在CatOS交換機和外部路由器之間配置ISL和802.1q中繼(InterVLAN路由)
簡介
本文提供執行CatOS的Catalyst 6500/6000交換器與可執行InterVLAN路由的Cisco 7500路由器之間的InterSwitch連結(ISL)和802.1q主幹設定範例。每個命令的結果在執行時顯示。雖然此組態中使用的是Catalyst 6500交換器,但可以用執行CatOS且設定步驟沒有變更的Catalyst 4500/4000或5500/5000系列交換器取代。
開始之前
背景理論
中繼
中繼是一種通過點對點第2層(L2)鏈路傳輸來自多個VLAN的流量的方式。乙太網中繼中使用的兩種封裝是:
-
ISL(思科專有中繼封裝)
-
802.1q(IEEE標準中繼封裝)
有關ISL或802.1q中繼的更多資訊和配置示例,請參閱以下文檔:
InterVLAN路由
為了讓不同VLAN中的裝置相互通訊,需要路由器在VLAN之間進行路由。為此目的可以使用內部路由器,例如Catalyst 6500/6000上的多層交換器功能卡(MSFC)。Catalyst 5500/5000上的路由交換模組(RSM)是另一個範例。如果交換機Supervisor引擎僅支援L2,或者交換機中沒有第3層(L3)模組,則需要Cisco 7500等外部路由器在VLAN之間進行路由。
重要附註
-
請記住,運行CatOS的Catalyst 4500/4000系列交換機不支援ISL中繼。確保發出show port capabilities <mod> 命令,以確定特定模組在Catalyst 5500/5000上支援哪些中繼封裝。Catalyst 6500/6000中的所有模組都支援ISL和802.1q中繼。
-
確保使用指南,以便根據交換機的軟體文檔配置中繼。例如,如果您在Catalyst 5500/5000上執行軟體版本5.5.x,請參閱軟體組態設定指南(5.5),並仔細檢查任何組態原則及限制。
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
必要條件
嘗試此組態之前,請確認已滿足以下必要條件:
-
Catalyst 6500/6000系列交換器:
-
所有軟體和硬體都支援ISL和802.1q中繼
-
-
Cisco 7000或7500系列路由器:
-
採用7000系列路由交換處理器(RSP7000)的Cisco 7000系列路由器
-
7000系列機箱介面(RSP7000CI)
-
採用FastEthernet介面處理器(FEIP)或多功能介面處理器(VIP2)連線埠配接器的思科7500系列路由器
-
如果使用PA-2FEISL埠介面卡,則必須具有硬體版本1.2或更高版本。有關詳細資訊,請參閱2埠快速乙太網ISL(PA-2FEISL)的更換建議。
-
-
encapsulation dot1q native命令是在Cisco IOS®軟體版本12.1(3)T中引入的。此命令更改配置。如需詳細資訊,請參閱本檔案設定一節中有關Cisco 7500上低於12.1(3)T的Cisco IOS版本的組態輸出範例802.1q組態。
-
Cisco 7500系列路由器上預設啟用思科快速轉發。但是,在Cisco IOS 12.2和12.2T版本發佈之前,對IEEE 802.1q VLAN之間IP路由的Cisco快速轉發支援不可用。在早期版本中仍可以配置802.1q封裝,但您首先必須在全域性配置模式下使用no ip cef命令禁用Cisco快速轉發。
-
支援ISL中繼需要Cisco IOS版本11.3(1)T(任何plus功能集)或更高版本。支援IEEE 802.1q中繼需要Cisco IOS版本12.0(1)T(任何加功能集)或更高版本。
採用元件
本文中的資訊係根據以下軟體和硬體版本:
-
用於此組態的Catalyst 6500執行CatOS版本5.5(14)
-
用於此配置的Cisco 7500系列路由器運行Cisco IOS版本12.2(7b)
設定
本節提供用於設定本文件中所述功能的資訊。
注意:若要查詢有關本文檔中使用的命令的其他資訊,請使用命令查詢工具(僅限註冊客戶)。
在配置部分中,將執行以下任務:
-
在Catalyst 6500上配置兩個接入埠。一個用於VLAN 1中的工作站1,另一個用於VLAN 2中的工作站2。
-
將Cisco 7500上工作站1和工作站2各自的預設網關配置為10.10.10.1 /24和10.10.11.1/24。
-
在Catalyst 6500交換機和Cisco 7500路由器之間配置ISL或802.1q中繼。
-
為InterVLAN路由配置兩個具有IP地址的FastEthernet子介面。
網路圖表
本檔案會使用下圖所示的網路設定:
組態
本檔案會使用以下設定:
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您在即時網路中工作,請確保在使用任何命令之前瞭解其潛在影響。
| Catalyst 6500交換器 |
|---|
!-- Set the sc0 IP address and VLAN. Catalyst6500> (enable) set int sc0 10.10.10.2 255.255.255.0 Interface sc0 IP address and netmask set. Catalyst6500 (enable) set int sc0 1 !-- Set the default gateway. Catalyst6500> (enable) set ip route default 10.10.10.1 Route added. !-- Set the VLAN Trunk Protocol (VTP) mode. !-- In this example, the mode is set to transparent. !-- Depending on your network, set the VTP mode accordingly. !-- For details on VTP, refer to Understanding and Configuring !-- VLAN Trunk Protocol (VTP). Catalyst6500> (enable) set vtp mode transparent VTP domain modified !-- Add VLAN 2. VLAN 1 already exists by default. Catalyst6500> (enable) set vlan 2 VLAN 2 configuration successful !