The last blog talked about what a virtual local area network is and how to build a virtual local area network. This article describes how to communicate between different virtual local area networks.
The communication between different virtual local area networks needs to be forwarded by routing devices. The routing device can be a router or a Layer 3 switch with routing functions.
Last lecture: Understanding and building virtual local area network (https://mp.csdn.net/postedit/80199792)
This talk:
1. Use Layer 2 switch-router to achieve access between different virtual local area networks.
method one:
We call it the dual-arm routing method. The so-called dual-arm routing method means that there are two lines from the switch to the router. In fact, three lines are fine, but there are very few router interfaces. This dual-arm routing method is rarely used to implement communication between different virtual LANs. However, having said that, the method still has to come out, please see the picture below:
In the above picture, we connect the router and switch with two straight-through cables. Divide the switch into two subnets, 192.168.1.0/24 and 192.168.2.0/24.
Use a switch to divide two virtual local area networks vlan10 and Vlan20. There are two hosts pc0 and pc5 in the Vlan10 virtual local area network, and one pc1 host in the Vlan20 virtual local area network.
The ports fa0/3 and fa0/4 of the switch connected to the router are both set to Access mode, fa0/3 is set to Vlan10, and fa0/4 is set to vlan20. In this way, the two virtual LANs of the switch have channels to the router respectively. The data of the virtual local area network vlan10 is forwarded to the fa0/0 port of the router through the fa0/3 port, and the data of the Vlan20 is forwarded to the fa0/4 port of the router through the fa0/4 port.
In this way, the two virtual local area networks can access each other. The following figure shows that pc0 of virtual local area network Vlan10 pings pc1 of virtual local area network vlan20, and the ping is successful, indicating that access is achieved between different virtual local area networks.
Method two:
One-arm routing:
One-arm routing means that there is only one physical data link to the router. Simply put, there is only one line between the router and the switch. Unlike two arms, each virtual LAN needs a line to connect to the router.
There is a question here. If only one physical line is used, how does the router identify whether the data sent by the switch is the data of Vlan10 virtual local area network or Vlan20?
Two protocols are used here, IEEE802.1Q protocol and ISL protocol. These two protocols mark the virtual local area network number for the data frame, so that the router knows which virtual local area network transmits the data. IEEE802.1Q and ISL, the following is a brief introduction of the protocol:
802.1Q: The basic standard IEEE protocol, which is an industry standard.
ISL (Inter-Switch Link): Cisco's proprietary Trunk encapsulation method.
The 802.1q protocol inserts a 4-byte Tag field between the source MAC and Type fields of the Ethernet frame, and rewrites the original FCS. The TAG field includes priority and VLANID, and TPID=0X8100 indicates an Ethernet frame.
The ISL protocol is a 26-byte frame header at the outermost layer of the Ethernet frame, and the recalculated CRC is placed at the end of the frame. In the 26-byte header, 15 bits are used to represent VLAN, but only the lower 10 bits are used. That is, the number of 1024 VLANs. In the 26-byte header, 15 bits are used to represent VLAN, but only the lower 10 bits are used. That is, the number of 1024 VLANs.
Here we only use 802.1q, because this protocol is the industry standard, so it is recommended to use the 802.1q protocol.
Let's take a look at the topology diagram first:
We use host pc0 to ping host pc5.
Let's first take a look at what a general data link layer encapsulated Ethernet frame looks like. The following figure shows that the host pc0 normally sends the Ethernet II frame format and instance of the switch switch0, which belongs to one type of Ethernet frame format, and there are four types. Readers can Baidu other three formats.
It can be seen from the above that the Ethernet frame does not indicate which virtual local area network the data frame belongs to. Under normal circumstances, this data frame should be directly forwarded by the switch without any modification. However, when the port forwarded by the switch uses the 8021.q protocol, the above Ethernet frame will be encapsulated and marked. See the figure below, the format and example of the Ethernet frame forwarded by the switch.
Added field description:
Start-of-Frame Delimiter (SFD) - 1 byte. In the field, 1 and 0 are used alternately, and the end is two consecutive 1s, indicating that the next bit is the reused bit of the reused byte of the destination address.
TPID - The value is 8100 (hex). When the EtherType in the frame is also 8100, the frame carries the tag IEEE 802.1Q/802.1P.
TCI - Tag Control Information field, including User Priority, Canonical Format Indicator, and VLAN ID.
We found that other fields appeared in Ethernet frames. The TPID is used to indicate the type of the encapsulation protocol. For example, the above numerical TPID indicates that the encapsulation protocol is 802.1q.
TCI is mainly used to mark VLan ID.
You may understand that the 802.1q protocol is actually adding some labels to the Ethernet frame of the data link layer, such as virtual local area network ID (Vlan ID) , so that after the switch forwards the Ethernet frame to the router, if the router port also Using the 802.1q protocol, we know that these data belong to those virtual local area networks, and then the next step can be forwarded as much as possible.
So the key point is the 802.1q protocol.
Therefore, the port connected to the switch and the router must be encapsulated with the 802.1q protocol to allow communication between different virtual local area networks.
So about the role of the 802.1q protocol, do you understand?
Then how to configure the port 802.1q protocol of switches and routers, please continue to read
Next we start to enter the configuration operation:
First we divide two subnets 1 192.168.1.0/24 and subnet 2 192.168.2.0/24 . Subnet 1 has two hosts and subnet 2 has one host.
Please see the image below:
In the picture we used switch 2950 and router 1841 in a Cisco simulator, and then selected three hosts. The three pc0 and pc5 belong to the virtual local area network Vlan10, and pc1 belongs to the virtual local area network Vlan20. Try the specific configuration information below.
