用三层交换机作为核心交换机,采用链路聚合等技术,解决工作中的实际问题知识总结
用三层交换机作为核心交换机,采用链路聚合等技术构建一般企业网络应用,解决工作中的实际问题知识总结
(可用三层交换机作为核心交换机解决工作中的实际问题:左侧为服务区,右侧为应用区)
何为三层交换机?拥有部分三层功能的二层交换机。这类交换机拥有交换机的广播,学习,转发的功能,同时还拥有三层设备路由器拥有的标志性功能路由的功能(当然是通过兼容二层设备实现相关功能,但肯定不如标准三层设备所拥有的功能强劲)
如何在交换机上建立路由?通过建立一系列的vlan,并给vlan的虚接口配置IP地址,在这类三层交换机上运行的路由协议程序就会自动生成相应的直连路由。当然可以人为建立路由指明IP包的走向。这里不要觉得奇怪,为什么交换机上还能跑路由协议?因为交换机和路由器核心部件就像电脑一样是差不多的,只因设计需要将各类设备的功能,进行有侧重的设计,再配合运行相应的协议程序进行配合实现。
如何在通过路由器用三层交换技术连接服务器?利用链路复用技术,让渡部分路由器功能,与交换机的vlan技术一起,实现三层交换即单臂路由。实现单各路由器接口这里的三层交换与三层交换机概念是有区别的:三层设备上运行交换机的一下相关协议程序;三层交换机是在二层设备上运行三层路由相关协议;这种小技术对访问量不大的内部服务器,可以采用。
思路
1.三台服务器,一台路由器,三台交换机构建一般公司的应用:用ENSP搭建模型
2.右侧应用工作站、交换机配置,采用链路聚合技术,增强核心网络的稳定性和速度(黄色区域)
3.左侧服务器、交换机及路由器配置(红色区域)
4.连通测试
1.三台服务器,一台路由器,三台交换机构建一般公司的应用:用ENSP搭建模型
2.右侧应用工作站、交换机配置(黄色区域)
2.1.各PC客户端配置(以下仅以PC5为例,所在网段的网关为*.*.*.254)
2.2.交换机配置
2.2.1.Switch1交换机1的配置
[Switch1] vlan batch 2 10 20
[Switch1] port-group 10
[Switch1-port-group-10] group-member Ethernet0/0/2 to Ethernet 0/0/9
[Switch1-port-group-10] port link-type access
[Switch1-port-group-10]port default vlan 10
[Switch1] port-group 20
[Switch1-port-group-20] group-member Ethernet0/0/10 to Ethernet 0/0/19
[Switch1-port-group-20] port link-type access
[Switch1-port-group-20] port default vlan 20
[Switch1] interface Ethernet0/0/20
[Switch1-Ethernet0/0/20] port link-type access
[Switch1-Ethernet0/0/20] port default vlan 2
[Switch1] interface Eth-trunk1 //链路聚合1
[Switch1-Eth-Trunk1] mode lacp-static
[Switch1-Eth-Trunk1] trunkport GigabitEthernet 0/0/1
[Switch1-Eth-Trunk1] trunkport GigabitEthernet 0/0/2
[Switch1-Eth-Trunk1] port link-type trunk
[Switch1-Eth-Trunk1] port trunk allow-pass vlan 2 10 20
2.2.2.Switch2交换机2的配置
[Switch2] vlan batch 3 30 40
[Switch2] port-group 30
[Switch2-port-group-30] group-member Ethernet0/0/2 to Ethernet 0/0/9
[Switch2-port-group-30] port link-type access
[Switch2-port-group-30]port default vlan 30
[Switch2] port-group 40
[Switch2-port-group-40] group-member Ethernet0/0/10 to Ethernet 0/0/19
[Switch2-port-group-40] port link-type access
[Switch2-port-group-40] port default vlan 40
[Switch2] interface Ethernet0/0/20
[Switch2-Ethernet0/0/20] port link-type access
[Switch2-Ethernet0/0/20] port default vlan 3
[Switch2] interface Eth-trunk2 //链路聚合2
[Switch2-Eth-Trunk2] mode lacp-static
[Switch2-Eth-Trunk2] trunkport GigabitEthernet 0/0/1
[Switch2-Eth-Trunk2] trunkport GigabitEthernet 0/0/2
[Switch2-Eth-Trunk2] port link-type trunk
[Switch2-Eth-Trunk2] port trunk allow-pass vlan 3 30 40
2.2.3.三层交换机配置(核心交换机配置)
[L3-SW] vlan batch 2 to 3 10 20 30 40 123
