Catalyst 4908G-L3 VLAN路由和橋接示例配置

簡介

本檔案將提供Catalyst 4908G-L3交換器的範例組態，支援多個第2層(L2)交換器之間的VLAN間路由和橋接VLAN。

必要條件

需求

本文讀者必須熟悉Catalyst 4908G-L3交換機：

• 從配置的角度來看，Catalyst 4908G-L3是路由器。它使用Cisco IOS^®配置介面，預設情況下，所有介面都是路由介面。

• Catalyst 4908G-L3不支援多個面向第2層的通訊協定，例如其他Catalyst交換器上的VLAN主幹通訊協定(VTP)、動態主幹通訊協定(DTP)或連線埠彙總通訊協定(PAgP)。

• 在版本12.0(7)WX5(15d)中，Catalyst 4908G-L3不支援以下功能：

  • 資料平面（安全）存取控制清單(ACL):換句話說，不能使用路由器介面上的輸入或輸出訪問清單來限制使用者資料流量。12.0(10)W5(18e)版現在支援資料平面ACL。

  • 在802.1q子介面(即同時應用了encapsulation dot1q和bridge-group n命令的子介面)上橋接：支援在InterSwitch連結(ISL)子介面上橋接。12.0(10)W5(18e)版現在支援在802.1q子介面上橋接。

  • AppleTalk路由

  • 連線埠窺探（也稱為SPAN）、連線埠映象、混雜模式

採用元件

本文中的資訊係根據以下軟體和硬體版本：

• 執行Cisco IOS 12.0(7)W5(15d)的Catalyst 4908G-L3交換器 — 路由器

• 三台執行Cisco IOS 12.0(5.2)XU的Catalyst 3512XL交換器

本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您的網路正在作用，請確保您已瞭解任何指令可能造成的影響。

慣例

請參閱思科技術提示慣例以瞭解更多有關文件慣例的資訊。

設定

Catalyst 4908G-L3 VLAN路由和橋接示例

本節提供用於設定本文件中所述功能的資訊。

註：使用Command Lookup Tool(僅供已註冊客戶使用)可獲取本節中使用的命令的詳細資訊。

在此示例配置中，部署Catalyst 4908G-L3交換機有兩個用途：

• 在多個第2層交換機上擴展五個VLAN（VLAN 1、10、20、30和40）：在本例中，三個Catalyst 3512XL

• 為IP和網際網路資料包交換(IPX)執行VLAN間路由，以允許不同VLAN中的裝置之間的通訊

為了將VLAN擴展到交換器之間，3512XL會透過主干連結和從一個3512XL交換器（在該VLAN上橋接至其他交換器）到達給定VLAN的流量，以遵循正常橋接規則的橋接組態連線到4908G-L3。其中兩台3512XL交換器使用Gigabit EtherChannel連線到4908G-L3交換器。另一台3512XL交換機使用單個Gigabit乙太網鏈路。

為了支援VLAN間路由，整合路由和橋接(IRB)和橋接虛擬介面(BVI)被配置為在不同VLAN之間路由IP和IPX。

終端站和伺服器連線至Catalyst 3512XL交換器。如果一個VLAN中的裝置需要連線到另一個VLAN中的裝置，流量將傳送到Catalyst 4908G-L3，並在BVI介面上路由流量。

如果部署是較大網路的一部分，則通過連線到核心交換機或路由器，將發往核心的流量路由到另一個子網（此處不考慮此配置）。

此組態適用於交換器：

• 應用基本初始配置。

• IP地址和預設網關將分配給交換機進行管理。

• VTP模式設定為透明，並且VLAN在Catalyst 3512XL交換機上配置。

• Catalyst 4908G-L3與3512xl-01和3512xl-02交換機之間配置了Gigabit EtherChannel鏈路。

• Catalyst 4908G-L3上配置了橋接、BVI介面以及IP和IPX路由。

• 在Catalyst 4908G-L3和三台Catalyst 3512XL交換機之間配置ISL中繼，並在中繼子介面上配置橋接。

• 以下是IP和IPX網路到VLAN的對映：

  VLAN	IP子網	IPX網路
  1	10.10.1.0/24	不適用
  10	10.10.10.0/24	1000
  20	10.10.20.0/24	2000
  30	10.10.30.0/24	3000
  40	10.10.40.0/24	4000

• 會指派存取VLAN，並在Catalyst 3512XL交換器的所有快速乙太網路介面上啟用跨距樹狀目錄portfast。

網路圖表

本檔案會使用以下網路設定：

組態

本檔案會使用以下設定：

• 常規配置任務

• 配置交換機以進行管理

• 配置VLAN

• 設定EtherChannel

• 配置橋接和路由

• 配置交換機之間的ISL中繼

• 配置終端站埠

• 儲存交換機配置

• 完整裝置配置

常規配置任務

在基於Cisco IOS的交換機（例如Catalyst 4908G-L3和Catalyst 3512XL交換機）上，以下基本配置必須應用到每台交換機：

!-- The calendar set command does not apply to the Catalyst 3500XL switches.