1、交换机: Vlan数据库我们建立两个虚拟局域网,名称Vlan10和Vlan20, Vlan号为10和20,交换机与主机之间的端口设置为Access模式,交换机连接路由器的端口fa0/3设置为Trunk模式。
2、路由器:我们使用直通线将路由器的fa0/0端口连接到交换机端口fa0/3。
说明:路由器fa0/0端口不用设置i和子网掩码,因为我们要使用的不是物理接口fa0/0,我们要使用的是路由器fa0/0端口的逻辑子接口,你可以想象成这个端口有多个子接口可以与交换机相连,就好像双臂路由一样,只是肉眼看不见而已。
路由器我们使用两个逻辑子接口fa/0.1和fa0/0.2,来连接两个子网,fa0/0.1的设置为ip:92.168.1.1子网掩码255.255.255.0, fa0/0.2接口设置为ip:192.168.2.1和255.255.255.0,这两个ip地址分别作为两个子网的网关。
3、pc0: ip:192.168.1..2 ,子网掩码:255.255.255.0 网关:192.168.1.1 接入交换机的fa0/1端口,交换机的端口fa0/1设置为Access和Vlan10。
pc1: ip:192.168.2.1 子网掩码:255.255.255.0 网关:192.168.2.1 接入交换机的fa0/2端口,交换机的端口fa0/2设置为Access和Vlan20。
pc5: ip:192.168.1.3 子网掩码:255.255.255.0 网关:192.168.2.1 接入交换机的fa0/5端口, 交换机的端口fa0/5设置为Access和Vlan10。
具体配置步骤,你也可以选择命令行配置,我是为了让大家看的更直观,采用图形界面配置。
第一步:
1.主机信息配置:下图只是一个主机实例,其他主机类似。
第二步:
1、给交换机添加vlan数据库,并将设置相应的交换机的端口。
添加Vlan10和Vlan20。
2、配置交换机连接主机的端口:下图只是一个fa0/1,其他端口类似。
3、配置交换机连接路由器的端口:设置为Trunk模式。
关于dot1.q协议封装的说明:
2950只支持802.1Q,所以配置trunk的时候,默认封装dot1.q的
3560这些,支持多种,所以需要指定是哪一种封装模式。
2950交换机默认封装的是dot1q协议,所以你就不用在fa0/3端口再封装802.1q协议了。如果其他交换机,可能需要封装802.1q协议,就输入下面命令,进入相应的接口,输入switchport trunk encapsulationdot1q。例如这里的fa0/3端口,命令如下:
enable
config t
switchport trunk encapsulation dot1q
这里出错,是因为2950交换机已经封装了802.1q协议。所以其实没必要再封装这个端口的协议。
第三步:
路由器配置,这里我们使用fa0/0的逻辑子端口,所以不能通过图形界面配置,只能命令行配置。
路由器配置图如下:
首先给路由器添加同样的Vlan数据库Vlan10和Vlan20
路由配置命令:
Hover the mouse over the router for a few seconds and information on all interfaces will be displayed. You can check whether the setting is successful.
Test result: successful. It's so tiring to write! ! !
Method three:
The routers and Layer 2 switches described above are used in combination to implement routing forwarding. In fact, as long as the switch has the routing function, it is not necessary to connect to the router. Layer 3 switches and above have such a function.
The following three layers of switches are used to realize the communication of different virtual local area networks.
There are roughly two cases
1. Let’s first look at the first case, the Layer 3 switch is directly connected to the host.
The Layer 3 switches in the Cisco Simulator generally start with 3, as shown in the figure below, with the model number 3560. If it starts with 2, it is a Layer 2 switch and has no routing function.
The three-layer switch in the figure above divides two virtual local area networks, Vlan10 and Vlan20. The hosts pc0 and pc1 belong to the virtual local area network Vlan10, and the host pc2 belongs to the virtual local area network Vlan20. ip address configuration subnet mask configuration, as shown.
Then add the Vlan database Vlan10 and Vlan20 to the Layer 3 switch.
You can also enter it from the command line: enter the following:
(1) Create Vlan and name it
Switch>enableSwitch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name Vlan10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name Vlan20
(2) Assign the VLAN number to the interface
Switch(config)#int fa0/1 //进入交换机端口fa0/1
Switch(config-if)#switchport mode access //将fa0/1端口设置为Access模式。
Switch(config-if)#switchport access vlan 10//将fa0/1端口划分为Vlan 10
图形
下面就是配置交换机的路由功能了:
Switch> enable
Switch# configure terminal
Switch(config)#ip routing //启动三层交换机路由功能
Switch(config)# interface Vlan 10 //添加设置关联Vlan号为10的路由端口
Switch(config-if)# ip address 192.168.1.1 255.255.255.0 //为该路由端口设置IP和子网掩码
Switch(config-if)# no shutdown //启动该端口
Switch(config-if)# exit //退出该端口
Switch(config)# interface Vlan 20 //添加设置关联Vlan号为20的路由端口
Switch(config-if)# ip address 192.168.2.1 255.255.255.0 //为该路由端口设置IP和子网掩码
Switch(config-if)# no shutdown //启动该端口
Switch(config-if)# exit //退出该端口
Switch(config-if)# end //完成退出
Switch# show ip route //查看路由信息
下图最后出现了配置信息,说明配置成功。
主机pc0来ping主机pc2,测试成功:
2、再来看第二种情况:
路由器的配置跟第一种一样,开启路由功能, ip routing ,然后创建Vlan10 和Vlan20, 再然后命令行进入Vlan10和Vlan20接口。配置ip和子网掩码。
显示路由表
测试:
