1. 单臂路由技术
现在大部分中小型企业内部网络中可能会有划分多个局域网的需求,通常一个二层交换机连接一个局域网,三层路由器的一个物理接口连接一个局域网,这意味着在组建企业网络时会消耗很多的交换机和路由器这些硬件资源。为了节省资源同时还能实现多个VLAN间通信需要更好的解决方案,例如单臂路由技术。
单臂路由技术就是用于解决多个VLAN间通信的,它通过三层路由器一个的物理接口来虚拟出多个逻辑子接口,并在每个逻辑子接口上配置不同VLAN间的默认网关,例如当不同VLAN间的PC需要进行通信时,只需把数据发送到默认网关,然后三层路由器会查找路由表把数据转发到对应的逻辑子接口(以此来转发不同VLAN间的数据流量),从而实现多个VLAN间通信。
注意:逻辑子接口只是一个虚拟的说法,真正的物理链路实际上只有一条。
举个栗子,如下图所示:
上图是单臂路由技术的一个简单网络拓扑,PC1和PC2分别处于不同的VLAN,R1作为一个三层路由器,它的两个逻辑子接口也配置了不同VLAN的默认网关,10.254是VLAN10的网关,20.254是VLAN20的网关。
当PC1和PC2通信时,PC1首先会把数据包丢给SW1交换机,并由SW1交换机转发给R1路由器的网关(即逻辑子接口f0/0.10),然后R1路由器再查找路由表,然后把数据从网关(逻辑子接口f0/0.20)转发出去,由SW1交换机再发送给PC2,最终实现PC1和PC2通信。
开始单臂路由技术部署实验,SW1交换机创建VLAN10/VLAN20,并将SW1和R1设备之间的链路开启Trunk模式:
SW1#vlan database
SW1(vlan)#vlan 10 name VLAN10
VLAN 10 added:
Name: VLAN10
SW1(vlan)#vlan 20 name VLAN20
VLAN 20 added:
Name: VLAN20
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#
SW1#conf t
SW1(config)#int f0/0
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk 将f0/1接口划入到VLAN10,f0/2接口划入到VLAN20中:
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#exit
SW1(config)#int f0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1(config-if)#exit
SW1(config)#exit
SW1#
SW1#show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15
10 VLAN10 active Fa0/1
20 VLAN20 active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW1#配置PC1的ip地址和默认网关:
PC1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PC1(config)#no ip routing
PC1(config)#
PC1(config)#int f0/0
PC1(config-if)#no shutdown
PC1(config-if)#ip address 192.168.10.1 255.255.255.0
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.10.254配置PC2的ip地址和默认网关:
PC2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PC2(config)#no ip routing
PC2(config)#int f0/0
PC2(config-if)#no shutdown
PC2(config-if)#
*Mar 1 00:12:49.919: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:12:50.919: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
PC2(config-if)#ip address 192.168.20.1 255.255.255.0
PC2(config-if)#exit
PC2(config)#ip default-gateway 192.168.20.254然后在R1设备上部署单臂路由技术,配置VLAN10/VLAN20的逻辑子接口和网关:
R1(config)#int f0/0.?
<0-4294967295> FastEthernet interface number
R1(config)#int f0/0.
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip address 192.168.10.254 255.255.255.0
R1(config-subif)#exit
R1(config)#
R1(config)#int f0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip address 192.168.20.254 255.255.255.0
R1(config-subif)#exit
R1(config)#从上面的信息可以看出,理论上三层路由设备上可以开启很多个逻辑子接口,其范围是: <0-4294967295>。
查看R1设备的路由表信息:
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, FastEthernet0/0.10
C 192.168.20.0/24 is directly connected, FastEthernet0/0.20
R1# PC1和PC2测试网络连通性:
PC1#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 80/81/84 ms
PC1#PC1发送一个ping包给PC2,然后通过wireshark抓包:
PC1#ping 192.168.20.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 100/100/100 ms
PC1#Wireshark抓取到的数据包,如下图所示:
很明显刚才PC1只发送了一个ping包给PC2,但是从IP地址上看,为什么PC1给PC2发送了2个呢?并且第一个请求包的VLAN号是10,第二个请求包的VLAN号是20。
IP地址是分析不出什么,因此我们从ping包封装的mac地址入手,首先查看SW1交换机的MAC地址表:
SW1#show mac-address-table
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
cc02.2e70.0000 Self 1 Vlan1
cc01.1bd4.0000 Dynamic 1 FastEthernet0/0
cc04.18ac.0000 Dynamic 20 FastEthernet0/2
cc03.27a4.0000 Dynamic 10 FastEthernet0/1
SW1#其中cc01.1bd4.0000是R1路由器的mac地址,cc04.18ac.0000是PC2的mac地址,cc03.27a4.0000是PC1的mac地址。
此时,我们通过这三个MAC地址信息,就可以开始分析PC1和PC2的ping包:
- 当PC1发送一个ping包给PC2时,首先会转发到SW1交换机,然后SW1交换机会把该ping包打上VLAN10的“标签”转发给R1路由器。