Router#calendar set 18:00:00 Jan 8 2003
Router#clock set 18:00:00 Jan 8 2003
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname 4908G-L3
4908G-L3(config)#clock timezone PST -8
4908G-L3(config)#clock calendar-valid
4908G-L3(config)#service timestamps log datetime localtime msec
4908G-L3(config)#service timestamps debug datetime localtime msec
4908G-L3(config)#enable password verysecret
4908G-L3(config)#line vty 0 4
4908G-L3(config-line)#password secret
4908G-L3(config-line)#exit
4908G-L3(config)#no logging console
4908G-L3(config)#^Z
4908G-L3#

附註：

• calendar set命令設定交換機內部日曆晶片上的時間和日期。此命令不適用於Catalyst 3512XL交換器。

• clock set命令用於設定交換機時鐘的時間和日期。

• hostname命令用於設定交換機的主機名。

• clock calendar-valid命令告知交換機在下次重新載入時將時鐘日期和時間設定為儲存在日曆晶片中的日期和時間。此命令不適用於Catalyst 3548XL交換器。

• service timestamps log datetime localtime msec和service timestamps debug datetime localtime msec命令通過用當前日期和時間（以毫秒為單位）對syslog和debug輸出加上時間戳，幫助進行管理和故障排除。

• enable password命令可定義密碼，以進入交換器上的特權模式。

• line vty 0 4命令進入線路配置模式，因此我們可以為虛擬終端(vty)線路上的入站Telnet會話定義密碼。在Catalyst 3512XL交換器上，使用線路vty 0 15。

• password命令定義通過vty線路上的Telnet會話進入交換機正常模式的密碼。

• no logging console命令不允許在終端控制檯上顯示系統日誌消息；以下範例中使用命令可簡化熒幕擷取。

配置交換機以進行管理

在Catalyst 3512XL交換器上，VLAN 1中設定了IP位址和預設閘道以進行交換器管理。預設網關是Catalyst 4908G-L3上BVI 1介面的IP地址；bvi介面稍後配置。

注意：在將IP地址分配給介面之前，您無法通過Telnet連線到Catalyst 4908G-L3。

Catalyst 3512XL-01:

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface vlan 1
3512XL-01(config-if)#ip address 10.10.1.10 255.255.255.0
3512XL-01(config-if)#management
3512XL-01(config-if)#exit
3512XL-01(config)#ip default-gateway 10.10.1.1
3512XL-01(config)#^Z
3512XL-01#

附註：

• ip default-gateway 命令可為下一跳路由器介面定義預設網關IP地址。這是必需的，因為交換機不參與IP路由，並且不知道網路的第3層(L3)拓撲。

• 預設網關使用的IP地址是10.10.1.1，即Catalyst 4908G-L3交換機上BVI 1介面（在本示例後面配置）的IP地址。

Catalyst 3512XL-02:

3512XL-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-02(config)#interface vlan 1
3512XL-02(config-if)#ip address 10.10.1.20 255.255.255.0
3512XL-02(config-if)#management
3512XL-02(config-if)#exit
3512XL-02(config)#ip default-gateway 10.10.1.1
3512XL-02(config)#^Z
3512XL-02#

Catalyst 3512XL-03:

3512XL-03#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-03(config)#interface vlan 1
3512XL-03(config-if)#ip address 10.10.1.30 255.255.255.0
3512XL-03(config-if)#management
3512XL-03(config-if)#exit
3512XL-03(config)#ip default-gateway 10.10.1.1
3512XL-03(config)#^Z
3512XL-03#

配置VLAN

Catalyst 4908G-L3交換機不支援VTP。在本例中，Catalyst 3512XL交換器設定為VTP透明模式，因為VTP網域無法延伸到Catalyst 4908G-L3。

Catalyst 3512XL-01、3512XL-02和3512XL-03上的組態相同：

3512XL-01#vlan database
3512XL-01(vlan)#vtp transparent
Setting device to VTP TRANSPARENT mode.
3512XL-01(vlan)#vlan 10 name Vlan10
VLAN 10 added:
    Name: Vlan10
3512XL-01(vlan)#vlan 20 name Vlan20
VLAN 20 added:
    Name: Vlan20
3512XL-01(vlan)#vlan 30 name Vlan30
VLAN 30 added:
    Name: Vlan30
3512XL-01(vlan)#vlan 40 name Vlan40
VLAN 40 added:
    Name: Vlan40
3512XL-01(vlan)#exit
APPLY completed.
Exiting....
3512XL-01#

