目标:通过路由器进行多个VLAN互联
环境:1. 交换机为二层交换机,支持VLAN划分;2. 路由器只有1个Ethernet接口
实施:采用单臂路由,即在路由器上设置多个逻辑子接口,每个子接口对应于一个VLAN。由于物理路由接口只有一个,各子接口的数据在物理链路上传递要进行标记封装。Cisco设备支持ISL和802.1q协议。华为设备只支持802.1q。
单臂路由的配置实例
2600 IOS需求:IP Plus (c2600-ik8s-mz-122.15.T.bin)
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c2600
!
no logging console
enable password mysecret
!
!
!
!
!
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation isl 1
ip address 10.10.10.1 255.255.255.0
no ip redirects
!
!-- If 802.1Q is configured,
!-- you will instead see the following output
!-- under interface FastEthernet0/0.1:
!-- interface FastEthernet0/0.1
!-- encapsulation dot1Q 1 native
!-- ip address 10.10.10.1 255.255.255.0
!
!
interface FastEthernet0/0.2
encapsulation isl 2
ip address 10.10.11.1 255.255.255.0
no ip redirects
!
!-- If 802.1Q is configured,
!-- you will instead see the following output
!-- under interface FastEthernet0/0.2:
!-- interface FastEthernet0/0.2
!-- encapsulation dot1Q 2
!-- ip address 10.10.11.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
no ip http server
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password mysecret
login
!
no scheduler allocate
end
华为路由器单臂路由
需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台 支持802.1Q的路由器实现VLAN的互通.这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q.
组网:路由器E0端口与交换机的上行trunk端口(第24端口)相连,交换机下行口划分3个VLAN,带若干主机.
1.路由器的配置
[Router]
[Router]inter e0
[Router-Ethernet0]ip add 10.0.0.1 255.255.255.0
[Router-Ethernet0]inter e0.1 //定义子接口E0.1
[Router-Ethernet0.1]ip add 172.16.1.1 255.255.255.0
[Router-Ethernet0.1]vlan-type dot1q vid 1 //指定以太网子接口属于VLAN1,此命令应用在以太网子接口上。只有配置了该命令之后,以太网子接口才会根据配置的VLAN ID 号在以太网帧头中嵌入VLAN 标签,与该网口相连的交换机接口才能正确处理接收到的帧。
[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2
[Router-Ethernet0.2]ip add 172.16.2.1 255.255.255.0
[Router-Ethernet0.2]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2
[Router-Ethernet0.2]inter e0.3 //定义子接口E0.3
[Router-Ethernet0.3]ip add 172.16.3.1 255.255.255.0
[Router-Ethernet0.3]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3
[Router-Ethernet0.3]inter e0
[Router-Ethernet0]undo shut
% Interface Ethernet0 is up
[Router-Ethernet0] //用网线将E0端口连到S3026第24端口
%19:46:32: Interface Ethernet0 changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.1, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.2, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.3, changed state to UP
2.交换机的配置
<Quidway>
<Quidway>sys
Enter system view , return user view with Ctrl+Z.
[Quidway]vlan 1
[Quidway-vlan1]vlan 2
[Quidway-vlan2]port ethernet 0/17 to eth 0/19 eth 0/22 //将第17至19端口,和第22端口加入VLAN2
[Quidway-vlan2]vlan 3
[Quidway-vlan3]port eth 0/21 //将第21端口加入VLAN2
[Quidway-vlan3]inter e0/24
[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口
[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过
Please wait........................................... Done.
[Quidway-Ethernet0/24]dis port trunk //检验TRUNK口配置
Now, the following trunking ports exist:
Ethernet0/24
[Quidway-Ethernet0/24]dis vlan 2//检验VLAN2的配置
VLAN ID: 2
VLAN Type: static
Route Interface: not configured
Description: VLAN 0002
Tagged Ports:
Ethernet0/24
Untagged Ports:
Ethernet0/17 Ethernet0/18 Ethernet0/19 Ethernet0/22
[Quidway-Ethernet0/24]dis vlan 3//检验VLAN3的配置
VLAN ID: 3
VLAN Type: static
Route Interface: not configured
Description: VLAN 0003
Tagged Ports:
Ethernet0/24
Untagged Ports:
Ethernet0/21
3.在工作站上检查网络是否连通。此工作站连接S3026第21端口,属于VLAN2。
C:Documents and SettingsAdministrator>ipconfig
windows 2000 IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.2.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.2.1
C:Documents and SettingsAdministrator>ping 172.16.3.1
Pinging 172.16.3.1 with 32 bytes of data:
Reply from 172.16.3.1: bytes=32 time<10ms TTL=255
Reply from 172.16.3.1: bytes=32 time<10ms TTL=255
Reply from 172.16.3.1: bytes=32 time<10ms TTL=255
Reply from 172.16.3.1: bytes=32 time<10ms TTL=255
Ping statistics for 172.16.3.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
4.在路由器上查看路由表。可以发现,由于172.16各网段都是直连路由,故不需启用路由协议或静态路由即能实现VLAN之间的通讯。
[Router]display ip routing-table
Routing Tables:
Destination/Mask Proto Pref Metric Nexthop Interface
10.0.0.0/24 Direct 0 0 10.0.0.1 Ethernet0
10.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.1.0/24 Direct 0 0 172.16.1.1 Ethernet0.1
172.16.1.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.2.0/24 Direct 0 0 172.16.2.1 Ethernet0.2
172.16.2.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.3.0/24 Direct 0 0 172.16.3.1 Ethernet0.3
172.16.3.1/32 Direct 0 0 127.0.0.1 LoopBack0