-- Add port 3/4 to VLAN 2. Port 3/3 is already in VLAN 1 by default. Catalyst6500> (enable) set vlan 2 3/4 VLAN 2 modified. VLAN 1 modified. VLAN Mod/Ports ---- ----------------------- 2 3/4 ! -- Set the port speed and duplex at 100 and full. One of !-- the requirements for trunking to work is for speed and duplex to be the same on !-- both sides. To guarantee this, hardcode both speed and duplex on port 3/1. !-- You can also make the devices auto-negotiate, but make sure you correctly !-- do so on both sides. Catalyst6500> (enable) set port speed 3/1 100 Ports 3/1 transmission speed set to 100Mbps. Catalyst6500> (enable) set port duplex 3/1 full Ports 3/1 set to full-duplex. !-- Enable trunking on port 3/1. !-- Because routers do not understand Dynamic Trunking Protocol (DTP), !-- the trunking mode is set to nonegotiate, which causes ports to trunk !-- but not generate DTP frames. !-- Enter the trunking encapsulation as either ISL or as 802.1q. Catalyst6500> (enable) set trunk 3/1 nonegotiate isl Port(s) 3/1 trunk mode set to nonegotiate. Port(s) 3/1 trunk type set to isl. ! -- Make sure the native VLAN (default is VLAN 1) matches across the link. ! -- For more information on the native VLAN and 802.1q trunking, refer to ! -- Trunking Between Catalyst 4500/4000, 5500/5000, and 6500/6000 Family Switches Using !-- 802.1q Encapsulation. Catalyst6500> (enable) set trunk 3/1 nonegotiate dot1q Port(s) 3/1 trunk mode set to nonegotiate. Port(s) 3/1 trunk type set to dot1q. Catalyst6500> (enable) show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ......... .................. .. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu May 2 2002, 01:26:26 ! #version 5.5(14) ! ! #system set system name Catalyst6500 ! #! #vtp set vtp mode transparent set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name VLAN0002 type ethernet mtu 1500 said 100002 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 7 stemaxhop 7 backupcrf off ! #ip set interface sc0 1 10.10.10.2/255.255.255.0 10.10.10.255 set ip route 0.0.0.0/0.0.0.0 10.10.10.1 ! #set boot command set boot config-register 0x2102 set boot system flash bootflash:cat6000-sup.5-5-14.bin ! #port channel ! # default port status is enable ! ! #module 1 empty ! #module 2 : 2-port 1000BaseX Supervisor ! #module 3 : 48-port 10/100BaseTX Ethernet set vlan 2 3/4 set port disable 3/5 set port speed 3/1 100 set port duplex 3/1 full set trunk 3/1 nonegotiate isl 1-1005 !-- If IEEE 802.1q is configured, !-- you will see the following output instead: !-- set trunk 3/1 nonegotiate dot1q 1-1005 ! #module 4 : 24-port 100BaseFX MM Ethernet ! #module 5 empty ! #module 6 empty ! #module 15 empty ! #module 16 empty end |
| 思科7500路由器 |
|---|
7500#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
!-- Configure the FastEthernet interfaces for speed 100 depending on the port adapter. !-- Some FastEthernet port adapters can auto-negotiate speed (10 or 100) !-- and duplex (half or full). Others are only capable of 100 (half or full).
