switch: Core Switch為Cisco 3750切VLAN 10,VLAN100,VLAN200,VLAN10為預設的VLAN,VLAN100為Sales,VLAN200為RD Edge Switch為Cisco 3750與2950,其中2950為VLAN100,3750為VLAN200,如果要By Port切VLAN也可以,這裡只是為了方便說明,所以Edge Switch都直接設為單一VLAN Core Switch的設定 原本我只想Show Running-config其中比較重要的設定,後來想想還是全部列出,用紅色標記重要的設定 Gi 1/0/1接2950 Gi 1/0/2接3750 Gi 1/0/24接Router Core-3750#show running-config Building configuration... Current configuration : 2436 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Core-3750 ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model switch 1 provision ws-c3750g-24t system mtu routing 1546 ip routing no ip domain-lookup ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree portfas...

Cisco Switch 發生Loopback

User告知網路無法使用,看了Switch的狀況後,發現那個Port的狀態是Error Disable,接著又看了Switch的log Feb  8 12:14:14 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:15:49 TW: %DHCP_SNOOPING-5-DHCP_SNOOPING_UNTRUSTED_PORT: DHCP_SNOOPING drop message on untrusted port, message type: DHCPNAK, MAC sa: 2c56.dc86.xxxx Feb  8 12:18:00 TW: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on FastEthernet0/10. Feb  8 12:18:00 TW: %PM-4-ERR_DISABLE: loopback error detected on Fa0/10, putting Fa0/10 in err-disable state Feb  8 12:18:01 TW: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down Feb  8 12:18:02 TW: %LINK-3-UPDOWN: Interface FastEthernet0/10, changed state to down 應該是User私接設備,除了造成Loopback之外,又在隨便發放IP....... 不過因為那個User比較特殊,先教育了一下之後,再把那個Port shutdown , no shutdown,接著把Recovery設了上去,下次如果再遇到相同狀況,10分鐘後會自動恢復 xxx...

2台 Vigor 2920建立 LAN To LAN VPN (IPsec)

我有兩台Vigor 2920,環境如下: Vigor B 撥出 LAN:192.168.1.0/24 Vigor A 撥入 LAN:172.16.1.0/24 設定如下: Vigor B設定 Vigor A設定 詳細設定請參考官網 http://www.draytek.com/index.php?option=com_k2&view=item&id=2666&Itemid=264&lang=tw