■Cisco 1812JとCatalyst 2970GにスタティックVLANを作成する 単純にアクセスモードとトランクモードにしてping疎通確認。 ■WS-C2970G-24T-EにスタティックVLANを作成する。 S1>show version | include cisco cisco WS-C2970G-24T-E (PowerPC405) processor (revision L0) with 118784K/12280K bytes of memory. S1>enable Password: S1#show interfaces status | exclude notconnect Port Name Status Vlan Duplex Speed Type Gi0/13 connected 1 a-full a-1000 10/100/1000BaseTX Gi0/14 connected 1 a-full a-1000 10/100/1000BaseTX S1#show running-config interface vlan 1 Building configuration... Current configuration : 82 bytes ! interface Vlan1 ip address 172.31.31.201 255.255.255.0 no ip route-cache end $ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31 inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0 $ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31 inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0 ■所属するVLANの変更 S1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. S1(config)#vlan 16,32 S1(config)#interface gigabitEthernet 0/13 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 16 S1(config-if)#exit S1(config)#interface gigabitEthernet 0/14 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 32 S1(config-if)#exit S1(config)#interface vlan 1 S1(config-if)#no ip address S1(config-if)#ip address 172.31.31.201 255.255.255.0 S1(config-if)#exit S1(config)#exit ■Gi0/13、Gi0/14のNICの確認 S1#show interfaces gigabitEthernet 0/14 switchport | exclude none|disable Name: Gi0/14 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 32 (VLAN0032) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false S1#show interfaces gigabitEthernet 0/13 switchport | exclude none|disable Name: Gi0/13 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false ■異なるVLAN間の通信は不可。 $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; done 13, +1 errors, 100% packet loss, time 0ms inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0 201, +1 errors, 100% packet loss, time 0ms $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; done inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0 27, +1 errors, 100% packet loss, time 0ms 201, +1 errors, 100% packet loss, time 0ms ■Gi0/14をtrunkに変更 「trunk encapsulation」を変更しないとtrunkに出来ない。 S1#show interfaces gigabitEthernet 0/14 capabilities | include Trunk Trunk encap. type: 802.1Q,ISL Trunk mode: on,off,desirable,nonegotiate S1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. S1(config)#interface gigabitEthernet 0/14 S1(config-if)#switchport mode trunk Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode. S1(config-if)#switchport trunk encapsulation dot1 S1(config-if)#switchport mode trunk S1(config-if)#switchport nonegotiate S1(config-if)#no switchport access vlan 16 S1(config-if)#no switchport access vlan 32 S1(config-if)#switchport trunk allowed vlan 1,16,32 S1(config-if)#exit S1(config)#interface vlan 1 S1(config-if)#no ip address S1(config-if)#ip address 172.31.31.201 255.255.255.0 S1(config-if)#end ■確認 VLAN trunk 1,16,32に所属するGi0/14は「show vlan」の結果から消える。 S1#show vlan | include ^16|^32 16 VLAN0016 active Gi0/13 32 VLAN0032 active 16 enet 100016 1500 - - - - - 0 0 32 enet 100032 1500 - - - - - 0 0 S1#show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/14 on 802.1q trunking 1 Port Vlans allowed on trunk Gi0/14 1,16,32 Port Vlans allowed and active in management domain Gi0/14 1,16,32 Port Vlans in spanning tree forwarding state and not pruned Gi0/14 1,16,32 S1# ■VLAN 16にはpingの疎通が通らない。 S1#ping 172.31.31.201 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.201, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms S1#ping 172.31.31.13 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.13, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) S1#ping 172.31.31.27 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.27, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms ■Gi0/13をVLAN trunk 1,16,32に所属 S1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. S1(config)#interface gigabitEthernet 0/13 S1(config-if)#switchport trunk encapsulation dot1 S1(config-if)#switchport mode trunk S1(config-if)#switchport nonegotiate S1(config-if)#no switchport access vlan 16 S1(config-if)#no switchport access vlan 32 S1(config-if)#switchport trunk allowed vlan 1,16,32 S1(config-if)#exit S1(config)#exit S1# ■つながった。 $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \ done inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0 27, 0% packet loss, time 0ms 201, 0% packet loss, time 0ms $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \ done 13, 0% packet loss, time 0ms inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0 201, 0% packet loss, time 0ms ■C1812JにスタティックVLANを作成する。 