網(wǎng)絡(luò)基礎(chǔ)之路由器和三層交換機如何對接(三層交換機如何與路由器連接)
本文主要學(xué)習(xí)路由器和三層交換機對接方法
有一個這樣的公司,客戶要求對行政部,研發(fā)部,財務(wù)部和市場部劃分四個VLAN分別是VLAN1,VLAN2,VLAN3,VLAN4
拓撲圖如下
由上圖可知,現(xiàn)在交換機上劃分四個VLAN ,每個VLAN的接口地址如上圖所示,現(xiàn)將交換機VLAN1接口與路由LAN口相連,各VLAN通過VLAN1上網(wǎng)。
1. 路由上不劃分VLAN
1.1. 路由器設(shè)置
A添加靜態(tài)路由
“網(wǎng)絡(luò)設(shè)置”->“靜態(tài)路由”,添加靜態(tài)路由如下圖所示:
啟用靜態(tài)路由
B為VLAN網(wǎng)絡(luò)加入NAT上網(wǎng)支持
默認情況下,只有和路由局域網(wǎng)IP在同一網(wǎng)段的機器才能上網(wǎng)。進入“網(wǎng)絡(luò)設(shè)置”->“局域網(wǎng)(LAN)”,在VLAN網(wǎng)絡(luò)地址欄里添加三層交換上所劃分的VLAN網(wǎng)絡(luò),如下:
此時,三層交換下的各VLAN網(wǎng)絡(luò)里的客戶機都可以通過路由聯(lián)入互聯(lián)網(wǎng)了。
注意
使用這種方法劃分VLAN時,客戶機的網(wǎng)關(guān)地址設(shè)置三層交換機上的VLAN接口IP地址。
1.2. 三層交換機設(shè)置
這里以華為交換機為例,配置如下:
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
interface Vlan-interface1
ip address 172.16.1.1255.255.255.0
#
interface Vlan-interface2
ip address 172.16.2.1255.255.255.0
#
interface Vlan-interface3
ip address 172.16.3.1255.255.255.0
#
interface Vlan-interface4
ip address 172.16.4.1255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
flow-control
#
interface Ethernet0/2
flow-control
#
interface Ethernet0/3
#
interface Ethernet0/4
#
interface Ethernet0/5
#
interface Ethernet0/6
#
interface Ethernet0/7
port access vlan 2
#
interface Ethernet0/8
port access vlan 2
#
interface Ethernet0/9
port access vlan 2
#
interface Ethernet0/10
port access vlan 2
#
interface Ethernet0/11
port access vlan 2
#
interface Ethernet0/12
port access vlan 2
#
interface Ethernet0/13
port access vlan 3
#
interface Ethernet0/14
port access vlan 3
#
interface Ethernet0/15
port access vlan 3
#
interface Ethernet0/16
port access vlan 3
#
interface Ethernet0/17
port access vlan 3
#
interface Ethernet0/18
port access vlan 3
#
interface Ethernet0/19
port access vlan 4
#
interface Ethernet0/20
port access vlan 4
#
interface Ethernet0/21
port access vlan 4
#
interface Ethernet0/22
port access vlan 4
#
interface Ethernet0/23
port access vlan 4
#
interface Ethernet0/24
port access vlan 4
#
interface GigabitEthernet1/1
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 172.16.1.2 preference 60
2. 路由上劃分VLAN
有如下網(wǎng)絡(luò)拓撲圖:
某公司的網(wǎng)絡(luò)拓撲圖
中繼接口使用 802.11q 封裝,允許所有VLAN訪問,在這種情況下,交換機上不需要設(shè)置默認路由。
路由的LAN口主IP地址為192.168.0.254,并建立了4個邏輯VLAN,和交換機上的VLAN相對應(yīng)。
DHCP服務(wù)器對VLAN-1/2/3/4提供IP分配,每個VLAN獲取對應(yīng)網(wǎng)段的地址,即:
VLAN-1 下的機器獲得 192.168.1.0/255.255.255.0 段的IP
VLAN-2 下的機器獲得 192.168.2.0/255.255.255.0 段的IP
VLAN-3 下的機器獲得 192.168.3.0/255.255.255.0 段的IP
VLAN-4 下的機器獲得 192.168.4.0/255.255.255.0 段的IP
2.1.路由器設(shè)置
2.1.1劃分vlan
“網(wǎng)絡(luò)設(shè)置”->“VLAN虛擬局域網(wǎng)”,新增VLAN網(wǎng)段,配置如下圖所示:
2.2. 交換機設(shè)置
H3C 交換機的設(shè)置
DIS current
#
sysname SystemTest
#
local-user admin
password simple admin
service-type telnet
level 3
local-user sxy
password simple sxy
service-type telnet
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface200
ip address 192.168.2.1 255.255.255.0
#
interface Vlan-interface300
ip address 192.168.3.1 255.255.255.0
#
interface Vlan-interface400
ip address 192.168.4.1 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port access vlan 100
#
interface Ethernet1/0/2
port access vlan 100
#
interface Ethernet1/0/3
port access vlan 100
#
interface Ethernet1/0/4
port access vlan 100
#
interface Ethernet1/0/5
port access vlan 100
#
interface Ethernet1/0/6
port access vlan 100
#
interface Ethernet1/0/7
port access vlan 200
#
interface Ethernet1/0/8
port access vlan 200
#
interface Ethernet1/0/9
port access vlan 200
#
interface Ethernet1/0/10
port access vlan 200
#
interface Ethernet1/0/11
port access vlan 200
#
interface Ethernet1/0/12
port access vlan 200
#
interface Ethernet1/0/13
port access vlan 300
#
interface Ethernet1/0/14
port access vlan 300
#
interface Ethernet1/0/15
port access vlan 300
#
interface Ethernet1/0/16
port access vlan 300
#
interface Ethernet1/0/17
port access vlan 300
#
interface Ethernet1/0/18
port access vlan 300
#
interface Ethernet1/0/19
port access vlan 400
#
interface Ethernet1/0/20
port access vlan 400
#
interface Ethernet1/0/21
port access vlan 400
#
interface Ethernet1/0/22
port access vlan 400
#
interface Ethernet1/0/23
port access vlan 400
#
interface Ethernet1/0/24
port link-type trunk
port trunk permit vlan 1 100 200 300 400
