一、概述
三层交换机就是具有部分路由器功能的交换机,工作在OSI网络标准模型的第三层:网络层。三层交换机的最重要目的是加快大型局域网内部的数据交换,所具有的路由功能也是为这目的服务的,能够做到一次路由,多次转发。
二、使用
三层交换机 = 二层交换机 + 三层路由器
三层路由引擎是可以开启或关闭的
conf t
ip routing 开启三层路由功能
no ip routing 关闭三层路由功能
与单臂路由对比:
1)解决了网络瓶颈问题(不用单根线往三层传送数据,实现了每个vlan用一跟虚拟的线,并且带宽很高)。
2)解决了单点故障(虚拟接口不在依赖于任何物理接口)
3)一次路由,永久交换。
三层交换机上起虚接口(配置VLAN网关)
int vlan 10
ip add 10.1.1.254 255.255.255.0
no shut
exit
二层端口升级为三层端口
int f0/x
no switchprot
ip add 10.1.1.254 255.255.255.0
no shut
三、实验
拓扑图
实现全网互通
一、交换部分
1、trunk
给三台二层交换机的F0/3配置成trunk,因为要传输不同vlan的数据;
以第一台为例其他两台同理:
Switch>
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#hostname sw1
sw1(config)#int f0/3
sw1(config-if)#
sw1(config-if)#switchport mode trunk
连接二层交换机的三层交换机的三个端口配置trunk
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ho sw4
sw4(config)#int range f0/1 - 3
sw4(config-if-range)#switchport trunk encapsulation dot1q
sw4(config-if-range)#sw m t
sw4(config-if-range)#exit
2、VTP
在三层交换机上创建VTP并创建VLAN
sw4(config)#vtp domain code
Changing VTP domain name from NULL to code
sw4(config)#vlan 10
sw4(config-vlan)#exit
sw4(config)#vlan 20
sw4(config-vlan)#exit
sw4(config)#vlan 30
sw4(config-vlan)#exit
sw4(config)#vlan 40
sw4(config-vlan)#exit
sw4(config)#vlan 50
sw4(config-vlan)#exit
sw4(config)#no vlan 10
sw4(config)#no vlan 20
sw4(config)#no vlan 30
sw4(config)#no vlan 40
sw4(config)#no vlan 50
3、分配端口到VLAN
二层交换机对应的端口加入到对应的VLAN
sw1
sw1(config)#int f0/1
sw1(config-if)#sw ac vlan 10
% Access VLAN does not exist. Creating vlan 10
sw1(config-if)#exit
sw1(config)#int f0/2
sw1(config-if)#sw ac vlan 20
% Access VLAN does not exist. Creating vlan 20
sw1(config-if)#exit
sw1(config)#do show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gig0/1, Gig0/2
10 VLAN0010 active Fa0/1
20 VLAN0020 active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
其他两个二层交换机同理将端口加入到VLAN,因在三层交换机已经创建了VTP并创建了VLAN,下面所属的三台二层交换机会同样学习到,所以直接将端口加入到VLAN即可,无需再次创建。主要用来同步VLAN
4、开启三层交换机虚接口配置网关
不同VLAN 配置不同网关
sw4(config)# ip routing
sw4(config)#int vlan 10
sw4(config-if)#
sw4(config-if)#ip add 10.1.1.254 255.255.255.0 配置vlan10网关
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#int vlan 20
sw4(config-if)#ip add 20.1.1.254 255.255.255.0
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#int vlan 30
sw4(config-if)#ip add 30.1.1.254 255.255.255.0
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#int vlan 40
sw4(config-if)#ip add 40.1.1.254 255.255.255.0
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#do show sh ip
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset up up
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down
FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
Vlan1 unassigned YES unset administratively down down
Vlan10 10.1.1.254 YES manual up up
Vlan20 20.1.1.254 YES manual up up
Vlan30 30.1.1.254 YES manual up up
Vlan40 40.1.1.254 YES manual up up
5、配置DHCP服务器
创建作用域
6、三层交换机配置DHCP中继
sw4(config)#int vlan 10
sw4(config-if)#ip help
sw4(config-if)#ip helper-address 40.1.1.1 DHCP服务器IP
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#int vlan 20
sw4(config-if)#ip helper-address 40.1.1.1
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#int vlan 30
sw4(config-if)#ip helper-address 40.1.1.1
sw4(config-if)#no shut
sw4(config-if)#exit
sw4(config)#int vlan 40
sw4(config-if)#ip helper-address 40.1.1.1
sw4(config-if)#no shut
sw4(config-if)#exit
查看是否自动获取IP地址
PING测试
C:\>ping 20.1.1.2
Pinging 20.1.1.2 with 32 bytes of data:
Request timed out.
Reply from 20.1.1.2: bytes=32 time=1ms TTL=127
Reply from 20.1.1.2: bytes=32 time<1ms TTL=127
Reply from 20.1.1.2: bytes=32 time<1ms TTL=127
Ping statistics for 20.1.1.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\>ping 30.1.1.2
Pinging 30.1.1.2 with 32 bytes of data:
Request timed out.
Reply from 30.1.1.2: bytes=32 time<1ms TTL=127
Reply from 30.1.1.2: bytes=32 time=1ms TTL=127
Reply from 30.1.1.2: bytes=32 time<1ms TTL=127
Ping statistics for 30.1.1.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
至此以上实现了内网互通
二、路由部分
1、二层接口升级三层接口
sw4>en
sw4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw4(config)#int f0/4
sw4(config-if)#no switchport
将原来交换机的F0/4接口升级为三层设备(路由器)的接口;
2、配置IP
三层交换机
sw4(config-if)#ip add 50.1.1.1 255.255.255.0
sw4(config-if)#no shut
配置默认路由,下一跳IP为公司总出口
sw4(config)#ip route 0.0.0.0 0.0.0.0 50.1.1.2
公司网关
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ho R-GW
R-GW(config)#int f0/0
R-GW(config-if)#ip add 50.1.1.2 255.255.255.0
R-GW(config-if)#no shut
R-GW(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R-GW(config-if)#exit
R-GW(config)#int f0/1
R-GW(config-if)#ip add 60.1.1.1 255.255.255.0
R-GW(config-if)#no shut
R-GW(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
R-GW(config-if)#exit
R-GW(config)#do show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 50.1.1.2 YES manual up up
FastEthernet0/1 60.1.1.1 YES manual up down
Vlan1 unassigned YES unset administratively down down
配置默认路由
R-YYS(config)#ip route 0.0.0.0 0.0.0.0 60.1.1.1
运营商路由
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ho R-YYS
R-YYS(config)#int f0/0
R-YYS(config-if)#ip add 60.1.1.2 255.255.255.0
R-YYS(config-if)#no shut
R-YYS(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R-YYS(config-if)#exit
R-YYS(config)#int f0/1
R-YYS(config-if)#ip add 70.1.1.254 255.255.255.0
R-YYS(config-if)#no shut
R-YYS(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
R-YYS(config-if)#
路由配置
R-GW(config)#ip route 70.1.1.0 255.255.255.0 60.1.1.2
R-GW(config)#ip route 10.1.1.0 255.255.255.0 50.1.1.1
R-GW(config)#ip route 20.1.1.0 255.255.255.0 50.1.1.1
R-GW(config)#ip route 30.1.1.0 255.255.255.0 50.1.1.1
R-GW(config)#ip route 40.1.1.0 255.255.255.0 50.1.1.1
最终实现全网互通
PING测试
注意:同种设备使用交叉线连接,不同设备用直连线。
路由器和PC属于同种设备