锐捷交换机接口设置5

重要说明：

如果交换机端口配置为TRUNK，默认允许所有本交换机已创建VLAN的报文通过，全网TRUNK互联的情况下，整网的广播组播未知名单播都可能会泛洪到交换机上，导致端口、链路拥塞、大量协议报文（例如ARP）送CPU处理导致设备管理面出现异常（无法管理，CLI响应慢等现象），所以在项目实施中，规范性要求端口务必配置TRUNK裁减，只允许放通的VLAN报文通过。

1. 交换机access口配置

将交换机的10号口配置为access口，并且属于vlan100

Ruijie>enable

Ruijie(config)#interface gigabitEthernet 1/10

Ruijie(config-if-GigabitEthernet 1/10)#switchport access vlan 100

Ruijie(config-if-GigabitEthernet 1/10)#end

Ruijie#write

说明：

交换机如果没有配置，那么默认所有端口都是access口。如果端口被配置为trunk口，需要改为access口，需要先在接口下敲switchport mode access，否则不生效，例如原来的trunk口配置改为access口，属于access vlan 100，命令如下：

Ruijie#show run interface gigabitEthernet 1/10                ------>查看配置

Building configuration...

Current configuration : 56 bytes

interface GigabitEthernet 1/10

switchport mode trunk

Ruijie#configure terminal

Ruijie(config)#interface gigabitEthernet 1/10

Ruijie(config-if-GigabitEthernet 1/10)#switchport mode access    ------>设置为access模式

Ruijie(config-if-GigabitEthernet 1/10)#switchport access vlan 100

Ruijie(config-if-GigabitEthernet 1/10)#end

查看配置

Ruijie(config-if-GigabitEthernet 1/10)#show vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -----------------------------------

   1 VLAN0001                         STATIC    Gi1/1, Gi1/2, Gi1/3, Gi1/4           

                                                Gi1/5, Gi1/6, Gi1/7, Gi1/8           

                                                Gi1/9, Gi1/13, Gi1/14, Gi1/15         

                                                Gi1/16, Gi1/17, Gi1/18, Gi1/19       

                                                Gi1/20, Gi1/21, Gi1/22, Gi1/23       

                                                Gi1/24, Gi1/25, Gi1/26, Gi1/27       

                                                Gi1/28, Gi1/29, Gi1/30, Gi1/31       

                                                Gi1/32, Gi1/33, Gi1/34, Gi1/35       

                                                Gi1/36, Gi1/37, Gi1/38, Gi1/39       

                                                Gi1/40, Gi1/41, Gi1/42, Gi1/43       

                                                Gi1/44, Te1/45, Te1/46, Te1/47       

                                                Te1/48, Gi4/1, Gi4/2, Gi4/3          

 100 VLAN0100                       STATIC    Gi1/1, Gi1/10, Te1/45, Te1/46        

                                                Te1/47                      

2. 交换机TRUNK口配置

将交换机的45号口配置为trunk口

Ruijie(config)#interface TenGigabitEthernet 1/45

Ruijie(config-if-TenGigabitEthernet 1/45)#switchport mode trunk

Ruijie(config-if-TenGigabitEthernet 1/45)#end

查看配置

Ruijie#show interfaces trunk

Interface                        Native VLAN VLAN lists

-------------------------------- ----------- ----------------------

TenGigabitEthernet 1/45        1           ALL                         ------>native vlan是1，ALL表示允许所有的vlan通过

TenGigabitEthernet 1/46          1           ALL

TenGigabitEthernet 1/47          1           ALL

3. TRUNK口VLAN裁剪（必配）

交换机的1号口配置为trunk口，并且只允许vlan 5、vlan 10、vlan20-30通过，其余vlan不允许通过

Ruijie#configure terminal

Ruijie(config)#interface gigabitEthernet 1/1

Ruijie(config-if-GigabitEthernet 1/1)#switchport mode trunk

Ruijie(config-if-GigabitEthernet 1/1)#switchport trunk allowed vlan remove 1-4,6-9,11-19,31-4094   ------>交换机默认允许所有本地已创建的vlan通过，如果只需要配置只允许相应vlan通过，需要把不允许通过的vlan给裁剪掉

Ruijie(config-if-GigabitEthernet 1/1)#end

Ruijie#wr