Dot1q三层交换配置相关知识总结（单臂路由router-on-a-stick）

Dot1q三层交换相关知识总结

1.什么是dot1q？什么是IEEE 802.1？什么是IEEE 802.1q？

dot1q  就是802.1q，dot就是点的意思，简写为dot1q；

IEEE 802.1  是一组协议的集合，这个集合里面有很多子协议，如：IEEE 802.1a定义局域网体系结构；IEEE 802.1s定义多生成树协议；IEEE 802.1w定义快速生成树协议；IEEE 802.1x定义局域网安全认证；

IEEE 802.1q  是“Virtual Bridged Local Area Networks”（虚拟桥接局域网，简称“虚拟局域网”）协议，主要规定了VLAN的实现方法。是一种提供VLAN标识和服务质量(QoS)级别的IEEE标准。

2.何谓三层交换，为什么这么做？

何为三层交换？

当二层交换机经过VLAN划分后，彼此如何连通？可通过三层路由器作为各个VLAN的网关，经由三层路由器里的VLAN协议（dot1q）和ARP协议，处理各VLAN段发过来的包，并转发至正确的vlan段。因为是从二层交换机发过来的帧，处理完后又发回给二层交换机。从而借由加入VLAN标签可使多个VLAN透过一个链接多路复用。即用一根网线连接路由器和交换机，两者联合处理二层vlan间的数据帧的数据交换。

为了完成vlan间数据交换，用到三层设备路由器，实际上是路由器跑二层协议。叫三层交换很准确，叫单臂路由有点牵强（有点凑合的感觉）

 

为什么要这么做？

第一技术层面：给交换机划分vlan，不仅能有效隔离广播风暴，还能提高网络安全系数及网络带宽的利用效率。但划分vlan之后，vlan与vlan之间是不能通信的，只能通过路由或三层交换来实现彼此的通讯。路由器实现路由功能通常是将数据报从一个接口进来然后另一个接口出去，现在，路由器与交换机之间只通过一条主干线路，来实现通信或数据转发，（负责交换机上转发过来的多个vlan之间的的通信），因为实际上只是一条线路，只是用子接口的形式，在逻辑上分开，所以形象地叫单臂，也就是路由器仅用一个接口实现数据的进与出，因为我们形象地称它为单臂路由。单臂路由是解决vlan间通信的一种廉价而实用的解决方案。

第二经济层面：那么什么时候要用到单臂路由呢?如果在企业内部网络中划分了不同VLAN，当不同VLAN之间有部分主机需要通信,但你的交换机又不支持三层交换功能（你又无资金购买三层交换机，说白了就是穷惹得祸），如果你有一台支持802.1Q的路由器，或者购买一台这样的路由器，我们用该路由器做三层交换（单臂路由）实现VLAN间的互通。我们只需要在该路由器的以太口上创建一系列与vlan对应的子接口，并分配相应的IP地址作为各个VLAN的网关，同时启动802.1Q协议和ARP广播协议即可。

 

3.实操测试

       3.1.配置思路及原理介绍（从图中可以看出除了可靠性差外，二层交换机与三层的路由器是个瓶颈，规模小可以，多了不行。）

 

3.2.搭建ENSP模式

   

3.3.PC端、交换机及路由器配置

3.3.1 PC端配置（一台10网段，一台20网段，都配了网关）

    

3.3.2交换机配置

[switch] vlan batch 10 20

 

[switch] port-group 10

[switch-port-group-10] group-member GigabitEthernet 0/0/2 to GigabitEthernet 0/0/10

[switch-port-group-10] port link-type access 

[switch-port-group-10] port default vlan 10

 

[switch] port-group 20

[switch-port-group-20] group-member GigabitEthernet 0/0/11 to GigabitEthernet 0/0/19

[switch-port-group-20] port link-type access 

[switch-port-group-20] port default vlan 20

 

[switch] interface  GigabitEthernet 0/0/1

[switch-GigabitEthernet0/0/1] port link-type trunk

[switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20 

 