7500(config)#int fa 5/1/1
!-- Configure full-duplex to match the duplex setting on the Catalyst switch side.
7500(config-if)#full-duplex
7500(config-if)#speed 100
7500(config-if)#no shut
7500(config-if)#
01:46:09: %LINK-3-UPDOWN: Interface FastEthernet5/1/1, changed state to up
01:46:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/1/1,
changed state to up
7500(config-if)#exit
!-- If you are using ISL trunking, configure two FastEthernet !-- sub-interfaces and enable ISL trunking by issuing !-- the encapsulation isl
|
在低於12.1(3)T的Cisco IOS版本中,子介面下的encapsulation dot1Q 1 native命令不可用。但是,仍然需要匹配鏈路上的本徵VLAN(如所述)。
為了在低於12.1(3)T的軟體版本中配置802.1q中繼,本徵VLAN(本文檔中的VLAN 1)的IP地址在主快速乙太網介面上配置,而不是在快速乙太網子介面上配置。
| 在Cisco 7500上為12.1(3)T之前的Cisco IOS版本配置802.1Q |
|---|
7500#configure terminal Enter configuration commands, one per line. End with CNTL/Z. !-- Configure the FastEthernet interfaces for speed 100 !-- depending on the port adapter. Some FastEthernet port adapters can !-- auto-negotiate speed (10 or 100) and duplex (half or full). !-- Others are only capable of 100 (half or full). 7500(config)#int Fast 5/1/1 !-- Configure full-duplex to match the duplex setting !-- on the Catalyst switch side. 7500(config-if)#full-duplex 7500(config-if)#speed 100 7500(config-if)#no shut 7500(config-if)# 01:46:09: %LINK-3-UPDOWN: Interface FastEthernet5/1/1, changed state to up 01:46:10: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/1/1, changed state to up 7500(config-if)#exit !-- Do not configure an interface FastEthernet5/1/1.1. !-- Instead, configure the IP address for VLAN 1 (the native VLAN). 7500(config)#int Fast 5/1/1 7500(config-if)#ip address 10.10.10.1 255.255.255.0 7500(config-if)#exit 7500(config)# !-- It is still necessary to create a sub-interface for VLAN 2. 7500(config)#int Fast 5/1/1.2 7500(config-subif)#encapsulation dot1Q 2 7500(config-subif)#ip address 10.10.11.1 255.255.255.0 7500(config-subif)#exit ! -- Remember to save the configuration. 7500#write memory Building configuration... [OK] 7500# !-- Note: Remember also that in any version of software previous !-- to Cisco IOS 12.2 or 12.2T for the 7000 or 7500 series router, you !-- have to issue the no ip cef command globally before configuring !-- 802.1q trunking on a sub-interface. Otherwise, you will see the !-- following error message: !-- 802.1q encapsulation not supported with CEF configured on the !-- interface. !-- For more information, refer to the Components Used section of !-- this document. 7500#show running-config Building configuration... Current configuration : 1593 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 7500 ! ! ip subnet-zero ! no ip cef ! ! ! interface FastEthernet5/1/0 no ip address no ip mroute-cache speed 100 full-duplex ! interface FastEthernet5/1/1 ip address 10.10.10.1 255.255.255.0 speed 100 full-duplex hold-queue 300 in ! interface FastEthernet5/1/1.2 encapsulation dot1Q 2 ip address 10.10.11.1 255.255.255.0 ! ! ! ip classless no ip http server ! ! ! line con 0 line aux 0 line vty 0 4 login ! end 7500# |
