If you understand long-distance relationships, you will understand how to configure switches.

We have explained the configuration of switches many times before. Some friends said it was too difficult and they couldn't understand it. There are also friends in the weak current VIP technical group who keep asking about the configuration of switches. Today we will explain the configuration of switches in a step-by-step manner. Explain the configuration of switches in a popular way.

Case 1: Divide VLANs to prevent PC1 and PC2 from communicating on the same switch

When we are working on a project, after connecting the computers to the switch, two computers are connected to one switch at the same time. Without any configuration, the two computers can access each other.

As shown in the figure above, assuming that vlan10 and vlan20 are not considered and VLAN division is not performed on the switch, PC1 and PC2 can communicate with each other.

Let's understand the above requirements in a simple way:

A couple, Xiao Ming and Xiao Fang, are in the same city and the same company. Now they can meet whenever they want. The city is equivalent to a switch, and the company is equivalent to being in the same VLAN. PC1 and PC2 are Xiao Ming and Xiao Fang.

Because they have been showing affection in the company many times, it has affected other single colleagues. The company leaders have realized the seriousness of the matter and are trying to stop them from meeting in the company. What should they do?

1. Requirements:

In actual projects, in order to prevent PC1 and PC2 from communicating with each other, PC1 and PC2 need to be isolated so that PC1 and PC2 cannot communicate with each other. This situation will be encountered in many projects, so how to configure it?

So the leader transferred Xiao Ming to a branch company near the same city to work, so that Xiao Ming and Xiao Fang could be isolated. Therefore, VLANs need to be divided, and Xiao Ming and Xiao Fang are divided into different VLANs, that is, different branches, so that they cannot meet (communicate), which can also solve the problem of showing affection affecting other colleagues.

So: create a vlan.

2. Create a VLAN

According to the planning in the preceding figure, VLANs are created in the following way. The two VLANs to be created are VLAN 10 and VLAN 20.

 Switch > enable // (Enter "privileged mode")
 Password: xxxx //（Enter password）
 Switch#configure terminal //(Enter "global configuration" mode)
 Switch (config) # VLAN 10 // (create VLAN 10)
 Switch (config-vlan) #name test10 // (name VLAN 10 as test 10)
 Switch (config-vlan) #exit // (Exit VLAN 10 configuration mode)
 Switch (config) # VLAN 20 // (create VLAN 20)
 Switch (config-vlan) #name test20 // (name VLAN 20 as test 20)
 Switch (config-vlan) #end // (Exit the configuration command and enter the privileged mode)
 If you want to delete a created VLAN, you can do so by entering "no vlanvlan-id" in the configuration mode:
 Switch(config)#no vlan 10 (Delete VLAN 10)

If you want to delete a created VLAN, you can do so by entering "no vlanvlan-id" in the configuration mode:

 Switch(config)#no vlan 10 (Delete VLAN 10)

3. Assign switch ports to VLANs After creating a VLAN, you can add the switch ports to the specified VLAN.

Step 1:

Add fastEthernet0/1 to fastEthernet0/6 to VLAN10.

 Switch#configure terminal // Enter global configuration mode
 Switch(config)#interface fastethernet 0/1 //Enter the port configuration mode of fastEthernet0/1
 Switch(config-if)#switchport access vlan10 //（Add fastEthernet0/1 port to VLAN10

Repeat the above commands to add fastEthernet0/2 to fastEthernet0/6 to VLAN10 respectively.

Step 2:

Add fastEthernet0/7 to fastEthernet0/12 to VLAN 20.

 Switch#configure terminal // Enter global configuration mode
 Switch(config)#interface fastethernet 0/7 //Enter the port configuration mode of fastEthernet0/7
 Switch(config-if)#switchport access vlan20 //Add fastEthernet0/7 port to VLAN20

Repeat the above commands to add fastEthernet 0/8 to fastEthernet 0/12 to VLAN 10 respectively.

4. Save settings

After configuring the switch, you can save the configuration parameters by running the following command to prevent loss of configuration parameters due to power failure or other reasons.

 Router-A#write memory

or

 Router-A#Copyrunning-config starup-config

So:

Connect PC1 to the port where VLAN 10 is located, and then connect PC2 to the port where VLAN 20 is located. Then use the Ping command to test, and find that there is no communication between PC1 and PC2, and it is done.