- R1设备拿到这个ping包,查看ping包的目的ip地址,然后根据其目的ip地址查找路由表发现是PC2主机的,于是修改该ping包的目的mac地址并转发给PC2,同时打上VLAN20的“标签”。
- 然后PC2给R1发送一个响应包
- R1再把这个响应包转发给PC1,最后PC1和PC2完成通信。
2. 三层交换
单臂路由技术存在的一个缺点就是,当交换机到路由器之间的链路发生故障时,那么全网都无法进行通信,单臂路由技术的好处在于节省资源,但缺点是容易导致单点故障问题,后来又引入了三层交换机技术。
三层交换机简单来理解就是 集成了二层交换机和三层路由器的功能。
三层交换机也有一种叫做SVI的逻辑接口,其功能类似于单臂路由技术中三层路由器中的逻辑子接口,不同的是三层交换机具有很多的SVI逻辑接口,一个VLAN对应一个SVI逻辑接口。
三层交换技术的部署环境要求:二层交换机和三层交换机之间的链路必须为Trunk链路。
SW1交换机开启Trunk模式:
SW1(config)#
SW1(config)#int f0/0
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
*Mar 1 00:02:47.599: %DTP-5-TRUNKPORTON: Port Fa0/0 has become dot1q trunkit
SW1(config)#SW2交换机开启Trunk模式:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/0
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk SW1交换机开启VTP技术,设置为Server节点,创建VLAN10/VLAN20,配置如下:
SW1#vlan database
SW1(vlan)#vtp server
Device mode already VTP SERVER.
SW1(vlan)#vtp domain TEST
Changing VTP domain name from NULL to TEST
SW1(vlan)#vtp password 123456
Setting device VLAN database password to 123456.
SW1(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
SW1(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
SW1(vlan)#
SW1(vlan)#exit
APPLY completed.
Exiting....
SW1#SW2交换机开启VTP技术并设置为Client节点,配置如下:
SW2#vlan database
SW2(vlan)#vtp client
Setting device to VTP CLIENT mode.
SW2(vlan)#vtp domain TEST
Domain name already set to TEST .
SW2(vlan)#vtp password 123456
Setting device VLAN database password to 123456.
SW2(vlan)#show命令查看SW2交换机的vlan信息:
SW2#show vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15
10 VLAN0010 active
20 VLAN0020 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
SW2#将SW2学到的VLAN10和VLAN20分别划入到f0/1和f0/2接口,配置如下:
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#int f0/1
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 10
SW2(config-if)#exit
SW2(config)#int f0/2
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 20
SW2(config-if)#exit
SW2(config)#exit
SW2#配置PC1的ip地址和默认网关:
PC1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PC1(config)#no ip routing
PC1(config)#int f0/0
PC1(config-if)#no shutdown
PC1(config-if)#
*Mar 1 00:13:01.403: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:13:02.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
PC1(config-if)#
PC1(config-if)#ip address 192.168.10.1 255.255.255.0
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.10.254配置PC2的ip地址和默认网关:
PC2#
PC2#conf t
PC2(config)#no ip routing
PC2(config)#int f0/0
PC2(config-if)#no shutdown
PC2(config-if)#ip address 192.168.20.1 255.255.255.0
PC2(config-if)#exit
PC2(config)#ip default-gateway 192.168.20.254一般三层交换机默认情况下关闭了三层路由功能,需要手动开启,并且还需要为不同VLAN配置网关,配置如下:
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#ip routing
SW1(config)#int vlan 10
SW1(config-if)#
*Mar 1 00:21:59.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
SW1(config-if)#ip address 192.168.10.254 255.255.255.0
SW1(config-if)#exit
SW1(config)#int vlan 20
SW1(config-if)#
*Mar 1 00:22:42.631: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
SW1(config-if)#ip address 192.168.20.254 255.255.255.0
SW1(config-if)#exit
SW1(config)#查看SW1交换机的路由表信息:
SW1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
SW1#从三层交换机中的路由表中确实看到了两条路由信息,10.0是VLAN10的路由,20.0是VLAN20的路由。
PC1测试网络连通性:
PC1#ping 192.168.10.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/271/1060 ms
PC1#
PC1#ping 192.168.201
% Unrecognized host or address, or protocol not running.
PC1#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 68/81/104 ms
PC1#三层技术部署实验完成。
原创文章 317
获赞 280
访问量 24万+