##实验 1-4 VLAN 间路由

##实验 1-4 VLAN 间路由
学习目标
 掌握用于VLAN间路由的Trunk接口的配置方法
 掌握在单个物理接口上配置多个子接口的方法
 掌握在VLAN间实现ARP通信的配置方法
在这里插入图片描述

企业内部网络通常会通过划分不同的VLAN来隔离不同部门之间的二层通
信，并保证各部门间的信息安全。但是由于业务需要，部分部门之间需要实现跨VLAN通信，网络管理员决定借助路由器，通过配置单臂路由实现R1与R3之间跨VLAN通信需求。
操作步骤
步骤一. 实验环境准备
如果本任务中您使用的是空配置设备，需要从步骤1开始配置，然后跳过步
骤2。如果使用的设备包含上一个实验的配置，请直接从步骤2开始配置。
配置R1、R3和S1的设备名称，并按照拓扑图配置R1的G0/0/1接口的IP地
址。
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.4.1 24
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R3
system-view
[Quidway]sysname S1
步骤二. 清除设备上原有的配置
删除R3的G0/0/2接口IP地址，清除交换机上GVRP的配置并关闭无关端口。
[R3]interface GigabitEthernet 0/0/2
[R3-GigabitEthernet0/0/2]undo ip address
[S1]undo gvrp
[S1]interface GigabitEthernet 0/0/13
[S1-GigabitEthernet0/0/13]undo port trunk allow-pass vlan 2 to 4094
[S1-GigabitEthernet0/0/13]shutdown
[S1-GigabitEthernet0/0/13]quit
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]undo port hybrid vlan 2 4
[S1-GigabitEthernet0/0/1]quit
[S1]undo vlan batch 2 100 200
[S2]undo gvrp
[S2]interface GigabitEthernet 0/0/6
[S2-GigabitEthernet0/0/6]undo port trunk allow-pass vlan 2 to 4094
[S2-GigabitEthernet0/0/6]shutdown
[S2-GigabitEthernet0/0/6]quit
[S2]interface GigabitEthernet 0/0/3
[S2-GigabitEthernet0/0/3]undo port hybrid vlan 2 4
[S2-GigabitEthernet0/0/3]quit
[S2]undo vlan batch 2 100 200
[S3]undo gvrp
[S3]interface Ethernet 0/0/13
[S3-Ethernet0/0/13]undo port trunk allow-pass vlan 2 to 4094
[S3-Ethernet0/0/13]port link-type hybrid
[S3-Ethernet0/0/13]quit
[S3]interface Ethernet 0/0/1
[S3-Ethernet0/0/1]undo port trunk allow-pass vlan 2 to 4094
[S3-Ethernet0/0/1]quit
[S3]undo vlan 2
[S4]undo gvrp
[S4]interface Ethernet 0/0/6
[S4-Ethernet0/0/6]undo port trunk allow-pass vlan 2 to 4094
[S4-Ethernet0/0/6]port link-type hybrid
[S4-Ethernet0/0/6]quit
[S4]interface Ethernet 0/0/1
[S4-Ethernet0/0/1]undo port trunk allow-pass vlan 2 to 4094
[S4-Ethernet0/0/1]quit
[S4]undo vlan 2
步骤三. 为 R3 配置 IP 地址
按照拓扑图配置R3上的G0/0/1接口的IP地址。
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.8.1 24
步骤四. 创建 VLAN
在S1上创建VLAN 4和VLAN 8，将端口G0/0/1加入到VLAN 4中，将端口
G0/0/3加入到VLAN 8中。
[S1]vlan batch 4 8
Info: This operation may take a few seconds. Please wait for a moment…done.
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 4
[S1-GigabitEthernet0/0/1]quit
[S1]interface GigabitEthernet0/0/3
[S1-GigabitEthernet0/0/3]port link-type access
[S1-GigabitEthernet0/0/3]port default vlan 8
[S1-GigabitEthernet0/0/3]quit
将S1连接路由器的G0/0/2端口配置为Trunk接口，并允许VLAN 4和VLAN
8的报文通过。
[S1]interface GigabitEthernet0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 4 8
步骤五. 配置 R2 上的子接口实现 VLAN 间路由
由于路由器只有一个实际的物理接口与交换机S1相连，而实际上不同部门
属于不同VLAN和不同网段，所以在路由器上配置不同的逻辑子接口来扮演不同的网关角色，在R2上配置子接口G0/0/1.1和G0/0/1.3，并作为VLAN 4和VLAN 8的网关。
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]interface GigabitEthernet0/0/1.1
[R2-GigabitEthernet0/0/1.1]ip address 10.0.4.254 24
[R2-GigabitEthernet0/0/1.1]dot1q termination vid 4
[R2-GigabitEthernet0/0/1.1]arp broadcast enable
[R2-GigabitEthernet0/0/1.1]quit
[R2]interface GigabitEthernet0/0/1.3
[R2-GigabitEthernet0/0/1.3]ip address 10.0.8.254 24
[R2-GigabitEthernet0/0/1.3]dot1q termination vid 8
[R2-GigabitEthernet0/0/1.3]arp broadcast enable
在R1和R3上各配置一条默认路由指向各自的网关。
[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.4.254
[R3]ip route-static 0.0.0.0 0.0.0.0 10.0.8.254
配置完成后，检测R1与R3间的连通性。
ping 10.0.8.1
配置文件
[R1]display current-configuration
[V200R007C00SPC600]

sysname R1

interface GigabitEthernet0/0/1
ip address 10.0.4.1 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 10.0.4.254

user-interface con 0
authentication-mode password
set authentication password cipher % $%$ dD#}P<HzJ;Xs%X>hOkm!,.+Iq61QKK6tI}cc -;k_oC.+L,% $%$
user-interface vty 0 4

return
[R2]display current-configuration
[V200R007C00SPC600]

sysname R2

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/1.1
dot1q termination vid 4
ip address 10.0.4.254 255.255.255.0
arp broadcast enable

interface GigabitEthernet0/0/1.3
dot1q termination vid 8
ip address 10.0.8.254 255.255.255.0
arp broadcast enable

user-interface con 0
authentication-mode password
set authentication password cipher % $%$ |nRPL^hr2IXi7LHDID!/,.%.8%h;3:,hXO2d
k#ikaWI.(,% $%$
user-interface vty 0 4

return
[R3]display current-configuration
[V200R007C00SPC600]

sysname R3

interface GigabitEthernet0/0/1
ip address 10.0.8.1 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 10.0.8.254

user-interface con 0
authentication-mode password
set authentication password cipher % $%$ W| $KaTeX parse error: Expected 'EOF', got '}' at position 5: )M5D}̲v@bY^gK\;>QR,.*…$ %$
user-interface vty 0 4

Return
[S1]display current-configuration

!Software Version V200R008C00SPC500
sysname S1

vlan batch 4 8

interface GigabitEthernet0/0/1
port link-type access
port default vlan 4

interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 4 8

interface GigabitEthernet0/0/3
port link-type access
port default vlan 8

user-interface con 0
user-interface vty 0 4

return

##实验 1-4 VLAN 间路由

猜你喜欢