使用外部路由器設定 InterVLAN 路由

簡介

本檔案將說明如何設定組態，以使用外部Cisco路由器設定Inter VLAN路由。

必要條件

需求

思科建議您瞭解以下主題：

• 基本路由知識

採用元件

本檔案中的資訊是根據以下軟體版本：

• Catalyst交換器Cisco IOS® 15.2E
• Cisco路由器Cisco IOS XE 17.3

本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您的網路運作中，請確保您瞭解任何指令可能造成的影響。

慣例

如需文件慣例的詳細資訊，請參閱思科技術提示慣例。

背景資訊

本檔案介紹使用外部Cisco路由器設定Inter VLAN路由的組態，並說明802.1Q中繼上的範例組態；執行每個指令時會顯示結果。不同的Cisco系列路由器和任何Catalyst交換器都可用於本文所提出的方案以獲得相同的結果。

主幹連線是在兩個裝置之間，透過點對點連結，從多個 VLAN 攜帶流量的方式。最初，乙太網中繼的實施方式有兩種：

• InterSwitch Link(ISL)Cisco專有協定

• 電氣電子工程師協會(IEEE)802.1Q標準

建立主干連結並用於在Catalyst交換器和/或Cisco路由器之間的單一連結中傳輸來自兩個或多個VLAN（例如VLAN1和VLAN2）的流量。

Cisco路由器用於在VLAN-X和VLAN-Y之間執行VLAN間路由。當Catalyst系列交換器僅是第2層(L2)，且無法在VLAN之間路由或通訊時，此組態會很有用。

對於802.1Q中繼，一個VLAN未標籤。此VLAN稱為本地VLAN。當連線埠處於802.1Q主幹模式時，原生VLAN用於未標籤的流量。配置802.1Q中繼時，請記住，在中繼鏈路的兩端，本地VLAN的配置必須相同。在路由器和交換機之間配置了802.1Q中繼時，不匹配本徵VLAN是一個常見的錯誤。

在此範例組態中，預設情況下，Cisco路由器和Catalyst交換器上的原生VLAN都是VLAN1。視網路需求而定，您可以使用除預設VLAN VLAN1以外的本徵VLAN。有關如何更改這些裝置上的本地VLAN的本文檔的配置部分中提到了命令。

本文檔中提供的示例配置可用於支援802.1Q VLAN中繼的不同思科路由器系列。

注意：支援的最低版本不一定就是推薦的版本。若要判斷您思科產品的最佳維護版本，請在Bug工具包中搜尋按產品元件列出的錯誤。

注意：只有註冊的思科使用者才能訪問內部文檔、工具和資訊。

設定

本節提供用於設定本文件中所述功能的資訊。

網路圖表

本檔案會使用下圖中所示的網路設定。

網路圖表組態

!-- (Optional) Set the IP address and default gateway for VLAN1 for management purposes.

L2_Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
L2_Switch(config)#interface vlan 1
L2_Switch(config-if)#ip address 10.10.0.2 255.255.255.0
L2_Switch(config-if)#no ip directed-broadcast
L2_Switch(config-if)#no ip route-cache
L2_Switch(config-if)#exit
L2_Switch(config-if)#ip default-gateway 10.10.0.1 

!-- (Optional) Set the VTP Mode. In our example, we have set the mode to be transparent. 
!-- Depending on your network, set the VTP Mode accordingly. 

L2_Switch(config)#vtp mode transparent 
Setting device to VTP Transparent mode for VLANS.
L2_Switch(config)#

!-- Adding VLAN10 and VLAN11.

L2_Switch(config)#vlan 10-11
L2_Switch(config-vlan)#exit
L2_Switch(config)# 

!-- Enable trunking on the interface GigabitEthernet 0/2.
!-- Enter the trunking encapsulation as dot1q.

L2_Switch(config)#interface gigabitEthernet 0/2
L2_Switch(config-if)#switchport trunk encapsulation dot1q
L2_Switch(config-if)#switchport mode trunk 

!-- In case of dot1q, you need to make sure that the native VLAN matches across the link. 
!-- On Catalyst Switches, by default, the native VLAN is 1. 
!-- It is very important that you change the native VLAN on the router accordingly. 

!-- The following set of commands can place on the interfaces connecting to the workstations.  

L2_Switch(config)#interface gigabitEthernet 0/0
L2_Switch(config-if)#switchport mode access
L2_Switch(config-if)#switchport access vlan 11
L2_Switch(config-if)#exit 

L2_Switch(config)#interface gigabitEthernet 0/1
L2_Switch(config-if)#switchport mode access 
L2_Switch(config-if)#switchport access vlan 10
L2_Switch(config-if)#exit 

!-- Remember to save the configuration.  

L2_Switch#write memory 
Building configuration...

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

!-- Select GigabitEthernet 1 for the trunk configuration. 
!-- No Layer 3 (L3) configuration is done here.

Router(config)#interface GigabitEthernet 1
Router(config-if)#no shut
Router(config-if)#exit

!-- Enable dot1q on the sub-interface one for each VLAN. 
!-- Configure L3 information on the sub-interface for each gateway.

