---------------------------------------------------------------最新资料推荐------------------------------------------------------交换机组播配置案例交换机组播配置案例网络拓扑: 主楼实现方式:S6806 与 S2126G 通过 TRUNK 端口直接相连,我们先看一下6806与S2125G-F5S1的配置(蓝色字部分)。
在以下的配置中会发现,在6806 除了正常启PIM同时还增加了一条 ip multicast vlan 17 interface Gi3/7 命令用它来指定接口的多播vlan id 号,为什么要指定这个vlanid 号?是因为TRUNK端口在转发数据帧时,它会把tag vlan id 号标记为端口所属vlan 的id(NATIVE VLAN 除外)。
如下面配置,组播源在vlan100中的,正常TRUNK端口在转发组播流时,数据帧默认tag vlan id 是100.如果这样的话,当S2126G收到tag vlan id 100的数据帧,它会检查交换机中是否存在vlan100 ,如果有向其vlan 转发,如果没有数据帧被丢弃。
所以要把多播vlan id 号指定21交换机存在并且有用户使用的VLAN.这样在S2126G交换机上指定IGMP SNOOPING SVGL VLAN 17,就可以接收到组播流。
只要保证68指定的接口多播vlan id 与21交换机指定Multicast VLAN相同即可。
教学楼实现方式:S6806 与 S4909 通过 VLAN28 相连,S4909 与 21- s5 通过TRUNK 方式连接。
1/ 16我们先看一下 S6806 和S4909 和 2126G 的配置(红色字部分)。
在以下的配置中会发现,在 6806 除了正常启 PIM,S4909 没有启用 PIM(没有启用 PIM 的原因是:6806 与 4909 正常配置 PIM 时,4909上时常无法建立多播路由),S2126G- s5 上启用的是 IGMP SNOOPING。
虽然 4909 上没有启用组播配置,但它可以把多播流以广播方式转发。
在下面红色字标记中,从 68-49-21 上都有创建一个 vlan 28 ,在 6806 上通过 PIM 把多播流正常转发到 4909 上。
4909 发现是多播地址,它会把组播流转发给每个 TRUNK 端口,并且 tag vlan id 都标记为 28。
这样 2126G 交换机增加一个vlan 28,把 vlan 28 设置为Multicast VLAN 就可以了。
以这种方式实现方式,在 4909 上没有用户,只做一个汇聚。
如果有用户尽量设置在 vlan 28内。
6806 配置 S6806#sh ru Building configuration... Currentc@ ! ip access-list extended 101 deny tcp any any eq 135 deny tcp any any eq 136 deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 deny tcp any any eq 389 deny tcp any any eq 445 deny tcp any any eq 4444 deny tcp any any eq 5554 deny tcp any any eq 9995 deny tcp any any eq 9996 deny udp any any eq tftp deny udp any---------------------------------------------------------------最新资料推荐------------------------------------------------------any eq 135 deny udp any any eq 136 deny udp any any eq netbios-ns deny udp any any eq netbios-dgm deny udp any any eq netbios-ss deny udp any any eq 1900 deny udp any any eq 445 deny udp any any eq 1433 deny udp any any eq 593 deny udp any any eq 1434 deny udp any any eq 4444 deny udp any any eq 5554 deny udp any any eq 9995 deny udp any any eq 9996 deny igmp any any permit ip any any ! ip access-list extended acl6806 permit ip any 10.0.200.0 0.0.0.255 permit ip 10.0.3.0 0.0.0.255 any permit ip 10.0.4.0 0.0.0.255 any permit ip 10.0.5.0 0.0.0.255 any permit ip 10.0.6.0 0.0.0.255 any permit ip 10.0.7.0 0.0.0.255 any permit ip 10.0.8.0 0.0.0.255 any permit ip 10.0.9.0 0.0.0.255 any permit ip 10.0.0.192 0.0.255.63 any permit ip host 172.16.1.254 any permit ip 192.168.100.0 0.0.0.255 any permit ip any 192.168.100.0 0.0.0.255 permit ip 10.0.0.253 0.0.255.0 any permit ip any 10.0.0.253 0.0.255.0 permit ip any 10.0.3.0 0.0.0.255 deny ip any 10.0.10.0 0.0.0.255 deny ip any 10.0.11.0 0.0.0.255 deny ip any 10.0.12.0 0.0.0.255 deny ip any 10.0.13.0 0.0.0.255 deny ip any 10.0.14.0 0.0.0.255 deny ip any3/ 1610.0.15.0 0.0.0.255 deny ip any 10.0.16.0 0.0.0.255 deny ip any 10.0.17.0 0.0.0.255 deny ip any 10.0.18.00.0.0.255 deny ip any 10.0.19.0 0.0.0.255 deny tcp anyany eq 135 deny tcp any any eq 445 deny ip any any ! ipaccess-list standard igmp-group permit host 226.8.9.10 permit host 224.5.5.6 deny any ! ip access-list extended rule permit ip any 10.0.200.0 0.0.0.255 permit ip 10.0.3.00.0.0.255 any permit ip 10.0.4.0 0.0.0.255 any permit ip 10.0.5.0 0.0.0.255 any permit ip 10.0.6.00.0.0.255 any permit ip 10.0.7.0 0.0.0.255 any permit ip 10.0.8.0 0.0.0.255 any permit ip 10.0.9.00.0.0.255 any permit ip 10.0.0.192 0.0.255.63 any permit ip host 172.16.1.254 any permit ip 192.168.100.00.0.0.255 any permit ip any 192.168.100.0 0.0.0.255 permit ip 10.0.2.0 0.0.0.255 