4.3 路由器支持VLAN(802.1Q)的应用配置
『需求』
路由器与交换机的上行trunk端口相连,交换机下行口划分3个VLAN,带若干主机.
需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台支持802.1Q的路由器实现VLAN的互通.这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q。
【Router】
|
|
|
|
! |
适用版本vrp1.74 |
[Router] |
interface Ethernet0 |
|
[Router-Ethernet0] |
ip address 10.0.0.1 255.255.255.0 |
|
|
! |
|
[Router] |
interface Ethernet0.1 |
|
[Router-Ethernet0.1] |
vlan-type dot1q vid 1 |
|
[Router-Ethernet0.1] |
ip address 172.16.1.254 255.255.255.0 |
|
|
! |
|
[Router] |
interface Ethernet0.2 |
|
[Router-Ethernet0.2] |
vlan-type dot1q vid 2 |
|
[Router-Ethernet0.2] |
ip address 172.16.2.254 255.255.255.0 |
|
|
! |
|
[Router] |
interface Ethernet0.3 |
|
[Router-Ethernet0.3] |
vlan-type dot1q vid 3 |
|
[Router-Ethernet0.3] |
ip address 172.16.3.254 255.255.255.0 |
|
|
! |
|
【交换机的配置(以Quidway S2016为例) 】
|
! |
|
|
vlan 1 |
|
|
! |
|
|
vlan 2 |
|
|
! |
|
|
vlan 3 |
|
|
! |
|
|
interface Ethernet0/1 |
|
|
! |
|
|
interface Ethernet0/10 |
|
|
port access vlan 2 |
|
|
! |
|
|
interface Ethernet0/11 |
|
|
port access vlan 2 |
|
|
! |
|
|
interface Ethernet0/12 |
|
|
port access vlan 2 |
|
|
! |
|
|
interface Ethernet0/13 |
|
|
port access vlan 3 |
|
|
! |
|
|
interface Ethernet0/14 |
|
|
port access vlan 3 |
|
|
! |
|
|
interface Ethernet0/15 |
|
|
port access vlan 3 |
|
|
! |
|
|
interface Ethernet0/16 |
|
|
port link-type trunk |
|
|
port trunk permit vlan all |
|
|
! |
|
|
interface Ethernet0/7 |
|
|
port access vlan 2 |
|
|
! |
|
|
interface Ethernet0/8 |
|
|
port access vlan 2 |
|
|
! |
|
|
interface Ethernet0/9 |
|
|
port access vlan 2 |
|
|
! |
|
其他:在各个VLAN中的主机必须指定网关,其地址为路由器相应子接口的IP.
过程:按上述配置完,各VLAN的主机可以互相PING通.
『注意』
1.如果只想实现VLAN间部分主机互通,一个方法是在路由器上通过访问控制列表实施业务量的过滤.
2.交换机的配置可能稍有出入,基本的意思是:与路由器相连接口需要trunk