本文主要学习路由器和三层交换机对接方法

有一个这样的公司,客户要求对行政部,研发部,财务部和市场部划分四个VLAN分别是VLAN1,VLAN2,VLAN3,VLAN4

拓扑图如下

网络基础之路由器和三层交换机如何对接 三层交换机如何与路由器连接-冯金伟博客园

由上图可知,现在交换机上划分四个VLAN ,每个VLAN的接口地址如上图所示,现将交换机VLAN1接口与路由LAN口相连,各VLAN通过VLAN1上网。

1. 路由上不划分VLAN

1.1. 路由器设置

A添加静态路由

“网络设置”->“静态路由”,添加静态路由如下图所示:

网络基础之路由器和三层交换机如何对接 三层交换机如何与路由器连接-冯金伟博客园

启用静态路由

B为VLAN网络加入NAT上网支持

默认情况下,只有和路由局域网IP在同一网段的机器才能上网。进入“网络设置”->“局域网(LAN)”,在VLAN网络地址栏里添加三层交换上所划分的VLAN网络,如下:

网络基础之路由器和三层交换机如何对接 三层交换机如何与路由器连接-冯金伟博客园

此时,三层交换下的各VLAN网络里的客户机都可以通过路由联入互联网了。

注意

使用这种方法划分VLAN时,客户机的网关地址设置三层交换机上的VLAN接口IP地址。

1.2. 三层交换机设置

这里以华为交换机为例,配置如下:

#

vlan 1

#

vlan 2

#

vlan 3

#

vlan 4

#

interface Vlan-interface1

ip address 172.16.1.1255.255.255.0

#

interface Vlan-interface2

ip address 172.16.2.1255.255.255.0

#

interface Vlan-interface3

ip address 172.16.3.1255.255.255.0

#

interface Vlan-interface4

ip address 172.16.4.1255.255.255.0

#

interface Aux0/0

#

interface Ethernet0/1

flow-control

#

interface Ethernet0/2

flow-control

#

interface Ethernet0/3

#

interface Ethernet0/4

#

interface Ethernet0/5

#

interface Ethernet0/6

#

interface Ethernet0/7

port access vlan 2

#

interface Ethernet0/8

port access vlan 2

#

interface Ethernet0/9

port access vlan 2

#

interface Ethernet0/10

port access vlan 2

#

interface Ethernet0/11

port access vlan 2

#

interface Ethernet0/12

port access vlan 2

#

interface Ethernet0/13

port access vlan 3

#

interface Ethernet0/14

port access vlan 3

#

interface Ethernet0/15

port access vlan 3

#

interface Ethernet0/16

port access vlan 3

#

interface Ethernet0/17

port access vlan 3

#

interface Ethernet0/18

port access vlan 3

#

interface Ethernet0/19

port access vlan 4

#

interface Ethernet0/20

port access vlan 4

#

interface Ethernet0/21

port access vlan 4

#

interface Ethernet0/22

port access vlan 4

#

interface Ethernet0/23

port access vlan 4

#

interface Ethernet0/24

port access vlan 4

#

interface GigabitEthernet1/1

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 172.16.1.2 preference 60

2. 路由上划分VLAN

有如下网络拓扑图:

网络基础之路由器和三层交换机如何对接 三层交换机如何与路由器连接-冯金伟博客园

某公司的网络拓扑图

中继接口使用 802.11q 封装,允许所有VLAN访问,在这种情况下,交换机上不需要设置默认路由。

路由的LAN口主IP地址为192.168.0.254,并建立了4个逻辑VLAN,和交换机上的VLAN相对应。

DHCP服务器对VLAN-1/2/3/4提供IP分配,每个VLAN获取对应网段的地址,即:

  • VLAN-1 下的机器获得 192.168.1.0/255.255.255.0 段的IP
  • VLAN-2 下的机器获得 192.168.2.0/255.255.255.0 段的IP
  • VLAN-3 下的机器获得 192.168.3.0/255.255.255.0 段的IP
  • VLAN-4 下的机器获得 192.168.4.0/255.255.255.0 段的IP

2.1.路由器设置

2.1.1划分vlan

“网络设置”->“VLAN虚拟局域网”,新增VLAN网段,配置如下图所示:

网络基础之路由器和三层交换机如何对接 三层交换机如何与路由器连接-冯金伟博客园

2.2. 交换机设置

H3C 交换机的设置

DIS current

#

sysname SystemTest

#

local-user admin

password simple admin

service-type telnet

level 3

local-user sxy

password simple sxy

service-type telnet

#

interface Vlan-interface1

ip address 192.168.0.1 255.255.255.0

#

interface Vlan-interface100

ip address 192.168.1.1 255.255.255.0

#

interface Vlan-interface200

ip address 192.168.2.1 255.255.255.0

#

interface Vlan-interface300

ip address 192.168.3.1 255.255.255.0

#

interface Vlan-interface400

ip address 192.168.4.1 255.255.255.0

#

interface Aux1/0/0

#

interface Ethernet1/0/1

port access vlan 100

#

interface Ethernet1/0/2

port access vlan 100

#

interface Ethernet1/0/3

port access vlan 100

#

interface Ethernet1/0/4

port access vlan 100

#

interface Ethernet1/0/5

port access vlan 100

#

interface Ethernet1/0/6

port access vlan 100

#

interface Ethernet1/0/7

port access vlan 200

#

interface Ethernet1/0/8

port access vlan 200

#

interface Ethernet1/0/9

port access vlan 200

#

interface Ethernet1/0/10

port access vlan 200

#

interface Ethernet1/0/11

port access vlan 200

#

interface Ethernet1/0/12

port access vlan 200

#

interface Ethernet1/0/13

port access vlan 300

#

interface Ethernet1/0/14

port access vlan 300

#

interface Ethernet1/0/15

port access vlan 300

#

interface Ethernet1/0/16

port access vlan 300

#

interface Ethernet1/0/17

port access vlan 300

#

interface Ethernet1/0/18

port access vlan 300

#

interface Ethernet1/0/19

port access vlan 400

#

interface Ethernet1/0/20

port access vlan 400

#

interface Ethernet1/0/21

port access vlan 400

#

interface Ethernet1/0/22

port access vlan 400

#

interface Ethernet1/0/23

port access vlan 400

#

interface Ethernet1/0/24

port link-type trunk

port trunk permit vlan 1 100 200 300 400