VLAN通信之单臂路由与三层交换
再次提及,vlan是虚拟局域网,用于分隔广播域,解决广播风暴。但是vlan之间无法直接通信。所有我们要用三层交换、单臂路由来实现vlan之间的通信。
单臂路由
使用场景:规划错误,只有二层交换机。
链路类型
-
交换机连接主机的端口为access链路
-
交换机连接路由器的端口为Trunk链路
子接口(逻辑划分)
-
路由器的物理接口可以被划分成多个逻辑接口
-
每个子接口对应一个VLAN网段的网关
原理:路由器重新封装MAC地址、转换VLAN标签。
实验一
#交换机配置(不同网段通信需要配置网关)
<Huawei>undo t m
<Huawei>sys
[Huawei]vlan batch 10 20
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 20
[Huawei-GigabitEthernet0/0/3]undo sh
[Huawei-GigabitEthernet0/0/3]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]undo sh
#路由器配置
<Huawei>sys
[Huawei]u t m
[Huawei]int g0/0/0.10
#0-4095划分范围
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10
#“dot1q”里的1是数字1
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable
#arp协议默认关闭,一定要开启
[Huawei-GigabitEthernet0/0/0.10]undo sh
[Huawei-GigabitEthernet0/0/0.10]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.20.1 24
[Huawei-GigabitEthernet0/0/0.20]undo sh
[Huawei-GigabitEthernet0/0/0.20]arp broadcast enable
[Huawei-GigabitEthernet0/0/0.20]q
[Huawei]q
<Huawei>display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
GigabitEthernet0/0/0 up down 0% 0% 0 0
GigabitEthernet0/0/0.10 up up 0% 0% 0 0
GigabitEthernet0/0/0.20 up up 0% 0% 0 0
GigabitEthernet0/0/1 down down 0% 0% 0 0
GigabitEthernet0/0/2 down down 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
#LSW1里
<Huawei>
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]undo sh
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 10
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 20
[Huawei-GigabitEthernet0/0/3]int g0/0/4
[Huawei-GigabitEthernet0/0/3]undo sh
[Huawei-GigabitEthernet0/0/4]p l a
[Huawei-GigabitEthernet0/0/4]p d v 20
[Huawei-GigabitEthernet0/0/4]undo sh
[Huawei-GigabitEthernet0/0/4]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type trunk
[Huawei-GigabitEthernet0/0/5]port trunk allow-pass vlan 10 20
[Huawei-GigabitEthernet0/0/5]undo sh
#LSW2里
<Huawei>u t m
<Huawei>sys
[Huawei]vlan batch 10 20
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]undo sh
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 20
[Huawei-GigabitEthernet0/0/2]int g0/0/5
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/5]p l t
[Huawei-GigabitEthernet0/0/5]p t a v 10 20
[Huawei-GigabitEthernet0/0/5]undo sh
#AR1里
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0.10
##划分有范围0--4095
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10
##dot1q,“1”是数字1##将此端口与vlan id 10关联上
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.1.254 24
#分别配置网关与不同网络段的主机网关对应
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable
##因为华为ARP广播功能默认关闭的 思科是开启的##一定要记得
[Huawei-GigabitEthernet0/0/0.10]undo shutdown
Info: Interface GigabitEthernet0/0/0.10 is not shutdown.
[Huawei-GigabitEthernet0/0/0.10]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.2.254 24
[Huawei-GigabitEthernet0/0/0.20]undo shutdown
Info: Interface GigabitEthernet0/0/0.20 is not shutdown.
