在 CatOS 交换机与外部路由器之间配置 ISL 与 802.1q Trunking(VLAN 间路由)
简介
本文档提供运行CatOS的Catalyst 6500/6000交换机与可执行InterVLAN路由的Cisco 7500路由器之间交换机间链路(ISL)和802.1q中继的示例配置。执行命令时,每个命令的结果都将显示出来。虽然此配置中使用Catalyst 6500交换机,但可以用运行CatOS且配置步骤不发生任何变化的Catalyst 4500/4000或5500/5000系列交换机来取代它。
开始使用前
背景理论
中继
中继是通过点对点第2层(L2)链路传输来自多个VLAN的流量的一种方式。以太网中继中使用的两种封装是:
-
ISL(思科专有中继封装)
-
802.1q(IEEE标准中继封装)
有关ISL或802.1q中继的详细信息和配置示例,请参阅本文档:
VLAN 间路由
为了使不同VLAN中的设备相互通信,需要路由器在VLAN之间路由。Catalyst 6500/6000上的多层交换功能卡(MSFC)等内部路由器可用于此目的。Catalyst 5500/5000上的路由交换模块(RSM)是另一个示例。如果交换机Supervisor引擎仅支持L2,或交换机中没有第3层(L3)模块,则需要外部路由器(如Cisco 7500)在VLAN之间路由。
重要说明
-
请记住,运行CatOS的Catalyst 4500/4000系列交换机不支持ISL中继。请务必发出show port capabilities <mod> 命令,以确定特定模块在Catalyst 5500/5000上支持哪种中继封装。Catalyst 6500/6000中的所有模块都支持ISL和802.1q中继。
-
请确保使用指南,以便根据交换机的软件文档配置中继。例如,如果在Catalyst 5500/5000上运行软件版本5.5.x,请参阅《软件配置指南》(5.5),并仔细检查所有配置指南和限制。
规则
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
先决条件
在您尝试此配置前,请保证您满足这些前提条件:
-
Catalyst 6500/6000 系列交换机:
-
所有软件和硬件都支持ISL和802.1q中继
-
-
Cisco 7000或7500系列路由器:
-
带有7000系列路由交换处理器(RSP7000)的Cisco 7000系列路由器
-
7000系列机箱接口(RSP7000CI)
-
Cisco 7500系列路由器,带快速以太网接口处理器(FEIP)或通用接口处理器(VIP2)端口适配器
-
如果使用PA-2FEISL端口适配器,则必须具有硬件修订版1.2或更高版本。有关详细信息,请参阅2端口快速以太网ISL(PA-2FEISL)的更换建议。
-
-
Cisco IOS®软件版本12.1(3)T中引入了encapsulation dot1q native命令。此命令更改了配置。有关详细信息,请参阅本文档配置部分中的Cisco 7500上Cisco IOS版本低于12.1(3)T的配置输出802.1q配置示例。
-
Cisco 7500系列路由器默认启用Cisco快速转发。但是,在Cisco IOS 12.2和12.2T版本之前,IEEE 802.1q VLAN之间IP路由的思科快速转发支持不可用。仍可以在早期版本中配置802.1q封装,但必须首先在全局配置模式下使用no ip cef命令禁用思科快速转发。
-
支持ISL中继需要Cisco IOS 11.3(1)T版(任意加功能集)或更高版本。支持IEEE 802.1q中继需要Cisco IOS 12.0(1)T版(任意加功能集)或更高版本。
使用的组件
本文档中的信息基于以下软件和硬件版本:
-
用于此配置的Catalyst 6500运行CatOS版本5.5(14)
-
用于此配置的Cisco 7500系列路由器运行Cisco IOS版本12.2(7b)
配置
本部分提供有关如何配置本文档所述功能的信息。
注意:要查找有关本文档中使用的命令的其他信息,请使用命令查找工具(仅注册客户)。
在配置部分,将执行以下任务:
-
在Catalyst 6500上配置两个接入端口。一个用于VLAN 1中的工作站1,另一个用于VLAN 2中的工作站2。
-
在Cisco 7500上,将工作站1和工作站2的各自默认网关配置为10.10.10.1 /24和10.10.11.1/24。
-
在Catalyst 6500交换机和Cisco 7500路由器之间配置ISL或802.1q中继。
-
为VLAN间路由配置两个FastEthernet子接口的IP地址。
网络图
本文档使用此图中所示的网络设置:
配置
本文档使用以下配置:
本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。
| Catalyst 6500 交换机 |
|---|
!-- Set the sc0 IP address and VLAN. Catalyst6500> (enable) set int sc0 10.10.10.2 255.255.255.0 Interface sc0 IP address and netmask set. Catalyst6500 (enable) set int sc0 1 !-- Set the default gateway. Catalyst6500> (enable) set ip route default 10.10.10.1 Route added. !-- Set the VLAN Trunk Protocol (VTP) mode. !-- In this example, the mode is set to transparent. !-- Depending on your network, set the VTP mode accordingly. !-- For details on VTP, refer to Understanding and Configuring !-- VLAN Trunk Protocol (VTP). Catalyst6500> (enable) set vtp mode transparent VTP domain modified !-- Add VLAN 2. VLAN 1 already exists by default. Catalyst6500> (enable) set vlan 2 VLAN 2 configuration successful !-- Add port 3/4 to VLAN 2. Port 3/3 is already in VLAN 1 by default. Catalyst6500> (enable) set vlan 2 3/4 VLAN 2 modified. VLAN 1 modified. VLAN Mod/Ports ---- ----------------------- 2 3/4 ! -- Set the port speed and duplex at 100 and full. One of !