您可以使用show vtp status和show vlan 指令驗證VLAN組態：

3512XL-01#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 254
Number of existing VLANs        : 9
VTP Operating Mode              : Transparent
VTP Domain Name                 :
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xF0 0xEA 0x28 0x34 0xA1 0xC6 0x2A 0xDE
Configuration last modified by 10.10.1.10 at 9-18-00 18:04:06
3512XL-01#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4,
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8,
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12,
                                                Gi0/1, Gi0/2
10   Vlan10                           active
20   Vlan20                           active
30   Vlan30                           active
40   Vlan40                           active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
30   enet  100030     1500  -      -      -        -    -        0      0
40   enet  100040     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        IBM  -        0      0
3512XL-01#

設定EtherChannel

此輸出顯示如何在Catalyst 4908G-L3與Catalyst 3512XL-01和3512XL-02交換機之間配置EtherChannel鏈路。3512XL-01上的介面gig0/1和gig0/2連線到Catalyst 4908G-L3上的介面gig1和gig2。3512XL-02上的介面gig0/1和gig0/2連線到Catalyst 4908G-L3上的介面gig3和gig4。

要在Catalyst 4908G-L3上配置EtherChannel，必須使用channel-group 命令將物理介面分配給邏輯（埠通道）介面。在Catalyst 3512XL交換機上，物理介面被分配到埠組。Catalyst 3512XL上沒有邏輯連線埠通道介面。

Catalyst 4908G-L3:

4908G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4908G-L3(config)#interface port-channel 1
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig1
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 1

GigabitEthernet1 added as member-1 to port-channel1
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig2
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 1

GigabitEthernet2 added as member-2 to port-channel1
4908G-L3(config-if)#exit
4908G-L3(config)#interface port-channel 2
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig3
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 2

GigabitEthernet3 added as member-1 to port-channel2
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig4
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#channel-group 2

GigabitEthernet4 added as member-2 to port-channel2
4908G-L3(config-if)#^Z
4908G-L3#

附註：

• interface port-channel 命令用於建立邏輯介面；在本示例中，建立了兩個邏輯埠通道介面。

• channel-group命令將物理介面新增到邏輯埠通道介面；channel-group number與port-channel介面編號相對應。

您可以使用show interface port-channel指令驗證EtherChannel組態：

4908G-L3#show interface port-channel 1
Port-channel1 is up, line protocol is up
  Hardware is GEChannel, address is 0030.78fe.a007 (bia 0000.0000.0000)
  MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  Half-duplex, Unknown Speed, Media type unknown, Force link-up
  ARP type: ARPA, ARP Timeout 04:00:00
    No. of active members in this channel: 2
        Member 0 : GigabitEthernet1
        Member 1 : GigabitEthernet2
  Last input 00:00:25, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/300, 0 drops
  5 minute input rate 0 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     489 packets input, 41461 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 watchdog, 0 multicast
     0 input packets with dribble condition detected
     19 packets output, 8668 bytes, 0 underruns(0/0/0)
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
4908G-L3#

附註：

• 請注意，show interface port-channel命令會顯示屬於EtherChannel的活動成員數和特定介面數。

Catalyst 3512XL-01:

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface gig0/1
3512XL-01(config-if)#port group 1
3512XL-01(config-if)#exit
3512XL-01(config)#interface gig0/2
3512XL-01(config-if)#port group 1
3512XL-01(config-if)#^Z
3512XL-01#

附註：

• port group 命令將物理埠新增到邏輯埠組(EtherChannel)。

您可以使用show port group 命令驗證EtherChannel組態：

3512XL-01#show port group
Group  Interface              Transmit Distribution
-----  ---------------------  ---------------------
    1  GigabitEthernet0/1     source address
    1  GigabitEthernet0/2     source address
3512XL-01#

Catalyst 3512XL-02:

3512XL-02#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-02(config)#interface gig0/1
3512XL-02(config-if)#port group 1
3512XL-02(config-if)#exit
3512XL-02(config)#interface gig0/2
3512XL-02(config-if)#port group 1
3512XL-02(config-if)#^Z
3512XL-02#

您可以使用show port group命令驗證EtherChannel組態。

配置橋接和路由

此輸出顯示如何配置Catalyst 4908G-L3進行橋接和路由。為每個VLAN定義一個獨立的橋接進程；在本示例稍後的部分在交換機之間配置ISL中繼部分，將介面分配給網橋組。由於需要VLAN間路由，因此必須使用bridge irb 命令啟用整合路由和橋接(IRB)。

