拓扑
配置
AR1
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
LSW2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
LSW3
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10 20 30
#
LSW1(聚合VLAN配置)
#
vlan batch 10 20 100
#
vlan 100
aggregate-vlan
access-vlan 10 20
#
interface Vlanif1
ip address 12.1.1.2 255.255.255.0
#
interface Vlanif100
ip address 192.168.1.254 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30
通信过程抓包理解
PC1 通信 PC3
PC>ping 192.168.1.2
Ping 192.168.1.2: 32 data bytes, Press Ctrl_C to break
From 192.168.1.2: bytes=32 seq=1 ttl=127 time=94 ms
From 192.168.1.2: bytes=32 seq=2 ttl=127 time=78 ms
--- 192.168.1.2 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/86/94 ms
1.PC1通过计算确定是同网段通信,发送ARP请求PC3的MAC地址(LSW1的GE0/0/2抓包),Super-VLAN接受到来自PC1的ARP请求后,从所有Sub-VLAN转发
从VLAN20发出
从VLAN30发出
从VLAN10发出
2.PC3收到标记了VLAN30的ARP请求后,记录PC1的IP地址和Super-VLAN的MAC地址绑定, 将ARP Reply回复给Super-VLAN(LSW1的GE0/0/2抓包)
3.LSW1收到PC3的ARP Reply后将ARP Reply转发给PC1,但是PC3的MAC地址修改为Super-VLAN三层接口的MAC地址(LSW1的GE0/0/1抓包)
4.PC1在封给PC3的ICMP数据时,会封装目的MAC地址为Super-VLAN的三层接口
5.LSW1在从GE0/0/2接口转发时,源MAC地址也封装成了VLANIF100的地址
6.PC3回包同理
PC1,2,3访问AR1
在AR1的GE0/0/0处抓包,都是通过同一网关来的
