DynagenでCCIEを目指す
trunk接続 基本設定
最終更新:
it_certification
-
view
1. 目的
- trunkの設定方法について確認します。
2. 構成
2.1. 設定概要
- Dynagenによる検証が難しいため、Catalyst3750を使用して検証を行います。
- デフォルト設定です。
2.2. 構成図
2.3. netファイル
実機使用
2.4. 初期設定
- SW01
デフォルト設定
- SW02
デフォルト設定
3. [検証] trunk接続 最小限の設定
3.1. IPアドレスの定義
各SWにIPアドレスを定義します。
Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname SW01 SW01(config)#ip routing <- ルーティングを有効にします。 SW01(config)# SW01(config)#interface Vlan 10 SW01(config-if)# 00:03:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down SW01(config-if)#ip address 192.168.10.1 255.255.255.0 SW01(config-if)#no shutdown <- 不要なコマンドですが、いつも投入する癖をつけています。 SW01(config-if)#exit SW01(config)# SW01(config)#interface Vlan 20 SW01(config-if)# 00:03:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down SW01(config-if)#ip address 192.168.20.1 255.255.255.0 SW01(config-if)#no shutdown SW01(config-if)#exit SW01(config)# SW01(config)#interface Vlan 30 00:03:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down SW01(config-if)#ip address 192.168.30.1 255.255.255.0 SW01(config-if)#no shutdown SW01(config-if)#exit SW01(config)# SW01(config)# SW01(config)#vlan 10 <- IOSによっては、vlan interface作成時に自動的にvlanが作成される事もあります。 SW01(config-vlan)#exit SW01(config)#vlan 20 SW01(config-vlan)#exit SW01(config)#vlan 30 SW01(config-vlan)#exit Switch>en Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname SW02 SW02(config)# SW02(config)#ip routing SW02(config)# SW02(config)#interface Vlan 10 SW02(config-if)# 00:08:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down SW02(config-if)#ip address 192.168.10.2 255.255.255.0 SW02(config-if)#no shutdown SW02(config-if)#exit SW02(config)# SW02(config)#interface Vlan 20 SW02(config-if)# 00:08:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down SW02(config-if)#ip address 192.168.20.2 255.255.255.0 SW02(config-if)#no shutdown SW02(config-if)#exit SW02(config)# SW02(config)#interface Vlan 30 SW02(config-if)# 00:08:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down SW02(config-if)#ip address 192.168.30.2 255.255.255.0 SW02(config-if)#no shutdown SW02(config-if)#exit SW02(config)# SW02(config)# SW02(config)#vlan 10 SW02(config-vlan)#exit SW02(config)#vlan 20 SW02(config-vlan)#exit SW02(config)#vlan 30 SW02(config-vlan)#exit
3.2. DTPの設定
DTPを用いてtrunk接続します。互いのmodeをdynamic desirableにし、ISLによるtrunk接続を実現します。(機器やIOSによっては、デフォルト設定がdynamic desirableの事もあります。)
SW01(config)#interface FastEthernet 1/0/1 SW01(config-if)#switchport mode dynamic desirable SW01(config-if)# 00:07:35: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down 00:07:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up 00:08:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up 00:08:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up 00:08:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up SW01(config-if)# SW02(config)#interface FastEthernet 1/0/1 SW02(config-if)#switchport mode dynamic desirable SW02(config-if)# 00:09:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up 00:09:45: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up 00:09:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up SW02(config-if)#
3.3. 疎通確認
SW01, SW02がtrunk接続を介して疎通可能である事を確認します。
SW02#ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SW02# SW02#ping 192.168.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SW02# SW02#ping 192.168.30.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SW02#
3.4. 設定確認
SW01, SW02がtrunkで接続されている事を確認します。
linkがtrunkなのかaccessなのかを確認するにはshow interface statusが便利です。
linkがtrunkなのかaccessなのかを確認するにはshow interface statusが便利です。