此外，要在不同的網橋組之間路由IP和IPX流量，必須建立網橋虛擬介面(BVI)。

在配置交換機之間的ISL中繼部分，ISL中繼上的VLAN子介面會加入相應的網橋組，以便為每個VLAN建立一個第2層域，其中對應的BVI充當該VLAN中的路由器介面。

Catalyst 4908G-L3:

4908G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4908G-L3(config)#ipx routing
4908G-L3(config)#bridge irb
4908G-L3(config)#bridge 1 protocol ieee
4908G-L3(config)#bridge 1 route ip
4908G-L3(config)#bridge 10 protocol IEEE
4908G-L3(config)#bridge 10 route ip
4908G-L3(config)#bridge 10 route ipx
4908G-L3(config)#bridge 20 protocol IEEE
4908G-L3(config)#bridge 20 route ip
4908G-L3(config)#bridge 20 route ipx
4908G-L3(config)#bridge 30 protocol IEEE
4908G-L3(config)#bridge 30 route ip
4908G-L3(config)#bridge 30 route ipx
4908G-L3(config)#bridge 40 protocol IEEE
4908G-L3(config)#bridge 40 route ip
4908G-L3(config)#bridge 40 route ipx
4908G-L3(config)#interface bvi 1
4908G-L3(config-if)#ip address 10.10.1.1 255.255.255.0
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 10
4908G-L3(config-if)#ip address 10.10.10.1 255.255.255.0
4908G-L3(config-if)#ipx network 1000
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 20
4908G-L3(config-if)#ip address 10.10.20.1 255.255.255.0
4908G-L3(config-if)#ipx network 2000
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 30
4908G-L3(config-if)#ip address 10.10.30.1 255.255.255.0
4908G-L3(config-if)#ipx network 3000
4908G-L3(config-if)#exit
4908G-L3(config)#interface bvi 40
4908G-L3(config-if)#ip address 10.10.40.1 255.255.255.0
4908G-L3(config-if)#ipx network 4000
4908G-L3(config-if)#^Z
4908G-L3#

附註：

• ipx routing命令可在Catalyst 4908G-L3上啟用IPX路由。

• bridge irb命令可在路由器上啟用整合路由和橋接，從而允許您在網橋組內路由流量。

• bridge number protocol IEEE命令用於建立運行IEEE生成樹的網橋進程。

• bridge number route ip 命令允許在BVI編號介面和路由器上的其他IP介面之間路由IP流量。

• bridge number route ipx命令允許在BVI編號介面和路由器上的其他IPX介面之間路由IPX流量；請注意，網橋進程1 [管理VLAN]省略了此命令。

• interface bvi number 命令將建立一個橋接虛擬介面(BVI)介面，用作number bridge-group中的第3層介面。

• ip address 命令為BVI介面分配IP地址。

• ipx network命令將IPX網路號分配給BVI介面；請注意，管理VLAN [BVI 1]中的BVI沒有分配IPX網路號。

在本示例稍後的部分中，我們可以在配置ISL中繼鏈路並將中繼子介面新增到正確的網橋組之後驗證橋接配置。

配置交換機之間的ISL中繼

此輸出顯示了如何在Catalyst 4908G-L3和Catalyst 3512XL交換機之間配置中繼鏈路。

要在Catalyst 4908G-L3上配置中繼，需要在主介面下新增子介面，為中繼上傳輸的每個VLAN新增一個子介面。在本示例中，在邏輯埠通道介面上配置了兩個中繼，而在物理介面上配置了第三個中繼。

此外，在子介面下配置bridge-group命令，將每個VLAN子介面加入相應的網橋組，從而完成在本示例前面的配置橋接和路由部分中啟動的橋接和路由配置。

Catalyst 4908G-L3:

4908G-L3#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4908G-L3(config)#interface port-channel 1.1
4908G-L3(config-subif)#encapsulation isl 1
4908G-L3(config-subif)#bridge-group 1
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.10
4908G-L3(config-subif)#encapsulation isl 10
4908G-L3(config-subif)#bridge-group 10
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.20
4908G-L3(config-subif)#encapsulation isl 20
4908G-L3(config-subif)#bridge-group 20
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.30
4908G-L3(config-subif)#encapsulation isl 30
4908G-L3(config-subif)#bridge-group 30
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 1.40
4908G-L3(config-subif)#encapsulation isl 40
4908G-L3(config-subif)#bridge-group 40
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.1
4908G-L3(config-subif)#encapsulation isl 1
4908G-L3(config-subif)#bridge-group 1
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.10
4908G-L3(config-subif)#encapsulation isl 10
4908G-L3(config-subif)#bridge-group 10
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.20
4908G-L3(config-subif)#encapsulation isl 20
4908G-L3(config-subif)#bridge-group 20
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.30
4908G-L3(config-subif)#encapsulation isl 30
4908G-L3(config-subif)#bridge-group 30
4908G-L3(config-subif)#exit
4908G-L3(config)#interface port-channel 2.40
4908G-L3(config-subif)#encapsulation isl 40
4908G-L3(config-subif)#bridge-group 40
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5
4908G-L3(config-if)#no shutdown
4908G-L3(config-if)#exit
4908G-L3(config)#interface gig 5.1
4908G-L3(config-subif)#encapsulation isl 1
4908G-L3(config-subif)#bridge-group 1
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.10
4908G-L3(config-subif)#encapsulation isl 10
4908G-L3(config-subif)#bridge-group 10
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.20
4908G-L3(config-subif)#encapsulation isl 20
4908G-L3(config-subif)#bridge-group 20
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.30
4908G-L3(config-subif)#encapsulation isl 30
4908G-L3(config-subif)#bridge-group 30
4908G-L3(config-subif)#exit
4908G-L3(config)#interface gig 5.40
4908G-L3(config-subif)#encapsulation isl 40
4908G-L3(config-subif)#bridge-group 40
4908G-L3(config-subif)#^Z
4908G-L3#

附註：

• 要在主介面上建立邏輯子介面，請指定主介面，例如interface port-channel 1，後跟句點(.)和子介面編號，例如interface port-channel 1.10。子介面編號/VLAN編號/網橋組編號不必相同，但這使管理更容易。

• encapsulation isl vlan 命令指定要在子介面上接收的封裝型別(ISL)和VLAN。

• 請注意，VLAN子介面未分配IP地址或IPX網路號，而是使用bridge-group number 命令新增到橋接組中，該命令允許每個VLAN跨第2層的所有交換機。配置橋接和路由部分中配置的BVI具有IP地址和IPX網路號。

您可以使用show interface、show ip interface和show ipx interface命令驗證配置。例如，使用以下命令驗證通向Catalyst 3512XL-01的EtherChannel鏈路上port-channel 1.10(VLAN 10)子介面的配置以及VLAN 10的對應BVI(BVI 10):

4908G-L3#show interface port-channel 1.10
Port-channel1.10 is up, line protocol is up
  Hardware is GEChannel, address is 0030.78fe.a007 (bia 0000.0000.0000)
  MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
  Encapsulation ISL Virtual LAN, Color 10.
  ARP type: ARPA, ARP Timeout 04:00:00
4908G-L3#show ip interface bvi 10
BVI10 is up, line protocol is up
  Internet address is 10.10.10.1/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  Web Cache Redirect is disabled
  BGP Policy Mapping is disabled
4908G-L3#show ipx interface bvi 10
BVI10 is up, line protocol is up
  IPX address is 1000.0030.78fe.a00b, NOVELL-ETHER [up]
  Delay of this IPX network, in ticks is 2 throughput 0 link delay 0
  IPXWAN processing not enabled on this interface.
  IPX SAP update interval is 60 seconds
  IPX type 20 propagation packet forwarding is disabled
  Incoming access list is not set
  Outgoing access list is not set
  IPX helper access list is not set
  SAP GNS processing enabled, delay 0 ms, output filter list is not set
  SAP Input filter list is not set
  SAP Output filter list is not set
  SAP Router filter list is not set
  Input filter list is not set
  Output filter list is not set
  Router filter list is not set
  Netbios Input host access list is not set
  Netbios Input bytes access list is not set
  Netbios Output host access list is not set
  Netbios Output bytes access list is not set
  Updates each 60 seconds aging multiples RIP: 3 SAP: 3
  SAP interpacket delay is 55 ms, maximum size is 480 bytes
  RIP interpacket delay is 55 ms, maximum size is 432 bytes
  RIP response delay is not set
  IPX accounting is disabled
  IPX fast switching is configured (disabled)
  RIP packets received 0, RIP packets sent 19, 0 Throttled
  RIP specific requests received 0, RIP specific replies sent 0
  RIP general requests received 0, 0 ignored, RIP general replies sent 0
  SAP packets received 0, SAP packets sent 5, 0 Throttled
  SAP GNS packets received 0, SAP GNS replies sent 0
  SAP GGS packets received 0, 0 ignored, SAP GGS replies sent 0
4908G-L3#

您可以使用show bridge group和show spanning-tree number 指令驗證橋接組態。此外，您還可以使用show bridge命令檢視網橋轉發表。

在Catalyst 3512XL交換器上，Catalyst 3512XL-01、3512XL-02和3512XL-03上的組態相同。主干連結已在適當的千兆位乙太網路介面上設定。如果是EtherChannel鏈路，則只需將中繼配置應用於埠組中的一個介面。中繼會自動應用於同一組中的其他介面，並顯示在配置中：

