路由器实现vlan通讯

首先，说明一下本例子。。

vlan之间通讯需要用到的设备有：二层交换机两个（当然三层也可以，不过很贵~~），路由器/3层交换机 一台（支持802.1q协议），pc4台。。试验环境为Cisco虚拟软件packet trcer 4.1

二层交换机：首先要明白一点，对于vlan通讯来说，二层交换机上vlan没有必要配ip地址，唯一需要的是vlan1（配置的ip地址为管理地址）。

                     其次，二层交换机没有ip地址。。当然vlan可以设置ip，但是端口什么的没有ip。虽然这点很简单，但是，很多人经常忘记，至少我身边的同学好多都不知道这个事实。。

                    还有，这点很重要，二层交换机只能同一时刻存在一个vlan。。

                    最后，要保证vlan之间可以相互通讯的前提，就是二层与路由的接口要设置为trunk模式。。

路由器：由于要实现vlan之间通讯，所以路由器需要用到802.1q协议，来封装端口。。

（下面开始配置）

S1：vlan 1 ：IP ：10.1.0.2/16

       vlan 10： name--V1 下属pc：IP：192.168.1.x/24   网关 192.168.1.254/24

       vlan 20： name--V2 下属pc：IP：192.168.2.x/24   网关 192.168.2.254/24

S2：vlan1：IP：10.2.0.2/16

       vlan 30： name--V3 下属pc：IP：192.168.3.x/24   网关 192.168.3.254/24

       vlan 40： name--V4 下属pc：IP：192.168.4.x/24   网关 192.168.4.254/24

R1：F0/0：IP：10.1.0.1/16

       虚接口地址：

           F0/0.1: IP：192.168.1.254/24

           F0/0.2: IP：192.168.2.254/24

        F0/1：IP：10.2.0.1/16

       虚接口地址：

           F0/1.1: IP：192.168.3.254/24

           F0/1.2: IP：192.168.4.254/24

拓扑图如下：

S1配置如下：

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#host
Switch(config)#hostname S1
S1(config)#vlan 10
S1(config-vlan)#name V1
S1(config-vlan)#exit
S1(config)#vlan 20
S1(config-vlan)#name V2
S1(config-vlan)#int vlan 1
S1(config-if)#ip address 10.1.0.2 255.255.0.0
S1(config-if)#no shut

%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S1(config-if)#int f0/2
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 10
S1(config-if)#no shut
S1(config-if)#int f0/3
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 20
S1(config-if)#no shut
S1(config-if)#int f0/1
S1(config-if)#switchport mode trunk
S1(config-if)#switchport trunk allowed vlan all
S1(config-if)#no shut
S1(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
S1#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24
10   V1                               active    Fa0/2
20   V2                               active    Fa0/3
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

VLAN Type SAID       MTU   Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet 100001     1500 -      -      -        -    -        0      0
10   enet 100010     1500 -      -      -        -    -        0      0
20   enet 100020     1500 -      -      -        -    -        0      0
1002 enet 101002     1500 -      -      -        -    -        0      0
1003 enet 101003     1500 -      -      -        -    -        0      0
1004 enet 101004     1500 -      -      -        -    -        0      0
1005 enet 101005     1500 -      -      -        -    -        0      0

S2设置如上：

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S2
S2(config)#vlan 30
S2(config-vlan)#name V3
S2(config-vlan)#no shut
                   ^
% Invalid input detected at '^' marker.

S2(config-vlan)#vlan 40
S2(config-vlan)#name V4
S2(config-vlan)#int vlan 1
S2(config-if)#ip address 10.2.0.2 255.255.0.0
S2(config-if)#no shut

%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
S2(config-if)#int f0/2
S2(config-if)#swit m a
S2(config-if)#swit access vlan 30
S2(config-if)#no shut
S2(config-if)#int f0/3
S2(config-if)#swit m a
S2(config-if)#swit a vlan 40
S2(config-if)#no shut
S2(config-if)#int f0/1
S2(config-if)#swit m t
S2(config-if)#swit trunk allowed vlan all
S2(config-if)#no shut
S2(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
S2#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/4, Fa0/5, Fa0/6
                                                Fa0/7, Fa0/8, Fa0/9, Fa0/10
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24
30   V3                               active    Fa0/2
40   V4                               active    Fa0/3
1002 fddi-default                     active   
1003 token-ring-default               active   
1004 fddinet-default                  active   
1005 trnet-default                    active   

