单臂路由与SVI
不同网络段vlan之间如何通讯
- 需要三层设备
- 路由器物理口接入多个网线
- 交换机连接一台路由器,使用路由器物理口子接口的方式
众多中小企业内部网络结构都很简单,仅仅是用一台交换机将所有员工机以及服务器连接到一起,然后通过光纤访问internet而已。当然为了保证部分主机的安全性以及分割内部广播包提高网络传输速度,采取诸如划分VLAN,分配不同子网的方法来实现。通过划分VLAN可以让在同一台交换机不同端口的客户机不能互相访问,有效的隔离了网络。
通过VLAN划分网络固然可以解决安全和广播风暴的频繁出现,但是对于那些既希望隔离又希望对某些客户机进行互通的公司来说,划分VLAN的同时为不同VLAN建立互相访问的通道也是必要的。
( C$ }# d/ d# s' X, b
众所周知可以使用三层交换机来实现,但是大多数情况企业网络搭建初期购买的仅仅是二层可管理型交换机,如果要购买三层交换机实现VLAN互通功能的话,以前的二层设备将被丢弃。这样就造成了极大的浪费。那么有没有什么办法在仍然使用二层设备的基础上,实现三层交换机的功能呢?
三层交换机的原理:
在告诉各位读者解决方法前我们需要首先了解三层交换机的工作原理。理论上讲一台三层交换机可以看做是一个二层交换机+一个路由模块,实际使用中各个厂商也是通过将路由模块内置于交换机中实现三层功能的。在传输数据包时先发向这个路由模块,由其提供路由路径然后再由交换机转发相应的数据包。
单臂路由原理:
简单理解就是二层交换机+路由器
Vlan:
- access出口+tag标记
- access入口-tag标记
单臂路由:
- 子端口入口+tag标记
- 子端口出口-tag标记
既然仍然要使用以前的二层设备,那么我们可以通过添加一台路由器解决上面提到的企业网络升级问题。这台路由器就相当于三层交换机的路由模块,只是我们将其放到了交换机的外部。具体原理拓扑图如下:
实验要求:
- 实习PC1与PC3通讯
实验操作:
华为设备:
switch:
[配置vlan]
[SW1]vlan 10 [SW1-vlan10]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 10 [SW1-GigabitEthernet0/0/2]dis th # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # return [SW1]vlan 20 [SW1-vlan20]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 20 [SW1-GigabitEthernet0/0/3]dis th # interface GigabitEthernet0/0/3 port link-type access port default vlan 20 # return [SW1]vlan 30 [SW1-vlan30]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type access [SW1-GigabitEthernet0/0/4]port default vlan 30 [SW1-GigabitEthernet0/0/4]dis th # interface GigabitEthernet0/0/4 port link-type access port default vlan 30 # return
[配置trunk]
[SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type trunk [SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20 30 [SW1-GigabitEthernet0/0/1]dis th # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 30 # return
[SW1-GigabitEthernet0/0/1]dis vlan
The total number of vlans is : 4
--------------------------------------------------------------------------------
U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
#: ProtocolTransparent-vlan; *: Management-vlan;
--------------------------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D)
GE0/0/8(D) GE0/0/9(D) GE0/0/10(D) GE0/0/11(D)
GE0/0/12(D) GE0/0/13(D) GE0/0/14(D) GE0/0/15(D)
GE0/0/16(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D)
GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D)
GE0/0/24(D)
10 common UT:GE0/0/2(U)
TG:GE0/0/1(U)
20 common UT:GE0/0/3(U)
TG:GE0/0/1(U)
30 common UT:GE0/0/4(U)
TG:GE0/0/1(U)
VID Status Property MAC-LRN Statistics Description
--------------------------------------------------------------------------------
1 enable default enable disable VLAN 0001
10 enable default enable disable VLAN 0010
20 enable default enable disable VLAN 0020
30 enable default enable disable VLAN 0030
路由器:
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]q
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q ter vid 10
[R1-GigabitEthernet0/0/0.1]ip add 172.16.10.254 24
[R1-GigabitEthernet0/0/0.1]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 172.16.10.254 255.255.255.0
#
return
[R1-GigabitEthernet0/0/0.1]undo shutdown
Info: Interface GigabitEthernet0/0/0.1 is not shutdown.