-- the requirements for trunking to work is for speed and duplex to be the same on !-- both sides. To guarantee this, hardcode both speed and duplex on port 3/1. !-- You can also make the devices auto-negotiate, but make sure you correctly !-- do so on both sides. Catalyst6500> (enable) set port speed 3/1 100 Ports 3/1 transmission speed set to 100Mbps. Catalyst6500> (enable) set port duplex 3/1 full Ports 3/1 set to full-duplex. !-- Enable trunking on port 3/1. !-- Because routers do not understand Dynamic Trunking Protocol (DTP), !-- the trunking mode is set to nonegotiate, which causes ports to trunk !-- but not generate DTP frames. !-- Enter the trunking encapsulation as either ISL or as 802.1q. Catalyst6500> (enable) set trunk 3/1 nonegotiate isl Port(s) 3/1 trunk mode set to nonegotiate. Port(s) 3/1 trunk type set to isl. ! -- Make sure the native VLAN (default is VLAN 1) matches across the link. ! -- For more information on the native VLAN and 802.1q trunking, refer to ! -- Trunking Between Catalyst 4500/4000, 5500/5000, and 6500/6000 Family Switches Using !-- 802.1q Encapsulation. Catalyst6500> (enable) set trunk 3/1 nonegotiate dot1q Port(s) 3/1 trunk mode set to nonegotiate. Port(s) 3/1 trunk type set to dot1q. Catalyst6500> (enable) show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ......... .................. .. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu May 2 2002, 01:26:26 ! #version 5.5(14) ! ! #system set system name Catalyst6500 ! #! #vtp set vtp mode transparent set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name VLAN0002 type ethernet mtu 1500 said 100002 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 7 stemaxhop 7 backupcrf off ! #ip set interface sc0 1 10.10.10.2/255.255.255.0 10.10.10.255 set ip route 0.0.0.0/0.0.0.0 10.10.10.1 ! #set boot command set boot config-register 0x2102 set boot system flash bootflash:cat6000-sup.5-5-14.bin ! #port channel ! # default port status is enable ! ! #module 1 empty ! #module 2 : 2-port 1000BaseX Supervisor ! #module 3 : 48-port 10/100BaseTX Ethernet set vlan 2 3/4 set port disable 3/5 set port speed 3/1 100 set port duplex 3/1 full set trunk 3/1 nonegotiate isl 1-1005 !-- If IEEE 802.1q is configured, !-- you will see the following output instead: !-- set trunk 3/1 nonegotiate dot1q 1-1005 ! #module 4 : 24-port 100BaseFX MM Ethernet ! #module 5 empty ! #module 6 empty ! #module 15 empty ! #module 16 empty end |
| Cisco 7500 路由器 |
|---|
7500#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
!-- Configure the FastEthernet interfaces for speed 100 depending on the port adapter. !-- Some FastEthernet port adapters can auto-negotiate speed (10 or 100) !-- and duplex (half or full). Others are only capable of 100 (half or full).
7500(config)#int fa 5/1/1
!-- Configure full-duplex to match the duplex setting on the Catalyst switch side.
