Chinaunix首页 | 论坛 | 博客
  • 博客访问: 150508
  • 博文数量: 28
  • 博客积分: 2510
  • 博客等级: 少校
  • 技术积分: 420
  • 用 户 组: 普通用户
  • 注册时间: 2007-11-19 12:47
文章分类

全部博文(28)

文章存档

2011年(1)

2009年(11)

2008年(16)

我的朋友

分类: 系统运维

2008-11-19 14:10:52

 

一、回顾以前学习的知识,在NA里比较注重vlan间路由和单臂路由,至少有3种可以实现;

环境介绍:

R1路由器、R2、R3充当主机测试用、S1为3层交换机、
第一种做法默认路由+静态路由注意交换机必须为3层交换机

R1配置
R1#sh run
Building configuration...

Current configuration : 908 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
!

!
ip http server
no ip http secure-server
ip classless
ip route 172.16.1.0 255.255.255.0 192.168.1.2 10 name vlan
ip route 172.16.2.0 255.255.255.0 192.168.1.2 20 name vlan
!!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end

R2配置
R2#sh run
Building configuration...
Current configuration : 619 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
no ip routing
关闭路由器的路由功能(就是把它变成主机用)
!
no ip domain lookup
!
no ip cef
ip audit po max-events 100
interface FastEthernet0/0
 ip address 172.16.1.2 255.255.255.0
 no ip route-cache
 duplex auto
 speed auto
!        
ip default-gateway 172.16.1.1
配置个网关就完事
ip http server
no ip http secure-server
ip classless
!

!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!
end      
R3配置

R3#sh run
Building configuration...
Current configuration : 560 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
no ip routing
!

!
no ip cef
ip audit po max-events 100

interface FastEthernet0/0
 ip address 172.16.2.2 255.255.255.0
 no ip route-cache
 duplex auto
 speed auto
!
ip default-gateway 172.16.2.1
ip http server
no ip http secure-server
ip classless

!
line con 0
line aux 0
line vty 0 4
!
!
end
S1 配置S1#show run
Building configuration...
Current configuration : 1631 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit po max-events 100
!
interface FastEthernet0/0
 switchport access vlan 100
 no ip address
!
interface FastEthernet0/1
 switchport access vlan 10
 no ip address
!
interface FastEthernet0/2
 switchport access vlan 20
 no ip address
!

!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 172.16.1.1 255.255.255.0
用户VLAN10
interface Vlan20
 ip address 172.16.2.1 255.255.255.0
用户VLAN20
interface Vlan100
 ip address 192.168.1.2 255.255.255.252
!互联VLAN
ip http server
no ip http secure-server
ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1 name toR1
!

line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!       
end



第二种方法子接口的单臂路由功能

R2 、R3 配置不变
S1配置就将与R1互联的接口封装Trunk链路或者ISL模式
S1#sh run
Building configuration...
Current configuration : 1582 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit po max-events 100
!
interface FastEthernet0/0
 switchport mode trunk
 switchport trunk encapsulation dot1q
修改Trunk类型可能有些交换机敲上不显示但是一定要敲,因为有的交互机默认Trukn类型为ISL,最新的交换机已经去掉了ISL模式,也可以显示Trukn类型
 no ip address
!
interface FastEthernet0/1
 switchport access vlan 10
 no ip address
!
interface FastEthernet0/2
 switchport access vlan 20
 no ip address
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 172.16.1.1 255.255.255.0
!
interface Vlan20
 ip address 172.16.2.1 255.255.255.0
!
interface Vlan100
 no ip address
!
ip http server
no ip http secure-server
ip classless
!

!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!
!        
end


R1 配置
R1#sh run
Building configuration...
Current configuration : 999 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit po max-events 100
!

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 10(vlan10)
 ip address 172.16.1.3 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.2
 encapsulation dot1Q 20(vlan20)
 ip address 172.16.2.3 255.255.255.0
 no snmp trap link-status

!
ip http server
no ip http secure-server
ip classless
!

line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
!        
!
end
 
第三种做法就是不用路由器R1提供路由功能,有些3层交换机的IOS软件版本支持动态协议;
配置命令比较简单
S1配置
IP routing
router ospf 100
network 172.16.1.0 0.0.0.255 area 0
network 172.16.2.0 0.0.0.255 area 0
 
 
3种做法的区别:
第一种是纯路由的实现vlan间的通信的,把vlan终结在核心交换机,通过R1回执路由给核心交换机,交换机通过默认路由去往r1,但是核心交换机必须为3层交换机比较复杂;
 
第二种做法相对第一种做法比较简单,把vlan终结在路由器上,而且核心交换机可以用可网管的2层交换机配置,与路由器相连的交换机端口必须封装Trunk或ISL模式,路由器必须配置子接口和封装模式与交换机相连的端口保持一致;(但是这样arp也就通过VLAN上到路由器上了这就要看网络规模的大小了)
 
第三种是去掉了路由器这种方法实现比较简单,他们之间的区别前两种都是由路由器提供路由的,后一种是由交换机提供路由,后者实现虽然简单但是不证明就不需要路由器了,前两种可以通过路由器实施PBR功能对网络数据的流量进行管控,3层交换机就不支持PBR等功能了,这也就是IOS的区别了。


以上几种做法还是推荐第2种做法比较简单,也好实施策略等。
阅读(502) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~