Router(config)#interface gigabitEthernet 1.10     
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 10.10.10.1 255.255.255.0
Router(config-subif)#exit

Router(config)#interface gigabitEthernet 1.11
Router(config-subif)#encapsulation dot1Q 11
Router(config-subif)#ip address 10.10.11.1 255.255.255.0
Router(config-subif)#exit

!-- (Optional) For the management VLAN 1 make sure that the native VLAN matches across the link. 
!-- On the switch, by default, the native VLAN is 1. 
!-- On the router, configure VLAN1 as the native VLAN.

Router(config)#interface gigabitEthernet 1.1
Router(config-subif)#encapsulation dot1Q 1 native 
Router(config-subif)#ip address 10.10.0.1 255.255.255.0
Router(config-subif)#end

!-- Remember to save the configuration. 

Router#write memory
Building configuration...
[OK]
Router#

有用的命令

此部分幫助您確認您的配置是否按預期工作。

在Catalyst交換器上，您可以使用以下命令來協助驗證：

• show interface {FastEthernet | GigabitEthernet} <module/port> switchport

• show vlan

• show vtp status

在思科路由器上，使用以下命令：

• show ip route

• 顯示介面

命令輸出示例

Catalyst交換器

下一個命令用於檢查埠的管理狀態和運行狀態。它還可以用來確保本徵VLAN與TRUNK兩端匹配。當連線埠處於802.1Q主幹模式時，原生VLAN用於未標籤的流量。

對於802.1Q中繼，輸出命令顯示：

L2_Switch#show interfaces gigabitEthernet 0/2 switchport 
Name: Gi0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none 
Administrative private-vlan mapping: none 
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Appliance trust: none  

下一個命令用於驗證介面（埠）是否屬於正確的VLAN。在本例中，介面Gi0/1屬於VLAN10,Gi0/0屬於VLAN11。其餘是VLAN1的成員。

L2_Switch#show vlan brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/3
10 VLAN0010 active Gi0/1 11 VLAN0011 active Gi0/0
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 
L2_Switch#

下一個命令用於檢查交換機上的VLAN中繼協定(VTP)配置。在此範例中，使用透明模式。正確的VTP模式取決於網路的拓撲。

L2_Switch#show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : 
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 5254.0000.8000
Configuration last modified by 0.0.0.0 at 3-1-24 15:21:18

Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 7
Configuration Revision            : 0
MD5 digest                        : 0x9F 0x7D 0x8D 0x10 0xB1 0x22 0x2F 0xE7 
                                    0x29 0x77 0x42 0xA7 0x95 0xE7 0x68 0x1C 

思科路由器

下一個命令將告訴第3層路由有關路由器上配置的子介面的資訊。

Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        10.10.0.0/24 is directly connected, GigabitEthernet1.1
L        10.10.0.1/32 is directly connected, GigabitEthernet1.1
C 10.10.10.0/24 is directly connected, GigabitEthernet1.10 L 10.10.10.1/32 is directly connected, GigabitEthernet1.10 C 10.10.11.0/24 is directly connected, GigabitEthernet1.11 L 10.10.11.1/32 is directly connected, GigabitEthernet1.11

下一個命令用於檢查介面的管理狀態和運行狀態。對於路由器介面狀態，輸出命令顯示：

Router#show interfaces 
GigabitEthernet1 is up, line protocol is up 
  Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1000Mbps, link type is auto, media type is Virtual
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:14:10, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     5338 packets input, 361563 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     13 packets output, 1248 bytes, 0 underruns
     Output 0 broadcasts (0 IP multicasts)
     0 output errors, 0 collisions, 2 interface resets
     57 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     1 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
GigabitEthernet1.1 is up, line protocol is up 
  Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d)
  Internet address is 10.10.0.1/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  1.
  ARP type: ARPA, ARP Timeout 04:00:00
  Keepalive set (10 sec)
  Last clearing of "show interface" counters never
GigabitEthernet1.10 is up, line protocol is up Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d) Internet address is 10.10.10.1/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  10.
  ARP type: ARPA, ARP Timeout 04:00:00
  Keepalive set (10 sec)
  Last clearing of "show interface" counters never
GigabitEthernet1.11 is up, line protocol is up Hardware is CSR vNIC, address is 5254.0000.004d (bia 5254.0000.004d) Internet address is 10.10.11.1/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation 802.1Q Virtual LAN, Vlan ID  11.
  ARP type: ARPA, ARP Timeout 04:00:00
  Keepalive set (10 sec)
  Last clearing of "show interface" counters never
GigabitEthernet2 is administratively down, line protocol is down 
  Hardware is CSR vNIC, address is 5254.0000.004e (bia 5254.0000.004e)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 1000Mbps, link type is auto, media type is Virtual
  output flow-control is unsupported, input flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo

相關資訊

• 在Catalyst 3550/3750和Catalyst交換機之間配置802.1q中繼
• 使用 Catalyst 交換器設定 InterVLAN 路由
• 技術支援與下載 — Cisco Systems