首先,说明一下本例子。。
vlan之间通讯需要用到的设备有:二层交换机两个(当然三层也可以,不过很贵~~),路由器/3层交换机 一台(支持802.1q协议),pc4台。。试验环境为Cisco虚拟软件packet trcer 4.1
二层交换机:首先要明白一点,对于vlan通讯来说,二层交换机上vlan没有必要配ip地址,唯一需要的是vlan1(配置的ip地址为管理地址)。
其次,二层交换机没有ip地址。。当然vlan可以设置ip,但是端口什么的没有ip。虽然这点很简单,但是,很多人经常忘记,至少我身边的同学好多都不知道这个事实。。
还有,这点很重要,二层交换机只能同一时刻存在一个vlan。。
最后,要保证vlan之间可以相互通讯的前提,就是二层与路由的接口要设置为trunk模式。。
路由器:由于要实现vlan之间通讯,所以路由器需要用到802.1q协议,来封装端口。。
(下面开始配置)
S1:vlan 1 :IP :10.1.0.2/16
vlan 10: name--V1 下属pc:IP:192.168.1.x/24 网关 192.168.1.254/24
vlan 20: name--V2 下属pc:IP:192.168.2.x/24 网关 192.168.2.254/24
S2:vlan1:IP:10.2.0.2/16
vlan 30: name--V3 下属pc:IP:192.168.3.x/24 网关 192.168.3.254/24
vlan 40: name--V4 下属pc:IP:192.168.4.x/24 网关 192.168.4.254/24
R1:F0/0:IP:10.1.0.1/16
虚接口地址:
F0/0.1: IP:192.168.1.254/24
F0/0.2: IP:192.168.2.254/24
F0/1:IP:10.2.0.1/16
虚接口地址:
F0/1.1: IP:192.168.3.254/24
F0/1.2: IP:192.168.4.254/24
拓扑图如下:
S1配置如下:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname S1
S1(config)#vlan 10
S1(config-vlan)#name V1
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name V2
S1(config-vlan)#int vlan 1
S1(config-if)#ip address 10.1.0.2 255.255.0.0
S1(config-if)#no shut
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#int f0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#no shut
S1(config-if)#int f0/3
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 20
S1(config-if)#no shut
S1(config-if)#int f0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk allowed vlan all
S1(config-if)#no shut
S1(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
10 V1 active Fa0/2
20 V2 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
S2设置如上:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vlan 30
S2(config-vlan)#name V3
S2(config-vlan)#no shut
^
% Invalid input detected at '^' marker.
S2(config-vlan)#vlan 40
S2(config-vlan)#name V4
S2(config-vlan)#int vlan 1
S2(config-if)#ip address 10.2.0.2 255.255.0.0
S2(config-if)#no shut
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S2(config-if)#int f0/2
S2(config-if)#swit m a
S2(config-if)#swit access vlan 30
S2(config-if)#no shut
S2(config-if)#int f0/3
S2(config-if)#swit m a
S2(config-if)#swit a vlan 40
S2(config-if)#no shut
S2(config-if)#int f0/1
S2(config-if)#swit m t
S2(config-if)#swit trunk allowed vlan all
S2(config-if)#no shut
S2(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
30 V3 active Fa0/2
40 V4 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
路由器R1设置如下:
Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#
R1(config)#int f0/0
R1(config-if)#ip address 10.1.0.1 255.255.0.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int f0/1
R1(config-if)#ip address 10.1.1.1 255.255.0.0
% 10.1.0.0 overlaps with FastEthernet0/0
R1(config-if)#ip address 10.2.0.1 255.255.0.0
R1(config-if)#no shut
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1(config-if)#int f0/0.1
%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 192.168.1.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#int f0/0.2
%LINK-5-CHANGED: Interface FastEthernet0/0.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.2, changed state to up
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 192.168.2.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#int f0/1.1
%LINK-5-CHANGED: Interface FastEthernet0/1.1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.1, changed state to upR1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip address 192.168.3.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#int f0/1.2
%LINK-5-CHANGED: Interface FastEthernet0/1.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.2, changed state to up
R1(config-subif)#encapsulation dot1q 40
R1(config-subif)#ip address 192.168.4.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#end
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/16 is subnetted, 2 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
C 10.2.0.0 is directly connected, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, FastEthernet0/0.2
C 192.168.3.0/24 is directly connected, FastEthernet0/1.1
C 192.168.4.0/24 is directly connected, FastEthernet0/1.2
现在,可以设置PC的属性了,别忘了四处ping下,检查是否设置成功。。
hoho,貌似没有什么问题了。
OK,大功告成,我不准备写上述配置的解释,简单解释一下工作原理:
二层交换机只允许同时存在一个vlan,这就决定了我们不可能靠二层交换机实现vlan的通讯,我们需要支持路由功能的三层交换机或者路由器来实现它。。
vlan划分和ip地址分配就不说了,着重了解一下虚接口(也就是802.1q的实现过程)
由于路由器和交换机相连的接口只有一个,我们要配置虚拟地址,就是传说中的虚接口,这里用到的是802.1q协议,用此协议封装此路由器虚接口,将vlan的ID和虚接口地址在逻辑上连接起来。也就是单臂路由(不 明白的可以点此链接查看)的实现。(原理略^_^),交换机上的trunk口和路由通讯的时候,会封装进vlan的ID,然后直接找到对应的虚接口进行通 讯,相当与在trunk口和路由器之间多了一个分线器,将vlan直接和路由器相连,所以在最后路由器上show ip route的时候显示如下信息:
10.0.0.0/16 is subnetted, 2 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
C 10.2.0.0 is directly connected, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, FastEthernet0/0.2
C 192.168.3.0/24 is directly connected, FastEthernet0/1.1
C 192.168.4.0/24 is directly connected, FastEthernet0/1.2
注意到了,vlan和路由是directly connected~~就是直连。。