[L3-SW] interface Vlanif 2
[L3-SW-Vlanif2] ip address 192.168.2.254 255.255.255.0
[L3-SW] interface Vlanif 3
[L3-SW-Vlanif3] ip address 192.168.3.254 255.255.255.0
[L3-SW] interface Vlanif 10
[L3-SW-Vlanif10] ip address 192.168.10.254 255.255.255.0
[L3-SW] interface Vlanif 20
[L3-SW-Vlanif20] ip address 192.168.20.254 255.255.255.0
[L3-SW] interface Vlanif 30
[L3-SW-Vlanif30] ip address 192.168.30.254 255.255.255.0
[L3-SW] interface Vlanif 40
[L3-SW-Vlanif40] ip address 192.168.40.254 255.255.255.0
[L3-SW] interface Vlanif 123
[L3-SW-Vlanif123] ip address 192.168.123.254 255.255.255.0
[L3-SW] interface Eth-trunk1 //链路聚合1对应交换机1;配置顺序不要搞反
[L3-SW-Eth-Trunk1] mode lacp-static
[L3-SW-Eth-Trunk1] trunkport GigabitEthernet 0/0/21
[L3-SW-Eth-Trunk1] trunkport GigabitEthernet 0/0/22
[L3-SW-Eth-Trunk1] port link-type trunk
[L3-SW-Eth-Trunk1] port trunk allow-pass vlan 2 10 20
[L3-SW] interface Eth-trunk2 //链路聚合2对应交换机2
[L3-SW-Eth-Trunk2] mode lacp-static
[L3-SW-Eth-Trunk2] trunkport GigabitEthernet 0/0/23
[L3-SW-Eth-Trunk2] trunkport GigabitEthernet 0/0/24
[L3-SW-Eth-Trunk2] port link-type trunk
[L3-SW-Eth-Trunk2] port trunk allow-pass vlan 3 30 40
//注:LACP重用配置命令: lacp priority 90 //配置优先级90 ,优先级数值小,优先级更高
max active-linknumber 2 //配置链路最大连接数为2 ,即只有两条链路在跑数据,其他为备用链路
lacp preempt enable //配置抢占功能
[L3-SW]interface GigabitEthernet 0/0/3
[L3-SW-GigabitEthernet0/0/3]port link-type access //与路由器的连接类型为access,即传给路由器的数据不能待vlan标签,必须vlan标
[L3-SW-GigabitEthernet0/0/3]port default vlan 123
//在三层交换机上建立路由,下一跳的邻接口是真正的路由器
[L3-SW] ip route-static 192.168.120.0 255.255.255.0 192.168.123.253
[L3-SW] ip route-static 192.168.121.0 255.255.255.0 192.168.123.253
[L3-SW] ip route-static 192.168.122.0 255.255.255.0 192.168.123.253
//查看三层交换机上的路由器表
[L3-SW] display ip routing-table //交换机上查路由表,都是通过vlanif的虚接口出去的,也就是说用了三层的路由技术,但又必须满足兼容二层的交换设备
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 19 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 Direct 0 0 D 192.168.2.254 Vlanif2
192.168.2.254/32 Direct 0 0 D 127.0.0.1 Vlanif2
192.168.3.0/24 Direct 0 0 D 192.168.3.254 Vlanif3
192.168.3.254/32 Direct 0 0 D 127.0.0.1 Vlanif3
192.168.10.0/24 Direct 0 0 D 192.168.10.254 Vlanif10
192.168.10.254/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.20.0/24 Direct 0 0 D 192.168.20.254 Vlanif20
192.168.20.254/32 Direct 0 0 D 127.0.0.1 Vlanif20
192.168.30.0/24 Direct 0 0 D 192.168.30.254 Vlanif30
192.168.30.254/32 Direct 0 0 D 127.0.0.1 Vlanif30
192.168.40.0/24 Direct 0 0 D 192.168.40.254 Vlanif40
192.168.40.254/32 Direct 0 0 D 127.0.0.1 Vlanif40
