VLAN间路由与单臂路由
|
网友:白月人 发布于: 2008.11.19 14:10 (共有条评论) 查看评论 | 我要评论 |
|
一、回顾以前学习的知识,在NA里比较注重vlan间路由和单臂路由,至少有3种可以实现; 环境介绍: R1路由器、R2、R3充当主机测试用、S1为3层交换机、 第一种做法默认路由+静态路由(注意交换机必须为3层交换机) R1配置 R1#sh run Building configuration... Current configuration : 908 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! no ip domain lookup interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.252 duplex auto speed auto ! ! ip http server no ip http secure-server ip classless ip route 172.16.1.0 255.255.255.0 192.168.1.2 10 name vlan ip route 172.16.2.0 255.255.255.0 192.168.1.2 20 name vlan !! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end R2配置 R2#sh run Building configuration... Current configuration : 619 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero no ip routing 关闭路由器的路由功能(就是把它变成主机用) ! no ip domain lookup ! no ip cef ip audit po max-events 100 interface FastEthernet0/0 ip address 172.16.1.2 255.255.255.0 no ip route-cache duplex auto speed auto ! ip default-gateway 172.16.1.1 配置个网关就完事 ip http server no ip http secure-server ip classless ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end R3配置 R3#sh run Building configuration... Current configuration : 560 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero no ip routing ! ! no ip cef ip audit po max-events 100 interface FastEthernet0/0 ip address 172.16.2.2 255.255.255.0 no ip route-cache duplex auto speed auto ! ip default-gateway 172.16.2.1 ip http server no ip http secure-server ip classless ! line con 0 line aux 0 line vty 0 4 ! ! end S1 配置S1#show run Building configuration... Current configuration : 1631 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname S1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! no ip domain lookup ! ip cef ip audit po max-events 100 ! interface FastEthernet0/0 switchport access vlan 100 no ip address ! interface FastEthernet0/1 switchport access vlan 10 no ip address ! interface FastEthernet0/2 switchport access vlan 20 no ip address ! ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 172.16.1.1 255.255.255.0 用户VLAN10 interface Vlan20 ip address 172.16.2.1 255.255.255.0 用户VLAN20 interface Vlan100 ip address 192.168.1.2 255.255.255.252 !互联VLAN ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 name toR1 ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end 第二种方法子接口的单臂路由功能 R2 、R3 配置不变 S1配置就将与R1互联的接口封装Trunk链路或者ISL模式 S1#sh run Building configuration... Current configuration : 1582 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname S1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! no ip domain lookup ! ip cef ip audit po max-events 100 ! interface FastEthernet0/0 switchport mode trunk switchport trunk encapsulation dot1q 修改Trunk类型可能有些交换机敲上不显示但是一定要敲,因为有的交互机默认Trukn类型为ISL,最新的交换机已经去掉了ISL模式,也可以显示Trukn类型 no ip address ! interface FastEthernet0/1 switchport access vlan 10 no ip address ! interface FastEthernet0/2 switchport access vlan 20 no ip address interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 172.16.1.1 255.255.255.0 ! interface Vlan20 ip address 172.16.2.1 255.255.255.0 ! interface Vlan100 no ip address ! ip http server no ip http secure-server ip classless ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end R1 配置 R1#sh run Building configuration... Current configuration : 999 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! no ip domain lookup ! ip cef ip audit po max-events 100 ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 10(vlan10) ip address 172.16.1.3 255.255.255.0 no snmp trap link-status ! interface FastEthernet0/0.2 encapsulation dot1Q 20(vlan20) ip address 172.16.2.3 255.255.255.0 no snmp trap link-status ! ip http server no ip http secure-server ip classless ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 ! ! end
第三种做法就是不用路由器R1提供路由功能,有些3层交换机的IOS软件版本支持动态协议; 配置命令比较简单 S1配置 IP routing router ospf 100 network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0
3种做法的区别: 第一种是纯路由的实现vlan间的通信的,把vlan终结在核心交换机,通过R1回执路由给核心交换机,交换机通过默认路由去往r1,但是核心交换机必须为3层交换机比较复杂;
第二种做法相对第一种做法比较简单,把vlan终结在路由器上,而且核心交换机可以用可网管的2层交换机配置,与路由器相连的交换机端口必须封装Trunk或ISL模式,路由器必须配置子接口和封装模式与交换机相连的端口保持一致;(但是这样arp也就通过VLAN上到路由器上了这就要看网络规模的大小了)
第三种是去掉了路由器这种方法实现比较简单,他们之间的区别前两种都是由路由器提供路由的,后一种是由交换机提供路由,后者实现虽然简单但是不证明就不需要路由器了,前两种可以通过路由器实施PBR功能对网络数据的流量进行管控,3层交换机就不支持PBR等功能了,这也就是IOS的区别了。 以上几种做法还是推荐第2种做法比较简单,也好实施策略等。
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/54405/showart_1423881.html |