VLAN Type SAID       MTU   Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet 100001     1500 -      -      -        -    -        0      0
30   enet 100030     1500 -      -      -        -    -        0      0
40   enet 100040     1500 -      -      -        -    -        0      0
1002 enet 101002     1500 -      -      -        -    -        0      0
1003 enet 101003     1500 -      -      -        -    -        0      0
1004 enet 101004     1500 -      -      -        -    -        0      0
1005 enet 101005     1500 -      -      -        -    -        0      0

路由器R1设置如下：

Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#
R1(config)#int f0/0
R1(config-if)#ip address 10.1.0.1 255.255.0.0
R1(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#int f0/1
R1(config-if)#ip address 10.1.1.1 255.255.0.0
% 10.1.0.0 overlaps with FastEthernet0/0
R1(config-if)#ip address 10.2.0.1 255.255.0.0
R1(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
R1(config-if)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.1, changed state to up

R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 192.168.1.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#int f0/0.2

%LINK-5-CHANGED: Interface FastEthernet0/0.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.2, changed state to up

R1(config-subif)#encapsulation dot1q 20
R1(config-subif)#ip address 192.168.2.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#int f0/1.1

%LINK-5-CHANGED: Interface FastEthernet0/1.1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.1, changed state to upR1(config-subif)#encapsulation dot1q 30
R1(config-subif)#ip address 192.168.3.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#int f0/1.2

%LINK-5-CHANGED: Interface FastEthernet0/1.2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.2, changed state to up

R1(config-subif)#encapsulation dot1q 40
R1(config-subif)#ip address 192.168.4.254 255.255.255.0
R1(config-subif)#no shut
R1(config-subif)#end
%SYS-5-CONFIG_I: Configured from console by console

R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/16 is subnetted, 2 subnets
C       10.1.0.0 is directly connected, FastEthernet0/0
C       10.2.0.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0.1
C    192.168.2.0/24 is directly connected, FastEthernet0/0.2
C    192.168.3.0/24 is directly connected, FastEthernet0/1.1
C    192.168.4.0/24 is directly connected, FastEthernet0/1.2

现在，可以设置PC的属性了，别忘了四处ping下，检查是否设置成功。。

hoho，貌似没有什么问题了。

OK，大功告成，我不准备写上述配置的解释，简单解释一下工作原理：

二层交换机只允许同时存在一个vlan，这就决定了我们不可能靠二层交换机实现vlan的通讯，我们需要支持路由功能的三层交换机或者路由器来实现它。。

vlan划分和ip地址分配就不说了，着重了解一下虚接口（也就是802.1q的实现过程）

由于路由器和交换机相连的接口只有一个，我们要配置虚拟地址，就是传说中的虚接口，这里用到的是802.1q协议，用此协议封装此路由器虚接口，将vlan的ID和虚接口地址在逻辑上连接起来。也就是单臂路由（不明白的可以点此链接查看）的实现。（原理略^_^),交换机上的trunk口和路由通讯的时候，会封装进vlan的ID，然后直接找到对应的虚接口进行通讯，相当与在trunk口和路由器之间多了一个分线器，将vlan直接和路由器相连，所以在最后路由器上show ip route的时候显示如下信息：

     10.0.0.0/16 is subnetted, 2 subnets
C       10.1.0.0 is directly connected, FastEthernet0/0
C       10.2.0.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0.1
C    192.168.2.0/24 is directly connected, FastEthernet0/0.2
C    192.168.3.0/24 is directly connected, FastEthernet0/1.1
C    192.168.4.0/24 is directly connected, FastEthernet0/1.2  

注意到了，vlan和路由是directly connected~~就是直连。。