Trunk链路

DefiningVLANs•Trunk链路维护VLAN标识•用于交换机间多个VLAN的通信•在每个数据帧中放置一个唯一标识•工作在第二层VLAN中继(Trunking)ISL和802.1Q对比ISL802.1Q私有标准(IEEE802)采用封装的方式采用标签的方式协议无关(使用Ethernet/FDDI等)协议相关(只适用Ethernet)将原始数据帧封装到一个新的帧中在原始数据帧头添加一个新的字段ISL中继•Cisco私有协议•支持PVST•使用封装的方式•对原始数据帧未作修改ISL封装802.1Q中继•IEEE标准•在原始数据帧中添加一个4字节的标签(tag)•添加的标签中包含一个优先级(priority)字段•对属于nativeVLAN的数据帧不添加标签•支持CiscoIP电话802.1Q的打标签过程802.1Q的NativeVLAN在Trunk链路上传输隶属于NativeVLAN的数据帧时，不添加标签。在Trunk链路上接收到未加tag的数据帧时，交换机将认为该数据帧属于接收端口的nativevlan。VLAN范围VLANRangeUse0,4095系统保留使用1Cisco缺省的VLAN2–1001用于EthernetVLAN1002–1005Cisco缺省用于FDDI和TokenRing的VLAN1006–4094只用于EthernetVLAN，在某些旧的交换机平台上不可用Trunk配置命令•配置一条Trunk链路•switchporttrunk•switchportmode•switchportnonegotiate•可以通过静态或DTP配置Trunk•DTP使得交换机能够协商Trunk链路SwitchportMode的交互DynamicAutoDynamicDesirableTrunkAccessDynamicAutoAccessTrunkTrunkAccessDynamicDesirableTrunkTrunkTrunkAccessTrunkTrunkTrunkTrunkNotrecommendedAccessAccessAccessNotrecommendedAccess注：表中假设链路两端均启用DTP。•showdtpinterface–查看DTP当前设置如何配置中继链路(Trunking)1.进入接口配置模式2.关闭接口3.选择封装(802.1Q或ISL)4.将接口配置为二层的trunk端口5.若采用802.1Q，指定中继的nativeVLAN6.配置该trunk链路允许通过的VLAN7.在接口上使用noshutdown启用接口8.检查trunk的配置802.1Q中继配置Switch(config)#interfacefastethernet5/8Switch(config-if)#shutdownSwitch(config-if)#switchporttrunkencapsulationdot1qSwitch(config-if)#switchporttrunkallowedvlan1,5,11,1002-1005Switch(config-if)#switchportmodetrunkSwitch(config-if)#switchporttrunknativevlan99Switch(config-if)#switchportnonegotiateSwitch(config-if)#noshutdown检查802.1Q配置Switch#showrunning-configinterface{fastethernet|gigabitethernet}slot/portSwitch#showinterfaces[fastethernet|gigabitethernet]slot/port[switchport|trunk]Switch#showinterfacesfastEthernet5/8switchportName:fa5/8Switchport:EnabledAdministrativeMode:trunkOperationalMode:trunkAdministrativeTrunkingEncapsulation:dot1qOperationalTrunkingEncapsulation:dot1qNegotiationofTrunking:OffAccessModeVLAN:1(default)TrunkingNativeModeVLAN:99(trunk_only)TrunkingVLANsEnabled:1,5,11,1002-1005PruningVLANsEnabled:2-1001...检查一条动态协商的802.1QTrunk链路•Switch#showrunning-configinterfacefastethernet5/8•Buildingconfiguration...•Currentconfiguration:•!•interfaceFastEthernet5/8•switchportmodedynamicdesirable•switchporttrunkencapsulationdot1q••Switch#showinterfacesfastethernet5/8trunk••PortModeEncapsulationStatusNativevlan•Fa5/8desirable802.1qtrunking99••PortVlansallowedontrunk•Fa5/81,5,11,1002-1005••PortVlansallowedandactiveinmanagementdomain•Fa5/81,5,1002-1005••PortVlansinspanningtreeforwardingstateandnotpruned•Fa5/81,5,1002-1005ISL中继配置Switch(config)#interfacefastethernet2/1Switch(config-if)#shutdownSwitch(config-if)#switchporttrunkencapsulationislSwitch(config-if)#switchporttrunkallowedvlan1-5,1002-1005Switch(config-if)#switchportmodetrunkSwitch(config-if)#switchportnonegotiateSwitch(config-if)#noshutdown检查ISL中继Switch#showrunning-configinterface{fastethernet|gigabitethernet}slot/portSwitch#showinterfaces[fastethernet|gigabitethernet]slot/port[switchport|trunk]Switch#showinterfacesfastethernet2/1trunkPortModeEncapsulationStatusNativeVLANFa2/1trunkisltrunking99PortVLANsallowedontrunkFa2/11-5,1002-1005PortVLANsallowedandactiveinmanagementdomainFa2/11-2,1002-1005PortVLANsinspanningtreeforwardingstateandnotprunedFa2/11-2,1002-1005总结•Trunk链路为多个VLAN承载流量。•ISL是Cisco私有，它的实现原理是将二层数据帧进行封装。•802.1Q是IEEE标准，它的实现原理是在二层数据帧中添加4字节的标签。•在802.1Q中继链路上转发nativeVLAN的数据帧是不带标签的。•VLAN编号有特定的范围，并且有不同的用途。•使用不同的命令配置并检查ISL和802.1Q中继链路。•在中继链路上应该只允许必要的VLAN通过