驗證
本節提供的資訊可用於確認您的組態是否正常運作。
輸出直譯器工具(僅供註冊客戶使用)支援某些show命令,此工具可讓您檢視show命令輸出的分析。
在Catalyst 6500交換器上,發出以下命令:
-
顯示介面
-
show ip route
-
show port capabilities <mod/port>
-
show port counters <mod/port>
-
show port <mod>
-
show vlan
-
show trunk
在Cisco 7500路由器上,發出以下命令:
-
show interfaces fastethernet <slot/port-adapter/port>
Catalyst 6500 show命令
show interface命令顯示sc0管理介面IP地址和VLAN。本範例中使用的是預設VLAN,即VLAN 1。
Catalyst6500> (enable) show interface
sl0: flags=51<UP,POINTOPOINT,RUNNING>
slip 0.0.0.0 dest 0.0.0.0
sc0: flags=63
VLAN 1 inet 10.10.10.2 netmask 255.255.255.0 broadcast 10.10.10.255
Catalyst6500> (enable)
show ip route命令會顯示預設閘道。在本示例中,10.10.10.1是埠通道1(用於802.1q中繼)或埠通道1.1(用於ISL中繼)的IP地址。
Catalyst6500> (enable) show ip route Fragmentation Redirect Unreachable ------------- -------- ----------- enabled enabled enabled The primary gateway: 10.10.10.1 Destination Gateway RouteMask Flags Use Interface --------------- --------------- ---------- ----- -------- --------- default 10.10.10.1 0x0 UG 0 sc0 10.10.10.0 10.10.10.2 0xffffff00 U 8 sc0 default default 0xff000000 UH 0 sl0 Catalyst6500> (enable)
show port capabilities <mod/port>命令會檢視交換模組的硬體功能。此範例顯示連線埠3/1(3/2相同)具備EtherChannel功能、其支援哪個主幹封裝和其他資訊。
Catalyst6500> (enable) show port capabilities 3/1 Model WS-X6248-RJ-45 Port 3/1 Type 10/100BaseTX Speed auto,10,100 Duplex half,full Trunk encap type 802.1Q,ISL Trunk mode on,off,desirable,auto,nonegotiate Channel yes Broadcast suppression percentage(0-100) Flow control receive-(off,on),send-(off) Security yes Membership static,dynamic Fast start yes QOS scheduling rx-(1q4t),tx-(2q2t) CoS rewrite yes ToS rewrite DSCP UDLD yes Inline power no AuxiliaryVlan 1..1000,untagged,dot1p,none SPAN source,destination COPS port group not supported Catalyst6500> (enable)
show port counters <mod/port>命令會檢視可能的連線埠錯誤。在本範例中,此連線埠沒有任何錯誤。如果連線埠發生錯誤,請參閱疑難排解交換器連線埠問題以瞭解詳細資訊。
Catalyst6500> (enable) show port counters 3/1 Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize ----- ---------- ---------- ---------- ---------- --------- 3/1 0 0 0 0 0 Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants ----- ---------- ---------- ---------- ---------- --------- --------- --------- 3/1 0 0 0 0 0 0 - Last-Time-Cleared -------------------------- Thu May 2 2002, 02:11:55 Catalyst6500> (enable)
show port <mod>命令會顯示連線埠狀態、VLAN、中繼以及速度和雙工資訊。在本例中,工作站1的接入埠是3/3,位於VLAN 1中。工作站2的接入埠是3/4,即VLAN 2。埠3/1是中繼埠。
Catalyst6500> (enable) show port 3 Port Name Status VLAN Duplex Speed Type ----- -------------------- ---------- ---------- ------ ----- ------------ 3/1 connected trunk full 100 10/100BaseTX 3/2 connected 1 full 100 10/100BaseTX 3/3 connected 1 a-half a-10 10/100BaseTX 3/4 connected 2 a-full a-100 10/100BaseTX !-- Output truncated