The configuration on the same switch is relatively simple. The basic idea is:

Enter configuration mode - create VLAN - assign ports to VLAN - then connect related devices (computers) to the corresponding ports. Basically, it is achieved by using the principle that ports in different VLANs cannot communicate directly.

Since Xiao Ming and Xiao Fang are not in the same company, they cannot show their love in the company.

Case 2: One-arm routing realizes communication between different VLANs under the same switch

Do you think that by splitting Xiao Ming and Xiao Fang into branches in the same city, you can prevent them from meeting?

Xiao Ming and Xiao Fang are not working in the same company now. After Xiao Ming arrived at the branch, he often uses his lunch break to meet Xiao Fang.

PC1 and PC2 are no longer in the same VLAN. PC1 belongs to VLAN10 and PC2 belongs to VLAN20. So how can PC1 communicate with PC2? We need to use the routing function. There are two ways to achieve this: one is one-arm routing and the other is a three-layer switch. Here we use one-arm routing to achieve communication between PC1 and PC2. As shown in the figure below: Take Cisco switch as an example.

1. Configure sub-interfaces on the router and encapsulate 802.1q

 Router > //Initial
 Router > en //Enter privileged mode
 Router#conf t //Enter global mode
 Router(config)#int f0/0 //Create and enter port f0/0
 Router(config-if)#no shutdown //Open the port
 Router(config-if)#int f0/0.1 //Create and enter the sub-interface
 Router(config-subif)#description vlan10 //Describe the sub-interface
 Router(config-subif)#encapsulation dot1q 10 //Encapsulate the 802.2q protocol for the sub-interface and define VID as 10
 Router(config-subif)#ip add 192.168.10.1 255.255.255.0 //Configure the IP address of the sub-interface to 192.168.10.1
 Router(config-subif)#no shutdown //Open the port
 Router(config-subif)#exit //Return to user mode 
 
 Router(config)#int f0/0.2 //Create and enter port f0/0.2
 Router(config-subif)#description vlan20 //Describe the sub-interface
 Router(config-subif)#encapsulation dot1q 20 //Encapsulate the 802.2q protocol for the sub-interface and define the VID as 20
 Router(config-subif)#ip add 192.168.20.1 255.255.255.0 //Configure the IP address of the sub-interface to be 192.168.20.1,
 ,
 Router(config-subif)#no shutdown //Open the port
 Router(config-subif)#end

2. Divide VLANs on the switch

 Switch > //Initial
 Switch > en //Enter privileged mode
 Switch#conf t //Enter global mode
 Switch(config)#vlan 10 //Create vlan10
 Switch(config-vlan)#vlan 20 //Create vlan10
 Switch(config-vlan)#exit 
 
 Switch(config)#int f0/2 //Create port f0/2
 Switch(config-if)#switchport acc vlan 10 //Assign port f0/2 to vlan10
 Switch(config-if)#exit //Return to user mode 
  
 Switch(config)#int f0/3 //Create port f0/3
 Switch(config-if)#switchport acc vlan 20 //Assign port f0/2 to vlan10
 Switch(config-if)#end //End

3. Define Trunk on the switch

 Switch >     
 Switch > en
 Switch#conf t
 Switch(config)#int f0/1 Create f0/1 port
 Switch(config-if)#switchport mode trunk //If the switch implements communication between VLANs through a router, the port connected to the switch needs to be configured into trunk mode. Only trunk lines can allow VLANs to pass. 
 
 Switch(config-if)#exit //Return to user mode

In this way, pc1 and pc2 can communicate again.

Because Xiaofang often meets Xiaoming at noon, she is often late for work in the afternoon. Over time, Xiaofang's work efficiency has declined, and her colleagues all know about it.

The lunch break date here is equivalent to the single-arm routing function.

This makes it difficult for single colleagues in the company to work calmly. What should they do?

Case 3: Divide VLANs to prevent PC1 and PC2 from communicating on the same switch

The leader also noticed the problem and took drastic measures. He transferred Xiao Ming to a branch in another city, which was equivalent to adding a switch and assigning Xiao Ming (pc1) to another switch, as shown in the following figure.