7500(config-if)#full-duplex
7500(config-if)#speed 100
7500(config-if)#no shut
7500(config-if)#
01:46:09: %LINK-3-UPDOWN: Interface FastEthernet5/1/1, changed state to up
01:46:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/1/1,
changed state to up
7500(config-if)#exit
!-- If you are using ISL trunking, configure two FastEthernet !-- sub-interfaces and enable ISL trunking by issuing !-- the encapsulation isl
|
在低于12.1(3)T的Cisco IOS版本中,子接口下的encapsulation dot1Q 1 native命令不可用。但是,仍需要匹配链路上的本征VLAN,如上所述。
为了在低于12.1(3)T的软件版本中配置802.1q中继,本征VLAN(本文档中的VLAN 1)的IP地址在主快速以太网接口上配置,而不是在快速以太网子接口上配置。
| 在Cisco 7500上为12.1(3)T以前的Cisco IOS版本配置802.1Q |
|---|
7500#configure terminal Enter configuration commands, one per line. End with CNTL/Z. !-- Configure the FastEthernet interfaces for speed 100 !-- depending on the port adapter. Some FastEthernet port adapters can !-- auto-negotiate speed (10 or 100) and duplex (half or full). !-- Others are only capable of 100 (half or full). 7500(config)#int Fast 5/1/1 !-- Configure full-duplex to match the duplex setting !-- on the Catalyst switch side. 7500(config-if)#full-duplex 7500(config-if)#speed 100 7500(config-if)#no shut 7500(config-if)# 01:46:09: %LINK-3-UPDOWN: Interface FastEthernet5/1/1, changed state to up 01:46:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/1/1, changed state to up 7500(config-if)#exit !-- Do not configure an interface FastEthernet5/1/1.1. !-- Instead, configure the IP address for VLAN 1 (the native VLAN). 7500(config)#int Fast 5/1/1 7500(config-if)#ip address 10.10.10.1 255.255.255.0 7500(config-if)#exit 7500(config)# !-- It is still necessary to create a sub-interface for VLAN 2. 7500(config)#int Fast 5/1/1.2 7500(config-subif)#encapsulation dot1Q 2 7500(config-subif)#ip address 10.10.11.1 255.255.255.0 7500(config-subif)#exit ! -- Remember to save the configuration. 7500#write memory Building configuration... [OK] 7500# !-- Note: Remember also that in any version of software previous !-- to Cisco IOS 12.2 or 12.2T for the 7000 or 7500 series router, you !-- have to issue the no ip cef command globally before configuring !-- 802.1q trunking on a sub-interface. Otherwise, you will see the !-- following error message: !-- 802.1q encapsulation not supported with CEF configured on the !-- interface. !-- For more information, refer to the Components Used section of !-- this document. 7500#show running-config Building configuration... Current configuration : 1593 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 7500 ! ! ip subnet-zero ! no ip cef ! ! ! interface FastEthernet5/1/0 no ip address no ip mroute-cache speed 100 full-duplex ! interface FastEthernet5/1/1 ip address 10.10.10.1 255.255.255.0 speed 100 full-duplex hold-queue 300 in ! interface FastEthernet5/1/1.2 encapsulation dot1Q 2 ip address 10.10.11.1 255.255.255.0 ! ! ! ip classless no ip http server ! ! ! line con 0 line aux 0 line vty 0 4 login ! end 7500# |
验证
本部分提供了可用于确认您的配置是否正常运行的信息。
命令输出解释程序工具(仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。
在Catalyst 6500交换机上,发出以下命令:
-
show interface
-
show ip route
-
show port capabilities <mod/port>
-
show port counters <mod/port>
-
show port <mod>
-
show vlan
-
show trunk
在Cisco 7500路由器上,发出以下命令:
-
show interfaces fastethernet <slot/port-adapter/port>
Catalyst 6500 show 命令
show interface命令显示sc0管理接口IP地址和VLAN。在本例中,使用默认VLAN,即VLAN 1。
Catalyst6500> (enable) show interface
sl0: flags=51<UP,POINTOPOINT,RUNNING>
slip 0.0.0.0 dest 0.0.0.0
sc0: flags=63
VLAN 1 inet 10.10.10.2 netmask 255.255.255.0 broadcast 10.10.10.255
Catalyst6500> (enable)
show ip route命令显示默认网关。在本示例中,10.10.10.1是端口通道1(用于802.1q中继)或端口通道1.1(用于ISL中继)的IP地址。
Catalyst6500> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled The primary gateway: 10.10.10.1 Destination Gateway RouteMask Flags Use Interface --------------- --------------- ---------- ----- -------- --------- default 10.10.10.1 0x0 UG 0 sc0 10.10.10.0 10.10.10.2 0xffffff00 U 8 sc0 default default 0xff000000 UH 0 sl0 Catalyst6500> (enable)
show port capabilities <mod/port>命令用于查看交换模块的硬件功能。本示例显示端口3/1(3/2相同)支持EtherChannel,支持哪些中继封装以及其他信息。