show vlan命令會顯示哪些連線埠已指派給特定VLAN。請注意,中繼埠3/1未在此輸出中顯示,這是正常現象。
Catalyst6500> (enable) show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 119 2/1-2
3/2-3,3/5-48
4/1-24
2 VLAN0002 active 124 3/4
!-- Output truncated
show trunk命令會顯示中繼模式、封裝型別、允許的VLAN和活動VLAN。在本例中,VLAN 1(預設情況下始終允許且活動)和VLAN 2是中繼的當前活動VLAN。請注意,中繼埠位於VLAN 1中。
Catalyst6500> (enable) show trunk * - indicates vtp domain mismatch Port Mode Encapsulation Status Native vlan -------- ----------- ------------- ------------ ----------- 3/1 nonegotiate isl trunking 1 Port VLANs allowed on trunk -------- --------------------------------------------------------------------- 3/1 1-1005 Port VLANs allowed and active in management domain -------- --------------------------------------------------------------------- 3/1 1-2 Port VLANs in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- 3/1 1-2
對於802.1q中繼,命令的輸出將以下列方式更改:
Catalyst6500> (enable) show trunk * - indicates vtp domain mismatch Port Mode Encapsulation Status Native VLAN -------- ----------- ------------- ------------ ----------- 3/1 nonegotiate dot1q trunking 1 Port VLANs allowed on trunk -------- --------------------------------------------------------------------- 3/1 1-1005 Port VLANs allowed and active in management domain -------- --------------------------------------------------------------------- 3/1 1-2 Port VLANs in spanning tree forwarding state and not pruned -------- --------------------------------------------------------------------- 3/1 1-2 Catalyst6500> (enable)
Cisco 7500路由器show命令
這是ISL中繼的輸出:
7500#show interface FastEthernet5/1/1.1
FastEthernet5/1/1.1 is up, line protocol is up
Hardware is cyBus FastEthernet Interface, address is 0001.6490.f8a8 (bia 0001.
6490.f8a8)
Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ISL Virtual LAN, Color 1.
ARP type: ARPA, ARP Timeout 04:00:00
7500#show interface FastEthernet5/1/1.2
FastEthernet5/1/1.2 is up, line protocol is up
Hardware is cyBus FastEthernet Interface, address is 0001.6490.f8a8 (bia 0001.
6490.f8a8)
Internet address is 10.10.11.1/24
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ISL Virtual LAN, Color 2.
ARP type: ARPA, ARP Timeout 04:00:00
show interfaces fastethernet <slot/port-adapter/port>命令會顯示路由器實體介面的狀態,以及介面上是否存在任何錯誤。在此範例中,它沒有錯誤。
7500#show interface fa5/1/0
FastEthernet5/1/0 is up, line protocol is up
Hardware is cyBus FastEthernet Interface, address is 0001.6490.f8a8 (bia 0001.
6490.f8a8)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 1d00h, output 00:00:07, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2929 packets input, 425318 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
12006 packets output, 1539768 bytes, 0 underruns
0 output errors, 0 collisions, 6 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
7500#
疑難排解
目前尚無適用於此組態的具體疑難排解資訊。
意見