摘要:某企业网络拓扑如下图所示,企业内部有vlan10和20,IP地址分别为192.168.10.0/24和192.168.20.0/24,网关为192.168.x.254/24。
某企业网络拓扑如下图所示,企业内部有vlan10和20,IP地址分别为192.168.10.0/24和192.168.20.0/24,网关为192.168.x.254/24。
企业网网络拓扑图
很多同学纠结 :核心交换机与出口路由器连接的端口是access还是trunk呢?如何实现交换机与路由器对接互联,其实有多种方案,我们一一为大家介绍。
规划VLAN 100作为核心交换机和出口路由器的对接VLAN,Vlanif 100地址为192.168.100.1/30,路由器G0/0/0接口IP地址为192.168.100.2/30。
接入交换机配置要点:
(1)创建VLAN 10和20;
(2)把接口G0/0/1、G0/0/2、G0/0/3设置为access接口,并划入对应VLAN;
(3)把接口G0/0/24设置为trunk,并允许VLAN10和20通过。
接入交换机配置命令:
[Huawei] sysname acsw[acsw] vlan batch 10 20 //创建VLAN 10和20[acsw] int g0/0/1[acsw-GigabitEthernet0/0/1] port link-type access //接口设置为access[acsw-GigabitEthernet0/0/1] port default vlan 10 //接口放入VLAN 10[acsw-GigabitEthernet0/0/1] quit [acsw] int g0/0/2[acsw-GigabitEthernet0/0/2] port link-type access [acsw-GigabitEthernet0/0/2] port default vlan 10[acsw-GigabitEthernet0/0/2] quit [acsw]int g0/0/3[acsw-GigabitEthernet0/0/3] port link-type access [acsw-GigabitEthernet0/0/3] port default vlan 20[acsw-GigabitEthernet0/0/3] quit [acsw] int g0/0/24[acsw-GigabitEthernet0/0/24] port link-type trunk //接口设置为trunk[acsw-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 //trunk接口放行VLAN 10和20的流量核心交换机配置要点:
(1)创建VLAN10、20和100,前两个为业务VLAN,而VLAN 100为核心交换机与路由器的对接VLAN;
(2)分别配置Vlanif10、Vlanif20和Vlanif100,前两个为用户网关,Vlanif100为核心交换机与路由器的对接地址;
(3)接入和核心互联接口配置为trunk,并允许业务VLAN 10和20通过;
(4)核心交换机和出口路由器互联接口设置为access接口,并划入VLAN 100。
核心交换机配置命令:
[Huawei] sysname coresw[coresw] vlan batch 10 20 100 //批量创建VLAN 10、20和100[coresw] interface Vlanif 10[coresw-Vlanif10] ip address 192.168.10.254 24 //给vlanif 10配置IP地址[coresw-Vlanif10] quit [coresw] interface Vlanif 20[coresw-Vlanif20] ip address 192.168.20.254 24[coresw-Vlanif20] quit [coresw] interface Vlanif 100[coresw-Vlanif100] ip address 192.168.100.1 30[coresw] interface g0/0/24[coresw-GigabitEthernet0/0/24] port link-type trunk [coresw-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20[coresw] interface g0/0/1[coresw-GigabitEthernet0/0/1] port link-type access [coresw-GigabitEthernet0/0/1] port default vlan 100出口路由器配置命令:
[Huawei] sysname router[router] interface g0/0/0[router-GigabitEthernet0/0/0] ip address 192.168.100.2 30 //配置接口IP地址[router] ip route-static 192.168.10.0 24 192.168.100.1 //配置回程路由[router] ip route-static 192.168.20.0 24 192.168.100.1 //配置回程路由测试连通性,PC1可以ping通PC3,也可以ping通出口路由器,通信正常。
