■Cisco 1812JとCatalyst 2970GにスタティックVLANを作成する
単純にアクセスモードとトランクモードにしてping疎通確認。
■WS-C2970G-24T-EにスタティックVLANを作成する。
S1>show version | include cisco
cisco WS-C2970G-24T-E (PowerPC405) processor (revision L0) with 118784K/12280K bytes of memory.
S1>enable
Password:
S1#show interfaces status | exclude notconnect
Port Name Status Vlan Duplex Speed Type
Gi0/13 connected 1 a-full a-1000 10/100/1000BaseTX
Gi0/14 connected 1 a-full a-1000 10/100/1000BaseTX
S1#show running-config interface vlan 1
Building configuration...
Current configuration : 82 bytes
!
interface Vlan1
ip address 172.31.31.201 255.255.255.0
no ip route-cache
end
$ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31
inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0
$ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31
inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0
■所属するVLANの変更
S1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#vlan 16,32
S1(config)#interface gigabitEthernet 0/13
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 16
S1(config-if)#exit
S1(config)#interface gigabitEthernet 0/14
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 32
S1(config-if)#exit
S1(config)#interface vlan 1
S1(config-if)#no ip address
S1(config-if)#ip address 172.31.31.201 255.255.255.0
S1(config-if)#exit
S1(config)#exit
■Gi0/13、Gi0/14のNICの確認
S1#show interfaces gigabitEthernet 0/14 switchport | exclude none|disable
Name: Gi0/14
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 32 (VLAN0032)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
S1#show interfaces gigabitEthernet 0/13 switchport | exclude none|disable
Name: Gi0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
■異なるVLAN間の通信は不可。
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; done
13, +1 errors, 100% packet loss, time 0ms
inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0
201, +1 errors, 100% packet loss, time 0ms
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; done
inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0
27, +1 errors, 100% packet loss, time 0ms
201, +1 errors, 100% packet loss, time 0ms
■Gi0/14をtrunkに変更
「trunk encapsulation」を変更しないとtrunkに出来ない。
S1#show interfaces gigabitEthernet 0/14 capabilities | include Trunk
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
S1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#interface gigabitEthernet 0/14
S1(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
S1(config-if)#switchport trunk encapsulation dot1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport nonegotiate
S1(config-if)#no switchport access vlan 16
S1(config-if)#no switchport access vlan 32
S1(config-if)#switchport trunk allowed vlan 1,16,32
S1(config-if)#exit
S1(config)#interface vlan 1
S1(config-if)#no ip address
S1(config-if)#ip address 172.31.31.201 255.255.255.0
S1(config-if)#end
■確認
VLAN trunk 1,16,32に所属するGi0/14は「show vlan」の結果から消える。
S1#show vlan | include ^16|^32
16 VLAN0016 active Gi0/13
32 VLAN0032 active
16 enet 100016 1500 - - - - - 0 0
32 enet 100032 1500 - - - - - 0 0
S1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi0/14 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/14 1,16,32
Port Vlans allowed and active in management domain
Gi0/14 1,16,32
Port Vlans in spanning tree forwarding state and not pruned
Gi0/14 1,16,32
S1#
■VLAN 16にはpingの疎通が通らない。
S1#ping 172.31.31.201
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.201, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
S1#ping 172.31.31.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.13, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
S1#ping 172.31.31.27
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms
■Gi0/13をVLAN trunk 1,16,32に所属
S1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#interface gigabitEthernet 0/13
S1(config-if)#switchport trunk encapsulation dot1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport nonegotiate
S1(config-if)#no switchport access vlan 16
S1(config-if)#no switchport access vlan 32
S1(config-if)#switchport trunk allowed vlan 1,16,32
S1(config-if)#exit
S1(config)#exit
S1#
■つながった。
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \
done
inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0
27, 0% packet loss, time 0ms
201, 0% packet loss, time 0ms
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \
done
13, 0% packet loss, time 0ms
inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0
201, 0% packet loss, time 0ms
■C1812JにスタティックVLANを作成する。
R1>show version | include ^Cisco 1
Cisco 1812-J (MPC8500) processor (revision 0x300) with 118784K/12288K bytes of memory.
