再次提及,vlan是虚拟局域网,用于分隔广播域,解决广播风暴。但是vlan之间无法直接通信。所有我们要用三层交换、单臂路由来实现vlan之间的通信。
单臂路由
实现不同VLAN通信
链路类型
-
交换机连接主机的端口为access链路
-
交换机连接路由器的端口为Trunk链路
子接口
-
路由器的物理接口可以被划分成多个逻辑接口
-
每个子接口对应一个VLAN网段的网关
路由器重新封装MAC地址、转换VLAN标签。
#交换机配置(不同网段通信需要配置网关)
<Huawei>undo t m
<Huawei>sys
[Huawei]vlan batch 10 20
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 20
[Huawei-GigabitEthernet0/0/3]undo sh
[Huawei-GigabitEthernet0/0/3]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]undo sh
#路由器配置
<Huawei>sys
[Huawei]u t m
[Huawei]int g0/0/0.10
#0-4095划分范围
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10
#“dot1q”里的1是数字1
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable
#arp协议默认关闭,一定要开启
[Huawei-GigabitEthernet0/0/0.10]undo sh
[Huawei-GigabitEthernet0/0/0.10]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.20.1 24
[Huawei-GigabitEthernet0/0/0.20]undo sh
[Huawei-GigabitEthernet0/0/0.20]arp broadcast enable
[Huawei-GigabitEthernet0/0/0.20]q
[Huawei]q
<Huawei>display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 up down 0% 0% 0 0
GigabitEthernet0/0/0.10 up up 0% 0% 0 0
GigabitEthernet0/0/0.20 up up 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
#LSW1里
<Huawei>
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]undo sh
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 10
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 20
[Huawei-GigabitEthernet0/0/3]int g0/0/4
[Huawei-GigabitEthernet0/0/3]undo sh
[Huawei-GigabitEthernet0/0/4]p l a
[Huawei-GigabitEthernet0/0/4]p d v 20
[Huawei-GigabitEthernet0/0/4]undo sh
[Huawei-GigabitEthernet0/0/4]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type trunk
[Huawei-GigabitEthernet0/0/5]port trunk allow-pass vlan 10 20
[Huawei-GigabitEthernet0/0/5]undo sh
#LSW2里
<Huawei>u t m
<Huawei>sys
[Huawei]vlan batch 10 20
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]undo sh
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 20
[Huawei-GigabitEthernet0/0/2]int g0/0/5
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/5]p l t
[Huawei-GigabitEthernet0/0/5]p t a v 10 20
[Huawei-GigabitEthernet0/0/5]undo sh
#AR1里
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0.10
[Huawei-GigabitEthernet0/0/0.10]dot1q ter
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vi
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.1.254 24
#分别配置网关与不同网络段的主机网关对应
[Huawei-GigabitEthernet0/0/0.10]arp br
[Huawei-GigabitEthernet0/0/0.10]arp broadcast ena
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable
[Huawei-GigabitEthernet0/0/0.10]undo sh
[Huawei-GigabitEthernet0/0/0.10]undo shutdown
Info: Interface GigabitEthernet0/0/0.10 is not shutdown.
[Huawei-GigabitEthernet0/0/0.10]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.2.254 24
[Huawei-GigabitEthernet0/0/0.20]undo shutdown
Info: Interface GigabitEthernet0/0/0.20 is not shutdown.
[Huawei-GigabitEthernet0/0/0.20]arp broadcast enable
不同网段之间终端可联通则成功
三层交换
三层交换可以实现VLAN间通信(vlanif=vlaninterface)
实验一
<Huawei>u t m
<Huawei>sys
[Huawei]vlan b 10 20 30
##创建10 20 30 三条vlan
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 10
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/1]undo sh
##undo shoutdown 作用在真实交换机上
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 20
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/2]undo sh
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 30
[Huawei-Ethernet0/0/3]undo sh
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]p l t
[Huawei-Ethernet0/0/4]p t a v a
[Huawei-Ethernet0/0/4]dis th
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
return
#在三层交换机上配置
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
[SW2-GigabitEthernet0/0/1]q
[SW2]vlan batch 10 20 30
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.1.254 24
[SW2-Vlanif10]int vlanif 20
[SW2-Vlanif20]ip address 192.168.2.254 24
[SW2-Vlanif20]int vlanif 30
[SW2-Vlanif30]ip address 192.168.3.254 24
[SW2-Vlanif30]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.1.254/24 up up
Vlanif20 192.168.2.254/24 up up
Vlanif30 192.168.3.254/24 up up
测试PC3pingPC1,连通,成功。
倘若三层路由器上连接另一台路由器与主机呢
实验二
####LSW1中设置不同端口下的模式
[SW1]vlan batch 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]p l a
[SW1-Ethernet0/0/1]p d v 10
##prot default vlan 10
[SW1-Ethernet0/0/1]undo sh
[SW1-Ethernet0/0/1]int e0/0/2
[SW1-Ethernet0/0/2]p l a
[SW1-Ethernet0/0/2]p d v 20
[SW1-Ethernet0/0/2]undo sh
[SW1-Ethernet0/0/2]int e0/0/3
[SW1-Ethernet0/0/3]p l a
[SW1-Ethernet0/0/3]p d v 30
[SW1-Ethernet0/0/3]undo sh
[SW1-Ethernet0/0/3]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l t
[SW1-GigabitEthernet0/0/1]p t a v a
##prot trunk allow-pass vlan all
####LSW2中设置不同端口
<Huawei>u t m
<Huawei>sys
[Huawei]sys SW2
[SW2]vlan batch 10 20 30 100
##创建vlan分别接纳四段网络
[SW2]
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]p l a
[SW2-GigabitEthernet0/0/2]p d v 100
[SW2-GigabitEthernet0/0/2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
##之后针对不同子接口添加地址
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.1.254 24
[SW2-Vlanif10]int vlanif 20
[SW2-Vlanif20]ip address 192.168.2.254 24
[SW2-Vlanif20]int vlanif 30
[SW2-Vlanif30]ip address 192.168.3.254 24
[SW2-Vlanif30]int vlanif 100
[SW2-Vlanif100]ip address 192.168.4.1 24
[SW2-Vlanif100]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.1.254/24 up up
Vlanif20 192.168.2.254/24 up up
Vlanif30 192.168.3.254/24 up up
Vlanif100 192.168.4.1/24 up up
[SW2-Vlanif100]ip route-static 192.168.5.0 24 192.168.4.2