any permit ip 192.168.1.00.0.0.255 any permit ip any 10.0.0.253 0.0.255.0 permit ip any 10.0.3.0 0.0.0.255 deny ip any any ! interface GigabitEthernet 3/1 medium-type fiber switchportaccess vlan 28 ip access-group rule in ! interface GigabitEthernet 3/2 switchport access vlan 28 ! interface GigabitEthernet 3/3 switchport access vlan 28 ! interface GigabitEthernet 3/5 medium-type fiber switchport---------------------------------------------------------------最新资料推荐------------------------------------------------------ mode trunk ip access-group acl6806 in ! interface GigabitEthernet 3/6 medium-type fiber switchport mode trunk ip access-group acl6806 in ! interface GigabitEthernet 3/7 medium-type fiber switchport mode trunk ip access-group acl6806 in ! interface GigabitEthernet 3/8 medium-type fiber switchport mode trunk ip access-group acl6806 in ! interface GigabitEthernet 3/9 switchport access vlan 100 ! interface GigabitEthernet 3/10 switchport access vlan 100 ! interface GigabitEthernet 3/11 switchport access vlan 100 ! interface GigabitEthernet 3/12 no switchport ip address 192.168.3.1 255.255.255.252 ! interface FastEthernet 4/1 switchport access vlan 200 ! interface FastEthernet 4/2 switchport access vlan 200 ! interface FastEthernet 4/3 switchport access vlan 200 ! interface FastEthernet 4/4 switchport access vlan 200 ! interface FastEthernet 4/5 switchport access vlan 200 ! interface FastEthernet 4/6 switchport access vlan 200 ! interface FastEthernet 4/7 switchport access vlan 200 ! interface FastEthernet 4/8 switchport access vlan 200 ! interface FastEthernet 4/9 switchport access vlan 200 ! interface FastEthernet 4/10 switchport access vlan 200 ! interface FastEthernet5/ 164/24 switchport access vlan 200 ! interface GigabitEthernet 4/25 switchport access vlan 200 ! interface GigabitEthernet 4/27 switchport access vlan 100 ! interface GigabitEthernet 4/28 switchport access vlan 60 ! interface GigabitEthernet 4/29 switchport mode trunk ip access-group acl6806 in ! interface GigabitEthernet 4/30 switchport mode trunk ip access-group acl6806 in ! interface GigabitEthernet 4/31 switchport mode trunk ip access-group acl6806 in ! interface GigabitEthernet 4/32 switchport mode trunk ip access-group acl6806 in ! interface Vlan 1 ip address 10.0.0.100 255.255.255.0 ip pim ! interface Vlan 5 ip address 10.0.5.254 255.255.255.0 ip pim ! interface Vlan 6 ip address 10.0.6.254 255.255.255.0 ip pim ! interface Vlan 7 ip address 10.0.7.254 255.255.255.0 ip pim ! interface Vlan 8 ip address 10.0.8.254 255.255.255.0 ip pim ! interface Vlan 9 ip address 10.0.9.254 255.255.255.0 ip pim ! interface Vlan 10 ip address 10.0.10.254 255.255.255.0 ip pim ! interface Vlan 11 ip address 10.0.11.254 255.255.255.0 ip pim ! interface Vlan 12 ip address 10.0.12.254 255.255.255.0 ip pim ! interface Vlan 13 ip address 10.0.13.254 255.255.255.0 ip pim ! interface Vlan 14 ip address 10.0.14.254 255.255.255.0 ip pim ! interface Vlan 15---------------------------------------------------------------最新资料推荐------------------------------------------------------ip address 10.0.15.254 255.255.255.0 ip pim ! interface Vlan16 ip address 10.0.16.254 255.255.255.0 ip pim ! interfaceVlan 17 ip address 10.0.17.254 255.255.255.0 ip pim ! interface Vlan 18 ip address 10.0.18.254 255.255.255.0 ippim ! interface Vlan 19 ip address 10.0.19.254 255.255.255.0ip pim ! interface Vlan 28 ip address 10.0.28.160255.255.255.0 ip pim ! interface Vlan 40 ip address10.0.4.254 255.255.255.0 ip pim ! interface Vlan 60 ip address 10.0.3.254 255.255.255.0 ip pim ! interface Vlan 100ip address 10.0.200.254 255.255.255.0 ip pim ! interface Vlan200 ip address 192.168.100.254 255.255.255.0 ip pim ! interface Vlan 888 ip address 172.16.1.254 255.255.255.0 ippim ! ip route 0.0.0.0 0.0.0.0 GigabitEthernet 3/12 192.168.3.21 enabled ip route 10.0.0.