R1>enable
Password:
R1#show interfaces status | exclude notconnect
Port Name Status Vlan Duplex Speed Type
Fa2 connected 1 a-full a-100 10/100BaseTX
Fa6 connected 1 a-full a-100 10/100BaseTX
R1#show running-config interface vlan 1
Building configuration...
Current configuration : 63 bytes
!
interface Vlan1
ip address 172.16.16.201 255.255.255.0
end
$ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31
inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0
$ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31
inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0
■所属するVLANの変更
R1#vlan database
R1(vlan)#vlan 16
VLAN 16 added:
Name: VLAN0016
R1(vlan)#vlan 32
VLAN 32 added:
Name: VLAN0032
R1(vlan)#exit
APPLY completed.
Exiting....
R1#show vlan-switch | include ^16|^32
16 VLAN0016 active
32 VLAN0032 active
16 enet 100016 1500 - - - - - 0 0
32 enet 100032 1500 - - - - - 0 0
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fastEthernet 2
R1(config-if)#switchport mode access
R1(config-if)#switchport access vlan 16
R1(config-if)#exit
R1(config)#interface fastEthernet 6
R1(config-if)#switchport mode access
R1(config-if)#switchport access vlan 32
R1(config-if)#exit
R1(config)#interface vlan 1
R1(config-if)#no ip address
R1(config-if)#ip address 172.31.31.201 255.255.255.0
R1(config-if)#exit
R1(config)#exit
■Fa2、Fa6のNICの確認
R1#show interfaces fastEthernet 2 switchport | exclude none|disable
Name: Fa2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 16 (VLAN0016)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 16
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
R1#show interfaces fastEthernet 6 switchport | exclude none|disable
Name: Fa6
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 32 (VLAN0032)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 32
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
■異なるVLAN間の通信は不可。
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \
done
13, +1 errors, 100% packet loss, time 0ms
inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0
201, +1 errors, 100% packet loss, time 0ms
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \
done
inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0
27, +1 errors, 100% packet loss, time 0ms
201, +1 errors, 100% packet loss, time 0ms
■Fa6をtrunkに変更
DTPをサポートしていない(dot1qのみ)ので、「switchport nonegotiate」が無い。
また、許可するtrunkの範囲にデフォルトのVLAN IDを含めないといけない。
R1#show interfaces fastEthernet 6 trunk
Port Mode Encapsulation Status Native vlan
Fa6 off 802.1q not-trunking 1
Port Vlans allowed on trunk
Fa6 32
Port Vlans allowed and active in management domain
Fa6 32
Port Vlans in spanning tree forwarding state and not pruned
Fa6 32
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fastEthernet 6
R1(config-if)#switchport trunk allowed vlan 1,16,32
Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.
R1(config-if)#switchport trunk allowed vlan 1-2,16,32,1002-1005
R1(config-if)#exit
R1(config)#interface vlan 1
R1(config-if)#no ip address
R1(config-if)#ip address 172.31.31.201 255.255.255.0
R1(config-if)#end
■VLAN trunkモードのFa6は「show vlan-switch」の結果から消える。
R1#show vlan-switch | include ^16|^32
16 VLAN0016 active Fa2
32 VLAN0032 active
16 enet 100016 1500 - - - - - 0 0
32 enet 100032 1500 - - - - - 0 0
R1#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa6 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa6 1-2,16,32,1002-1005
Port Vlans allowed and active in management domain
Fa6 1-2,16,32
Port Vlans in spanning tree forwarding state and not pruned
Fa6 1-2,16,32
■VLAN 16にはpingの疎通が通らない。
R1#ping 172.31.31.201
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.201, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping 172.31.31.27
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.27, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#ping 172.31.31.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.31.13, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
■Fa2もtrunkモードに変更
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface fastEthernet 2
R1(config-if)#switchport mode trunk
R1(config-if)#no switchport access vlan 16
R1(config-if)#no switchport access vlan 32
R1(config-if)#switchport trunk allowed vlan 1-2,16,32,1002-1005
R1(config-if)#exit
R1(config)#exit
■つながった。
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \
done
13, 0% packet loss, time 0ms
inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0
201, 0% packet loss, time 0ms
$ for n in 13 27 201;do \
env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \
ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \
done
inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0
27, 0% packet loss, time 0ms
201, 0% packet loss, time 0ms
