Module 8: Virtual LANs 
8.1 VLAN Concepts 
   
8.1.1 VLAN introduction 

A VLAN is a logical group of network stations, services, and devices that is not restricted to a physical LAN segment.

VLAN ¬O±N³]³Æ©Î¨Ï¥ÎªÌªºÅÞ¿è¸s²Õ¤Æ¡A¥i¥H¨Ì·Ó¥\¯à¡B³¡ªù©Î¬OÀ³¥Îµ{¦¡¨Ó¤À²Õ¡A¦Ó¤£ºÞ¥¦­Ì¹êÅ骺°Ï¬q¦ì¸m¦b­þ¸Ì¡C

Configuration or reconfiguration of VLANs is done through software. Therefore, VLAN configuration does not require network equipment to be physically moved or connected.

VLANªº³]©w©Î­«·s³]©w¥u»Ý­n³nÅéµ{¦¡ªº³]©w§ó§ï§Y¥i¡A¨Ã¤£»Ý­n­«·s¥h±µ½u©Î·h²¾¾÷¾¹¡A©Ò¥H¤ñ¸û¤è«K¡C

A workstation in a VLAN group is restricted to communicating with file servers in the same VLAN group. VLANs logically segment the network into different broadcast domains so that packets are only switched between ports that are assigned to the same VLAN. VLANs consist of hosts or network equipment connected by a single bridging domain. The bridging domain is supported on different network equipment. LAN switches operate bridging protocols with a separate bridge group for each VLAN.

¦P¤@­ÓVLAN°Ï°ìùØ­±¤u§@¯¸ÄY®æªº­­¨î¥u¯à©M¬Û¦PVLAN¸s²Õªº¤u§@¯¸·¾³q¡CVLAN¤À²Õ±Nºô¸ôÅ޿誺°Ï¤À¦¨´X­Ó¼s¼½»â°ì¡A©Ò¥H«Ê¥]¶È¯à¦bÄÝ©ó¬Û¦PVLAN¸s²Õªº¤A¤Óºô¸ô¥æ´«¾¹ªº°ð¤W¥æ´«¡C¥Ñ¥D¾÷©Îºô¸ô³]³Æ²Õ¦¨ªºVLAN¡A¬O¥Ñ¤A¤Óºô¸ô¥æ´«¾¹ªº¾ô±µ©Î¥æ´«¤è¦¡©Ò³s¦b¤@°_¡C¦Ó¤£¦P¤À²ÕªºVLAN¦U¦Û§Q¥Î¦U¦Ûªº¾ô±µ¥\¯à¡A©¼¦¹¤£¤¬¬Û¤zÂZ¡C

VLANs are created to provide segmentation services traditionally provided by physical routers in LAN configurations. VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, and traffic flow management. Switches do not bridge traffic between VLANs, as this violates the integrity of the VLAN broadcast domain. Traffic should only be routed between VLANs.

VLAN©Ò«Ø¥ßªº¤À¬q¾÷¨î¨ú¥N¤F¶Ç²Î¤W¥Ñ¸ô¥Ñ¾¹©Ò«Ø¥ßªº¤À¬q¡CVLAN¥i¥H¼W¥[¨t²Îªº©µ®i©Ê(scalability)¡B¦w¥þ©Ê©M¥iºÞ²z©Ê¡C¸ô¥Ñ¾¹¦bVLAN¬[ºcªº¥\¯à³q±`¬O¹LÂo¼s¼½«Ê¥]¡B¦w¥þ©Ê©M¸ê®Æ¬yºÞ²z¡C¤A¤Óºô¸ô¥æ´«¾¹¨Ã¤£¯à¦b¤£¦P¤À²ÕªºVLAN¤§¶¡¥æ´«¸ê®Æ¡A¦]¬°³o¼Ë¹H¤Ï¤FVLAN­­¨î¼s¼½»â°ìªº©w¸q¡A¥²»Ý³z¹L¸ô¥Ñ¾¹¡C¤£¦PVLAN¤§¶¡¶È¯àÂǥѸô¥Ñªº¥\¯à¶Ç°e¸ê®Æ¡C

8.1.2 Broadcast domains with VLANs and routers 

In Figure , a VLAN is created with one router and one switch. Three separate broadcast domains exist. The router routes traffic between the VLANs using Layer 3 routing. The switch in Figure , forwards frames to the router interfaces if certain circumstances exist:

• If it is a broadcast frame
• If the destination is one of the MAC addresses on the router

©M¹Ï2ªº¤£¦P¡A¹Ï3 ¬O¤@­Ó¥Ñ¤@¥x¸ô¥Ñ¾¹©M¥æ´«¾¹ºc¦¨ªº3­ÓVLAN¡C3­Ó¼s¼½»â°ì¬O³z¹L¤@¥x¥æ´«¾¹©Ò¤Á³ÎVLAN¦Ó¦¨¡C¥²­n®É¡A¥æ´«¾¹§â¤£¦PVLANªº«Ê¥]°e¨ì3­Ó¤£¦Pªº¸ô¥Ñ¾¹¤¶­±¡C

• °²¦p¥¦¬O¤@­Ó¼s¼½«Ê¥]¡C
• ¦p¥¦¬O¸ô¥Ñ¾¹¤¶­±ªº¹êÅé¦ì§}¡C

If Workstation 1 on the Engineering VLAN wants to send frames to Workstation 2 on the Sales VLAN, the frames are sent to the Fa0/0 MAC address of the router. Routing occurs through the IP address on the Fa0/0 router interface for the Engineering VLAN.

°²¦p¦b¤uµ{VLAN¤¤ªº¤u§@¯¸·Q­n°e¸ê®Æ¨ì¥t¤@¥x¦b·~°ÈVLANªº¹q¸£¡A«h³o­Ó«Ê¥]·|¹³¶Ç²Îªº¤è¦¡¥Ñ¤uµ{VLAN¥ý°e¨ì¸ô¥Ñ¾¹Fa0/0ªº¤¶­±¡C·í¸ô¥Ñ¾¹ªºFa0/0¤¶­±¦¬¨ì®É¡A«h¨Ì¶Ç²Î¸ô¥Ñ¾¹ªº¤è¦¡°e¨ì·~°ÈªºVLAN¡C

If Workstation 1 on the Engineering VLAN wants to send a frame to Workstation 2 on the same VLAN, the destination MAC address of the frame is that of Workstation 2.

­Y¬O¤uµ{³¡ªùVLANªº1¸¹¤u§@¯¸·Q­n°e«Ê¥]µ¹¦P¤@­Ó¤uµ{³¡ªùVLANªº2¸¹¤u§@¯¸¡C«h¦¹«Ê¥]ªº¥Øªº¦a¹êÅé¦ì§}´N¬O2¸¹¤u§@¯¸ªº¹êÅé¦ì§}¡C

VLAN implementation on a switch causes certain actions to occur:

• The switch maintains a separate bridging table for each VLAN.
• If the frame comes in on a port in VLAN 1, the switch searches the bridging table for VLAN 1.
• When the frame is received, the switch adds the source address to the bridging table if it is currently unknown.
• The destination is checked so a forwarding decision can be made.
• For learning and forwarding, the search is made against the address table for that VLAN only.

¦b¤A¤Óºô¸ô¥æ´«¾¹¤W³]©wVLAN·|¦³¤U¦Cªº±¡ªp²£¥Í¡G

• ³o¨Ç¥æ´«¾¹·|¬°¨C¤@­ÓVLAN«Ø¥ß¤@­Ó¾ô±µªí(briding table)¡A¤]´N¬OÂà°eªí¡C
• °²¦p³o«Ê¥]¬O±qVLAN 1¶Ç°e¹L¨Ó¡A«h¥æ´«¾¹·|´M§äVLAN 1ªº¾ô±µªí¡C
• ·í¥æ´«¾¹¦¬¨ì¤@­Ó«Ê¥]®É¡A¥¦·|±N¥¦ªº¨Ó·½ºÝ¹êÅé¦ì§}¥[¨ì¨º¤@­ÓVLANªº¾ô±µªí¡C
• ·í­n¶Ç°e®É·|Àˬd«Ê¥]¥Øªº¦aªº¹êÅé¦ì§}¡C
• ·í­n¶Ç°e©Î¾Ç²ß·sªº¹êÅé¦ì§}®É¡A¥æ´«¾¹¥u·|Àˬd¬Û¦PVLANªº¾ô±µªí¡A¤£·|¥h´M§ä¤£¦PVLANªº¾ô±µªí¡C

8.1.3 VLAN operation 

Static membership VLANs are called port-based and port-centric membership VLANs. As a device enters the network, it automatically assumes the VLAN membership of the port to which it is attached.

ÀRºA«ü©wªºVLAN(Static membership VLAN)³QºÙ³s±µ°ð¤¤¼Ï(port-centeric)«ü©wªºVLAN¡C§Ú­Ì¥i¥H±N¤@­Óºô¸ô°ð³z¹L³]©w¦Ó«ü©w¦¨¬Y­ÓVLANªº°ð¡C·í¤@­Ó³]³Æ©Î¤u§@¯¸³s±µ¨ì¬Y­Ó¥æ´«¾¹°ð®É¡A¥¦´N³Q¦Û°Êªº³]©w¦¨¨º¤@­Ó¥æ´«¾¹°ðªºVLAN¡C

The default VLAN for every port in the switch is the management VLAN. The management VLAN is always VLAN 1 and may not be deleted. At least one port must be assigned to VLAN 1 in order to manage the switch. All other ports on the switch may be reassigned to alternate VLANs.

¤@¥x¦³VLAN¥\¯àªº¥æ´«¾¹¡A¥¦·|±N¨C­Ó°ð«ü©wµ¹¤@­Ó¹w³]ªºVLAN¸¹½X¡C³o­ÓVLAN´N¬O¥D±±VLAN (management VLAN)¡C³o­Ó¥D±±VLAN¤@¯ë¦Ó¨¥³£¬OVLAN 1 ¡A¦Ó¥B¤£¯à³Q§R°£¡C¤@¥x¥æ´«¾¹¦Ü¤Ö¦³¤@­Óºô¸ô°ð³Q«ü©w¬°ºÞ²zVLANªººô¸ô°ð¡A¥H«K¨ÓºÞ¸Ì³o¥x¥æ´«¾¹¡A¨ä¥¦ªººô¸ô°ð¥i¥H­«·s«ü©wµ¹¨ä¥¦ªºVLAN¡C

Dynamic membership VLANs are created through network management software. CiscoWorks 2000 or CiscoWorks for Switched Internetworks is used to create Dynamic VLANs. Dynamic VLANs allow for membership based on the MAC address of the device connected to the switch port. As a device enters the network, the switch that it is connected to queries a database on the VLAN Configuration Server for VLAN membership.

°ÊºAVLAN·|­û(Dynamic membership VLAN) ªº³]©w¤è¦¡³q±`¬OÂǥѺôºÞµ{¦¡¡C¦pCiscoWorks 2000©Î CiscoWorks´N¥i¥H³]©wCISCO¤½¥qªº¥æ´«¾¹²£«~ªº°ÊºAVLAN¡C°ÊºAVLAN¤è¦¡¥i¥HÅýVLAN®Ú¾Ú³]³Æªº¹êÅé¦ì§}(MAC)¨Ó¨M©w¥¦¬O¨º¤@­ÓVLAN¸s²Õ¡C·í¤@­Ó³]³Æ³s±µ¨ì¥æ´«¾¹®É¡A¥æ´«¾¹·|®Ú¾Ú³]³ÆªºMAC¥h¸ß°ÝVLAN³]©w¦øªA¾¹¨Ó¨M©wVLAN¸s²Õ¡C

Network administrators are responsible for configuring VLANs both statically and dynamically.

©Ò¥Hºô¸ôºÞ²zªÌ¥i¥H®e©öªº§Q¥ÎÀRºA³]©w©Î°ÊºA³]©wªº¤è¦¡¨Ó³]©wVLAN¡C

8.1.4 Benefits of VLANs 

VLANs allow network administrators to organize LANs logically instead of physically. This is a key benefit. This allows network administrators to perform several tasks:

• Easily move workstations on the LAN
• Easily add workstations to the LAN
• Easily change the LAN configuration
• Easily control network traffic
• Improve security

VLAN¥i¥HÅýºÞ²zªÌ±N°Ï°ìºô¸ôÅ޿誺¸s²Õ¤Æ¡A¦Ó¤£¤@©w­n®Ú¾Ú¦a²z¦ì¸m¡C³o¨Ç¦n³B¥i¥Hªí²{¦b¤U¦Cªº¤u§@¶µ¥Ø¤¤¡G

• ®e©ö¦b°Ï°ìºô¸ô¤¤²¾°Ê¤u§@¯¸¡C
• ®e©ö¦b°Ï°ìºô¸ô¤¤¼W¥[¤u§@¯¸¡C
• ®e©ö§ïÅÜ°Ï°ìºô¸ôªº³]©w¡C
• ®e©ö±±¨îºô¸ôªº¬y¶q¡C
• §ïµ½¦w¥þ©Ê¡C

8.1.5 VLAN types 

This page will describe three basic VLAN types that are used to determine and control VLAN membership assignments: -

• Port-based VLANs
• MAC address based VLANs
• Protocol-based VLANs

³o¤@³¹¸`´y­z®Ú¾Ú³]©wVLAN·|­ûªº¨Ó¨M©wVLANªººØÃþ¡CVLAN¥i¥H¤À¬°¦p¤U¤TºØ¤À²Õ¤è¦¡¡C -

• ®Ú¾Ú³s±µ°ð¤À²Õ¡C
• ®Ú¾Ú¹êÅé¦ì§}¤À²Õ¡C
• ®Ú¾Ú¨ó©w¤À²Õ¡C

The number of VLANs in a switch vary based on several factors:

• Traffic patterns
• Types of applications
• Network management needs
• Group commonality

¦b¤A¤Óºô¸ô¥æ´«¾¹¤¤¡AµêÀÀºô¸ô¥i¥H®Ú¾Ú¤U¦C¦]¯À¨Ó¤Á³Î¡C

• «Ê¥]ªº«¬¦¡¡C
• À³¥Îµ{¦¡ªººØÃþ¡C
• ºôºÞªº»Ý¨D¡C
• ¸s²Õªº¬ÛÃö©Ê¡C

The IP addressing scheme is another important consideration in defining the number of VLANs in a switch. For example, a network that uses a 24-bit mask to define a subnet has a total of 254 host addresses allowed on one subnet. Because a one-to-one correspondence between VLANs and IP subnets is strongly recommended, there can be no more than 254 devices in any one VLAN. It is further recommended that VLANs should not extend outside of the Layer 2 domain of the distribution switch.

¦b¤Á³ÎµêÀÀºô¸ô(VLAN)®É¡A¦Ò¼{IP¤À°tªº­ì«h¬O¥t¤@¶µ­«­nªº¦]¯À¡C¨Ò¦p¡A¤@­Óºô¸ô­Y¥Î24­Ó¤lºô¸ô¾B¸n¥i¥H¤¹³\254¥x¥D¾÷¦b¤@­Ó¤lºô¸ô¤¤¡C¦]¬°¤j³¡¥÷ªºª¬ªp·|±j¦C­n¨DIPºô¸ô©MVLAN¹ïÀ³¦¨1¹ï1ªºÃö«Y¡C©Ò¥H³o¼Ë¤@­ÓVLAN©Ò§tªº¥D¾÷¼Æ¥Ø´N¤£¯à¶W¹L 254¥x¡C¥t¥~¤@¶µ­n¨D¬O©Ò¤Á³ÎVLANªº½d³ò¤£À³¸Ó¶W¹L¥Ñ²Ä¤G¼h¥æ´«¾¹©Òºc¦¨ªº½d³ò¡A´N¬OVLANªº½d³ò¤£À³¸ó¹L¸ô¥Ñ¾¹¡C¸ó¹L¸ô¥Ñ¾¹¡A·|¦]¬°¸ô¥Ñ¾¹¹jÂ÷¼s¼½«Ê¥]¦Ó¤£³q¡C

There are two major methods of frame tagging, Inter-Switch Link (ISL) and 802.1Q. ISL is a Cisco proprietary protocol and used to be the most common, but is now being replaced by the IEEE 802.1Q standard frame tagging.

¹ï©ó°T®Ø°µ¼ÐÅÒ¦³¨âºØ¥D­nªº¤è¦¡¡CInter-Switch Link (ISL) (CISCO¤½¥q±M§Qªº) ©M 802.1Q(·~¬É¼Ð·Ç)³o¨âºØ¨ó©w¡CInter-Switch Link (ISL)¬O«ä¬ì¤½¥q¯S¦³ªº±M§Q¤]¬O¤@¯ëCISCO¤½¥q¤A¤Óºô¸ô¥æ´«¾¹±`¥Îªº¡C¦ý²{¦b³£³Q 802.1Q³oºØ¼ÐÅҼзǨú¥N¡C

As packets are received by the switch from any attached end-station device, a unique packet identifier is added within each header. This header information designates the VLAN membership of each packet. The packet is then forwarded to the appropriate switches or routers based on the VLAN identifier and MAC address. Upon reaching the destination node the VLAN ID is removed from the packet by the adjacent switch and forwarded to the attached device. Packet tagging provides a mechanism for controlling the flow of broadcasts and applications while not interfering with the network and applications.

¤A¤Óºô¸ô¥æ´«¾¹±q³s±µ°ð©Ò±µªº«È¤á²×ºÝ³]³Æ±µ¦¬«Ê¥]¡AµM«á¤@­Ó¿W¯Sªº«Ê¥]ÅGÃѼÐñ·|¥[¨ì¨C¤@­Ó«Ê¥]ªíÀY¡C³o­Ó¼ÐñªíÀY§t¦³¨C­Ó«Ê¥]ªºVLAN½s¸¹¡CµM«á®Ú¾Ú³o­ÓVLAN¸¹½X©M¹êÅé(MAC)¦ì§}¡A³o­Ó«Ê¥]·|³Q°e¨ì¾A·íªº¥æ´«¾¹©Î¬O¸ô¥Ñ¾¹¡C¨ì¹F¥Øªº¦aºÝ©Ò±µªº¥æ´«¾¹®É¡A³o­Ó§t¦³VLAN½s¸¹ªºªíÀY´N·|³Q®³±¼¡AµM«á±N«Ê¥]¶Çµ¹¥Øªº¦aªº³]³Æ¡C«Ê¥]¼Ðñªº§Þ³N´£¨Ñ¤F¤@ºØ¥i¥H±±¨î¼s¼½«Ê¥]©MÀ³¥Îµ{¦¡«Ê¥]ªº§Þ³N¦Ó¤£·|¤zÂZºô¸ô©MÀ³¥Îµ{¦¡¡C

8.2 VLAN Configuration 
   
8.2.1 VLAN basics 

Each VLAN must have a unique Layer 3 network or subnet address assigned to it. This enables routers to switch packets between VLANs.

¨C¤@­ÓVLAN¥²¶·¦³¤@­Ó°ß¤@ªº²Ä¤T¼hºô¸ô¸¹½X«ü©wµ¹¥¦¡C³o¼Ë´N¥i¥HÅý¸ô¥Ñ¾¹¦b¤£¦PªºVLAN¤§¶¡Âà°e«Ê¥]¡C

Switch ports are provisioned for each user at the access layer. Each color represents a subnet.

¦s¨ú¼hªº¨Ï¥ÎªÌ¥i¥H³Q¥æ´«¾¹°ð©Ò³W½d¡C ¨C­ÓÃC¦â¥Nªí¤@­ÓVLAN¡A ©Ò¥H¨C¤@­Ó¥æ´«¾¹¹ê»Ú¤W¬O¥Ñ³\¦hVLAN©Òºc¦¨ªº¡C

ISL is a Cisco proprietary protocol that maintains VLAN information as traffic flows between switches and routers. IEEE 802.1Q is an open-standard (IEEE) VLAN tagging mechanism in switching installations. Catalyst 2950 switches do not support ISL trunking.

ISL¬O«ä¬ì¤½¥qªº±M§Q¨ó©w¡C¥¦¦b«Ê¥]¦b¥æ´«¾¹©M¥æ´«¾¹¤¤¶Ç¿é¸ê®Æ®É¡A«O¦s¤FVLAN½s¸¹ªº¸ê°T¡CIEEE802.1Q«h¬O¥t¤@ºØ¶}©ñ¦¡IEEE)VLAN¼Ðñªº§Þ³N¡C«ä¬ì¤½¥qªºCatalyst 2950¥æ´«¾¹¨Ã¤£¤ä´©ISLªºªº¼Ðñ¼Ð·Ç¡C

Workgroup servers operate in a client/server model. For this reason, users are assigned to the same VLAN as the server they use to maximize the performance of Layer 2 switching and keep traffic localized.

¤u§@¸s²Õªº¦øªA¾¹³q±`¬O§Q¥Î¥D±q¦¡(client/server)¬[ºc¡C¦]¬°³o­Ó­ì¦]¡A¨Ï¥ÎªÌ³Q«ü©w¨ì¬Û¦PªºVLAN©M¦øªA¾¹¡A¬°¤F¯à¹F¨ì³Ì¤jªº®Ä¯à¡A³q±`§Q¥Î¤A¤Óºô¸ô¥æ´«¾¹±N¥æ³q¬y¶q¾¨¶q­­¨î¦b¯S©wªº°Ï°ì¤¤¡C

In Figure , a core layer router is used to route between subnets. The network is engineered, based on traffic flow patterns, to have 80 percent of the traffic contained within a VLAN. The remaining 20 percent crosses the router to the enterprise servers and to the Internet and WAN.

¦b¹Ï2 ¤¤ ¡A®Ö¤ß¼hªº¸ô¥Ñ¾¹·|±N«Ê¥]¦b¦U­Óºô¸ô¤§¶¡¸ô¥Ñ¡C ³o­Óºô¸ô¦³¸g¹L³W¹º¡A®Ú¾Ú¸ê®Æ¬yªºª¬ºA¦³80%ªº¬y¶q­­¨î¦b¬Û¦PVLAN¤¤¡C¥u¦³20%ªº«Ê¥]¤~·|¸ó¹L¸ô¥Ñ¾¹¨ì§OªºVLAN©Îºô»Úºô¸ô¡C

8.2.2 Geographic VLANs 

End-to-end VLANs allow devices to be grouped based upon resource usage. This includes such parameters as server usage, project teams, and departments. The goal of end-to-end VLANs is to maintain 80 percent of the traffic on the local VLAN.

ºÝÂI¹ïºÝÂIªº°Ï°ìºô¸ô¥i¥H®Ú¾Ú¸ê·½ªº¨Ï¥Î±N³]³Æ¸s²Õ¦b¤@°_¡C¥¦¦Ò¼{¤F¤@¨Ç°Ñ¼Æ¨Ò¦p¦øªA¾¹¨Ï¥Î²v¡B±M®×¹Î¶¤©Î¬O³¡ªù¡C³]­pºÝÂI¹ïºÝÂIVLANªº¥Ø¼Ð¬O­nºû«ù80%ªº¥æ³q¬y¶q¦b·í¦aªºVLAN¡C

As corporate networks move to centralize their resources, end-to-end VLANs become more difficult to maintain. Users are required to use many different resources, many of which are no longer in their VLAN. This shift in placement and usage of resources require VLANs to be created around geographic boundaries rather than commonality boundaries.

·í¤½¥qªººô¸ô³W¹º±N¸ê·½¶°¤¤«á¡AºÝÂI¹ïºÝÂIªº°Ï°ìºô¸ôÅܪº§óÃøºûÅ@¡C¨Ï¥ÎªÌ­n¥Îªº¦UºØ¸ê·½¤£¦b¬O¦b¦Û¤v¥»¨­ªºVLAN·í¤¤¡C³oºØ³]³Æ¸ê·½±oÂಾ¨ÏªºVLANªº³]­p°¾¦V¦a²z°Ï°ì¦Ó¤£¦b¬O®Ú¾Ú¬Û¦PÄݩʪº­ì«h¡C

This geographic location can be as large as an entire building or as small as a single switch inside a wiring closet. In a geographic VLAN structure, it is typical to find the new 20/80 rule in effect. That means that 20 percent of the traffic remains within the local VLAN and 80 percent of the network traffic travels outside the local VLAN. Although this topology means that 80 percent of the services from resources must travel through a Layer 3 device, this design allows networks to provide a deterministic and consistent method to access resources.

³oºØ®Ú¾Ú¦a²z¦ì¸m³W¹ºªºVLAN¥i¥H¤j¨ì¤@¾ã­Ó«Ø¿vª«©ÎªÌ¤p¨ì¤@­Ó¥æ´«¾¹©Î¸õ½u¬[¡C¦b¦a²z¤ÀÃþªº¬[ºc¤¤¡A¥i¥HÆ[¹î¨ì·sªº 20/80 ³W«h¡C¥¦ªº·N«ä«ü20%ªº¥æ³q¬y¶q³Q­­¨î¦b·í¦aªºVLAN¤¤¡A«o¦³80%ªº¬y¶q¥²»Ý­n¸óÅD¤£¦PªºVLAN¡CÁöµM¦³80%ªº¥æ³q¥²»Ý­n³z¹L²Ä¤T¼h³]³Æ¸ó¶V¤£¦PªºVLAN¡A³oºØ³W¹º¤è¦¡¨ÌÂÂ¥i¥HÅýºô¸ô¨Ï¥ÎªÌ¦³¤@­Pªº¤èªk¦s¨ú¸ê·½¡C

8.2.3 Configuring static VLANs 

Static VLANs are ports on a switch that are manually assigned to a VLAN. This can be accomplished with a VLAN management application or configured directly into the switch through the CLI. These ports maintain their assigned VLAN configuration until they are changed manually. This type of VLAN works well in networks with specific requirements:

• All moves are controlled and managed.
• There is robust VLAN management software to configure the ports.
• The additional overhead required to maintain end-station MAC addresses and custom filtering tables is not acceptable.

ÀRºAVLANªº­ì²z¬O¥æ´«¾¹¤Wªº°ð¥i¥H¤â°Ê«ü©wµ¹¬Y¤@­ÓVLAN¡C³oºØ³]©w¥i¥Hª½±µ§Q¥ÎVLANªººÞ²zÀ³¥Îµ{¦¡©ÎªÌ©R¥O¦C¤¶­±(CLI)¨Óª½±µ³]©w¡C³o­Ó°ð´N¤@ª½ÄÝ©ó³Q³]©wªºVLAN¡Aª½¨ì¥¦³Q¤â°Ê§ïÅܬ°¤î¡C³oºØ§Î¦¡ªºVLAN¥i¥H²Å¦X´XºØ¯S®íªº»Ý¨D¡C

• ©Ò¦³ªº²¾°Ê¥i¥H³Q§¹¥þ±±ºÞ¡C
• ¥²»Ý¦³¤@­Ó¥\¯à±j¤jªºVLANºÞ²z³nÅé¨ÓºÞ²z³o¨Ç°ð¡C
• ¤£»Ý­nÃB¥~ªº­t¾á¨Óºû«ù¹êÅé¦ì§}©Î¹LÂoªí®æ¡C

Dynamic VLANs do not rely on ports assigned to a specific VLAN.

°ÊºAªºVLAN¨Ã¤£»Ý­n¾a¤â°Ê¨Ó«ü©w¤@­Ó¯S§OªºVLAN¡C

To configure VLANs on Cisco 2900 series switches, specific guidelines must be observed:

• The maximum number of VLANs is switch dependent.
• One of the factory-default VLANs is VLAN 1.
• The default Ethernet VLAN is VLAN 1.
• Cisco Discovery Protocol (CDP) and VLAN Trunking Protocol (VTP) advertisements are sent on VLAN 1 (VTP will be discussed in Module 9).
• The IP address of the switch is in the VLAN 1 broadcast domain by default.
• The switch must be in VTP server mode to create, add, or delete VLANs.

¤U¦C¬O³]©w Cisco 2900¨t¦C¥æ´«¾¹VLANªººõ­n¡G

• VLANªº³Ì¤j¼Æ¥Ø©M¥æ´«¾¹¬OµLÃöªº¡C
• ¤u¼tªº¹w³]­ÈVLAN ¸¹½X¬O 1¡C
• ¤A¤Óºô¸ôªº¹w³]VLAN¸¹½X¬O 1¡C
• «ä¬ìµo²{¨ó©wCisco Discovery Protocol (CDP)©MVLAN¦ê³s(¥D·F)¨ó©wVLAN Trunking Protocol (VTP)·|§Q¥ÎVLAN 1¨Ó¶Ç°e¨ó©w¡C(VTP¦b²Ä¤E¼Ò²Õ·|¤¶²Ð)
• ¥æ´«¾¹ªºIP¦ì§}¤]¬O§Q¥ÎVLAN 1¨Ó·í§@¼s¼½»â°ì¡C
• ¥æ´«¾¹¥²»Ý³]©w¬°VLAN¦ê³s(¥D·F)¨ó©w(VTP server)ªº¦øªA¾¹¤~¯à«Ø¥ß¡B¼W¥[©M§R°£VLAN¡C

The creation of a VLAN on a switch is a very straightforward and simple task. If an IOS command-based switch is used, the command vlan database can be used in the Privileged EXEC mode to enter into VLAN configuration mode. A VLAN name may also be configured, if necessary:

­n¦b¥æ´«¾¹¼W¥[¤@­ÓVLAN¬O«D±`ª½±µ©M²³æªº¤u§@¡C°²¦p­n¾Þ§@¤@­Ó¥i¥H³]©wIOS©R¥Oªº¥æ´«¾¹¡C¥²»Ý­n¦b¯SÅv¼Ò¦¡¤Uvlan database ³o­Ó«ü¥O¨Ó¶i¤JVLANªº³]©w¼Ò¦¡¡C¦pªG»Ý­n³]©w ¤@­ÓVLANªº¦W¦r¤]¬O«D±`²³æ¡C

Switch#vlan database

Switch(vlan)#vlan vlan_number

Switch(vlan)#exit

Upon exiting, the VLAN is applied to the switch. The next step is to assign the VLAN to one or more interfaces:

¥H¤Wªº«ü¥O¬O­n¦b¥æ´«¾¹¤W«Ø¥ß¤@­ÓVLAN¡C¤U¤@¨B¬O«ü©wVLAN¨ì¤@­Ó©Î¦h­Ó¤¶­±¡C

Switch(config)#interface fastethernet 0/9

Switch(config-if)#switchport access vlan vlan_number

8.2.4 Verifying VLAN configuration 

The commands show vlan, show vlan brief, or show vlan id id_number can be used to verify VLAN configurations.

The commands show vlan, show vlan brief, or show vlan id id_number ³o¨Ç«ü¥O³£¬O¥Î¨ÓÅçÃÒVLAN³]©wªº¡C

The following facts apply to VLANs:

• A created VLAN remains unused until it is mapped to switch ports.
• All Ethernet ports are assigned to VLAN 1 by default.

¤U¦C³¯­z¤F´X¶µVLANªº¨Æ¹ê¡C

• ¤@­Ó­è«Ø¥ßªºVLAN¬O¤@ª½³B©ó¥¼³Q¨Ï¥Îªºª¬ºA¡Aª½¨ì³Q«ü©wµ¹¬Y­Ó¥æ´«¾¹°ð¡C
• ©Ò¦³ªº¤A¤Óºô¸ô¥æ´«¾¹¤@¶}©l®É³£³Q«ü©w¦bVLAN 1¡C

Figure shows a list of applicable commands.

¹Ï ®i¥Ü¤F¤@³s¦ê¥i³Q§Q¥Îªº©R¥O¡C

Figure shows the steps necessary to assign a new VLAN to a port on the Sydney switch.

¹Ï ®i¥Ü¤F¦bSydeny ³oÁû¥æ´«¾¹¤W«ü©w¤@­Ó·sªºVLANµ¹¬Y­Ó°ðªº¨BÆJ¡C

Figures and list the output of the show vlan and show vlan brief commands.

¹Ï ©M¹Ï «h¦C¥X¤Fshow vlan ©M show vlan brief ³o¨â­Ó©R¥Oªº¿é¥Xµe­±¡C

8.2.5 Saving VLAN configuration 

It is useful to keep a copy of the VLAN configuration as a text file, especially when backups or audits need to be performed.

«O«ù¤@¥÷VLAN³]©wªº¤å¦rÀɬO«D±`¦³¥Îªº¡A¯S§O·í»Ý­n³Æ¥÷©ÎÀˬdªº®É­Ô¡C

The switch configuration settings can be backed up to a TFTP server with the copy running-config tftp command. The HyperTerminal text capture feature along with the commands show running-config and show vlan can be used to capture configurations settings.

¥æ´«¾¹ªº³]©wÀÉ¥i¥H§Q¥Î copy running-config tftp ³Æ¥÷¨ì¤@­ÓTFTPªº¦øªA¾¹¤W¡Ashow running-config ©M show vlan«h¥i¥H±N³]©wÀɳ]©wÂ^¨ú¥X¨Ó¡C

8.2.6 Deleting VLANs 

In Figure , FastEthernet 0/9 was assigned to VLAN 300 with the command switchport access vlan 300. To remove this VLAN from the interface, simply use the no form of the command.

¦b¹Ï ¡A§Q¥Îswitchport access vlan 300³o­Ó©R¥O±NFastethernet 0/9³o­Ó¤¶­±«ü¥Oµ¹VLAN 300¡C­n²¾°£³o­Ó©R¥O¥u­n²³æªº§Q¥Îno ³o­Ó«ü¥O§Y¥i¡C

The command below is used to remove a VLAN from a switch:

¤U¦C©R¥O¬O¥Î¨Ó±q¥æ´«¾¹¤W²¾°£¤@­ÓVLAN¡C

Switch#vlan database

Switch(vlan)#no vlan 300

When a VLAN is deleted, all ports assigned to that VLAN become inactive. The ports will, however, remain associated with the deleted VLAN until assigned to a new VLAN.

·í¤@­ÓVLAN³Q§R°£¡A­ì¥»«ü¥Oµ¹³o­ÓVLANªº°ð·|¥¢®Ä¥h§@¥Î¡C¦]¬°³o­Óºô¸ô°ð¨Ì³QÃö³s¨ì¥¢®ÄªºVLAN¸¹½X¡Aª½¨ì¥¦³Q«ü©wµ¹¤@­Ó·sªºVLAN¸¹½X¡C

8.3 Troubleshooting VLANs 
   
8.3.1 Overview 

Students completing this lesson should be able to:

• Utilize a systematic approach to VLAN troubleshooting
• Demonstrate the steps for general troubleshooting in switched networks
• Describe how spanning-tree problems can lead to broadcast storms
• Use show and debug commands to troubleshoot VLANs

¾Ç¥Í§¹¦¨¦¹³¹¸`±N¦³¯à¤O¥h§¹¦¨¤U¦C¤u§@¡G

• ¥H¨t²Î¦¡ªº¤è¦¡¤@¨B¤@¨B§@ VLAN°£¿ù¡C
• ®i¥Ü¦p¦ó¦b¥æ´«¾¹ªººô¸ôÀô¹Ò¤¤°µ°£¿ùªº¤u§@¡C
• ´y­z©µ®i¼Æ¾ð(spanning-tree )°ÝÃD¥i¯à¾É­P¼s¼½«Ê¼É¡C
• ®i¥Ü¦p¦ó§Q¥Î show ©M debug ªº«ü¥O¨Ó¹ïVLAN°£¿ù¡C

8.3.2 VLAN troubleshooting process 

It is important to develop a systematic approach for troubleshooting switch related problems. The following steps can assist in isolating a problem on a switched network:

1. Check the physical indications, such as LED status.
2. Start with a single configuration on a switch and work outward.
3. Check the Layer 1 link.
4. Check the Layer 2 link.
5. Troubleshoot VLANs that span several switches.

µo®i¤@­Ó¨t²Î¨BÆJ¥Î¨Ó¦b¥æ´«¾¹ªºÀô¹Ò¤¤°£¿ù¬O­«­nªº¨Æ¡C¤U¦C¨BÆJ¥i¥H¨ó§U¤ÀÂ÷¥æ´«¾¹Àô¹Ò¤¤ªº°ÝÃD¡C

1. Àˬd¹êÅ骺«ü¥Ü¿O¡C
2. ±q¥~¬ÉÀˬd³æ¤@Áû¥æ´«¾¹ªº³]©w¡C
3. Àˬd²Ä¤@¼hªº³sµ²ª¬ºA¡C
4. Àˬd²Ä¤G¼hªº³sµ²ª¬ºA¡C
5. ÂX®iÀˬdVLAN¤¤ªº¨ä¥L¥æ´«¾¹¡C

8.3.3 Preventing broadcast storms 

The location of the root bridge in the extended router and switch network is necessary for effective troubleshooting. The show commands on both the router and the switch can display root-bridge information. Configuration of root bridge timers set parameters for forwarding delay or maximum age for STP information. Manually configuring a device as a root bridge is another configuration option.

¦b¸ô¥Ñ¾¹©M¥æ´«¾¹Àô¹Ò¤¤¡A¤F¸Ñ®Ú¾ô±µ¾¹ªº¦ì¸m¬O°£¿ùªº­«­nÃöÁä¡C ¦b¸ô¥Ñ¾¹©M¥æ´«¾¹¬Ò¥i¥H¥Îshow ©R¥O¨Ó¬Ý¥X®Ú¾ô±µ¾¹ªº¦ì¸m©M¤@¨Ç°Ñ¼Æ®É¶¡ ©MSTPªº¸ê°T¡C ¤â°Ê³]©w®Ú¾ô±µ¾¹¤]¬O¥t¤@ºØ¦³®Äªº¤è¦¡¡C

If the extended router and switch network encounters a period of instability, it helps to minimize the STP processes occurring between devices.

°²¦p³o©µ¦ùªº¸ô¥Ñ¾¹©M¤A¤Óºô¸ô¥æ´«¾¹¦³¤@¤p¬q®É¶¡¤£¤Óí©w¡A³o¥NªíSTPµ{§Ç¦b³]³Æ¤§¶¡¥æ´«°T®§¡C

If it becomes necessary to reduce BPDU traffic, put the timers on the root bridge at their maximum values. Specifically, set the forward delay parameter to the maximum of 30 seconds, and set the max_age parameter to the maximum of 40 seconds.

°²¦p»Ý­n´î¤ÖBPDUªº¬y¶q¡A³]©w®Ú¾ô±µ®É¶¡¬°³Ì¤j¡CÄY®æ¨Ó»¡¡A³]©wÂà°e©µ¿ð®É¶¡¬°30¬í¡A©M³Ì¤jªº°O¿ý®É¶¡max_age¬° 40 ¬í¡C

8.3.4 Troubleshooting VLANs 

To troubleshoot the operation of Fast Ethernet router connections to switches, it is necessary to make sure that the router interface configuration is complete and correct. Verify that an IP address is not configured on the Fast Ethernet interface. IP addresses are configured on each subinterface of a VLAN connection. Verify that the duplex configuration on the router matches that on the appropriate port/interface on the switch.

­n°w¹ï¸ô¥Ñ¾¹©M¥æ´«¾¹ªº°ª³t¤A¤Óºô¸ô¹B§@°£¿ù¡A­º¥ý¥²»Ý­n½T©w¸ô¥Ñ¾¹¤¶­±ªº³]©w¬O¥¿½Tªº¡C½T»{IP¦ì§}¤£¬O³]©w¦b°ª³t¤A¤Óºô¸ôªº¹êÅ餶­±¤W¡A¦Ó¬O³]©w¦b¨C­ÓVLANªº¤l¤¶­±(subinterface)©ÎªÌVLAN¤¤ªºµêÀÀ¤¶­±(virtual interface)¤W¡C

The show vlan command displays the VLAN information on the switch. Figure , displays the output from the show vlan command. The display shows the VLAN ID, name, status, and assigned ports.

show vlan ³o­Ó«ü¥O¥i¥H®i¥Ü¥X³o­Ó¥æ´«¾¹¤WªºVLAN¸ê°T¡C¹Ï ¦C¥X¤Fshow vlan ³o­Ó«ü¥Oªº°õ¦æµ²ªG¡C¥¦¥i¥H§i¶D§AVLAN ½s¸¹(VLAN ID)¡B¦WºÙ¡Bª¬ºA©M«ü©wªº¤¶­±°ð¡C

The show vlan displays information about that VLAN on the router. The show vlan command followed by the VLAN number displays specific information about that VLAN on the router. Output from the command includes the VLAN ID, router subinterface, and protocol information.

show vlan ³o­Ó«ü¥O¥i¥H®i¥Ü¥X³o­Ó¸ô¥Ñ¾¹¤WªºVLAN¸ê°T¡C show vlan ³o­Ó«ü¥O¥[¤Wvlan ¸¹½Xªº°õ¦æµ²ªG ¥i¥H§i¶D§AVLAN ½s¸¹(VLAN ID)¡B¸ô¥Ñ¾¹ªº¤l¤¶­±(subinterface)©M¨ó©w¸ê°T¡C

The show spanning-tree command displays the spanning-tree topology known to the router. This command will show the STP settings used by the router for a spanning-tree bridge in the router and switch network.

show spanning-tree ³o­Ó«ü¥O¥i¥H§i¶D§A¸ô¥Ñ¾¹©Ò¾Ç²ß¨ìspanning-tree ©Ý¾ëªº¬[ºc¡C ³o­Ó«ü¥O¥i¥H§i¶D§A¸ô¥Ñ¾¹ªºSTP³]©w©M¥æ´«¸ô¥ÑÀô¹Ò¤¤ªº spanning-tree ¾ô±µ¾¹¡C

The first part of the show spanning-tree output lists global spanning-tree configuration parameters, followed by those that are specific to given interfaces.

show spanning-tree ¿é¥Xªº²Ä¤@­Ó³¡¥÷¦C¥X¾ãÅé(global) spanning-tree ªº³]©w°Ñ¼Æ¡A«á­±¸òµÛ¦C¦L¤@¨Ç³Q«ü©wªº¤¶­±°Ñ¼Æ¡C

Bridge Group 1 is executing the IEEE compatible Spanning-Tree Protocol.

²Ä¤@²Õªº¾ô±µ¸¹½X³q±`¬O¥Î¨Ó°õ¦æIEEE¬Û®eªºspanning-tree¡C

The following lines of output show the current operating parameters of the spanning tree:

³o¤U¦Cªº¿é¥X¬O¥Ø«eªºspanning-tree ªº³]©w¡C

Bridge Identifier has priority 32768, address 0008.e32e.e600 Configured hello time 2, Max age 20, forward delay 15

The following line of output shows that the router is the root of the spanning tree:

³o¤U¦Cªº¿é¥X¥Nªí¸ô¥Ñ¾¹¬O³o­Óspanning-tree ªº®Ú¡C

We are the root of the spanning tree.

Key information from the show spanning-tree command creates a map of the STP network.

show spanning-tree³o­Ó©R¥O³Ì¥D­nªº¥Øªº¬O«Ø¥ß¤@±iSTPºô¸ôªº¹Ï¡C

The debug sw-vlan packets command displays general information about VLAN packets received but not configured to support the router.  VLAN packets that the router is configured to route or switch are counted and indicated when using the show vlans command.

debug sw-vlan packets ©R¥O®i¥Ü¤F¤@¯ë¥»¨­¸ô¥Ñ¾¹¨Ã¨S¦³³]©w¤ä´©ªºVLAN«Ê¥]¡Cshow vlans «ü¥O«h·|«ü¥Ü¨º¨Ç¦³¦b¸ô¥Ñ¾¹©Î¥æ´«¾¹¤W³]©wªºVLAN¸ê°T¡C

8.3.5 VLAN troubleshooting scenarios  

Each of these scenarios contains an analysis of the problem to then solving the problem. Using appropriate specific commands and gathering meaningful information from the outputs, the progression of the troubleshooting process can be completed.

¨C­Ó³õ´º¥]§t¤F¦p¦ó¤ÀªR©M¦p¦ó¸Ñ¨M°ÝÃDªº¹Lµ{¡C¨Ï¥Î¾A·íªº«ü¥O¨ú±o¦³·N¸qªº¿é¥X¸ê®Æ¡Aº¥º¥´N¥i¥H§¹¥þ¸Ñ¨M°ÝÃD¡C

When having difficulty with a trunk connection between a switch and a router, be sure to consider the following possible causes:

·í¥æ´«¾¹©M¸ô¥Ñ¾¹³s±µªº¥D·Fºô¸ô¦³°ÝÃD®É¡A¥i¥H¦Ò¼{¦p¤Uªº¥i¯à­ì¦]¡C

Scenario 1: A trunk line cannot be established between a switch and a router

Figure illustrates this scenario:

1. Make sure that the port is connected and not receiving any physical-layer, alignment or frame-check-sequence (FCS) errors. This can be done with the show interfaces command on the switch.
2. Verify that the duplex and speed are set properly between the switch and the router. This can be done with the show interface status command on the switch or the show interfaces command on the router.
3. Configure the physical router interface with one subinterface for each VLAN that will route traffic. Verify this with the show interfaces IOS command. Also, make sure that each subinterface on the router has the proper encapsulation type, VLAN number, IP address, and subnet mask configured. This can be done with the show interfaces or show running-config IOS commands.
4. Confirm that the router is running an IOS release that supports trunking. This can be verified with the show version command.

³õ´º1¡G¦b¸ô¥Ñ¾¹©M¥æ´«¾¹¤¤ªº¥D·F½u¸ô¤£¯à«Ø¥ß¡C

¹Ï ´y­z¤F³o­Ó³õ´º¡C

1. ½T»{³o­Óºô¸ô°ð¦³³s±µ¡A¥B¨S¦³¥ô¦ó¹êÅé¼hªº¿ù»~©M±Æ¦C¿ù»~¡A©ÎªÌ«Ê¥]§Ç¸¹¿ù»~µo¥Íframe-check-sequence ( FCS ) errors¡C§Ú­Ì¥i¥H¥Îshow interfaces ³o­Ó«ü¥O¨ÓÀˬd¥æ´«¾¹¡C
2. ½T»{¥æ´«¾¹©M¸ô¥Ñ¾¹¨âºÝÂù¤u©M³t«×ªº³]©w¬O¥¿±`ªº¡C§Ú­Ì¥i¥H¥Îshow interface statusÀˬd¥æ´«¾¹©M¥Î show interfaces Àˬd¸ô¥Ñ¾¹¡C
3. ¸ô¥Ñ¾¹ªº¹êÅ餶­±¡A§Ú­Ì¥i¥H°w¹ï¨C¤@­ÓVLAN«Ø¥ß¤@­Ó¤l¤¶­±(subinterface)¡A³o­Ó¤l¤¶­±¥i¥H¬°¨C¤@­ÓVLAN¸ô¥Ñ«Ê¥]¡A´N¹³¶Ç²Îªº¸ô¥Ñ¾¹¤¶­±¤@¼Ë¡C§Ú­Ì¥i¥H¥Îshow interfaces ³o­Ó«ü¥O¨ÓÅçÃÒ¡C¦P®É¤]­n½T»{¨C­Ó¤l¤¶­±¦³¥¿½Tªº«Ê¸Ë«¬ºA¡BVLAN¸¹½X¡BIP¦ì§}¡B¤lºô¸ô¾B¸n¡C§Ú­Ì¥i¥H¥Î show interfaces ©Î show running-config ³o­Ó«ü¥OÅçÃÒ¡C
4. ½T»{¸ô¥Ñ¾¹ªºIOSª©¥»¡A¨ä¤¶­±¦³¯à¤O¤ä´©¦³VLAN¸ê°Tªº°©·F¡C§Ú­Ì¥i¥H§Q¥Î show version ³o­Ó«ü¥O¹F¦¨ÅçÃÒ¡C

¡@

Scenario 2: Dropped packets and loops

Figure illustrates this scenario:

³õ´º2¡G«Ê¥]¿ò¥¢©M§Î¦¨°j°é

¹Ï ´y­z¤F³o­Ó³õ´º¡C

Spanning-tree bridges use topology change notification Bridge Protocol Data Unit packets (BPDUs) to notify other bridges of a change in the spanning-tree topology of the network. The bridge with the lowest identifier in the network becomes the root. Bridges send these BPDUs any time a port makes a transition to or from a forwarding state, as long as there are other ports in the same bridge group. These BPDUs migrate toward the root bridge.

±Ò°Ê STP ªº¾ô±µ¾¹·|§Q¥ÎBridge Ptotocol Data Unit (BPDU)«Ê¥]¨Ó§i¶D¾ô±µ¾¹ºô¸ô¦³ÅÜ°Ê¡C¦³³Ì§C½s¸¹ªº¾ô±µ¾¹·|Åܦ¨ºô¸ô¤¤ªº®Ú¾ô±µ¾¹¡C¾ô±µ¾¹¥i¥H¦b¥ô¦ó®É¶¡°e¥XBPDUªº«Ê¥]¡A·í¦³¤@­Óºô¸ô°ð¦³ÅܰʮɩÎÅܦ¨¶Ç°eªºª¬ºA®É¡C¥u­n¦³¨ä¥¦ªººô¸ô°ð¦b¦P¤@²Õ¾ô±µ¸¹½X¤¤¡C³o¨ÇBPDU³£·|Åܦ¨¥u¦³®Ú¾ô±µ¾¹¦b°e¡C

There can be only one root bridge per bridged network. An election process determines the root bridge. The root determines values for configuration messages, in the BPDUs, and then sets the timers for the other bridges. Other designated bridges determine the shortest path to the root bridge and are responsible for advertising BPDUs to other bridges through designated ports. A bridge should have ports in the blocking state if there is a physical loop.

¨C¤@­Ó¾ô±µªººô¸ô¤¤¥u¥i¥H¦³¤@­Ó®Ú¾ô±µ¾¹¡C¦³¤@­Ó¿ïÁ|ªº¹L¦¨¨Ó¨M©w³o­Ó®Ú¾ô±µ¾¹¡C³o­Ó®Ú¾ô±µ¾¹¦bBPDU¨M©w¤F³]©wªº°T®§¡AµM«á¬°¨ä¥¦ªº¾ô±µ¾¹³]©w­p®É¾¹¡C¨ä¥¦¾ô±µ¾¹¦³­Ó¥D­n(«ü©w)ªº¾ô±µ¾¹(designated bridges)®Ú¾Ú¶Ç°e¨ì¨ä¥¦¾ô±µ¾¹ªº¥D­nºô¸ô°ð©Ò°e¥XªºBPDU¨M©w³Ìµu¸ô®|¡C¦pªG¦³­Ó¾ô±µ¾¹§Î¦¨°j°é¡A¥¦À³§ï(¸Ó)¦³¯à¤O±Nºô¸ô°ð³]¦¨ªý¹jª¬ºA¥H«K®ø°£°j°é¡C

Problems can arise for internetworks in which both IEEE and DEC spanning-tree algorithms are used by bridging nodes. These problems are caused by differences in the way the bridging nodes handle spanning tree BPDU packets, or hello packets, and in the way they handle data.

°ÝÃD¥i¯àµo¥Í¦bºô¸ô¤¤¦³IEEE©M DEC¨âºØSTPºtºâªk¦P®É¨Ï¥Î®É¡C³o­Ó°ÝÃD¬O¦]¬°¨âºØSTPªºBPDU«Ê¥]¡BHELLOªº«Ê¥]©M³B²z¤è¦¡³£¤£¬Û¦P¦Ó²£¥Íªº¡C

In this scenario, Switch A, Switch B, and Switch C are running the IEEE spanning-tree algorithm. Switch D is inadvertently configured to use the DEC spanning-tree algorithm.

¦b³o­Ó³õ´º¤¤¡A¥æ´«¾¹ A¡BB¡BC°õ¦æIEEEªºSTPºtºâªk¡C¦ýD¥æ´«¾¹«o¬O³]©w¦¨DECªºSTPºtºâªk¡C

Switch A claims to be the IEEE root and Switch D claims to be the DEC root. Switch B and Switch C propagate root information on all interfaces for IEEE spanning tree. However, Switch D drops IEEE spanning-tree information. Similarly, the other routers ignore Router D's claim to be root.

¥æ´«¾¹A«ÅºÙ¥¦¬O IEEEªº®Ú¥æ´«¾¹¡AµM¦ÓD¥æ´«¾¹½T¬O«ÅºÙ¥¦¬ODEC ªº®Ú¥æ´«¾¹¡CB©M C¥æ´«¾¹·|±q©Ò¦³ªº°ð´²¼½IEEE®Ú¥æ´«¾¹ªº¸ê°T¡CµM¦ÓD¥æ´«¾¹·|§â³o¨ÇIEEEªºSTP¸ê°T¥á±¼¡A¬Û¦Pªº¡A¨ä¥¦ªº¥æ´«¾¹¤]·|¥á±óD¥æ´«¾¹¬ODEC®Úªº¸ê°T¡C

The result is that in none of the bridges believing there is a loop and when a broadcast packet is sent on the network, a broadcast storm results over the entire internetwork. This broadcast storm will include Switches X and Y, and beyond.

³o­Óµ²ªG¾É­P¨S¦³¤@­Ó¥æ´«¾¹·|ª¾¨ì³oºô¸ô¤¤¦³¤@­Ó°j°é¦s¦b¡C·í¦³¤@­Ó¼s¼½«Ê¥]²£¥Í®É¡A¾ã­Óºô¸ô´N·|²£¥Í¼s¼½­·¼É¡C³o¼s¼½­·¼É¤]·|¼vÅT¨ìX©MY©M¤§«áªº¥æ´«¾¹¡C

To resolve this problem, reconfigure Switch D for IEEE. Although a configuration change is necessary, it might not be sufficient to reestablish connectivity. There will be a reconvergence delay as devices exchange BPDUs and recompute a spanning tree for the network.

­n¸Ñ¨M³o­Ó°ÝÃD¡A¥²»Ý­n­«·s±ND¥æ´«¾¹³]¬°IEEEªºSTP¡CÁöµM¦³¸g¹L­«·s³]©w¡A¦ý¨Ã¤£ªí¥Ü¨¬°÷®É¶¡¦Ó¥i¥H­«·s«Ø¥ß³s½u¡C·í­n­«·s¥æ´«©M­pºâBPDU«Ê¥]®É¡A¥¦­Ì»Ý­n­«·s¦¬ÀĪº©µ¿ð®É¶¡¡C

¡@