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.2.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.20.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.21.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.22.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.23.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.24.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.25.0 255.255.255.0 Vlan 28 10.0.28.2547/ 161 enabled ip route 10.0.26.0 255.255.255.0 Vlan 28 10.0.28.254 1 enabled ip route 10.0.27.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 10.0.28.0 255.255.255.0 Vlan 28 10.0.28.2541 enabled ip route 172.16.1.0 255.255.255.0 Vlan 888 172.16.1.253 1 enabled ip route 218.62.34.0 255.255.255.0 GigabitEthernet 3/12 192.168.3.2 1 enabled ip multicast-routing ip multicast vlan 100 interface Gi3/1 ip multicast vlan 7 interface Gi3/5 ip multicast vlan 17 interface Gi3/7 ip multicast vlan 9 interface Gi3/8 ip multicast vlan 18 interface Gi4/29 ip multicast vlan 8 interface Gi4/30 ip multicast vlan 10 interface Gi4/31 snmp-server community public ro end F5S1 配置:F5S1#sh ru Building configuration... Current configuration : 3498 bytes ! version 1.0 ! hostname F5S1 vlan 1 ! vlan 5 ! vlan 15 ! vlan 17 ! vlan 40 ! vlan 50 ! vlan 100 ! vlan 200 ! vlan 888 ! ip access-list extended acl5 deny tcp any any eq 69 deny tcp any any eq 135 deny tcp any any eq 136 deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 deny udp any any eq 135 deny udp any any eq 136 deny udp any any eq netbios-ss deny udp any any eq netbios-dgm deny tcp any any eq 445 deny udp any any eq 445 deny tcp any any eq 593 deny udp any any---------------------------------------------------------------最新资料推荐------------------------------------------------------eq 593 deny udp any any eq 1334 deny tcp any any eq 4444 permit ip any any ! radius-server host 10.0.200.1 aaa authentication dot1x aaa accounting server 10.0.200.1 aaa accounting enable secret level 1 5*U3\W-/32_sv’~1562T7+.t0Y[V/,|7 enable secret level 15 5+U38U0D32_tj9=G5627R:H0Yuu_;C, ! ip igmp profile 1 deny ! interface fastEthernet 0/1 switchport protected switchport access vlan 17 dot1x port-control auto ip access-group acl5 in ! interface fastEthernet 0/2 switchport protected switchport access vlan 17 dot1x port-control auto ip access-group acl5 in ! interface fastEthernet 0/3 switchport protected switchport access vlan 17 dot1x port-control auto ip access-group acl5 in ! interface fastEthernet 0/4 switchport protected switchport access vlan 17 dot1x port-control auto ip access-group acl5 in ! interface fastEthernet 0/5 switchport protected switchport access vlan 15 dot1x port-control auto ip access-group acl5 in ! interface fastEthernet 0/6 switchport protected switchport access vlan 40 ip access-group acl5 in ! interface fastEthernet 0/7 switchport protected switchport access vlan 40 ip access-group acl59/ 16in ! interface fastEthernet 0/8 switchport protected switchport access vlan 40 ip access-group acl5 in ! interface fastEthernet 0/9 switchport protected switchport access vlan 40 ip access-group acl5 in ! interface fastEthernet 0/10 switchport protected switchport access vlan 40 ip access-group acl5 in ! interface fastEthernet 0/11 switchport protected switchport