7.1 简介
- 二层因为冗余,需要运行SPANNING-TREE等协议解决环路问题。
- 三层的加入,启用三层链路,可以隔绝广播,可以运行路由协议实现设备冗余、链路负载均衡等。
三层交换机有交换模块和路由模块,
7.1.1 试验
7.1.1.1 三层交换机配置
新建VLAN10和VLAN20
SW1#vlan database
SW1(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
SW1(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
给VLAN10设置IP地址
SW1(config)#interface vlan 10
SW1(config-if)#ip address 192.168.10.254 255.255.255.0
SW1(config-if)#no shutdown
SW1(config)#interface vlan 20
SW1(config-if)#ip address 192.168.20.254 255.255.255.0
SW1(config-if)#no shutdown
SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset up down
FastEthernet0/3 unassigned YES unset up down
FastEthernet0/4 unassigned YES unset up down
FastEthernet0/5 unassigned YES unset up down
FastEthernet0/6 unassigned YES unset up down
FastEthernet0/7 unassigned YES unset up down
FastEthernet0/8 unassigned YES unset up down
FastEthernet0/9 unassigned YES unset up down
FastEthernet0/10 unassigned YES unset up down
FastEthernet0/11 unassigned YES unset up down
FastEthernet0/12 unassigned YES unset up down
FastEthernet0/13 unassigned YES unset up down
FastEthernet0/14 unassigned YES unset up down
FastEthernet0/15 unassigned YES unset up down
Vlan1 unassigned YES unset up up
Vlan10 192.168.10.254 YES manual up down
Vlan20 192.168.20.254 YES manual up down
将接口划入VLAN
SW1(config)#interface fastEthernet 0/0
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config)#interface fastEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 20
SW1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15
10 VLAN0010 active Fa0/0
20 VLAN0020 active Fa0/1
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
7.1.1.2 PC机配置
设置PC1地址
PC101-VLAN10(config)#interface fastEthernet 0/0
PC101-VLAN10(config-if)#ip address 192.168.10.1 255.255.255.0
PC101-VLAN10(config-if)#no shutdown
PING测试
PC101-VLAN10#ping 192.168.10.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
为PC2配置IP地址
PC201-VLAN20(config)#interface fastEthernet 0/0
PC201-VLAN20(config-if)#ip address 192.168.20.1 255.255.255.0
PC201-VLAN20(config-if)#no shutdown
PING测试
PC201-VLAN20#ping 192.168.20.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
7.1.1.3 测试
配置PC机路由和默认网关
PC101-VLAN10(config)#no ip routing
PC101-VLAN10(config)#ip default-gateway 192.168.10.254
PC201-VLAN20(config)#no ip routing
PC201-VLAN20(config)#ip default-gateway 192.168.20.254
测试
PC101-VLAN10#ping 192.168.20.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/220/1016 ms
PC101-VLAN10#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 28/32/36 ms
PC101-VLAN10#
7.2 三层模式
- 二层交换机只能给一个VLAN配置IP地址,这个IP将会成为设备IP地址,用户二层交换机管理。
- 三层交换机没创建一个VLAN,都可以关联一个SVN IP,该IP可以用户该 VLAN用户下的网关,从而实现VLAN间通讯。
- 三层交换机支持二层接口:进入三层交换机的接口下,使用switchport命令,就可以将该接口变成二层接口。
- 三层交换机支持三层接口:除了虚拟SVI接口外,还可以将接口通过no switchport将二层接口变成三层接口,就可以配置IP地址了。
部署案例,多层模式。接入层-汇聚层。
这样多个二层交换机上联接口可以划入一个VLAN,共用一个网关。也可以各个二层交换机用各自的网关。
二层和三层交换机用TRUNK模式,三层和路由用L3层接口模式。
当然三层交换机和路由器连也可以是二层接口,然后利用SVI接口方式通讯,解决三层交换机和多台路由器连接,负载模式。
7.3. 基础配置
启OSPF,配置默认路由等,路由层面配置和路由器一致。
启OSPF,配置默认路由等,路由层面配置和路由器一致。
7.4 试验
7.4.1 PC1配置
关闭路由功能、配置接口地址、配置网关。
PC101-VLAN10(config)#no ip routing
PC101-VLAN10(config)#interface fastEthernet 0/0
PC101-VLAN10(config-if)#ip address 192.168.10.1 255.255.255.0
PC101-VLAN10(config-if)#no shutdown
PC101-VLAN10(config)#ip default-gateway 192.168.10.254
7.4.2 PC2配置
关闭路由功能、配置接口地址、配置网关。
PC201-VLAN20(config)#no ip routing
PC201-VLAN20(config)#interface fastEthernet 0/0
PC201-VLAN20(config-if)#ip address 192.168.20.1 255.255.255.0
PC201-VLAN20(config-if)#no shutdown
PC201-VLAN20(config)#ip default-gateway 192.168.20.254
7.4.3 二层交换机配置
关闭路由功能、配置VLAN
SW-L2(config)#no ip routing
SW-L2#vlan database
SW-L2(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
SW-L2(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
SW-L2(vlan)#exit
将接口划入指定VLAN
SW-L2(config)#interface fastEthernet 0/1
SW-L2(config-if)#switchport mode access
SW-L2(config-if)#switchport access vlan 10
SW-L2(config)#interface fastEthernet 0/1
SW-L2(config-if)#switchport mode access
SW-L2(config-if)#switchport access vlan 20
设置TRUNK接口
SW-L2(config)#interface fastEthernet 0/15
SW-L2(config-if)#switchport trunk encapsulation dot1q
SW-L2(config-if)#switchport mode trunk
7.4.4 三层交换配置
7.4.4.1 配置1
设置和二层交换机连接的TRUNK接口
SW-L3(config)#interface fastEthernet 0/15
SW-L3(config-if)#switchport trunk encapsulation dot1q
SW-L3(config-if)#switchport mode trunk
创建VLAN,并设置VLAN地址
SW-L3#vlan database
SW-L3(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
SW-L3(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