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface gig 0/1
3512XL-01(config-if)#switchport mode trunk
3512XL-01(config-if)#^Z
3512XL-01#

附註：

• 對於3512XL-01和3512XL-02，當配置應用於通道組中的單個介面時，相同配置會自動應用於組中的其他介面，並出現在每個介面的配置中。

• switchport mode trunk命令將介面配置為中繼埠。

• 啟用中繼時，3500XL交換器預設使用ISL封裝，因此在這種情況下，不需要指定封裝。

您可以使用show interface switchport 命令驗證設定：

3512XL-01#show interface gig0/1 switchport
Name: Gi0/1
Switchport: Enabled
Administrative mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,10,20,30,40
Pruning VLANs Enabled: 2-1001

Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
3512XL-01#

配置終端站埠

現在，Catalyst 3512XL交換器上的連線埠指定給VLAN，且跨距樹狀目錄portfast已啟用。任何3512XL交換器上的任何連線埠均可指派給任何已設定的VLAN。

必須為特定VLAN中的終端站分配與該VLAN關聯的範圍的IP地址，並且必須將該VLAN的Catalyst 4908G-L3上BVI的IP地址用作其預設網關。

此輸出顯示如何在VLAN 10中配置介面fast0/1和fast0/2，並在介面上啟用portfast:

3512XL-01#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
3512XL-01(config)#interface fast0/1
3512XL-01(config-if)#switchport access vlan 10
3512XL-01(config-if)#spanning-tree portfast
3512XL-01(config-if)#exit
3512XL-01(config)#interface fast0/2
3512XL-01(config-if)#switchport access vlan 10
3512XL-01(config-if)#spanning-tree portfast
3512XL-01(config-if)#^Z
3512XL-01#

您可以使用show interface switchport 命令和show spanning-tree interface 命令驗證設定：

3512XL-01#show interface fast0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 10 (Vlan10)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE

Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
3512XL-01#show spanning-tree interface fast 0/1
Interface Fa0/1 (port 13) in Spanning tree 10 is FORWARDING
   Port path cost 19, Port priority 128
   Designated root has priority 16384, address 0090.ab28.d000
   Designated bridge has priority 16384, address 0090.ab28.d000
   Designated port is 193, path cost 0
   Timers: message age 2, forward delay 0, hold 0
   BPDU: sent 1, received 73
   The port is in the portfast mode
3512XL-01#

附註：

show interface switchport 命令會顯示介面的使用模式（靜態存取）和存取模式VLAN(10)。

show spanning-tree interface命令會顯示連線埠的跨距樹狀目錄狀態，並表示「連線埠處於portfast模式」。

儲存交換機配置

請確保將運行配置儲存到所有交換機的NVRAM（啟動配置），以便在重新載入時保留該配置。

Catalyst 4908G-L3:

4908G-L3#copy running-config startup-config
Destination filename [startup-config]? 
Building configuration...
[OK]
4908G-L3#

Catalyst 3512XL交換機：

3512XL-01#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

3512XL-01#

完整裝置配置

以下是此範例中所用裝置的完整組態：

• Catalyst 4908G-L3

• Catalyst 3512XL-01

• Catalyst 3512XL-02

• Catalyst 3512XL-03

4908G-L3#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 14:09:14 PST Tue Sep 19 2000
! NVRAM config last updated at 14:09:15 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 4908G-L3
!
no logging console
enable password verysecret
!
clock timezone PST -8
clock calendar-valid
ip subnet-zero
ipx routing 0030.78fe.a000

!-- Enables IRB to route between bridge groups.

bridge irb
!
!
!

!-- Creates a logical interface (1) to group physical interfaces into a channel.

interface Port-channel1
 no ip address
 no ip directed-broadcast
 hold-queue 300 in
!

!-- A subinterface is added to allow VLAN 1 traffic to be transmitted on the trunk.

interface Port-channel1.1
 
!-- Specifies ISL encapsulation for VLAN 1. 

encapsulation isl 1
 no ip redirects
 no ip directed-broadcast
 !-- Assign the subinterface to the appropriate bridge-group 
   for bridging and routing. 
bridge-group 1
!

!-- A subinterface is added to allow VLAN 10 traffic to be transmitted on the trunk.

interface Port-channel1.10 
   !-- Specifies ISL encapsulation for VLAN 10.
 encapsulation isl 10
 no ip redirects
 no ip directed-broadcast 

!-- Assign the subinterface to the appropriate bridge-group for bridging and routing.

 bridge-group 10
!

!-- VLAN 20 configuration.

interface Port-channel1.20
 encapsulation isl 20
 no ip redirects
 no ip directed-broadcast
 bridge-group 20
!

