switch a交换机下接switch b、switch c交换机,要求从switch a上看,switch b、switch c发出的报文都是不带vlan tag的,无需考虑下层交换机的vlan配置。
switch b上的vlan 5为isolate-user-vlan,包含上行端口ethernet1/0/1和两个secondary vlan:vlan 2和vlan 3,vlan 3包含端口ethernet1/0/2,vlan 2包含端口ethernet1/0/5。
switch c上的vlan 6为isolate-user-vlan,包含上行端口ethernet1/0/1和两个secondary vlan:vlan 3和vlan 4,vlan 3包含端口ethernet1/0/3,vlan 4包含端口ethernet1/0/4。
2. 组网图
3. 配置步骤
配置switch b:
# 配置isolate-user-vlan。
[switchb] system-view
[switchb] vlan 5
[switchb-vlan5] isolate-user-vlan enable
# 配置secondary vlan。
[switchb-vlan5] quit
[switchb] vlan 3
[switchb-vlan3] quit
[switchb] vlan 2
# 将端口ethernet1/0/2添加到isolate-user-vlan和secondary vlan中,并配置untag操作
[switchb-vlan2] quit
[switchb] interface ethernet 1/0/2
[switchb-ethernet1/0/2] port link-type hybrid
[switchb-ethernet1/0/2] port hybrid vlan 3 untagged
[switchb-ethernet1/0/2] port hybrid vlan 5 untagged
[switchb-ethernet1/0/2] port hybrid pvid vlan 3
# 将端口ethernet1/0/5添加到isolate-user-vlan和secondary vlan中,并配置untag操作
[switchb-ethernet1/0/2] quit
[switchb] interface ethernet 1/0/5
[switchb-ethernet1/0/5] port link-type hybrid
[switchb-ethernet1/0/5] port hybrid vlan 2 untagged
[switchb-ethernet1/0/5] port hybrid vlan 5 untagged
[switchb-ethernet1/0/5] port hybrid pvid vlan 2
# 将端口ethernet1/0/1添加到isolate-user-vlan和secondary vlan中,并配置untag操作
[switchb-ethernet1/0/5] quit
[switchb] interface ethernet 1/0/1
[switchb-ethernet1/0/1] port link-type hybrid
[switchb-ethernet1/0/1] port hybrid vlan 2 untagged
[switchb-ethernet1/0/1] port hybrid vlan 3 untagged
[switchb-ethernet1/0/1] port hybrid vlan 5 untagged
[switchb-ethernet1/0/1] port hybrid pvid vlan 5
# 配置isolate-user-vlan和secondary vlan间的映射关系。
[switchb-ethernet1/0/1] quit
[switchb] isolate-user-vlan 5 secondary 2 to 3
配置switch c:
# 配置isolate-user-vlan。
[switchc] system-view
[switchc] vlan 6
[switchc-vlan6] isolate-user-vlan enable
# 配置secondary vlan。
[switchc-vlan6] quit
[switchc] vlan 3
[switchc-vlan3] vlan 4
# 将端口ethernet1/0/3添加到isolate-user-vlan和secondary vlan中,并配置untag操作
[switchc-vlan4] quit
[switchc] interface ethernet 1/0/3
[switchc-ethernet1/0/3] port link-type hybrid
[switchc-ethernet1/0/3] port hybrid vlan 3 untagged
[switchc-ethernet1/0/3] port hybrid vlan 6 untagged
[switchc-ethernet1/0/3] port hybrid pvid vlan 3
#将端口ethernet1/0/4添加到isolate-user-vlan和secondary vlan中,并配置untag操作
[switchc-ethernet1/0/3] quit
[switchc] interface ethernet1/0/4
[switchc-ethernet1/0/4] port link-type hybrid
[switchc-ethernet1/0/4] port hybrid vlan 4 untagged
[switchc-ethernet1/0/4] port hybrid vlan 6 untagged
[switchc-ethernet1/0/4] port hybrid pvid vlan 4
# 将端口ethernet1/0/1添加到isolate-user-vlan和secondary vlan中,并配置untag操作
[switchc-ethernet1/0/4] quit
[switchc] interface ethernet 1/0/1
[switchc-ethernet1/0/1] port link-type hybrid
[switchc-ethernet1/0/1] port hybrid vlan 3 untagged
[switchc-ethernet1/0/1] port hybrid vlan 4 untagged
[switchc-ethernet1/0/1] port hybrid vlan 6 untagged
[switchc-ethernet1/0/1] port hybrid pvid vlan 6
# 配置isolate-user-vlan和secondary vlan间的映射关系。
[switchc-ethernet1/0/1] quit
[switchc] isolate-user-vlan 6 secondary 3 to 4
经过上述配置,switch a可以接收到switch b和switch c发出的报文,而且全部是不携带vlan tag的报文。switch b和switch c各自配置的vlan 3之间由于在到达a处理时已经去除了vlan tag,所以不能够通信,这就使下层交换机拥有仅本地有效的vlan配置,从而达到了节约全局vlan资源的目的。