使用外部路由器配置 VLAN 间路由
简介
本文档介绍如何使用外部Cisco路由器来构建配置,以设置VLAN间路由。
先决条件
要求
Cisco 建议您了解以下主题:
- 基本的路由知识
使用的组件
本文档中的信息基于以下软件版本:
- Catalyst交换机Cisco IOS® 15.2E
- 思科路由器Cisco IOS XE 17.3
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
规则
有关文件规则的更多信息请参见“ Cisco技术提示规则”。
背景信息
本文档介绍使用外部Cisco路由器设置VLAN间路由的配置,并通过在802.1Q中继上的示例配置进行说明;每个命令的执行结果均显示出来。不同的Cisco系列路由器和任何Catalyst交换机都可用于本文档介绍的场景,以获得相同的结果。
中继是一种在两个设备之间点到点链路上传输来自若干 VLAN 的流量的方式。最初,以太网中继有两种实现方式:
-
InterSwitch Link(ISL)Cisco专有协议
-
电气电子工程师协会(IEEE)802.1Q标准
创建并使用中继链路以通过 Catalyst 交换机和/或思科路由器之间的单条链路传输来自两个或多个 VLAN(例如 VLAN1 和 VLAN2)的流量。
Cisco路由器用于执行VLAN-X和VLAN-Y之间的VLAN间路由。当Catalyst系列交换机仅是第2层(L2)且无法在VLAN之间路由或通信时,此配置非常有用。
在使用 802.1Q 中继时,有一个 VLAN 不会被标记。此 VLAN 称为本地 VLAN。当端口在 802.1Q 中继模式下时,本地 VLAN 用于未标记的数据流。当您配置 802.1Q 中继时,切记必须在中继链路每一端以相同的方式配置本地 VLAN。在配置路由器与交换机之间的 802.1Q 中继时,本地 VLAN 未匹配是个常见的错误。
在此配置示例中,思科路由器和 Catalyst 交换机上的本地 VLAN 均默认为 VLAN1。根据您的网络需求,您可以使用除默认VLAN(VLAN1)以外的本征VLAN。关于如何更改这些设备上的本地 VLAN,本文档的配置部分对相关命令进行了介绍。
本文档中提供的示例配置可用于支持802.1Q VLAN中继的不同思科路由器系列。
配置
本部分提供有关如何配置本文档所述功能的信息。
网络图
本文档使用此图所示的网络设置。
网络图配置
| Catalyst L2交换机 |
|---|
|
| 路由器 |
|---|
Router#configure terminal |
有用的命令
本部分可帮助您确认配置是否按预期工作。
在 Catalyst 交换机上,可使用以下命令来帮助验证:
-
show interface {FastEthernet | GigabitEthernet} <module/port> switchport
-
show vlan
-
show vtp status
在Cisco路由器上,使用以下命令:
-
show ip route
-
show interface
命令输出示例
Catalyst 交换机
下一个命令用于检查端口的管理状态和运行状态。还用来确保中继两端的本地 VLAN 互相匹配。当端口在 802.1Q 中继模式下时,本地 VLAN 用于未标记的数据流。
对于 802.1Q 中继,输出命令会显示:
L2_Switch#show interfaces gigabitEthernet 0/2 switchport Name: Gi0/2 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Appliance trust: none
下一个命令用于检验接口(端口)是否属于正确的VLAN。在本示例中,接口Gi0/1属于VLAN10,Gi0/0属于VLAN11。其他接口属于 VLAN1。
L2_Switch#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/3 10 VLAN0010 active Gi0/1 11 VLAN0011 active Gi0/0 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup L2_Switch#
下一个命令用于检查交换机上的VLAN中继协议(VTP)配置。本例中使用了透明模式。正确的 VTP 模式取决于网络拓扑结构。
L2_Switch#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 5254.0000.8000
Configuration last modified by 0.0.0.0 at 3-1-24 15:21:18
Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 0
MD5 digest : 0x9F 0x7D 0x8D 0x10 0xB1 0x22 0x2F 0xE7
0x29 0x77 0x42 0xA7 0x95 0xE7 0x68 0x1C Cisco 路由器
下一命令将告知第3层路由信息有关路由器上配置的子接口。
Router#show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route H - NHRP, G - NHRP registered, g - NHRP registration summary o - ODR, P - periodic downloaded static route, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR & - replicated local route overrides by connected Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks C 10.10.0.0/24 is directly connected, GigabitEthernet1.1 L 10.10.0.1/32 is directly connected, GigabitEthernet1.1 C 10.10.10.0/24 is directly connected, GigabitEthernet1.10 L 10.10.10.1/32 is directly connected, GigabitEthernet1.10 C 10.10.11.0/24 is directly connected, GigabitEthernet1.11 L 10.10.11.1/32 is directly connected, GigabitEthernet1.11
下一个命令用于检查接口的管理和运行状态。关于路由器接口状态,输出命令会显示:
Router#show interfaces
GigabitEthernet1 is up, line protocol is up
Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000Mbps, link type is auto, media type is Virtual
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:14:10, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
5338 packets input, 361563 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
13 packets output, 1248 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 0 collisions, 2 interface resets
57 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet1.1 is up, line protocol is up
Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d)
Internet address is 10.10.0.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1.
ARP type: ARPA, ARP Timeout 04:00:00
Keepalive set (10 sec)
Last clearing of "show interface" counters never
GigabitEthernet1.10 is up, line protocol is up Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d) Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 10.
ARP type: ARPA, ARP Timeout 04:00:00
Keepalive set (10 sec)
Last clearing of "show interface" counters never
GigabitEthernet1.11 is up, line protocol is up Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d) Internet address is 10.10.11.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 11.
ARP type: ARPA, ARP Timeout 04:00:00
Keepalive set (10 sec)
Last clearing of "show interface" counters never
GigabitEthernet2 is administratively down, line protocol is down
Hardware is CSR vNIC, address is 5254.0000.004e (bia 5254.0000.004e)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000Mbps, link type is auto, media type is Virtual
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo相关信息
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
3.0 |
05-Mar-2024 |
更新的技术内容、简介、图像标题和格式。 |
2.0 |
16-Dec-2022 |
更新格式并更正CCW警报。重新认证。 |
1.0 |
14-Dec-2001 |
初始版本 |
反馈