VLAN通信之单臂路由与三层交换

VLAN之间通信

再次提及，vlan是虚拟局域网，用于分隔广播域，解决广播风暴。但是vlan之间无法直接通信。所有我们要用三层交换、单臂路由来实现vlan之间的通信。

单臂路由

使用场景：规划错误，只有二层交换机。

作用：实现不同VLAN通信

链路类型

• 交换机连接主机的端口为access链路

• 交换机连接路由器的端口为Trunk链路

子接口（逻辑划分）

• 路由器的物理接口可以被划分成多个逻辑接口

• 每个子接口对应一个VLAN网段的网关

原理：路由器重新封装MAC地址、转换VLAN标签。

实验一

#交换机配置（不同网段通信需要配置网关）
<Huawei>undo t m
<Huawei>sys
[Huawei]vlan batch 10 20
[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]undo sh
​
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 20
[Huawei-GigabitEthernet0/0/3]undo sh
​
[Huawei-GigabitEthernet0/0/3]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]undo sh
​
#路由器配置
<Huawei>sys
[Huawei]u t m
[Huawei]int g0/0/0.10
#0-4095划分范围
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10
#“dot1q”里的1是数字1
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.10.1 24
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable
#arp协议默认关闭，一定要开启
[Huawei-GigabitEthernet0/0/0.10]undo sh
[Huawei-GigabitEthernet0/0/0.10]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.20.1 24
[Huawei-GigabitEthernet0/0/0.20]undo sh
[Huawei-GigabitEthernet0/0/0.20]arp broadcast enable
[Huawei-GigabitEthernet0/0/0.20]q
[Huawei]q
<Huawei>display interface brief
PHY: Physical
*down: administratively down
(l): loopback
(s): spoofing
(b): BFD down
^down: standby
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface                   PHY   Protocol InUti OutUti   inErrors  outErrors
GigabitEthernet0/0/0        up    down        0%     0%          0          0
GigabitEthernet0/0/0.10     up    up          0%     0%          0          0
GigabitEthernet0/0/0.20     up    up          0%     0%          0          0
GigabitEthernet0/0/1        down  down        0%     0%          0          0
GigabitEthernet0/0/2        down  down        0%     0%          0          0
NULL0                       up    up(s)       0%     0%          0          0

#LSW1里
<Huawei>
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]undo sh
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 10
[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/3]p l a
[Huawei-GigabitEthernet0/0/3]p d v 20
[Huawei-GigabitEthernet0/0/3]int g0/0/4
[Huawei-GigabitEthernet0/0/3]undo sh
[Huawei-GigabitEthernet0/0/4]p l a
[Huawei-GigabitEthernet0/0/4]p d v 20
[Huawei-GigabitEthernet0/0/4]undo sh
​
[Huawei-GigabitEthernet0/0/4]int g0/0/5
[Huawei-GigabitEthernet0/0/5]port link-type trunk
[Huawei-GigabitEthernet0/0/5]port trunk allow-pass vlan 10 20
[Huawei-GigabitEthernet0/0/5]undo sh
​
#LSW2里
​
<Huawei>u t m
<Huawei>sys
[Huawei]vlan batch 10 20
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]p l a
[Huawei-GigabitEthernet0/0/1]p d v 10
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/1]undo sh
[Huawei-GigabitEthernet0/0/2]p l a
[Huawei-GigabitEthernet0/0/2]p d v 20
[Huawei-GigabitEthernet0/0/2]int g0/0/5
[Huawei-GigabitEthernet0/0/2]undo sh
[Huawei-GigabitEthernet0/0/5]p l t
[Huawei-GigabitEthernet0/0/5]p t a v 10 20
[Huawei-GigabitEthernet0/0/5]undo sh
​
#AR1里
​
<Huawei>u t m
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int g0/0/0.10
##划分有范围0--4095
[Huawei-GigabitEthernet0/0/0.10]dot1q termination vid 10
##dot1q,“1”是数字1##将此端口与vlan id 10关联上
[Huawei-GigabitEthernet0/0/0.10]ip add 192.168.1.254 24
#分别配置网关与不同网络段的主机网关对应
[Huawei-GigabitEthernet0/0/0.10]arp broadcast enable
##因为华为ARP广播功能默认关闭的 思科是开启的##一定要记得
[Huawei-GigabitEthernet0/0/0.10]undo shutdown 
Info: Interface GigabitEthernet0/0/0.10 is not shutdown.
[Huawei-GigabitEthernet0/0/0.10]int g0/0/0.20
[Huawei-GigabitEthernet0/0/0.20]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/0.20]ip add 192.168.2.254 24
[Huawei-GigabitEthernet0/0/0.20]undo shutdown
Info: Interface GigabitEthernet0/0/0.20 is not shutdown.
[Huawei-GigabitEthernet0/0/0.20]arp broadcast enable

