Contents

특정 VLAN 허용, 차단

   Feb 15, 2023     4 min read

Ex. L3 Switch

Untitled

방법

S1)

ip routing

interface Gi0/0
switchport trunk encapsulation dot1Q
switchport mode trunk

vlan 10
interface vlan 10
ip address 192.168.10.254 255.255.255.0
no shutdown

vlan 20
interface vlan 20
ip address 192.168.20.254 255.255.255.0
no shutdown



S4)

ip routing

interface Gi0/1
switchport trunk encapsulation dot1Q
switchport mode trunk

vlan 40
interface vlan 40
ip address 192.168.40.254 255.255.255.0
no shutdown

vlan 50
interface vlan 50
ip address 192.168.50.254 255.255.255.0
no shutdown

vlan 60
interface vlan 60
ip address 192.168.60.254 255.255.255.0
no shutdown



S5)

no ip routing

vlan 10

vlan 20

interface Gi0/0
switchport mode access
switchport access vlan 10

interface Gi0/1
switchport mode access
switchport access vlan 20

interface Gi0/2
switchport trunk encapsulation dot1Q
switchport mode trunk

interface Gi0/3
switchport trunk encapsulation dot1Q
switchport mode trunk



S6)

no ip routing

vlan 10

vlan 20

interface Gi0/0
switchport mode access
switchport access vlan 10

interface Gi0/1
switchport mode access
switchport access vlan 20

interface Gi0/2
switchport trunk encapsulation dot1Q
switchport mode trunk



S8)

no ip routing

vlan 40

vlan 50

vlan 60

interface Gi0/0
switchport mode access
switchport access vlan 40

interface Gi0/1
switchport mode access
switchport access vlan 50

interface Gi0/2
switchport mode access
switchport access vlan 60

interface Gi0/3
switchport trunk encapsulation dot1Q
switchport mode trunk



S1)

ip routing

interface Gi0/1
no switchport
ip address 1.1.12.1 255.255.255.0
no shutdown



S2)

ip routing

interface Gi0/0
no switchport
ip address 1.1.12.2 255.255.255.0
no shutdown

vlan 100

interface vlan 100
ip address 1.1.23.2 255.255.255.0
no shutdown

interface Gi0/1
switchport mode access
switchport access vlan 100



S3)

ip routing

vlan 100

interface vlan 100
ip address 1.1.23.3 255.255.255.0
no shutdown

interface Gi0/2
switchport mode access
switchport access vlan 100

vlan 101

interface vlan 101
ip address 1.1.34.3 255.255.255.0
no shutdown

interface Gi0/3
switchport mode access
switchport access vlan 101



S4)

ip routing

interface Gi0/0
no switchport
ip address 1.1.34.4 255.255.255.0
no shutdown



S3)

ip routing

vlan 30

interface vlan 30
ip address 192.168.30.254 255.255.255.0
no shutdown

interface Gi0/0
switchport access vlan 30
switchport mode access

interface Gi0/1
switchport access vlan 30
switchport mode access




결과

10.1 PC에서 모든 PC로 통신이 되면 된다.


Untitled (1)

Untitled (2)

특정 VLAN 허용, 차단 유형(5)

  • 유형 1
    int fa0/0
switchport trunk allowed vlan 1,10,20,30



  • 유형 2
    int fa0/0
switchport trunk allowed vlan add 40



  • 유형 3
    int fa0/0
switchport trunk allowed vlan remove 1



  • 유형4
    int fa0/0
switchport trunk allowed vlan except 10



  • 유형5
    int fa0/0
switchport trunk allowed vlan all



실습

Untitled (3)

  • 유형 3 : VLAN 10 제거
    S5)
int Gi0/3
switchport trunk allowed vlan remove 10



  • 유형 4 : VLAN 20 제외
    S5)
int Gi0/3
switchport trunk allowed vlan except 20



Untitled (4)
10, 20이 지워졌다.

  • 유형 1 : VLAN 10 추가
    S5)
int Gi0/3
switchport trunk allowed vlan 10



  • 유형 2 : VLAN 20 추가
    S5)
int Gi0/3
switchport trunk allowed vlan add 20



Untitled (5)
10, 20이 추가된 것을 확인할 수 있다.