多个VLAN互联

目标：通过路由器进行多个VLAN互联

环境：1. 交换机为二层交换机，支持VLAN划分；2. 路由器只有1个Ethernet接口

实施：采用单臂路由，即在路由器上设置多个逻辑子接口，每个子接口对应于一个VLAN。由于物理路由接口只有一个，各子接口的数据在物理链路上传递要进行标记封装。Cisco设备支持ISL和802.1q协议。华为设备只支持802.1q。

单臂路由的配置实例

华为路由器单臂路由

需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台 支持802.1Q的路由器实现VLAN的互通.这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q.

组网:路由器E0端口与交换机的上行trunk端口(第24端口)相连,交换机下行口划分3个VLAN,带若干主机.

1.路由器的配置

[Router]

[Router]inter e0

[Router-Ethernet0]ip add 10.0.0.1 255.255.255.0

[Router-Ethernet0]inter e0.1 //定义子接口E0.1

[Router-Ethernet0.1]ip add 172.16.1.1 255.255.255.0

[Router-Ethernet0.1]vlan-type dot1q vid 1 //指定以太网子接口属于VLAN1,此命令应用在以太网子接口上。只有配置了该命令之后，以太网子接口才会根据配置的VLAN ID 号在以太网帧头中嵌入VLAN 标签，与该网口相连的交换机接口才能正确处理接收到的帧。

[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2

[Router-Ethernet0.2]ip add 172.16.2.1 255.255.255.0

[Router-Ethernet0.2]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2

[Router-Ethernet0.2]inter e0.3 //定义子接口E0.3

[Router-Ethernet0.3]ip add 172.16.3.1 255.255.255.0

[Router-Ethernet0.3]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3

[Router-Ethernet0.3]inter e0

[Router-Ethernet0]undo shut

% Interface Ethernet0 is up

[Router-Ethernet0] //用网线将E0端口连到S3026第24端口

%19:46:32: Interface Ethernet0 changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.1, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.2, changed state to UP

%19:46:32: Line protocol ip on interface Ethernet0.3, changed state to UP

2.交换机的配置

sys

Enter system view , return user view with Ctrl+Z.

[Quidway]vlan 1

[Quidway-vlan1]vlan 2

[Quidway-vlan2]port ethernet 0/17 to eth 0/19 eth 0/22 //将第17至19端口，和第22端口加入VLAN2

[Quidway-vlan2]vlan 3

[Quidway-vlan3]port eth 0/21 //将第21端口加入VLAN2

[Quidway-vlan3]inter e0/24

[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口

[Quidway-Ethernet0/24]port trunk permit vlan all //允许所有VLAN流量通过

Please wait........................................... Done.

[Quidway-Ethernet0/24]dis port trunk //检验TRUNK口配置

Now, the following trunking ports exist:

Ethernet0/24

[Quidway-Ethernet0/24]dis vlan 2 //检验VLAN2的配置

VLAN ID: 2

VLAN Type: static

Route Interface: not configured

Description: VLAN 0002

Tagged Ports:

Ethernet0/24

Untagged Ports:

Ethernet0/17 Ethernet0/18 Ethernet0/19 Ethernet0/22

[Quidway-Ethernet0/24]dis vlan 3 //检验VLAN3的配置

VLAN ID: 3

VLAN Type: static

Route Interface: not configured

Description: VLAN 0003

Tagged Ports:

Ethernet0/24

Untagged Ports:

Ethernet0/21

3.在工作站上检查网络是否连通。此工作站连接S3026第21端口，属于VLAN2。

C:\Documents and Settings\Administrator>ipconfig

windows 2000 IP Configuration

Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.2.22

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.2.1

C:\Documents and Settings\Administrator>ping 172.16.3.1

Pinging 172.16.3.1 with 32 bytes of data:

Reply from 172.16.3.1: bytes=32 time<10ms TTL=255

Reply from 172.16.3.1: bytes=32 time<10ms TTL=255

Reply from 172.16.3.1: bytes=32 time<10ms TTL=255

Reply from 172.16.3.1: bytes=32 time<10ms TTL=255

Ping statistics for 172.16.3.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

4.在路由器上查看路由表。可以发现，由于172.16各网段都是直连路由，故不需启用路由协议或静态路由即能实现VLAN之间的通讯。

[Router]display ip routing-table

Routing Tables:

Destination/Mask Proto Pref Metric Nexthop Interface

10.0.0.0/24 Direct 0 0 10.0.0.1 Ethernet0

10.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.1.0/24 Direct 0 0 172.16.1.1 Ethernet0.1

172.16.1.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.2.0/24 Direct 0 0 172.16.2.1 Ethernet0.2

172.16.2.1/32 Direct 0 0 127.0.0.1 LoopBack0

172.16.3.0/24 Direct 0 0 172.16.3.1 Ethernet0.3

172.16.3.1/32 Direct 0 0 127.0.0.1 LoopBack0

cisco 设备的配置

2600 IOS需求：IP Plus (c2600-ik8s-mz-122.15.T.bin)

Current configuration:

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname c2600

!

no logging console

enable password mysecret

!

!

!

!

!

ip subnet-zero

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

encapsulation isl 1

ip address 10.10.10.1 255.255.255.0

no ip redirects

!

!-- If 802.1Q is configured,

!-- you will instead see the following output

!-- under interface FastEthernet0/0.1:

!-- interface FastEthernet0/0.1

!-- encapsulation dot1Q 1 native

!-- ip address 10.10.10.1 255.255.255.0

!

!

interface FastEthernet0/0.2

encapsulation isl 2

ip address 10.10.11.1 255.255.255.0

no ip redirects

!

!-- If 802.1Q is configured,

!-- you will instead see the following output

!-- under interface FastEthernet0/0.2:

!-- interface FastEthernet0/0.2

!-- encapsulation dot1Q 2

!-- ip address 10.10.11.1 255.255.255.0

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip classless

no ip http server

!

!

!

line con 0

transport input none

line aux 0

line vty 0 4

password mysecret

login

!

no scheduler allocate

end