JohnLyu的blog

橙汁事务所艾欧泽亚分部

0%

三层交换机实验

Posted on In

实验目标

  1. 掌握交换机 Tag VLAN 的配置
  2. 掌握三层交换机基本配置方法;
  3. 掌握三层交换机 VLAN 路由的配置方法;
  4. 通过三层交换机实现 VLAN 间相互通信;

实验背景

某企业有两个主要部门,技术部和销售部,分处于不同的办公室,为了安全和便于管理对两个部门的主
机进行了 VLAN 的划分,技术部和销售部分处于不同的 VLAN,先由于业务的需求需要销售部和技术
部的主机能够相互访问,获得相应的资源,两个部门的交换机通过一台三层交换机进行了连接。
技术原理

三层交换机具备网络层的功能,实现 VLAN 相互访问的原理是:利用三层交换机的路由功能,通过识别数据包的 IP 地址,查找路由表进行选路转发,三层交换机利用直连路由可以实现不同 VLAN 之间的相互访问。三层交换机给接口配置 IP 地址。采用 SVI(交换虚拟接口)的方式实现 VLAN 间互连。SVI 是指为交换机中的 VLAN 创建虚拟接口,并且配置 IP 地址。

实验步骤

  1. 新建 packet tracer 拓扑图
  2. 在二层交换机上配置 VLAN2、VLAN3,分别将端口 2、端口 3 划分给 VLAN2、VLAN3。
  3. 将二层交换机与三层交换机相连的端口 fa 0/1 都定义为 tag Vlan 模式。
  4. 在三层交换机上配置 VLAN2、VLAN3,此时验证二层交换机 VLAN2、VLAN3 下的主机之间不能相互通信。
  5. 设置三层交换机 VLAN 间的通信,创建 VLAN2,VLAN3 的虚接口,并配置虚接口 VLAN2、VLAN3 的 IP 地址。
  6. 查看三层交换机路由表。
  7. 将二层交换机 VLAN2、VLAN3 下的主机默认网关分别设置为相应虚拟接口的 IP 地址。
  8. 验证二层交换机 VLAN2,VALN3 下的主机之间可以相互通信。

实验记录

拖出所有组件, 配置 IP 并连接

三台 PC 机的 ip, mask, gateway

1
2
3
4
5
6
7
8
9
10
11
12
13
14
PC1
192.168.1.2
255.255.255.0
192.168.1.1

PC2
192.168.2.2
255.255.255.0
192.168.2.1

PC3
192.168.1.3
255.255.255.0
192.168.1.1

配置二层交换机并查看结果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
en
conf t
vlan 2
exit
vlan 3
exit
int fa 0/2
switchport access vlan 2
int fa 0/3
switchport access vlan 3
int fa 0/1
switchport mode trunk
exit
exit
show vlan
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Switch#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/4, Fa0/5, Fa0/6, Fa0/7
                                                Fa0/8, Fa0/9, Fa0/10, Fa0/11
                                                Fa0/12, Fa0/13, Fa0/14, Fa0/15
                                                Fa0/16, Fa0/17, Fa0/18, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Gig0/1, Gig0/2
2    VLAN0002                         active    Fa0/2
3    VLAN0003                         active    Fa0/3
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

可以看到成功配置了两个VLAN应用在不同的端口.

初步配置三层交换机:

1
2
3
4
5
6
7
8
9
10
11
12
13
en
conf t
vlan 2
exit
vlan 3
exit
int fa 0/1
switchport trunk encapsulation dot1q
switchport mode trunk
exit
int fa 0/2
switchport access vlan 2
exit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Switch>
Switch>en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 2
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#exit
Switch(config)#int fa 0/1
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#int fa 0/2
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit

无路由情况下的网络状态

此时尝试在 PC1 上 ping 另外两台 PC:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
C:\>ping 192.168.1.3

Pinging 192.168.1.3 with 32 bytes of data:

Reply from 192.168.1.3: bytes=32 time=1ms TTL=128
Reply from 192.168.1.3: bytes=32 time<1ms TTL=128
Reply from 192.168.1.3: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.3:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

Control-C
^C
C:\>ping 192.168.2.2

Pinging 192.168.2.2 with 32 bytes of data:


Ping statistics for 192.168.2.2:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

同一 VLAN 下可以 ping 通, 不同 VLAN 无法 ping 通

配置三层交换机的路由:

1
2
3
4
5
6
7
8
9
10
11
12
ip routing
interface vlan 2
ip address 192.168.1.1 255.255.255.0
no shutdown
exit
interface vlan 3
ip address 192.168.2.1 255.255.255.0
no shutdown
exit
exit
show ip route
show vlan
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
Switch(config)#ip routing
Switch(config)#interface vlan 2
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#interface vlan 3
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#exit
Switch#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.1.0/24 is directly connected, Vlan2
C    192.168.2.0/24 is directly connected, Vlan3


Switch#show vlan
%LINK-5-CHANGED: Interface Vlan2, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up

%LINK-5-CHANGED: Interface Vlan3, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up

%SYS-5-CONFIG_I: Configured from console by console


VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig0/1, Gig0/2
2    VLAN0002                         active    Fa0/2
3    VLAN0003                         active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

有路由情况下的网络状态

再次测试从 PC1 到 PC2 和 PC3 的 ping

1
2
3
4
5
6
7
8
9
10
11
12
13
C:\>ping 192.168.2.2

Pinging 192.168.2.2 with 32 bytes of data:

Reply from 192.168.2.2: bytes=32 time=1ms TTL=127
Reply from 192.168.2.2: bytes=32 time<1ms TTL=127
Reply from 192.168.2.2: bytes=32 time<1ms TTL=127
Reply from 192.168.2.2: bytes=32 time=1ms TTL=127

Ping statistics for 192.168.2.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

可以 ping 通, 符合预期.

小结:

ip routing 语句在实验手册中没有, 但是影响很大, 不开启 ip route 功能会导致三层交换机的路由无效

no shutdown 不是必须的, 至少在 switch 中, port 是默认打开的状态

语句中 switchport trunk encapsulation dot1q 的作用是开启 802.1Q 协议

To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface, use the encapsulation dot1q command. To disable encapsulation, use the no form of this command.

为什么 802.1Q 协议是必须的?

SW2(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.

SW1(config-if)#switchport trunk encapsulation ?

dot1q      Interface uses only 802.1q trunking encapsulation when trunking
isl        Interface uses only ISL trunking encapsulation when trunking
negotiate  Device will negotiate trunking encapsulation with peer on interface