SW-L3(vlan)#exit
SW-L3(config)#interface vlan 10
SW-L3(config-if)#ip address 192.168.10.254 255.255.255.0
SW-L3(config-if)#no shutdown
SW-L3(config)#interface vlan 20
SW-L3(config-if)#ip address 192.168.20.254 255.255.255.0
SW-L3(config-if)#no shutdown
SW-L3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up down
FastEthernet0/1 unassigned YES unset up down
FastEthernet0/2 unassigned YES unset up down
FastEthernet0/3 unassigned YES unset up down
FastEthernet0/4 unassigned YES unset up down
FastEthernet0/5 unassigned YES unset up down
FastEthernet0/6 unassigned YES unset up down
FastEthernet0/7 unassigned YES unset up down
FastEthernet0/8 unassigned YES unset up down
FastEthernet0/9 unassigned YES unset up down
FastEthernet0/10 unassigned YES unset up down
FastEthernet0/11 unassigned YES unset up down
FastEthernet0/12 unassigned YES unset up down
FastEthernet0/13 unassigned YES unset up down
FastEthernet0/14 unassigned YES unset up up
FastEthernet0/15 unassigned YES unset up up
Vlan1 unassigned YES unset up up
Vlan10 192.168.10.254 YES manual up up
Vlan20 192.168.20.254 YES manual up up
查看路由
SW-L3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
7.4.4.2 测试
至此两台PC机可以互PING了
PC101-VLAN10#ping 192.168.10.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/232/1032 ms
PC101-VLAN10#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 48/62/72 ms
PC101-VLAN10#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/61/64 ms
7.4.4.3 配置2
设置和路由器的互联地址,启动三层接口功能
SW-L3(config)#interface fastEthernet 0/14
SW-L3(config-if)#no switchport
SW-L3(config-if)#ip address 192.168.254.1 255.255.255.0
SW-L3(config-if)#no shutdown
SW-L3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up down
FastEthernet0/1 unassigned YES unset up down
FastEthernet0/2 unassigned YES unset up down
FastEthernet0/3 unassigned YES unset up down
FastEthernet0/4 unassigned YES unset up down
FastEthernet0/5 unassigned YES unset up down
FastEthernet0/6 unassigned YES unset up down
FastEthernet0/7 unassigned YES unset up down
FastEthernet0/8 unassigned YES unset up down
FastEthernet0/9 unassigned YES unset up down
FastEthernet0/10 unassigned YES unset up down
FastEthernet0/11 unassigned YES unset up down
FastEthernet0/12 unassigned YES unset up down
FastEthernet0/13 unassigned YES unset up down
FastEthernet0/14 192.168.254.1 YES manual up up
FastEthernet0/15 unassigned YES unset up up
Vlan1 unassigned YES unset up up
Vlan10 192.168.10.254 YES manual up up
Vlan20 192.168.20.254 YES manual up up
设置默认路由
SW-L3(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.2SW-L3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.254.2 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
C 192.168.254.0/24 is directly connected, FastEthernet0/14
S* 0.0.0.0/0 [1/0] via 192.168.254.2
7.4.5 路由器配置
设置互联地址
R4(config)#interface fastEthernet 0/0
R4(config-if)#ip address 192.168.254.2 255.255.255.0
R4(config-if)#no shutdown
设置回程路由
R4(config)#ip route 192.168.0.0 255.255.0.0 192.168.254.1R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.254.0/24 is directly connected, FastEthernet0/0
S 192.168.0.0/16 [1/0] via 192.168.254.1
7.4.6 测试
测试到出口是否可达
PC101-VLAN10#ping 192.168.254.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/36 ms
7.5 交换机管理VLAN
需要给二层交换机建一个单独VLAN,该VLAN不给任何接口,只给交换机本身用,同时需要给该VLAN配置IP,为交换机本身地址,用户远程连接访问,还需要给交换机配置默认路由ip default-gateway网关(网关为三层交换机的管理VLAN地址),这个默认路由不是给接入设备使用的,而是给交换机管理时本身回指使用的。
三层配的IP将为所有二层交换机的网关。
如VLAN10的管理访问二层交换,先需要通过TRUNK到三层交换机的VLAN10,然后从三层交换机的VALN10到VLAN255,再通过TRUNK回到二层交换机的VLAN255
7.5.1 试验
7.5.1.1 基础配置
参考三层交换配置,做基本配置,两台PC能PING通。
PC101-VLAN10#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/41/44 ms
7.5.1.2 三层配置
新建VLAN,用于三层交换机管理
L3-SW(vlan)#vlan 255
VLAN 255 added:
Name: VLAN0255
L3-SW#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14
10 VLAN0010 active
20 VLAN0020 active
255 VLAN0255 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
255 enet 100255 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
配置三层交换机管理VLAN的地址
L3-SW(config)#interface vlan 255
L3-SW(config-if)#ip address 192.168.255.254 255.255.255.0
L3-SW(config-if)#no shutdown
7.5.1.3 二层配置
创建VLAN,并配置管理VLAN的地址
L2-SW(vlan)#vlan 255
VLAN 255 added:
Name: VLAN0255
L2-SW(config)#interface vlan 255
L2-SW(config-if)#ip address 192.168.255.1 255.255.255.0
L2-SW(config-if)#no shutdown
配置网关指向三层管理VLAN地址
L2-SW(config)#ip default-gateway 192.168.255.2547.5.1.4 测试
PC101-VLAN10#ping 192.168.255.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 36/56/88 ms