[Huawei-GigabitEthernet0/0/0.20]arp broadcast enable
不同网段之间终端可联通则成功
单臂路由缺点:
-
“单臂”为网络骨干链路,容易形成网络瓶颈
-
子接口依然依托于物理接口,应用不灵活
-
VLAN间转发需要查看路由表,严重浪费设备资源
三层交换
三层交换虚拟出多个接口实现VLAN间通信(vlanif=vlaninterface)
传统的MLS
一次路由多次转发。交换ASIC从3层引擎中获悉2层重写信息在硬件中创建一个MLS条目。
负责重写和转发数据流中的后续数据包
基于CEF的MLS
CEF是一种基于拓扑转发的模型
转发信息表(FIB)——就是路由表
邻接关系表——MAC
为什么要用这个方法:
路由器端口有限,三层交换机可分出虚拟接口,连接更多主机
实验一
<Huawei>u t m
<Huawei>sys
[Huawei]vlan b 10 20 30
##创建10 20 30 三条vlan
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 10
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/1]undo sh
##undo shoutdown 作用在真实交换机上
##因为交换机端口默认关闭,一定要记得输命令
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 20
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/2]undo sh
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 30
[Huawei-Ethernet0/0/3]undo sh
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]p l t
[Huawei-Ethernet0/0/4]p t a v a
[Huawei-Ethernet0/0/4]dis th
#
interface Ethernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
return
#在三层交换机上配置
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
[SW2-GigabitEthernet0/0/1]q
[SW2]vlan batch 10 20 30
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.1.254 24
[SW2-Vlanif10]int vlanif 20
[SW2-Vlanif20]ip address 192.168.2.254 24
[SW2-Vlanif20]int vlanif 30
[SW2-Vlanif30]ip address 192.168.3.254 24
[SW2-Vlanif30]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.1.254/24 up up
Vlanif20 192.168.2.254/24 up up
Vlanif30 192.168.3.254/24 up up
测试PC3pingPC1,连通,成功。
倘若三层路由器上连接另一台路由器与主机呢
实验二
####LSW1中设置不同端口下的模式
[SW1]vlan batch 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]p l a
[SW1-Ethernet0/0/1]p d v 10
##prot default vlan 10
[SW1-Ethernet0/0/1]undo sh
[SW1-Ethernet0/0/1]int e0/0/2
[SW1-Ethernet0/0/2]p l a
[SW1-Ethernet0/0/2]p d v 20
[SW1-Ethernet0/0/2]undo sh
[SW1-Ethernet0/0/2]int e0/0/3
[SW1-Ethernet0/0/3]p l a
[SW1-Ethernet0/0/3]p d v 30
[SW1-Ethernet0/0/3]undo sh
[SW1-Ethernet0/0/3]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l t
[SW1-GigabitEthernet0/0/1]p t a v a
##prot trunk allow-pass vlan all
####LSW2中设置不同端口
<Huawei>u t m
<Huawei>sys
[Huawei]sys SW2
[SW2]vlan batch 10 20 30 100
##创建vlan分别接纳四段网络
[SW2]
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]p l a
[SW2-GigabitEthernet0/0/2]p d v 100
[SW2-GigabitEthernet0/0/2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
##之后针对不同子接口添加地址
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.1.254 24
[SW2-Vlanif10]int vlanif 20
[SW2-Vlanif20]ip address 192.168.2.254 24
[SW2-Vlanif20]int vlanif 30
[SW2-Vlanif30]ip address 192.168.3.254 24
[SW2-Vlanif30]int vlanif 100
[SW2-Vlanif100]ip address 192.168.4.1 24
[SW2-Vlanif100]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
MEth0/0/1 unassigned down down
NULL0 unassigned up up(s)
Vlanif1 unassigned up down
Vlanif10 192.168.1.254/24 up up
Vlanif20 192.168.2.254/24 up up
Vlanif30 192.168.3.254/24 up up
Vlanif100 192.168.4.1/24 up up
[SW2-Vlanif100]ip route-static 192.168.5.0 24 192.168.4.2
DHCP
动态主机配置协议,自动给主机分配IP地址
DHCP服务器会为大量主机分配IP地址,能够集中管理。
先问当前局域网中是否有DHCP服务器
如果有,服务器返回网络参数报文
主机接收进行配置并发送,我已配置,并将刚刚的地址从地址池中剔除
服务器,我已剔除。
| 报文类型 | 含义 |
|---|---|
| DHCP DISCOVER | 客户端用来寻找DHCP服务器 |
| DHCP OFFER | DHCP服务器用来响应DHCP DISCOVER报文,此报文携带了各种配置信息 |
| DHCP REQUEST | 客户端请求配置确认,或者续借租期 |
| DHCP ACK | 服务器对REQUEST报文的确认响应 |
| DHCP NAK | 服务器对REQUEST报文的拒绝响应 |
| DHCP RELEASE | 客户端要释放地址时用来通知服务器 |
-
如果IP租约到期前都没有收到服务器响应,客户端停止使用此IP地址。
-
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了