六、CCNP-VLAN间路由

VLAN内部是二层通讯,VLAN间则是三层通讯。

6.1  背景

6.2  单臂路由

6.2.1  流程

注意:单臂路由接口需是100M以上的接口。

划分多个子接口,设置子接口协议。交换机一边设置TRUNK,路由器一边设置802.1Q协议。

VLAN10需要和VLAN20通讯时,由于目标不在同一个子网,先把数据交给网关(子接口IP地址为网关),数据帧发到交换机,然后上干道,TRUNK接口需要打标签VLAN10,进入接口后,接口根据802.1Q的TAG字段判断属于那个VLAN,进入VLAN10对应子接口,查看路由表目标VLAN20对应的网段,此时路由器有两个直连路由,将数据包从子接口转发,打上VLAN20的标签后发送,交换机收到了,移除VLAN20的信息,还原成原始IP包,交给VLAN2O。

在子接口封装协议并设置子接口IP地址。

6.2.2  试验

6.2.2.1 PC机配置(路由器3600模拟)

路由器模拟PC101机

PC1(config)#no ip routing
PC1(config)#interface fastEthernet 0/0
PC1(config-if)#ip address 192.168.10.1 255.255.255.0
PC1(config-if)#no shutdown
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.10.254

路由器模拟PC102机

PC1(config)#no ip routing
PC1(config)#interface fastEthernet 0/0
PC1(config-if)#ip address 192.168.10.2 255.255.255.0
PC1(config-if)#no shutdown
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.10.254

路由器模拟PC201机

PC1(config)#no ip routing
PC1(config)#interface fastEthernet 0/0
PC1(config-if)#ip address 192.168.20.1 255.255.255.0
PC1(config-if)#no shutdown
PC1(config-if)#exit
PC1(config)#ip default-gateway 192.168.20.254

6.2.2.2 交换机配置(路由器3600模拟)

S1(config)#no ip routing 
S1#vlan database
S1(vlan)#vlan 10
VLAN 10 added:
    Name: VLAN0010
S1(vlan)#vlan 20
VLAN 20 added:
    Name: VLAN0020
S1(config)#interface fastEthernet 0/0
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#exit
S1(config)#interface fastEthernet 0/1
S1(config-if)#SWitchport mode Access
S1(config-if)#switchport access vlan 10 
S1(config-if)#exit
S1(config)#interface fastEthernet 0/5
S1(config-if)#SWitchport mode Access
S1(config-if)#switchport access vlan 20

S1#show vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
10   VLAN0010                         active    Fa0/0, Fa0/1
20   VLAN0020                         active    Fa0/5
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        ibm  -        0      0
PC101-VLAN10#ping 192.168.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms

 设置TRUNK接口

S1(config)#interface fastEthernet 0/15
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk

查看TRUNK信息

S1#show interfaces trunk

Port      Mode         Encapsulation  Status        Native vlan
Fa0/15    on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/15    1-1005

Port      Vlans allowed and active in management domain
Fa0/15    1,10,20

Port      Vlans in spanning tree forwarding state and not pruned
Fa0/15    none

6.2.2.3 路由器(3600)配置

Router(config)#interface FastEthernet 0/0
Router(config-if)#no shutdown

Router(config)#interface FastEthernet0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.10.254 255.255.255.0 
Router(config-subif)#no shutdown

Router(config)#interface FastEthernet0/0.20
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.20.254 255.255.255.0 
Router(config-subif)#no shutdown

R1#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  up                    up
FastEthernet0/0.10         192.168.10.254  YES manual up                    up
FastEthernet0/0.20         192.168.20.254  YES manual up                    up
FastEthernet1/0    

6.2.2.4 测试

同VLAN下联通测试

PC101#ping 192.168.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms

网关路由联通测试

PC101#ping 192.168.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms

跨网关测试

PC101#ping 192.168.20.254

PC101#ping 192.168.20.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/19/24 ms

跨VLAN通讯

PC101#ping 192.168.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/44 ms

6.2.3 单臂路由+PAT

6.2.3.1 配置

配置运营商IP,运营商不可能会回指。

WAN(config)#interface fastEthernet 0/0
WAN(config-if)#ip add
WAN(config-if)#ip address 202.101.100.2 255.255.255.0
WAN(config-if)#no shutdown

PAT网关设备

配置互联IP地址

R1(config)#interface fastEthernet 1/0
R1(config-if)#ip address 202.101.100.1 255.255.255.0
R1(config-if)#no shutdown
  • 第一步:用ACL定义内网允许做PAT的源地址段。
  • 第二步:将ACL关联到外网接口;利用接口F1/0的IP地址负载出去,无需单独公有IP。
R1(config)#access-list 1 permit 192.168.0.0 0.0.255.255
R1(config)#ip nat inside source list 1 interface fastEthernet 1/0 overload

出口1/0

R1(config)#interface fastEthernet 1/0
R1(config-if)#ip nat outside

入口是子接口

R1(config)#interface fastEthernet 0/0.10
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config)#interface fastEthernet 0/0.20
R1(config-subif)#ip nat inside

默认路由

R1(config)#ip route 0.0.0.0 0.0.0.0 202.101.100.2

6.2.3.2 测试

PC101-VLAN10#ping 202.101.100.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/42/44 ms

PC201-VLAN20#ping 202.101.100.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.101.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/44/56 ms

发表回复