ensp-vlan-利用单臂路由实现vlan之间路由(第十一天)

ensp-vlan-利用单臂路由实现vlan之间路由(第十一天)
概述
通常使用vlan技术隔离广播域来减少广播产生的影响
优点:增加网络的安全
缺点:严格的隔离了不同的vlan之间的任何二层流量,使分属于不同vlan的用户不能直接通信

现实中会出现用户需要跨vlan进行通信,单臂路由就是解决vlan间通信问题的一种方法

原理
通过一台路由器,是vlan间数据通过路由器进行三层转发
如果在路由器上为每一个vlan都分配一个物理接口,随着vlan增加,物理接口有限,需要更多的接口,所以在路由器一个接口上配置子接口(逻辑接口)方式来实现以一当多的功能,将是好的方式,,路由器同一个接口的不同的子接口作为不同vlan的默认网关,当不同vlan间的用户主机访问的时候,只需将数据包发给网关,网关处理了再发给目的主机,从而实现vlan间通信

内容
pc-1、pc-2是一个vlan、pc-3是一个vlan,最后汇聚到r1,正常来说12和3不能通信,借助路由器三层功能,通过配置单臂路由来实现


设置pc机ip,进行配置R1 子接口
分别创建GE0/0/1.1 GE0/0/1.2 GE0/0/1.3
ip地址为192.168.1.254 192.168.2.254 192.168.3.254
[R1]int g0/0/1.1
[R1-GigabitEthernet0/0/1.1]ip add 192.168.1.254 24
[R1]int g0/0/1.2
[R1-GigabitEthernet0/0/1.2]ip add 192.168.2.254 24
[R1]int g0/0/1.3
[R1-GigabitEthernet0/0/1.3]ip add 192.168.3.254 24
使用display ip interface brief查看接口ip
[R1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 1
The number of interface that is DOWN in Protocol is 6

Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned up down
GigabitEthernet0/0/1.1 192.168.1.254/24 up down
GigabitEthernet0/0/1.2 192.168.2.254/24 up down
GigabitEthernet0/0/1.3 192.168.3.254/24 up down
GigabitEthernet0/0/2 unassigned down down
NULL0
使用save进行保存配置
< R1 >save


创建vlan并配置access、trunk接口
为保证信息安全,需要保证隔离不同的部门间的二层通信,规划各部门的终端属于不同的vlan,并为pc配置相应的ip地址
[S2]vlan 10
[S2-vlan10]description HR //说明hr
[S2-vlan10]vlan 20
[S2-vlan20]description market
[S2-vlan20]int e0/0/1
[S2-Ethernet0/0/1]port link-type access
[S2-Ethernet0/0/1]port default vlan 10
[S2-Ethernet0/0/1]int e0/0/2
[S2-Ethernet0/0/2]port link-type access
[S2-Ethernet0/0/2]port default vlan 20
< S2 >save
在S3上创建vlan30,把连接pc-3的e0/0/1接口配置为access类型接口,并划到vlan30里
[S3]vlan 30
[S3-vlan30]description market
[S3-vlan30]int e0/0/1
[S3-Ethernet0/0/1]port link-type access
[S3-Ethernet0/0/1]port default vlan 30
< S3 >save
交换机或者交换机和路由器之间的接口需要传递多个vlan信息,需要配置trunk接口
将S2和S3的GE0/0/2接口配置成trunk类型,并允许所有vlan通过
[S2]int g0/0/2
[S2-GigabitEthernet0/0/2]port link-type trunk
[S2-GigabitEthernet0/0/2]port trunk allow-pass vlan all //允许所有vlan通过
[S3]int g0/0/2
[S3-GigabitEthernet0/0/2]port link-type trunk
[S3-GigabitEthernet0/0/2]port trunk allow-pass vlan all //允许所有vlan通过

在S1上创建vlan10、20、30,配置交换机和路由器相连的接口为trunk 允许所有vlan通过
[S1]vlan 10
[S1-vlan10]vlan 20
[S1-vlan20]int g0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/2]int g0/0/3
[S1-GigabitEthernet0/0/3]port link-type trunk
[S1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
[S1-GigabitEthernet0/0/3]int g0/0/1
[S1-GigabitEthernet0/0/1]port link-type trunk
[S1-GigabitEthernet0/0/1]port trunk allow-pass vlan all


测试pc-1连接2、3测试 不通
PC>ping 192.168.2.1
Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
From 192.168.1.1: Destination host unreachable
PC>ping 192.168.3.1
Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
From 192.168.1.1: Destination host unreachable


配置路由器子接口封装vlan
现在已经创建了子接口并配置了相关ip ,仍无法通信,这是因为处于不通vlan下,不通网段的pc之间要实现通信,数据包必须通过路由器中转,S1发送到R1的数据都加上vlan标签的数据包,路由作为三层设备,默认无法处理代理vlan标签的数据包,因此需要在路由器上的子接口下配置对应的vlan的封装,使路由器能够识别处理vlan标签,包括剥离和封装

在R1的1.1上封装10, 1.2封装20, 1.3封装30,并开启接口arp广播功能
使
[R1]int g0/0/1.2
[R1-GigabitEthernet0/0/1.2]dot1q termination vid 20
[R1-GigabitEthernet0/0/1.2]arp broadcast enable
[R1-GigabitEthernet0/0/1.2]int g0/0/1.3
[R1-GigabitEthernet0/0/1.3]dot1q termination vid 30
[R1-GigabitEthernet0/0/1.3]arp broadcast enable
[R1-GigabitEthernet0/0/1.3]int g0/0/1.1
[R1-GigabitEthernet0/0/1.1]dot1q termination vid 10
[R1-GigabitEthernet0/0/1.1]arp broadcast enable

查看接口状态
[R1-GigabitEthernet0/0/1.3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 3

Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 unassigned up down
GigabitEthernet0/0/1.1 192.168.1.254/24 up up
GigabitEthernet0/0/1.2 192.168.2.254/24 up up
GigabitEthernet0/0/1.3 192.168.3.254/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)

查看路由表
[R1-GigabitEthernet0/0/1.3]display ip routing-table

Route Flags: R - relay, D - download to fib

Routing Tables: Public
Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost Flags NextHop Interface

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/1.1
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.1
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.1
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/1.2
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.2
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.2
192.168.3.0/24 Direct 0 0 D 192.168.3.254 GigabitEthernet
0/0/1.3
192.168.3.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.3
192.168.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1.3
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

可以观察到pc-1可以访问254和2.1

pc>tracert 192.168.2.1 不能访问

上一篇:Sequeue 解析


下一篇:搭建 npm 私有镜像仓库,天下苦于 npm build 久矣