Catalyst6500> (enable) show port capabilities 3/1 Model WS-X6248-RJ-45 Port 3/1 Type 10/100BaseTX Speed auto,10,100 Duplex half,full Trunk encap type 802.1Q,ISL Trunk mode on,off,desirable,auto,nonegotiate Channel yes Broadcast suppression percentage(0-100) Flow control receive-(off,on),send-(off) Security yes Membership static,dynamic Fast start yes QOS scheduling rx-(1q4t),tx-(2q2t) CoS rewrite yes ToS rewrite DSCP UDLD yes Inline power no AuxiliaryVlan 1..1000,untagged,dot1p,none SPAN source,destination COPS port group not supported Catalyst6500> (enable)
show port counters <mod/port>命令可以查看可能的端口错误。在本例中,此端口没有任何错误。如果在端口上遇到错误,请参阅排除交换机端口故障以了解详细信息。
Catalyst6500> (enable) show port counters 3/1 Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize ----- ---------- ---------- ---------- ---------- --------- 3/1 0 0 0 0 0 Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants ----- ---------- ---------- ---------- ---------- --------- --------- --------- 3/1 0 0 0 0 0 0 - Last-Time-Cleared -------------------------- Thu May 2 2002, 02:11:55 Catalyst6500> (enable)
show port <mod>命令显示端口状态、VLAN、中继、速度和双工信息。在本例中,工作站1的接入端口是3/3,位于VLAN 1中。工作站2的接入端口是3/4,即VLAN 2。端口3/1是中继端口。
Catalyst6500> (enable) show port 3 Port Name Status VLAN Duplex Speed Type ----- -------------------- ---------- ---------- ------ ----- ------------ 3/1 connected trunk full 100 10/100BaseTX 3/2 connected 1 full 100 10/100BaseTX 3/3 connected 1 a-half a-10 10/100BaseTX 3/4 connected 2 a-full a-100 10/100BaseTX !-- Output truncated
show vlan命令显示哪些端口已分配给特定VLAN。请注意,中继端口 — 3/1未显示在此输出中,这是正常的。
Catalyst6500> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 119 2/1-2
3/2-3,3/5-48
4/1-24
2 VLAN0002 active 124 3/4
!-- Output truncated
show trunk命令显示中继模式、封装类型、允许的VLAN和活动VLAN。在本例中,VLAN 1(默认情况下始终允许并处于活动状态)和VLAN 2是中继的当前活动VLAN。注意,中继端口在VLAN 1中。
Catalyst6500> (enable) show trunk * - indicates vtp domain mismatch Port Mode Encapsulation Status Native vlan -------- ----------- ------------- ------------ ----------- 3/1 nonegotiate isl trunking 1 Port VLANs allowed on trunk -------- --------------------------------------------------------------------- 3/1 1-1005 Port VLANs allowed and active in management domain -------- --------------------------------------------------------------------- 3/1 1-2 Port VLANs in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- 3/1 1-2
对于802.1q中继,命令的输出会以如下方式更改:
Catalyst6500> (enable) show trunk * - indicates vtp domain mismatch Port Mode Encapsulation Status Native VLAN -------- ----------- ------------- ------------ ----------- 3/1 nonegotiate dot1q trunking 1 Port VLANs allowed on trunk -------- --------------------------------------------------------------------- 3/1 1-1005 Port VLANs allowed and active in management domain -------- --------------------------------------------------------------------- 3/1 1-2 Port VLANs in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- 3/1 1-2 Catalyst6500> (enable)
Cisco 7500 路由器 show 命令
以下是ISL中继的输出:
7500#show interface FastEthernet5/1/1.1
FastEthernet5/1/1.1 is up, line protocol is up
Hardware is cyBus FastEthernet Interface, address is 0001.6490.f8a8 (bia 0001.
6490.f8a8)
Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ISL Virtual LAN, Color 1.
ARP type: ARPA, ARP Timeout 04:00:00
7500#show interface FastEthernet5/1/1.2
FastEthernet5/1/1.2 is up, line protocol is up
Hardware is cyBus FastEthernet Interface, address is 0001.6490.f8a8 (bia 0001.
6490.f8a8)
Internet address is 10.10.11.1/24
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ISL Virtual LAN, Color 2.
ARP type: ARPA, ARP Timeout 04:00:00
show interfaces fastethernet <slot/port-adapter/port>命令显示路由器物理接口的状态以及接口上是否存在任何错误。在本例中,它是无错的。
7500#show interface fa5/1/0
FastEthernet5/1/0 is up, line protocol is up
Hardware is cyBus FastEthernet Interface, address is 0001.6490.f8a8 (bia 0001.
6490.f8a8)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 1d00h, output 00:00:07, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2929 packets input, 425318 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
12006 packets output, 1539768 bytes, 0 underruns
0 output errors, 0 collisions, 6 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
7500#
故障排除
目前没有针对此配置的故障排除信息。
反馈