PC1>ping 192.168.20.1Ping 192.168.20.1: 32 data bytes, Press Ctrl_C to breakFrom 192.168.20.1: bytes=32 seq=1 ttl=127 time=172 msFrom 192.168.20.1: bytes=32 seq=2 ttl=127 time=94 msFrom 192.168.20.1: bytes=32 seq=3 ttl=127 time=78 msFrom 192.168.20.1: bytes=32 seq=4 ttl=127 time=78 msFrom 192.168.20.1: bytes=32 seq=5 ttl=127 time=78 ms--- 192.168.20.1 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 78/100/172 msPC> ping 192.168.100.2Ping 192.168.100.2: 32 data bytes, Press Ctrl_C to breakFrom 192.168.100.2: bytes=32 seq=1 ttl=254 time=78 msFrom 192.168.100.2: bytes=32 seq=2 ttl=254 time=63 msFrom 192.168.100.2: bytes=32 seq=3 ttl=254 time=47 msFrom 192.168.100.2: bytes=32 seq=4 ttl=254 time=62 msFrom 192.168.100.2: bytes=32 seq=5 ttl=254 time=47 ms--- 192.168.100.2 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 47/59/78 ms该方案需要将核心交换机修改为CE6800系列,eNSP中S5700不支持undo portswitch。核心交换机不需要配置VLAN 100和vlanif 100,其他配置一致。核心交换机可以直接用三层接口与出口路由器实现对接。
核心交换机配置命令:
system-view immediately //敲完命令立即生效,不用再commit确认[HUAWEI] sysname coresw[coresw] interface g1/0/1 //CE6800没有g0/0/1接口,这里用g1/0/1接口替换[coresw-GE1/0/1] undo portswitch //关闭二层接口特性,将接口设置为三层接口[coresw-GE1/0/1] ip address 192.168.100.1 30 //配置接口IP地址,与出口路由器对接如果PC网关不在核心交换机,而在出口路由器,可采用子接口完成核心交换机和路由器的对接以及VLAN间路由。接入交换机配置没有变化。
核心交换机配置要点:
(1)创建VLAN 10和20;
(2)核心交换机上行和下行接口均配置为trunk,允许VLAN 10和20通过。
核心交换机配置命令:
[Huawei] sysname coresw[coresw] vlan batch 10 20 //创建VLAN 10和20[coresw] int g0/0/1[coresw-GigabitEthernet0/0/1] port link-type trunk //上行接口配置为trunk[coresw-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20 //trunk上放行VLAN 10和20[coresw-GigabitEthernet0/0/1] quit [coresw] interface g0/0/24[coresw-GigabitEthernet0/0/24] port link-type trunk //下行接口配置为trunk[coresw-GigabitEthernet0/0/24] port trunk allow-pass vlan 10 20 //trunk上放行VLAN 10和20出口路由器配置要点:
(1)配置子接口和IP地址,作为用户网关;
(2)配置802.1Q终结的VID,实现VLAN标签封装和剥离;
(3)开启子接口的ARP广播功能,实现跨VLAN流量转发。
出口路由器配置命令(单臂路由):
[Huawei]sysname router[router] interface g0/0/0.10 //进入子接口[router-GigabitEthernet0/0/0.10] ip address 192.168.10.254 24 //配置IP地址[router-GigabitEthernet0/0/0.10] dot1q termination vid 10 //配置子接口终结VLAN 10的流量[router-GigabitEthernet0/0/0.10] quit [router] interface g0/0/0.20[router-GigabitEthernet0/0/0.20] ip address 192.168.20.254 24[router-GigabitEthernet0/0/0.20] dot1q termination vid 20 [router-GigabitEthernet0/0/0.20] quit [router] int g0/0/0.10 [router-GigabitEthernet0/0/0.10] arp broadcast enable //开启子接口arp广播功能,实现跨VLAN流量转发[router-GigabitEthernet0/0/0.10] quit [router] int g0/0/0.20[router-GigabitEthernet0/0/0.20] arp broadcast enable //开启子接口arp广播功能,实现跨VLAN流量转发来源:summer课堂