3.3.3路由器配置(交换机与路由器连接的GigabitEthernet 0/0/1接口，所以子接口是0/0/1.1, 0/0/1.2进行分，以此使多个VLAN通过一个链接实现多路复用）

[Router] interface GigabitEthernet 0/0/1.1    //交换机与路由器连接的那个网口，就进入那个网口，并设置子网口

[Router-GigabitEthernet0/0/1.1] dot1q termination vid 10   //在0/0/1.1子接口上，启用VLAN dot1q协议，并允许vlan10相关的帧通过

[Router-GigabitEthernet0/0/1.1] arp broadcast enable   //启用ARP广播协议

[Router-GigabitEthernet0/0/1.1] ip address 192.168.10.254 24  //给0/0/1.1子接口配置IP地址，作为vlan10 的网关地址

[Router] interface GigabitEthernet0/0/1.2   //交换机与路由器连接的那个网口，就进入那个网口，并设置子网口
[Router-GigabitEthernet0/0/1.2] dot1q termination vid 20   //在0/0/1.2子接口上，启用VLAN dot1q协议，并允许vlan20相关的帧通过
[Router-GigabitEthernet0/0/1.2] arp broadcast enable   //启用ARP广播协议

[Router-GigabitEthernet0/0/1.2] ip address 192.168.20.254 24  //给0/0/1.2子接口配置IP地址，作为vlan20 的网关地址

注：从以上可以看出，其实就是在三层的路由器上，跑二层的交换机的应用协议。所以叫三层交换恰如其分。这些设备基本结构与电脑类似，只是各自侧重功能不同，所有能跑不奇怪！

 

3.4.连通测试 

PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fe77:61f2
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-77-61-F2
DNS server........................:

PC>ping 192.168.20.2

Ping 192.168.20.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.20.2: bytes=32 seq=2 ttl=127 time=78 ms
From 192.168.20.2: bytes=32 seq=3 ttl=127 time=93 ms
From 192.168.20.2: bytes=32 seq=4 ttl=127 time=79 ms
From 192.168.20.2: bytes=32 seq=5 ttl=127 time=78 ms

--- 192.168.20.2 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/82/93 ms

 

外网找到的参考文章 

VLAN Routing with Router 802.1Q Trunks

Almost all enterprise networks use VLANs. To route IP packets in and out of those VLANs, some devices (either routers or Layer 3 switches) need to have an IP address in each subnet and have a connected route to each of those subnets. Then the IP addresses on those routers or Layer 3 switches can serve as the default gateways in those subnets.

This chapter breaks down the LAN routing options into four categories:

• Use a router, with one router LAN interface and cable connected to the switch for each and every VLAN (typically not used)

• Use a router, with a VLAN trunk connecting to a LAN switch (known as router-on-a-stick, or ROAS)

• Use a Layer 3 switch with switched virtual interfaces (SVI)

• Use a Layer 3 switch with routed interfaces (which may or may not be Layer 3 EtherChannels)

Of the items in the list, the first option works, but to be practical, it requires far too many interfaces. It is mentioned here only to make the list complete.

As for the other three options, this chapter discusses each in turn as the main focus of one of the three major sections in this chapter. Each feature is used in real networks today, with the choice to use one or the other driven by the design and needs for a particular part of the network. Figure 17-1 shows cases in which these options could be used.

FIGURE 17-1 Layer 3 Switching at the Central Site

Figure 17-1 shows two switches, labeled A and B, which could act as Layer 3 switches—both with SVIs and routed interfaces. The figure shows a central site campus LAN on the left, with 12 VLANs. Switches A and B act as Layer 3 switches, combining the functions of a router and a switch, routing between all 12 subnets/VLANs, as well as routing to/from the Core router. Those Layer 3 switches could use SVIs, routed interfaces, or both.

Figure 17-1 also shows a classic case for using a router with a VLAN trunk. Sites like the remote sites on the right side of the figure may have a WAN-connected router and a LAN switch. These sites might use ROAS to take advantage of the router’s ability to route over an 802.1Q trunk.

Note that Figure 17-1 just shows an example. The engineer could use Layer 3 switching at each site or routers with VLAN trunking at each site.