192.168.120.0/24 Static 60 0 RD 192.168.123.253 Vlanif123
192.168.121.0/24 Static 60 0 RD 192.168.123.253 Vlanif123
192.168.122.0/24 Static 60 0 RD 192.168.123.253 Vlanif123
192.168.123.0/24 Direct 0 0 D 192.168.123.254 Vlanif123
192.168.123.254/32 Direct 0 0 D 127.0.0.1 Vlanif123
3.左侧服务器、交换机及路由器配置(橙色区域)
3.1.服务器配置
3.2.交换机配置
[Switch3] vlan batch 120 121
[Switch3] interface Ethernet0/0/1
[Switch3-Ethernet0/0/1] port link-type access
[Switch3-Ethernet0/0/1] port default vlan 121
[Switch3] interface Ethernet0/0/2
[Switch3-Ethernet0/0/2] port link-type access
[Switch3-Ethernet0/0/2] port default vlan 120
[Switch3] interface GigabitEthernet 0/0/1
[Switch3-GigabitEthernet0/0/1] port link-type trunk
[Switch3-GigabitEthernet0/0/1] port trunk allow-pass vlan 120 to 121
3.3.路由器配置
[Router] interface GigabitEthernet2/0/0.1
[Router-GigabitEthernet2/0/0.1] dot1q termination vid 121
[Router-GigabitEthernet2/0/0.1] ip address 192.168.121.254 255.255.255.0
[Router-GigabitEthernet2/0/0.1] arp broadcast enable
[Router] interface GigabitEthernet2/0/0.2
[Router-GigabitEthernet2/0/0.2] dot1q termination vid 120
[Router-GigabitEthernet2/0/0.2] ip address 192.168.120.254 255.255.255.0
[Router-GigabitEthernet2/0/0.2] arp broadcast enable
[Router] interface GigabitEthernet0/0/0
[Router-GigabitEthernet0/0/0] ip address 192.168.123.253 255.255.255.0
[Router] interface GigabitEthernet0/0/1
[Router-GigabitEthernet0/0/1] ip address 192.168.123.254 255.255.255.0
[Router] ip route-static 192.168.2.0 255.255.255.0 192.168.123.254
[Router] ip route-static 192.168.3.0 255.255.255.0 192.168.123.254
[Router] ip route-static 192.168.10.0 255.255.255.0 192.168.123.254
[Router] ip route-static 192.168.20.0 255.255.255.0 192.168.123.254
[Router] ip route-static 192.168.30.0 255.255.255.0 192.168.123.254
[Router] ip route-static 192.168.40.0 255.255.255.0 192.168.123.254
4.连通测试(PC1 与Server3的连通测试)
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fea4:1542
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.10.1
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.10.254
Physical address..................: 54-89-98-A4-15-42
DNS server........................:
PC>ping 192.168.120.1
Ping 192.168.120.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.120.1: bytes=32 seq=2 ttl=253 time=93 ms
From 192.168.120.1: bytes=32 seq=3 ttl=253 time=79 ms
From 192.168.120.1: bytes=32 seq=4 ttl=253 time=109 ms
From 192.168.120.1: bytes=32 seq=5 ttl=253 time=62 ms
--- 192.168.120.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/85/109 ms