!-- VLAN 30 configuration. 

interface Port-channel1.30
 encapsulation isl 30
 no ip redirects
 no ip directed-broadcast
 bridge-group 30
!

!-- VLAN 40 configuration.

interface Port-channel1.40
 encapsulation isl 40
 no ip redirects
 no ip directed-broadcast
 bridge-group 40
!

!-- Creates a logical interface (2) to group physical interfaces into a channel.

interface Port-channel2 
No ip address
 no ip directed-broadcast
 hold-queue 300 in
!

!-- VLAN 1 configuration.

interface Port-channel2.1
 encapsulation isl 1
 no ip redirects
 no ip directed-broadcast
 bridge-group 1
!

!-- VLAN 10 configuration.

interface Port-channel2.10
 encapsulation isl 10
 no ip redirects
 no ip directed-broadcast
 bridge-group 10
!

!-- VLAN 20 configuration.

interface Port-channel2.20
 encapsulation isl 20
 no ip redirects
 no ip directed-broadcast
 bridge-group 20
!

!-- VLAN 30 configuration.

interface Port-channel2.30
 encapsulation isl 30
 no ip redirects
 no ip directed-broadcast
 bridge-group 30
!

!-- VLAN 40 configuration.

interface Port-channel2.40
 encapsulation isl 40
 no ip redirects
 no ip directed-broadcast
 bridge-group 40
!
interface GigabitEthernet1
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 1. 

channel-group 1
!
interface GigabitEthernet2
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 1. 

channel-group 1
!
interface GigabitEthernet3
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 2. 

channel-group 2
!
interface GigabitEthernet4
 no ip address
 no ip directed-broadcast

!-- Logically groups the physical interface to interface port-channel 2. 

channel-group 2
!
interface GigabitEthernet5
 no ip address
 no ip directed-broadcast
!

!-- A subinterface is added to allow VLAN 1 traffic to be transmitted on the trunk.

interface GigabitEthernet5.1

!-- Specifies ISL encapsulation for VLAN 1. 

encapsulation isl 1 
 no ip redirects
 no ip directed-broadcast

!-- Assign the subinterface to the appropriate bridge-group for bridging and routing. 

bridge-group 1
!

!-- VLAN 10 configuration.

Interface GigabitEthernet5.10
 encapsulation isl 10
 no ip redirects
 no ip directed-broadcast
 bridge-group 10
!

!-- VLAN 20 configuration.

interface GigabitEthernet5.20
 encapsulation isl 20
 no ip redirects
 no ip directed-broadcast
 bridge-group 20
!

!-- VLAN 30 configuration.

interface GigabitEthernet5.30
 encapsulation isl 30
 no ip redirects
 no ip directed-broadcast
 bridge-group 30
!

!-- VLAN 30 configuration.

interface GigabitEthernet5.40
 encapsulation isl 40
 no ip redirects
 no ip directed-broadcast
 bridge-group 40
!
interface GigabitEthernet6
 no ip address
 no ip directed-broadcast
 shutdown
!
interface GigabitEthernet7
 no ip address
 no ip directed-broadcast
 shutdown
!
interface GigabitEthernet8
 no ip address
 no ip directed-broadcast
 shutdown
!

!-- BVI 1 is an L3 interface for bridge-group 1 (VLAN 1).

interface BVI1

!-- The IP address assigned to bridge-group 1. 

ip address 10.10.1.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
!

!-- BVI 10 is an L3 interface for bridge-group 10 (VLAN 10).

interface BVI10

!-- The IP address assigned to bridge-group 10. 

   ip address 10.10.10.1 255.255.255.0 
 no ip directed-broadcast
 no ip route-cache cef
!-- Assigns IPX network 1000 to BVI 10. ipx network 1000
!
!-- BVI 20 is a Layer 3 interface for bridge-group 20 (VLAN 20).
Interface BVI20

!-- IP address assigned to bridge-group 20.
 
ip address 10.10.20.1 255.255.255.0 
   no ip directed-broadcast
 no ip route-cache cef

 !-- Assigns IPX network 1000 to BVI 20. 

ipx network 2000!

!-- BVI 30 configuration.interface BVI30

 ip address 10.10.30.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
 ipx network 3000
!

!-- BVI 40 configuration.

interface BVI40
 ip address 10.10.40.1 255.255.255.0
 no ip directed-broadcast
 no ip route-cache cef
 ipx network 4000
!
ip classless
!
!
!
!