As shown in the figure, pc1 and pc2 can no longer communicate. pc1 is in switch A and pc2 is in switch B. Xiaoming and Xiaofang can no longer meet each other. Is that the end of it?

Case 4: Using a Layer 3 switch to implement communication between different VLANs

Xiao Ming was very anxious when he was split into branches in different cities. Long-distance relationships would eventually lead to changes after a long time. Xiao Ming understood this truth very well.

So Xiao Ming thought of a way, worked hard, and established good relationships with the leaders of the branch as quickly as possible. The leaders of the branch often sent Xiao Ming to the head office to do business and meet Xiao Fang by the way.

Since pc1 and pc2 are blocked in two different switches and in different VLANs, they cannot communicate. What should I do?

1 S3550-24 (three-layer switch), 1 S2126 switch, pc1 in vlan20, pc2 in vlan10, as shown in the figure below.

Inter-VLAN communication experiment topology diagram

Configuration:

1. Create VLAN 20 on SwitchA and assign port F0/15 to VLAN 20.

 SwitchA > enable
 SwitchA#configure terminal
 SwitchA(config)#vlan20 //Create VLAN 20
 SwitchA(config-vlan)#name vlan20 //Name VLAN 20 as vlan20
 SwitchA(config)#interface f0/15 //Enter F0/15 interface configuration mode
 SwitchA(config-if)#switchport access vlan 20 //Add port F0/15 to VLAN 20
 SwitchA #showvlan id 20 //Verify that VLAN 20 has been created and port F0/15 has been assigned to VLAN 20.

2. On switch SwitchA, the port connected to SwitchB (here port F0/24) is defined as tag vlan mode.

 SwitchA > enable
 SwitchA#configure terminal
 SwitchA (config)#interface f0/24 //Enter interface configuration mode
 SwitchA (config-if)#switchport mode trunk //Set port F0/24 to tag vlan mode
 SwitchA (config)#show interfaces f0/24 switch //Verify that port F0/24 has been set to tag vlan mode

3. Create VLAN 10 on SwitchB and assign port F0/5 to VLAN 10.

 SwitchA > enable
 SwitchA#configure terminal
 SwitchB(config)#vlan 10 //Create VLAN 10
 SwitchB (config-vlan)#name vlan10 //Name VLAN 10 as vlan
 SwitchB (config)#interface f0/5 //Enter F0/5 interface configuration mode
 SwitchB (config-if)#switchport access vlan10 ！ Add port F0/5 to VLAN 10
 SwitchB #show vlan id 10 //Verify that VLAN 10 has been created and port F0/5 has been assigned to VLAN 10

4. On SwitchB, the port connected to SwitchA (here, port F0/24) is defined as tag VLAN mode.

 SwitchA > enable
 SwitchA#configure terminal
 SwitchB (config)#interface f0/24 //Enter interface configuration mode
 SwitchB (config-if)#switchport mode trunk //Set port F0/24 to tag vlan mode
 SwitchB (config)#show interfaces f0/24 switch //Verify that port F0/24 has been set to tag vlan mode.

5. Set up Layer 3 switch VLAN communication

Enable the routing function of the Layer 3 switch

 SwitchA > enable
 SwitchA#configure terminal
 SwitchA(config)#ip routing // Enable the routing function of the Layer 3 switch 
  
 SwitchA(config) #interface vlan 10 //Create virtual interface vlan10
 SwitchA(config-if) #ip address 192.168.10.254 255.255.255.0 //Configure the virtual interface IP address of vlan10
 SwitchA(config) #interface vlan 20 //Create virtual interface vlan20

Configure the virtual interface IP address of vlan20

 SwitchA(config-if) #ip address 192.168.20.254 255.255.255.0 //Configure the virtual interface IP address of vlan20

6. Set the default gateway of PC1 to 192.168.10.254 and the default gateway of PC2 to 192.168.20.254

In this way, pc1 and pc3 can communicate with each other.

Xiao Ming and Xiao Fang started meeting again.

Xiao Ming used his relationship with the branch company leader to go to the head office to work and meet the girl at the same time.

This leadership is equivalent to the routing function of a layer 3 switch.

At this point, the leaders of the head office saw that Xiao Ming performed well in the branch, so they accepted it and turned a blind eye.