[R1]int g0/0/0.2
[R1-GigabitEthernet0/0/0.2]dot1q ter vid 20
[R1-GigabitEthernet0/0/0.2]ip add 172.16.11.254 24
Apr 24 2020 12:04:36-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/0.2 has entered the UP state.
[R1-GigabitEthernet0/0/0.2]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 172.16.11.254 255.255.255.0
#
return
[R1-GigabitEthernet0/0/0.2]undo shutdown
Info: Interface GigabitEthernet0/0/0.2 is not shutdown.
[R1]int g0/0/0.3
[R1-GigabitEthernet0/0/0.3]dot1q ter vid 30
[R1-GigabitEthernet0/0/0.3]ip add 172.16.13.254 24
Apr 24 2020 12:07:18-08:00 R1 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/0.3 has entered the UP state.
[R1-GigabitEthernet0/0/0.3]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0.3
dot1q termination vid 30
ip address 172.16.13.254 255.255.255.0
#
return
[R1-GigabitEthernet0/0/0.3]undo shutdown
Info: Interface GigabitEthernet0/0/0.3 is not shutdown.
pc设备测试路由网关能否ping通
PC1>ping 172.16.10.254 Ping 172.16.10.254: 32 data bytes, Press Ctrl_C to break From 172.16.10.254: bytes=32 seq=1 ttl=255 time=47 ms From 172.16.10.254: bytes=32 seq=2 ttl=255 time=47 ms From 172.16.10.254: bytes=32 seq=3 ttl=255 time=31 ms From 172.16.10.254: bytes=32 seq=4 ttl=255 time=32 ms From 172.16.10.254: bytes=32 seq=5 ttl=255 time=31 ms --- 172.16.10.254 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/37/47 ms
PC2>ping 172.16.11.254 Ping 172.16.11.254: 32 data bytes, Press Ctrl_C to break From 172.16.11.254: bytes=32 seq=1 ttl=255 time=31 ms From 172.16.11.254: bytes=32 seq=2 ttl=255 time=31 ms From 172.16.11.254: bytes=32 seq=3 ttl=255 time=31 ms From 172.16.11.254: bytes=32 seq=4 ttl=255 time=32 ms From 172.16.11.254: bytes=32 seq=5 ttl=255 time=15 ms --- 172.16.11.254 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/28/32 ms
PC>ping 172.16.12.254 Ping 172.16.12.254: 32 data bytes, Press Ctrl_C to break From 172.16.12.254: bytes=32 seq=1 ttl=255 time=47 ms From 172.16.12.254: bytes=32 seq=2 ttl=255 time=31 ms --- 172.16.12.254 ping statistics --- 2 packet(s) transmitted 2 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/39/47 ms
给PC设备配置网关
PC1:
- 172.16.10.254
PC2:
- 172.16.11.254
PC3:
- 172.16.12.254
测试pc1与pc3互通
发现通不了,但是相互之间的路由网关能通
百度发现端口arp广播功能没有开通
[R1]int g0/0/0.1 [R1-GigabitEthernet0/0/0.1]arp broadcast enable [R1-GigabitEthernet0/0/0.1]dis th [V200R003C00] # interface GigabitEthernet0/0/0.1 dot1q termination vid 10 ip address 172.16.10.254 255.255.255.0 arp broadcast enable # return [R1]int g0/0/0.2 [R1-GigabitEthernet0/0/0.2]arp broadcast enable [R1-GigabitEthernet0/0/0.2]dis th [V200R003C00] # interface GigabitEthernet0/0/0.2 dot1q termination vid 20 ip address 172.16.11.254 255.255.255.0 arp broadcast enable # return [R1]int g0/0/0.3 [R1-GigabitEthernet0/0/0.3]arp broadcast enable [R1-GigabitEthernet0/0/0.3]dis th [V200R003C00] # interface GigabitEthernet0/0/0.3 dot1q termination vid 30 ip address 172.16.12.254 255.255.255.0 arp broadcast enable # return
