不好意思,没用过锐捷的产品,用贯思科的了,还是等待别人回答吧,原理都一样,命令方面无法回答你了,无非就实擦除配置,接着划分vlan,设定端口工作模式,然后把端口划分近vlan。ip和mac绑定不属于vlan范围,是端口安全机制方面的。
配置VLAN
创建、修改一个VLAN
步骤如下:
song#configure terminal
!进入全局模式
Enter configuration commands, one per line. End with CNTL/Z.
song(config)#vlan 2
!输入一个vlan id,如果输入的是一个新的vlan id,则交换机会创建一个vlan,如果输入的是已经存在的vlan id,则修改相应的vlan。在此是创建一个vlan号为2的。并进入vlan 2修改
2006-03-14 10:13:53 @5-CONFIG:Configured from outband
song(config-vlan)#name vlan2name
!设置vlan 2的名字为vlan2name
2006-03-14 10:14:09 @5-CONFIG:Configured from outband
song(config-vlan)#end
!退回到特权模式
2006-03-14 10:14:14 @5-CONFIG:Configured from outband
song#show vlan id 2
!查看vlan 2的信息
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 vlan2name active
song#wr
!保存当前所有设置
Building configuration...
[OK]
如果您想把vlan的名字改回缺省名字,如下配置
song#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
song(config)#vlan 2
2006-03-14 10:22:56 @5-CONFIG:Configured from outband
song(config-vlan)#no name
!将vlan 2的名字改为缺省名字
2006-03-14 10:22:59 @5-CONFIG:Configured from outband
song(config-vlan)#end
2006-03-14 10:23:09 @5-CONFIG:Configured from outband
song#show vlan id 2
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
2 VLAN0002 active
删除一个VLAN
步骤如下:
song#configure terminal
!进入全局模式
Enter configuration commands, one per line. End with CNTL/Z.
song(config)#no vlan 2
!输入一个vlan id。删除它
2006-03-14 10:27:34 @5-CONFIG:Configured from outband
song(config)#end
!退回到特权模式
2006-03-14 10:27:36 @5-CONFIG:Configured from outband
song#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1 ,Fa0/2 ,Fa0/3 ,Fa0/4
Fa0/5 ,Fa0/6 ,Fa0/7 ,Fa0/8
Fa0/9 ,Fa0/10,Fa0/11,Fa0/12
Fa0/13,Fa0/14,Fa0/15,Fa0/16
Fa0/17,Fa0/18,Fa0/19,Fa0/20
Fa0/21,Fa0/22,Fa0/23,Fa0/24
!检查一下是否删除vlan 2
song#wr
!保存
Building configuration...
[OK]
向VLAN分配Access口
步骤如下:
song#configure terminal
!进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
2006-03-14 10:57:54 @5-CONFIG:Configured from outband
song(config)#interface fastEthernet 0/3
!输入想要加入vlan的interface id
2006-03-14 10:57:57 @5-CONFIG:Configured from outband
song(config-if)#switchport mode access
!定义该接口的VLAN成员类型
2006-03-14 10:58:18 @5-CONFIG:Configured from outband
song(config-if)#switchport access vlan 3
!将这个端口分配到vlan 3中
2006-03-14 10:58:32 @5-CONFIG:Configured from outband
%Warning : Access VLAN does not exist. Creating vlan 3
song(config-if)#end
!退回到特权模式
2006-03-14 10:58:37 @5-CONFIG:Configured from outband
song#show interfaces fastEthernet 0/3 switchport
Interface Switchport Mode Access Native Protected VLAN lists
---------- ---------- --------- ------- -------- --------- ---------------------
Fa0/3 Enabled Access 3 1 Disabled All
!检查接口的完整信息
song#write
!保存
Building configuration...
[OK]
song#
配置VLAN Trunks
Trunk口基本配置
步骤如下:
song#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
song(config)#interface fastEthernet 0/4
!输入你所要设置成trunk的接口
2006-03-14 11:09:53 @5-CONFIG:Configured from outband
song(config-if)#switchport mode trunk
!定义该接口为二层trunk口
2006-03-14 11:10:22 @5-CONFIG:Configured from outband
song(config-if)#switchport trunk native vlan 3
!为这个接口指定一个vlan号
2006-03-14 11:10:38 @5-CONFIG:Configured from outband
song(config-if)#end
2006-03-14 11:10:40 @5-CONFIG:Configured from outband
song#show interfaces fastEthernet 0/4 switchport
Interface Switchport Mode Access Native Protected VLAN lists
---------- ---------- --------- ------- -------- --------- ---------------------
Fa0/4 Enabled Trunk 1 3 Disabled All
!检查接口完整信息
song#show interfaces fastEthernet 0/4 trunk
Interface Mode Native VLAN VLAN lists
-------------------- ------ ----------- --------------------
Fa0/4 On 3 All
!显示这个接口的trunk设置
song#wr
Building configuration...
[OK]
定义Trunk口的许可VLAN列表
注:一个trunk口缺省可以传输本交换机支持的所有vlan(1-4094)的流量。但是,您也可以通过设置Trunk口的许可VLAN列表来限制某些VLAN的流量不能通过这个Trunk口
如把vlan 3从端口0/15中移出的例子
步骤如下:
song#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
song(config)#interface fastEthernet 0/15
我习惯用神州数码的命令 一般来说大致都一样的
哦 清空VLAN 吗?
请问你划分的VLAN 是多少?
比如 是 VLAN 10 和VLAN 20
那么就是在全局模式下
NO VLAN 10
NO VLAN 20
然后我们在从新划分VLAN
VLAN 10
switchport int e0/0/1-20 (我自己想的端口)
VLAN 20
switchport int e0/0/21-40 (我自己想的端口)
要帮定MAC地址的话:
mac-address-table static add (MAC地址 FF-FF-FF-FF-FF-FF)VLAN (10或20或1)interface (端口)
再进入端口
switchport port-securoty
这样就行了
有不明白的地方你还可以继续问