作者:邓聪聪
单臂路由
单臂路由(router-on-a-stick)是指在路由器的一个接口上通过配置子接口(或“逻辑接口”,并不存在真正物理接口)的方式,实现原来相互隔离的不同VLAN(虚拟局域网)之间的互联互通。
单臂路由的子接口编辑
路由器的物理接口可以被划分为成多个逻辑接口,这些被划分后的逻辑接口被形象的称为子接口。值得注意的是这些逻辑子接口不能被单独的开启或关闭,也就是说,当物理接口被开启或关闭时,所有的该接口的子接口也随之被开启或关闭。
优缺点
VLAN能有效分割局域网,实现各网络区域之间的访问控制。但现实中,往往需要配置某些VLAN之间的互联互通。比如,你的公司划分为领导层、销售部、财务部、人力部、科技部、审计部,并为不同部门配置了不同的VLAN,部门之间不能相互访问,有效保证了各部门的信息安全。但经常出现领导层需要跨越VLAN访问其他各个部门,这个功能就由单臂路由来实现。
优点:实现不同vlan之间的通信,有助理解、学习VLAN原理和子接口概念。
缺点:容易成为网络单点故障,配置稍有复杂,现实意义不大。
配置实例
核心出口路由器配置信息;
<Huawei>dis cu
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus ::
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold restore
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//0.1
dot1q termination vid
ip address 10.1.1.1 255.255.255.252
arp broadcast enable
#
interface GigabitEthernet0//0.3
dot1q termination vid
ip address 20.1.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface NULL0
#
user-interface con
authentication-mode password
user-interface vty
user-interface vty
#
wlan ac
#
return
<Huawei>
sw1的配置;
<Huawei>dis cu
#
sysname Huawei
#
vlan batch
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0//
#
interface GigabitEthernet0//
port link-type trunk
port trunk allow-pass vlan
#
interface GigabitEthernet0//
port link-type access
port default vlan
#
interface GigabitEthernet0//
port link-type access
port default vlan
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface GigabitEthernet0//
#
interface NULL0
#
user-interface con
user-interface vty
#
return
<Huawei>
PC端配置;
PC>ipconfig Link local IPv6 address...........: fe80:::98ff:fef4:292c
IPv6 address......................: :: /
IPv6 gateway......................: ::
IPv4 address......................: 10.1.1.2
Subnet mask.......................: 255.255.255.252
Gateway...........................: 10.1.1.1
Physical address..................: ---F4--2C
DNS server........................: PC>ping 10.1.1.2 Ping 10.1.1.2: data bytes, Press Ctrl_C to break
From 10.1.1.2: bytes= seq= ttl= time< ms --- 10.1.1.2 ping statistics ---
packet(s) transmitted
packet(s) received
0.00% packet loss
round-trip min/avg/max = // ms PC>