拓扑
使用MUX VLAN实现隔离业务流量和访客流量,VLAN10和VLAN20为业务流量,要求可以访问到服务器,访客VLAN30不允许访问服务器
配置
LSW2
#
vlan 100
mux-vlan
subordinate separate 30
subordinate group 10 20
#
vlan 100
mux-vlan
subordinate separate 30
subordinate group 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
port mux-vlan enable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
port mux-vlan enable
#
LSW3
#
vlan batch 10 20 30 100
#
vlan 100
mux-vlan
subordinate separate 30
subordinate group 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
port mux-vlan enable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
port mux-vlan enable
#
LSW6
#
vlan batch 10 20 30 100
#
vlan 100
mux-vlan
subordinate separate 30
subordinate group 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 30
port mux-vlan enable
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 30
port mux-vlan enable
#
LSW1
#
vlan batch 10 20 30 100
#
vlan 100
mux-vlan
subordinate separate 30
subordinate group 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan all
#
LSW4
#
vlan batch 10 20 30 100
#
vlan 100
mux-vlan
subordinate separate 30
subordinate group 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 100
port mux-vlan enable
#
验证
GROUP VLAN 访问 principal VLAN
PC1 ping Server1
分别在LSW4的GE0/0/1和GE0/0/2抓包
Separate VLAN 和 principal VLAN / GROUP VLAN通信
Separate VLAN内部通信
GROU VLAN之间通信