access vlan 5 ip access-group acl5in ! interface fastEthernet 0/12 switchport protected switchport access vlan 5 ip access-group acl5 in ! interface fastEthernet 0/13 switchport protected switchport access vlan 5 ip access-group acl5 in ! interface fastEthernet 0/14 switchport protected switchport access vlan 5 ip access-group acl5 in ! interface fastEthernet 0/15 switchport protected switchport access vlan 5 ip access-group acl5 in ! interface fastEthernet 0/22 switchport access vlan 888 ! interface fastEthernet 0/23 switchport access vlan 17 ! interface fastEthernet 0/24 switchport access vlan 15 ! interface gigabitEthernet 1/1 switchport mode trunk ! interface vlan 1 ! interface vlan 888 no shutdown ip address 172.16.1.5 255.255.255.0 ! ip igmp snooping svgl vlan 17 ip igmp snooping svgl profile 1 ip igmp snooping svgl ip igmp snooping vlan 15 mrouter interface gigabitEthernet 1/1---------------------------------------------------------------最新资料推荐------------------------------------------------------ip igmp snooping vlan 17 mrouter interface gigabitEthernet 1/1ip igmp snooping vlan 888 mrouter interface gigabitEthernet 1/1 radius-server key star ip default-gateway 172.16.1.254 snmp-server community star rw end 4909 配置:sw4909#sh ru Building configuration... Current configuration : 4026 bytes ! version 1.0 ! hostname sw4909 enable secret level 1 5 *U3.Y*T732_tZ[V/562S(\W0Y1X)sv’ enable secret level 1ny any eq 445 deny tcp any any eq 4444 deny tcp any any eq 5554 deny tcp any any eq 9995 deny tcp any any eq 9996 deny udp any any eq tftp deny udp any any eq 135 deny udp any any eq 136 deny udp any any eq netbios-ns deny udp any any eq netbios-dgm deny udp any any eq netbios-ss deny udp any any eq 1900 deny udp any any eq 445 deny udp any any eq 1433 deny udp any any eq 593 deny udp any any eq 1434 deny udp any any eq 4444 deny udp any any eq 5554 deny udp any any eq 9995 deny udp any any eq 9996 permit ip 10.0.0.253 0.0.255.0 any permit ip any 10.0.0.253 0.0.255.0 permit ip 192.168.100.0 0.0.0.255 any permit ip any 10.0.3.0 0.0.0.255 deny ip any 10.0.20.0 0.0.0.255 deny ip any 10.0.21.0 0.0.0.255 deny ip any 10.0.22.0 0.0.0.25511/ 16deny ip any 10.0.23.0 0.0.0.255 deny ip any 10.0.24.0 0.0.0.255 deny ip any 10.0.25.0 0.0.0.255 deny ip any 10.0.26.0 0.0.0.255 deny ip any 10.0.27.0 0.0.0.255 permit ip any any ! interface GigabitEthernet 1/1 description to s8 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet 1/2 description to s6 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet 2/1 description to s4 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet2/2 description to s7 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet 3/1 description to s9 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet 3/2 description to s5 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet 4/1 description to s2 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet4/2 description to s3 switchport mode trunk ip access-group acl4909 in ! interface GigabitEthernet 5/1 switchport access vlan 28 ip access-group devir in ! interface GigabitEthernet 5/2 description to s10 switchport mode trunk ip access-group acl4909 in ! interface Vlan 1 ! interface Vlan 2 ip address 10.0.2.254 255.255.255.0 !