VLANs can isolate Layer 2 broadcast domains, and users belonging to different VLANs cannot communicate at Layer 2. However, in practical applications, it is often required to realize communication between different vlans, so how to realize communication between vlans?
Packets can be forwarded from one VLAN to another by means of Layer 3 routing. VLAN routing can be realized through a Layer 2 switch with routing, or through a Layer 3 switch
Enthusiastic Xiao Wang will introduce the next three methods to realize the communication between vlans.
1 Allocate a physical interface for each VLAN through the router to realize inter-VLAN communication
Implementation method: Assign a separate interface to each VLAN on the router, and use a physical link to connect to the Layer 2 switch.
When the hosts between VLANs need to communicate, the data will be routed through the router at Layer 3 and forwarded to the hosts in the destination VLAN, so that mutual communication between VLANs can be realized.
Configuration idea:
The Layer 3 interface of the router acts as a gateway, forwarding traffic from this network segment to other network segments.
The Layer 3 interface of the router cannot process the data frame carrying the VLANTag, so the interface connected to the router on the switch needs to be configured as Access
Advantages: simple configuration and maintenance
shortcoming:
The cost is too high, each additional VLAN requires a port and a physical link, wasting resources;
Poor scalability , when the VLAN increases to a certain number, there may not be so many ports on the router;
Hosts between certain VLANs may not need to communicate frequently, and each VLAN occupies a port, which will result in low interface utilization of the router .
Therefore, this solution will not be adopted in practical applications to solve the communication problem between VLANs .
Friends who want Huawei Datacom supporting experimental topology and configuration notes like + follow, leave an email in the comment area and send it to you!
2 One-arm routing realizes communication between VLANs
Implementation:
在交换机和路由器之间仅使用一个端口+一条物理链路连接。
一个物理端口上设置多个逻辑子接口的方式实现不同vlan间通信。
配置思路:
在交换机上,把连接到路由器的端口配置成Trunk类型的端口,并允许相关VLAN的帧通过。
在路由器上需要创建子接口,逻辑上把连接路由器的物理链路分成了多条。一个子接口代表了一条归属于某个VLAN的逻辑链路。
配置命令:
[R2]interface GigabitEthernet0/0/0.2
[R2-GigabitEthernet0/0/0.2]dot1q termination vid 2
[R2-GigabitEthernet0/0/0.2]ip address 10.1.1.254 24
[R2-GigabitEthernet0/0/0.2]arp broadcast enable
[R2]interface GigabitEthernet0/0/0.3
[R2-GigabitEthernet0/0/0.3]dot1q termination vid 3
[R2-GigabitEthernet0/0/0.3]ip address 10.2.2.254 24
[R2-GigabitEthernet0/0/0.3]arp broadcast enable
配置子接口时,需要注意以下几点:
必须为每个子接口分配一个IP地址。该IP地址与子接口所属VLAN位于同一网段。
需要在子接口上配置802.1Q封装,来剥掉和添加VLAN Tag,从而实现VLAN间互通。
在子接口上执行命令arp broadcast enable使能子接口的ARP广播功能。
优点:节省端口和物理链路,成本低,可扩展性好,端口利用率高;
缺点:配置复杂;
3 Vlanif接口实现VLAN间互通(重点掌握)
实现方法:
在三层交换机上配置VLANIF接口来实现VLAN间路由。
如果网络上有多个VLAN,则需要给每个VLAN配置一个VLANIF接口,并给每个VLANIF接口配置一个IP地址。
用户设置的缺省网关就是三层交换机中VLANIF接口的IP地址。
配置命令:
[SW3]vlan batch 2 3
[SW3] interface GigabitEthernet0/0/1
[SW3-GigabitEthernet0/0/1] port link-type access
[SW3-GigabitEthernet0/0/1] port default vlan 2
[SW3] interface GigabitEthernet0/0/2
[SW3-GigabitEthernet0/0/2] portlink-type access
[SW3-GigabitEthernet0/0/2] port default vlan 3
[SW3]interface Vlanif 2
[SW3-Vlanif2]ip address 10.1.1.254 24
[SW3]interface Vlanif 3
[SW3-Vlanif3]ip address 10.2.2.254 24
小思考:数据怎么转发?
当用户主机PC5发送报文给用户主机PC6时,报文的发送过程如下(假设三层交换机Switch上还未建立任何转发表项)。
PC1判断目的IP地址跟自己的IP地址不在同一网段,因此,它发出请求网关MAC地址的ARP请求报文,目的IP为网关IP 10.1.1.1,目的MAC为全F。
报文到达Switch的接口G0/0/1,Switch给报文添加VID=2的Tag(Tag的VID=接口的PVID),然后将报文的源MAC地址+VID与接口的对应关系(1-1-1,2, IF_1)添加进MAC表。
Switch检查报文是ARP请求报文,且目的IP是自己VLANIF2接口的IP地址,给PC1应答,并将VLANIF2接口的MAC地址3-3-3封装在应答报文中,应答报文从G0/0/1发出。同时,Switch会将PC1的IP地址与MAC地址的对应关系记录到ARP表。
PC1收到Switch的应答报文,将Switch的VLANIF2接口的IP地址与MAC地址对应关系记录到自己的ARP表中,并向Switch发送目的MAC为3-3-3、目的IP为PC2的IP地址 10.2.2.2的报文。
报文到达Switch的接口G0/0/1,同样给报文添加VID=2的Tag。
Switch根据报文的源MAC地址+VID与接口的对应关系更新MAC表,并比较报文的目的MAC地址与VLANIF2的MAC地址,发现两者相等,进行三层转发,根据目的IP查找三层转发表,没有找到匹配项,上送CPU查找路由表。
CPU根据报文的目的IP去找路由表,发现匹配了一个直连网段(VLANIF3对应的网段),于是继续查找ARP表,没有找到,Switch会在目的网段对应的VLAN3的所有接口发送ARP请求报文,目的IP是10.2.2.2。从接口G0/0/2发出。
PC2收到ARP请求报文,发现请求IP是自己的IP地址,就发送ARP应答报文,将自己的MAC地址包含在其中。同时,将VLANIF3的MAC地址与IP地址的对应关系记录到自己的ARP表中。
Switch的接口G0/0/2收到PC2的ARP应答报文后,给报文添加VID=3的Tag,并将PC2的MAC和IP的对应关系记录到自己的ARP表中。然后,将PC1的报文转发给PC2,发送前,同样剥离报文中的Tag。同时,将PC2的IP、MAC、VID及出接口的对应关系记录到三层转发表中。
至此,PC1完成对PC2的单向访问。PC2访问PC1的过程与此类似。这样,后续PC1与PC2之间的往返报文,都先发送给网关Switch,由Switch查三层转发表进行三层转发。
想要华为数通配套实验拓扑和配置笔记的朋友们点赞+关注,评论区留下邮箱发给你!