SW02#show interfaces status Port Name Status Vlan Duplex Speed Type Fa1/0/1 connected trunk a-full a-100 10/100BaseTX Fa1/0/2 notconnect 1 auto auto 10/100BaseTX Fa1/0/3 notconnect 1 auto auto 10/100BaseTX - 以下 省略 - SW02#
DTPによるネゴシエーションの結果は、show interface <I/F> switchportで確認する事ができます。
SW02#show interfaces FastEthernet 1/0/1 switchport Name: Fa1/0/1 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk <- ネゴシエーションの結果trunkになった事が分かります。 Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl <- ネゴシエーションの結果ISLを使用している事が分かります。 Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none SW02#
DTPの結果は、show dtp interfaceコマンドでも確認可能です。
SW02#show dtp interface FastEthernet 1/0/1
DTP information for FastEthernet1/0/1:
TOS/TAS/TNS: TRUNK/DESIRABLE/TRUNK
TOT/TAT/TNT: ISL/NEGOTIATE/ISL
Neighbor address 1: 00187315C783
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 8/RUNNING
Access timer expiration (sec/state): 278/RUNNING
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
----------
25 packets received (25 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
33 packets output (33 good)
26 native, 7 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
1 link ups, last link up on Mon Mar 01 1993, 00:02:01
0 link downs
SW02#
4. [検証] trunking protocolの明示指定
4.1. 設定投入
片側のスイッチでtrunking protocolをdot1qと明示的に指定します(DTPがネゴシエーションするので、片方のスイッチのみの設定でも問題なく動作します)。
SW02(config)#interface FastEthernet 1/0/1 SW02(config-if)#switchport trunk encapsulation dot1q SW02(config-if)#^Z SW02# 00:14:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down 00:14:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down 00:14:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down 00:14:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down 00:14:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down 00:14:53: %SYS-5-CONFIG_I: Configured from console by console 00:14:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to up 00:15:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up 00:15:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up 00:15:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up 00:15:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up SW02#
4.2. 設定確認
dot1qを使ったtrunkに変わった事を確認します。
SW02#show interfaces FastEthernet 1/0/1 switchport Name: Fa1/0/1 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q <- dot1qに変わった事を確認します。 - 以下 省略 -
5. [検証] trunkの制御
5.1. 設定投入
trunk接続において、一部のvlanを抑制する設定を投入します。以下はvlan20のみを拒否する背ていです。
SW02(config)#interface FastEthernet 1/0/1 SW02(config-if)#switchport trunk allowed vlan 10,30 SW02(config-if)# 00:21:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down SW02(config-if)#
5.2. 疎通確認
vlan20のみ疎通不能である事を確認します。
SW02#ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms SW02#ping 192.168.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) SW02# SW02#ping 192.168.30.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms SW02#
5.3. 設定確認
vlan20のみ拒否されている事を確認します。
SW02#show interfaces FastEthernet 1/0/1 switchport Name: Fa1/0/1 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 10 (VLAN0010) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: 10,30 <- 許可されているvlanを確認します。 Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none SW02#
6. [検証] VTP基本設定
6.1. デフォルト設定の確認
VTPのデフォルト設定を確認します。デフォルト状態では、vlan情報を伝搬しないtransparentモードになっている事が読み取れます。
SW02#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 11 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x05 0x38 0xB3 0xA2 0xAB 0xED 0xE6 0x8C Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 SW02#
6.2. 設定投入
SW01をserverモード, SW02をclientモードとしVTPを設定します。domain名はCCIEとします。
SW01(config)#vtp mode server Setting device to VTP SERVER mode SW01(config)#vtp domain CCIE Changing VTP domain name from NULL to CCIE SW01(config)# SW02(config)#vtp mode client Setting device to VTP CLIENT mode. SW02(config)#vtp domain CCIE Changing VTP domain name from NULL to CCIE SW02(config)#
6.3. native vlanの設定
場合によっては上記の設定のみでは、vlanを伝搬する事ができません。vlan情報はnative vlanを介して伝わるため、native vlanで接続されていない機器同士はvlan情報を交換する事ができません。
SW01, SW02をnative vlanで接続します。
SW01, SW02をnative vlanで接続します。
SW01(config)#interface FastEthernet 1/0/1 SW01(config-if)#switchport trunk native vlan 10 SW01(config-if)# 01:05:58: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on FastEthernet1/0/1 VLAN10. 01:05:58: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet1/0/1 on VLAN0001. Inconsistent peer vlan. 01:05:58: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet1/0/1 on VLAN0010. Inconsistent local vlan. 01:05:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down 01:06:48: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet1/0/1 (10), with SW02 FastEthernet1/0/1 (1). SW01(config-if)# SW02(config)#interface FastEthernet 1/0/1 00:11:15: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet1/0/1 on VLAN0010. Port consistency restored. 00:11:15: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet1/0/1 on VLAN0001. Port consistency restored. SW02(config-if)#switchport trunk native vlan 10
6.4. vlan伝搬の確認
SW01でvlan40, 50を定義します。
SW01(config)#vlan 40 SW01(config-vlan)#name VLAN_40_TEST SW01(config-vlan)#exit SW01(config)#vlan 50 SW01(config-vlan)#name VLAN_50_TEST SW01(config-vlan)#^Z
SW01で定義したvlanがSW02に伝わった事を確認します。
SW02#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/2, Fa1/0/3, Fa1/0/4
Fa1/0/5, Fa1/0/6, Fa1/0/7
Fa1/0/8, Fa1/0/9, Fa1/0/10
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/15, Fa1/0/16
Fa1/0/17, Fa1/0/18, Fa1/0/19
Fa1/0/20, Fa1/0/21, Fa1/0/22
Fa1/0/23, Fa1/0/24, Gi1/0/1
Gi1/0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN_40_TEST active <- vlan40が作成された事を確認します。
50 VLAN_50_TEST active <- vlan50が作成された事を確認します。
7. [検証] VTPパスワード
7.1. 設定投入
VTPのパスワードを定義します。
SW01(config)#vtp password CCIE Setting device VLAN database password to CCIE SW01(config)#exit SW02(config)#vtp password CCIE Setting device VLAN database password to CCIE SW02(config)#
7.2. vlan伝搬の確認
SW01でvlan50を削除します。
SW01(config)#no vlan 50
SW01で定義したvlan情報がSW02に伝搬した事を確認します。
SW02#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/2, Fa1/0/3, Fa1/0/4
Fa1/0/5, Fa1/0/6, Fa1/0/7
Fa1/0/8, Fa1/0/9, Fa1/0/10
Fa1/0/11, Fa1/0/12, Fa1/0/13
Fa1/0/14, Fa1/0/15, Fa1/0/16
Fa1/0/17, Fa1/0/18, Fa1/0/19
Fa1/0/20, Fa1/0/21, Fa1/0/22
Fa1/0/23, Fa1/0/24, Gi1/0/1
Gi1/0/2
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN_40_TEST active <- vlan50が削除された事を確認します。
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
SW02#
7.3. 設定確認
以下のshowコマンドでpasswordを確認する事ができます。
SW02#show vtp password VTP Password: CCIE SW02#
8. [検証] VTP pruning
8.1. 設定投入
デフォルトではVTP pruningは無効にされています。VTP pruningを有効にするためには以下のコマンドを投入します。
SW01(config)#vtp pruning
8.2. 設定確認
下記showコマンドで設定を確認する事ができます。
SW02#show vtp status VTP Version : 2 Configuration Revision : 4 Maximum VLANs supported locally : 1005 Number of existing VLANs : 9 VTP Operating Mode : Client VTP Domain Name : CCIE VTP Pruning Mode : Enabled <- VTP pruningが有効になった事を確認します。 VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x22 0xC2 0x25 0x69 0x5D 0x74 0xCD 0x2C Configuration last modified by 192.168.10.1 at 3-1-93 01:24:48 SW02#
添付ファイル