R1>show version | include ^Cisco 1 Cisco 1812-J (MPC8500) processor (revision 0x300) with 118784K/12288K bytes of memory. R1>enable Password: R1#show interfaces status | exclude notconnect Port Name Status Vlan Duplex Speed Type Fa2 connected 1 a-full a-100 10/100BaseTX Fa6 connected 1 a-full a-100 10/100BaseTX R1#show running-config interface vlan 1 Building configuration... Current configuration : 63 bytes ! interface Vlan1 ip address 172.16.16.201 255.255.255.0 end $ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31 inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0 $ env LANG=C /sbin/ifconfig eth2 | grep 172.31.31 inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0 ■所属するVLANの変更 R1#vlan database R1(vlan)#vlan 16 VLAN 16 added: Name: VLAN0016 R1(vlan)#vlan 32 VLAN 32 added: Name: VLAN0032 R1(vlan)#exit APPLY completed. Exiting.... R1#show vlan-switch | include ^16|^32 16 VLAN0016 active 32 VLAN0032 active 16 enet 100016 1500 - - - - - 0 0 32 enet 100032 1500 - - - - - 0 0 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fastEthernet 2 R1(config-if)#switchport mode access R1(config-if)#switchport access vlan 16 R1(config-if)#exit R1(config)#interface fastEthernet 6 R1(config-if)#switchport mode access R1(config-if)#switchport access vlan 32 R1(config-if)#exit R1(config)#interface vlan 1 R1(config-if)#no ip address R1(config-if)#ip address 172.31.31.201 255.255.255.0 R1(config-if)#exit R1(config)#exit ■Fa2、Fa6のNICの確認 R1#show interfaces fastEthernet 2 switchport | exclude none|disable Name: Fa2 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Disabled Access Mode VLAN: 16 (VLAN0016) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 16 Protected: false Priority for untagged frames: 0 Override vlan tag priority: FALSE R1#show interfaces fastEthernet 6 switchport | exclude none|disable Name: Fa6 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Disabled Access Mode VLAN: 32 (VLAN0032) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Trunking VLANs Active: 32 Protected: false Priority for untagged frames: 0 Override vlan tag priority: FALSE ■異なるVLAN間の通信は不可。 $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \ done 13, +1 errors, 100% packet loss, time 0ms inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0 201, +1 errors, 100% packet loss, time 0ms $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \ done inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0 27, +1 errors, 100% packet loss, time 0ms 201, +1 errors, 100% packet loss, time 0ms ■Fa6をtrunkに変更 DTPをサポートしていない(dot1qのみ)ので、「switchport nonegotiate」が無い。 また、許可するtrunkの範囲にデフォルトのVLAN IDを含めないといけない。 R1#show interfaces fastEthernet 6 trunk Port Mode Encapsulation Status Native vlan Fa6 off 802.1q not-trunking 1 Port Vlans allowed on trunk Fa6 32 Port Vlans allowed and active in management domain Fa6 32 Port Vlans in spanning tree forwarding state and not pruned Fa6 32 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fastEthernet 6 R1(config-if)#switchport trunk allowed vlan 1,16,32 Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005. R1(config-if)#switchport trunk allowed vlan 1-2,16,32,1002-1005 R1(config-if)#exit R1(config)#interface vlan 1 R1(config-if)#no ip address R1(config-if)#ip address 172.31.31.201 255.255.255.0 R1(config-if)#end ■VLAN trunkモードのFa6は「show vlan-switch」の結果から消える。 R1#show vlan-switch | include ^16|^32 16 VLAN0016 active Fa2 32 VLAN0032 active 16 enet 100016 1500 - - - - - 0 0 32 enet 100032 1500 - - - - - 0 0 R1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa6 on 802.1q trunking 1 Port Vlans allowed on trunk Fa6 1-2,16,32,1002-1005 Port Vlans allowed and active in management domain Fa6 1-2,16,32 Port Vlans in spanning tree forwarding state and not pruned Fa6 1-2,16,32 ■VLAN 16にはpingの疎通が通らない。 R1#ping 172.31.31.201 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.201, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1#ping 172.31.31.27 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.27, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1#ping 172.31.31.13 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.31.13, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms ■Fa2もtrunkモードに変更 R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface fastEthernet 2 R1(config-if)#switchport mode trunk R1(config-if)#no switchport access vlan 16 R1(config-if)#no switchport access vlan 32 R1(config-if)#switchport trunk allowed vlan 1-2,16,32,1002-1005 R1(config-if)#exit R1(config)#exit ■つながった。 $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \ done 13, 0% packet loss, time 0ms inet addr:172.31.31.27 Bcast:172.31.31.255 Mask:255.255.255.0 201, 0% packet loss, time 0ms $ for n in 13 27 201;do \ env LANG=C /sbin/ifconfig | grep 172.31.31.${n} || \ ping -c 1 172.31.31.${n} | grep packet |sed s/".*received,"/"${n},"/g; \ done inet addr:172.31.31.13 Bcast:172.31.31.255 Mask:255.255.255.0 27, 0% packet loss, time 0ms 201, 0% packet loss, time 0ms
