Required course: VLAN is so important! Share VLAN planning and configuration examples in two most common scenarios!

1. Common scenario 1 - restaurant/hotel

1. Background

Generally, small restaurants/hotels with no more than 100 access terminals generally adopt the following topology: all are wired devices, excluding wireless devices, and all terminal IPs are 192.168.0.0/16. Although they are in the same network segment, PCs and servers in different areas must be isolated through VLANs to prevent mutual access (if VLAN full access is not enabled). VLANs can be divided according to the following configuration ideas.

2. Network topology

3. ENSP Experimental Topology

4. Configuration commands

The server and PC1-PC6 can be configured according to the VLAN IP planning in the above figure. The configuration is simple and is omitted here.

The VLAN aggregation switch is configured as follows:

 <Huawei>system [Huawei]vlan batch 10 20 30 40 //创建VLAN10 20 30 40 [Huawei]interface GigabitEthernet 0/0/1 [Huawei-GigabitEthernet0/0/1]port link-type access [Huawei-GigabitEthernet0/0/1]port default vlan 10 [Huawei-GigabitEthernet0/0/1]interface GigabitEthernet 0/0/2 [Huawei-GigabitEthernet0/0/2]port link-type access [Huawei-GigabitEthernet0/0/2]port default vlan 10 [Huawei-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3 [Huawei-GigabitEthernet0/0/3]port link-type access [Huawei-GigabitEthernet0/0/3]port default vlan 20 [Huawei-GigabitEthernet0/0/3]interface GigabitEthernet 0/0/4 [Huawei-GigabitEthernet0/0/4]port link-type access [Huawei-GigabitEthernet0/0/4]port default vlan 20 [Huawei-GigabitEthernet0/0/4]interface GigabitEthernet 0/0/5 [Huawei-GigabitEthernet0/0/5]port link-type access [Huawei-GigabitEthernet0/0/5]port default vlan 30 [Huawei-GigabitEthernet0/0/5]interface GigabitEthernet 0/0/6 [Huawei-GigabitEthernet0/0/6]port link-type access [Huawei-GigabitEthernet0/0/6]port default vlan 30 [Huawei-GigabitEthernet0/0/6]interface GigabitEthernet 0/0/5 [Huawei-GigabitEthernet0/0/5]port link-type access [Huawei-GigabitEthernet0/0/5]port default vlan 30 [Huawei-GigabitEthernet0/0/5]interface GigabitEthernet 0/0/7 [Huawei-GigabitEthernet0/0/7]port link-type access [Huawei-GigabitEthernet0/0/7]port default vlan 40 [Huawei-GigabitEthernet0/0/7]return <Huawei>save //保存配置

Run the dis port vlan command to view the VLAN configuration results:

5. Experimental Results

Test PC1 pinging PC2, PC3, PC5 and the server:

2. Common scenario 2 - office space

1. Background

VLAN can achieve cross-device inter-VLAN access and isolation of VLANs. In some scenarios, users work in two locations, and all terminal network segments are 192.168.10.0/24, but two switches are needed to connect to achieve inter-VLAN access and isolation of different VLANs.

2. Network topology

3. ENSP Experimental Topology

4. Configuration commands

The server and PC1-PC6 can be configured according to the VLAN IP planning in the above figure. The configuration is simple and is omitted here.

In this example, VLAN switches 1 and 2 are configured identically, as follows:

 <Huawei>system [Huawei]vlan batch 10 20 //创建VLAN 10和20 [Huawei]interface GigabitEthernet0/0/1 [Huawei-GigabitEthernet0/0/1] port link-type access [Huawei-GigabitEthernet0/0/1] port default vlan 10 [Huawei-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2 [Huawei-GigabitEthernet0/0/2] port link-type access [Huawei-GigabitEthernet0/0/2] port default vlan 10 [Huawei-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3 [Huawei-GigabitEthernet0/0/3] port link-type access [Huawei-GigabitEthernet0/0/3] port default vlan 20 [Huawei-GigabitEthernet0/0/3]interface GigabitEthernet0/0/4 [Huawei-GigabitEthernet0/0/4] port link-type access [Huawei-GigabitEthernet0/0/4] port default vlan 20 [Huawei-GigabitEthernet0/0/4]interface GigabitEthernet0/0/5 [Huawei-GigabitEthernet0/0/5]port link-type trunk //端口类型为Trunk [Huawei-GigabitEthernet0/0/5]port trunk allow-pass vlan 10 20 //透传VLAN10和20 [Huawei-GigabitEthernet0/0/5]return <Huawei>save

Run the dis port vlan command to view the VLAN configuration results:

5. Experimental Results

Test that PC1 pings PC2, PC10, PC3, and PC30;

The Ping packets transparently transmitted between the interconnected Trunk ports of VLAN switches 1 and 2 are as follows: