我们正在使用 Cisco Catalyst 1000 交换机(准确地说是 C100-16P-2G-L),在将带标签的多播从一个端口传递到另一个端口时遇到了麻烦。我们希望按原样传递它(带标签),我认为这应该是可能的,但如何配置(我们需要传递具有 vlan id=257 的多播流量)?默认配置肯定不起作用。
与默认配置相关的一些其他详细信息:
- 标记 (id=257) 多播不是路過!
- 未标记多播是经过
- 标记单播是经过
这种类型的交换机默认具有 vlan=1,因此如果我发送带有 vlan id=1 标记的多播流量,它将会取消标记 - 这不是我需要的。
我还发现:
Switch#show topology
Topology Address Family Associated VRF State
base ipv4 default UP
base ipv6 default DOWN
base ipv4 multicast default DOWN
base ipv6 multicast default DOWN
这有关系吗?如何改变拓扑?
这些数据包从主机发送:
$ sudo mz v_eno1 -v -c 0 -d 1s -B 239.0.0.5 -t udp "dp=32000" -P "AAAA"
IP: ver=4, len=32, tos=0, id=0, frag=0, ttl=255, proto=17, sum=0, SA=198.19.4.250, DA=239.0.0.5,
payload=[see next layer]
UDP: sp=0, dp=32000, len=12, sum=0,
payload=41:41:41:41
....
在主机上捕获:
$ tcpdump -nn "udp port 32000 or (vlan and udp port 32000)" -e -i eno1 -Xvvv
16:20:02.364860 f6:e0:32:f0:7b:74 > 01:00:5e:00:00:05, ethertype 802.1Q (0x8100), length 50: vlan 257, p 0, ethertype IPv4, (tos 0x0, ttl 255, id 26302, offset 0, flags [none], proto UDP (17), length 32)
198.19.4.250.0 > 239.0.0.5.32000: [udp sum ok] UDP, length 4
0x0000: 4500 0020 66be 0000 ff11 9afb c613 04fa E...f...........
0x0010: ef00 0005 0000 7d00 000c 4640 4141 4141 ......}...F@AAAA
更新 1
尝试在传入/传出端口上设置中继,但是:
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface GigabitEthernet1/0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#vlan dot1q tag native
^
% Invalid input detected at '^' marker.
Switch(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
pruning Set pruning VLAN characteristics when interface is in trunking mode
我应该选择中继模式吗?
更新2
其中一个端口的当前设置:
Switch#show interfaces GigabitEthernet1/0/4 switchport
Name: Gi1/0/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: disabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
更新 3
尝试在两个端口上设置中继后:
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 257
switchport trunk native vlan 257
switchport mode trunk
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 257
switchport trunk native vlan 257
switchport mode trunk
还是没通过....
答案1
该特定交换机型号不允许标记本机 VLAN,根据Cisco 文档:
一般限制
- 不支持本机 VLAN 标记,并且vlan dot1q 标记本机 命令不可用。
如果希望 VLAN 1(默认本机 VLAN)在中继接口上进行标记,则需要将本机 VLAN 更改为其他 VLAN 编号,如下所示:
switchport trunk native vlan 12
了解大多数终端设备(PC、打印机、服务器等)通常不理解标记帧并将其视为损坏帧丢弃,因此您必须确保连接到中继接口的设备支持并配置为理解标记帧(中继)。
此外,第 2 层安全最佳实践是永远不要使用 VLAN 1 或中继本机 VLAN。将访问接口分配给不同的 VLAN 编号,并使用命令限制中继接口上的本机 VLAN switchport trunk allowed。
默认VLAN和本征VLAN是两个不同的概念,虽然默认都是VLAN 1。