测试PC设备之间是否能通讯
PC>ping 172.16.12.1 Ping 172.16.12.1: 32 data bytes, Press Ctrl_C to break Request timeout! From 172.16.12.1: bytes=32 seq=2 ttl=127 time=78 ms From 172.16.12.1: bytes=32 seq=3 ttl=127 time=78 ms From 172.16.12.1: bytes=32 seq=4 ttl=127 time=63 ms From 172.16.12.1: bytes=32 seq=5 ttl=127 time=78 ms --- 172.16.12.1 ping statistics --- 5 packet(s) transmitted 4 packet(s) received 20.00% packet loss round-trip min/avg/max = 0/74/78 ms
SVI
现网都是以这种方法,实现不同vlan之间的设备进行通讯,优点延迟低,单臂路由延迟高
优点:
- 提高转发效率
- 没有带宽瓶颈
三层交换机=二层交换机+路由板块,就是比二层交换机能配置路由功能
数据转发流程
- PC-ACCESS
- 数据从PC发出到交换机的access,打上对于的tag
- access-vlanif
- access接口打上tag,将数据发送给vlanif
- vlanif收到数据将tag脱离
- 三层交换机vlanif进行路由表查询
- 发现需要转发到另一个vlanif
- 直接发送到另一个vlanif接口
- vlanif-access
- vlanif将数据发送给自己vlan相关的access接口,同时打tag
- access-pc
- 脱对于的标签,转发到PC
实验要求:
- 不同vlan的PC设备之间可以通讯
实验操作:
switch:
[SW1]vlan 10 [SW1-vlan10]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type access [SW1-GigabitEthernet0/0/2]port default vlan 10 [SW1-GigabitEthernet0/0/2]dis th # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # return [SW1]int vlan 10 [SW1-Vlanif10]ip add 172.16.10.254 24 [SW1-Vlanif10]dis th # interface Vlanif10 ip address 172.16.10.254 255.255.255.0 # return
[SW1]vlan 20 [SW1-vlan20]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type access [SW1-GigabitEthernet0/0/3]port default vlan 20 [SW1-GigabitEthernet0/0/3]dis th # interface GigabitEthernet0/0/3 port link-type access port default vlan 20 # return [SW1]int vlan 20 [SW1-Vlanif20]ip add 172.16.11.254 24 [SW1-Vlanif20]dis th # interface Vlanif20 ip address 172.16.11.254 255.255.255.0 # return
[SW1]vlan 30 [SW1-vlan20]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type access [SW1-GigabitEthernet0/0/4]port default vlan 20 [SW1-GigabitEthernet0/0/4]dis th # interface GigabitEthernet0/0/4 port link-type access port default vlan 30 # return [SW1]int vlan 30 [SW1-Vlanif30]ip add 172.16.12.254 24 [SW1-Vlanif30]dis th # interface Vlanif30 ip address 172.16.12.254 255.255.255.0 # return
测试pc联通性【不要忘记在PC机上配置子接口的网关IP】
PC>ping 172.16.12.1 Ping 172.16.12.1: 32 data bytes, Press Ctrl_C to break From 172.16.12.1: bytes=32 seq=1 ttl=127 time=47 ms From 172.16.12.1: bytes=32 seq=2 ttl=127 time=31 ms From 172.16.12.1: bytes=32 seq=3 ttl=127 time=31 ms From 172.16.12.1: bytes=32 seq=4 ttl=127 time=47 ms From 172.16.12.1: bytes=32 seq=5 ttl=127 time=31 ms --- 172.16.12.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/37/47 ms
继续阅读
我的微信
这是我的微信扫一扫
评论