---------------------------------------------------------------最新资料推荐------------------------------------------------------ interface Vlan 20 ip address 10.0.20.254 255.255.255.0 ! interface Vlan 21 ip address 10.0.21.254 255.255.255.0 ! interface Vlan 22 ip address 10.0.22.254 255.255.255.0 ! interface Vlan 23 ip address 10.0.23.254 255.255.255.0 ! interface Vlan 24 ip address 10.0.24.254 255.255.255.0 ! interface Vlan 25 ip address 10.0.25.254 255.255.255.0 ! interface Vlan 26 ip address 10.0.26.254 255.255.255.0 ! interface Vlan 27 ip address 10.0.27.254 255.255.255.0 ! interface Vlan 28 ip address 10.0.28.254 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 Vlan 28 10.0.28.160 1 enabled end s5#sh ru Building configuration... Current configuration : 4310 bytes ! version 1.0 ! hostname s5 vlan 1 ! vlan 22 ! vlan 23 ! vlan 28 ! ip access-list extended 101 deny tcp any any eq 135 deny tcp any any eq 136 deny tcp any any eq 137 deny tcp any any eq 138 deny tcp any any eq 139 deny tcp any any eq 389 deny tcp any any eq 445 deny tcp any any eq 4444 deny tcp any any eq 5554 deny tcp any any eq 9995 deny tcp any any eq 9996 deny udp any any eq tftp deny udp any any eq 135 deny udp any any eq 136 deny udp any any eq netbios-ns deny udp any any eq netbios-dgm deny udp any any eq netbios-ss deny udp any any eq 1900 deny13/ 16udp any any eq 445 deny udp any any eq 1433 deny udp any any eq 593 deny udp any any eq 1434 deny udp any any eq 4444 deny udp any any eq 5554 deny udp any any eq 9995 deny udp any any eq 9996 permit ip any any ! radius-server host 10.0.200.1 aaa authentication dot1x aaa accounting server 10.0.200.1 aaa accounting enable secret level 1 5 *U3mLMp]32_nAxB2owNq0Y`@IOrJ enable secret level 15 5 ,U3uein’32_bfjo+562cgkE,0Y3dhl- ! ip igmp profile 1 deny ! interface fastEthernet 0/1 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/2 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/3 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/4 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/5 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/6 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/7 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface---------------------------------------------------------------最新资料推荐------------------------------------------------------ fastEthernet 0/8 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/9 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/10 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/11 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/12 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/13 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/14 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/15 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/16 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/17 switchport access vlan 23 dot1xport-control auto ip access-group 101 in ! interface fastEthernet 0/18 switchport access vlan 23 dot1x15/ 16port-control auto ip access-group 101 in ! interface fastEthernet 0/19 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/20 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/21 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/22 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/23 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface fastEthernet 0/24 switchport access vlan 23 dot1x port-control auto ip access-group 101 in ! interface gigabitEthernet 1/1 switchport mode trunk ! interface vlan 28 no shutdown ip address 10.0.28.165 255.255.255.0 ! ip igmp snooping svgl vlan 28 ip igmp snooping svgl profile 1 ip igmp snooping svgl ip igmp snooping vlan 23 mrouter interface gigabitEthernet 1/1 ip igmp snooping vlan 28 mrouter interface gigabitEthernet 1/1 radius-server key star ip default-gateway 10.0.28.254 snmp-server community star ro end。