不同网段之间终端可联通则成功

单臂路由缺点：

• “单臂”为网络骨干链路，容易形成网络瓶颈

• 子接口依然依托于物理接口，应用不灵活

• VLAN间转发需要查看路由表，严重浪费设备资源

三层交换

三层交换虚拟出多个接口实现VLAN间通信（vlanif=vlaninterface）

传统的MLS

一次路由多次转发。交换ASIC从3层引擎中获悉2层重写信息在硬件中创建一个MLS条目。

负责重写和转发数据流中的后续数据包

基于CEF的MLS

CEF是一种基于拓扑转发的模型

转发信息表(FIB)——就是路由表

邻接关系表——MAC

为什么要用这个方法：

路由器端口有限，三层交换机可分出虚拟接口，连接更多主机

实验一

<Huawei>u t m
<Huawei>sys
[Huawei]vlan b 10 20 30
##创建10 20 30 三条vlan
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]p l a
[Huawei-Ethernet0/0/1]p d v 10
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/1]undo sh
##undo shoutdown 作用在真实交换机上
##因为交换机端口默认关闭，一定要记得输命令
[Huawei-Ethernet0/0/2]p l a
[Huawei-Ethernet0/0/2]p d v 20
[Huawei-Ethernet0/0/2]int e0/0/3
[Huawei-Ethernet0/0/2]undo sh
​
[Huawei-Ethernet0/0/3]p l a
[Huawei-Ethernet0/0/3]p d v 30
[Huawei-Ethernet0/0/3]undo sh
[Huawei-Ethernet0/0/3]int e0/0/4
[Huawei-Ethernet0/0/4]p l t
[Huawei-Ethernet0/0/4]p t a v a
[Huawei-Ethernet0/0/4]dis th
#
interface Ethernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
return
​
#在三层交换机上配置
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
[SW2-GigabitEthernet0/0/1]q
[SW2]vlan batch 10 20 30
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.1.254 24     
[SW2-Vlanif10]int vlanif 20
[SW2-Vlanif20]ip address 192.168.2.254 24
[SW2-Vlanif20]int vlanif 30
[SW2-Vlanif30]ip address 192.168.3.254 24
[SW2-Vlanif30]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 2
​
Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Vlanif1                           unassigned           up         down      
Vlanif10                          192.168.1.254/24     up         up        
Vlanif20                          192.168.2.254/24     up         up        
Vlanif30                          192.168.3.254/24     up         up   
​

测试PC3pingPC1，连通，成功。

倘若三层路由器上连接另一台路由器与主机呢

实验二

####LSW1中设置不同端口下的模式
[SW1]vlan batch 10 20 30
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]int e0/0/1
[SW1-Ethernet0/0/1]p l a
[SW1-Ethernet0/0/1]p d v 10
##prot default vlan 10
[SW1-Ethernet0/0/1]undo sh
​
[SW1-Ethernet0/0/1]int e0/0/2
[SW1-Ethernet0/0/2]p l a
[SW1-Ethernet0/0/2]p d v 20
[SW1-Ethernet0/0/2]undo sh
​
[SW1-Ethernet0/0/2]int e0/0/3
[SW1-Ethernet0/0/3]p l a
[SW1-Ethernet0/0/3]p d v 30
[SW1-Ethernet0/0/3]undo sh
​
[SW1-Ethernet0/0/3]int g0/0/1
[SW1-GigabitEthernet0/0/1]p l t
[SW1-GigabitEthernet0/0/1]p t a v a
##prot trunk allow-pass vlan all
​
####LSW2中设置不同端口
<Huawei>u t m
<Huawei>sys
[Huawei]sys SW2
[SW2]vlan batch 10 20 30 100
##创建vlan分别接纳四段网络
[SW2]
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]p l a
[SW2-GigabitEthernet0/0/2]p d v 100
[SW2-GigabitEthernet0/0/2]int g0/0/1
[SW2-GigabitEthernet0/0/1]p l t
[SW2-GigabitEthernet0/0/1]p t a v a
##之后针对不同子接口添加地址
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.1.254 24
[SW2-Vlanif10]int vlanif 20
[SW2-Vlanif20]ip address 192.168.2.254 24
[SW2-Vlanif20]int vlanif 30
[SW2-Vlanif30]ip address 192.168.3.254 24
[SW2-Vlanif30]int vlanif 100
[SW2-Vlanif100]ip address 192.168.4.1 24
[SW2-Vlanif100]dis ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 2
​
Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Vlanif1                           unassigned           up         down      
Vlanif10                          192.168.1.254/24     up         up        
Vlanif20                          192.168.2.254/24     up         up        
Vlanif30                          192.168.3.254/24     up         up        
Vlanif100                         192.168.4.1/24       up         up        
[SW2-Vlanif100]ip route-static 192.168.5.0 24 192.168.4.2
​

DHCP

动态主机配置协议，自动给主机分配IP地址

DHCP服务器会为大量主机分配IP地址，能够集中管理。

先问当前局域网中是否有DHCP服务器

如果有，服务器返回网络参数报文

主机接收进行配置并发送，我已配置，并将刚刚的地址从地址池中剔除

服务器，我已剔除。

报文类型	含义
DHCP DISCOVER	客户端用来寻找DHCP服务器
DHCP OFFER	DHCP服务器用来响应DHCP DISCOVER报文，此报文携带了各种配置信息
DHCP REQUEST	客户端请求配置确认，或者续借租期
DHCP ACK	服务器对REQUEST报文的确认响应
DHCP NAK	服务器对REQUEST报文的拒绝响应
DHCP RELEASE	客户端要释放地址时用来通知服务器

• 如果IP租约到期前都没有收到服务器响应，客户端停止使用此IP地址。

• 如果DHCP客户端不再使用分配的IP地址，也可以主动向DHCP服务器发送DHCP RELEASE报文，释放该IP地址。