!-- Applies IEEE Ethernet Spanning-Tree Protocol (STP) to bridge-group 1.

bridge 1 protocol ieee

!-- Allows IP traffic to be routed between the BVI 1 and other IP interfaces. 

bridge 1 route ip
bridge 10 protocol ieee
 bridge 10 route ip

!-- Allows IPX traffic to be routed between the BVI 10 and other IP interfaces.

 bridge 10 route ipx
bridge 20 protocol ieee
 bridge 20 route ip
 bridge 20 route ipx
bridge 30 protocol ieee
 bridge 30 route ip
 bridge 30 route ipx
bridge 40 protocol ieee
 bridge 40 route ip
 bridge 40 route ipx
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password secret
 login
!
end

4908G-L3#

3512XL-01#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 08:24:03 PST Tue Sep 19 2000
! NVRAM config last updated at 08:24:03 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 3512XL-01
!
no logging console
enable password verysecret
!
!
!
!
!
clock timezone PST -8
!
ip subnet-zero
!
!
!
interface FastEthernet0/1

!-- The switchport access command configures the port to be an L2 2 port. !-- Assigns the port to be a member of VLAN 10.

 switchport access vlan 10

!-- Enables spanning-tree portfast.

 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/4

!-- Assigns the port to be a member of VLAN 20. 

switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7

!-- Assigns the port to be a member of VLAN 30. 

switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/10

!-- Assigns the port to be a member of VLAN 40.

 switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet0/1

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 
 
port group 1

!-- Configures the port to be an ISL trunk.

 switchport mode trunk
!
Interface GigabitEthernet0/2

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 

port group 1

!-- Configures the port to be an ISL trunk. switchport mode trunk

!
Interface VLAN1

!-- The IP address of the management interface. 

ip address 10.10.1.10 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!

!-- The default gateway is set to the BVI 1 interface on the 4908G-L3.

ip default-gateway 10.10.1.1
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end
 
3512XL-01#

3512XL-02#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 08:25:22 PST Tue Sep 19 2000
! NVRAM config last updated at 08:25:22 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 3512XL-02
!
no logging console
enable password verysecret
!
!
!
!
!
clock timezone PST -8
!
ip subnet-zero
!
!
!
interface FastEthernet0/1

!-- The switchport access command configures the port to be an L2 port. !-- Assigns the port to be a member of VLAN 10. 

switchport access vlan 10

!-- Enables spanning-tree portfast. 

spanning-tree portfast
!
Interface FastEthernet0/2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/3

!-- Assigns the port to be a member of VLAN 20.

 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9

!-- Assigns the port to be a member of VLAN 30.

 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/11

!-- Assigns the port to be a member of VLAN 40. 

switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet0/1

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 

port group 1

!-- Configures the port to be an ISL trunk.

 switchport mode trunk
!
Interface GigabitEthernet0/2

!-- Assigns the port to logical port-group 1 to create the EtherChannel. 

port group 1

!-- Configures the port to be an ISL trunk. 

switchport mode trunk
!
Interface VLAN1

!-- The IP address of the management interface. 

ip address 10.10.1.20 255.255.255.0
 No ip directed-broadcast
 no ip route-cache
!

!-- The default gateway is set to the BVI 1 interface on the 4908G-L.

ip default-gateway 10.10.1.1
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end
 
3512XL-02#

3512xl-03#show running-config
Building configuration...
 
Current configuration:
!
! Last configuration change at 12:13:33 PST Tue Sep 19 2000
! NVRAM config last updated at 12:13:34 PST Tue Sep 19 2000
!
version 12.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname 3512xl-03
!
no logging console
enable password verysecret
!
!
!
!
!
clock timezone PST -8
!
ip subnet-zero
!
!
!
interface FastEthernet0/1

!-- The switchport access command configures the port to be an L2 port. !-- Assigns the port to be a member of VLAN 10.

 switchport access vlan 10

!-- Enables spanning-tree portfast.

 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 10
 spanning-tree portfast
!
interface FastEthernet0/7

!-- Assigns the port to be a member of VLAN 20.

 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9

!-- Assigns the port to be a member of VLAN 30.

 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/11

!-- Assigns the port to be a member of VLAN 40.

 switchport access vlan 40
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 40
 spanning-tree portfast
!
interface GigabitEthernet0/1

!-- Configures the port to be an ISL trunk.

 switchport mode trunk
!
Interface GigabitEthernet0/2
!
interface VLAN1

!-- The IP address of the management interface.

 ip address 10.10.1.30 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
!

!-- The default gateway is set to the BVI 1 interface on the 4908G-L3.

 ip default-gateway 10.10.1.1
!
Line con 0
 transport input none
 stopbits 1
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end
 
3512xl-03#

驗證

目前沒有適用於此組態的驗證程序。

疑難排解

目前尚無適用於此組態的具體疑難排解資訊。

相關資訊

• 在Catalyst 4908G-L3交換機上配置EtherChannel
• 在Catalyst 3500XL交換器上設定EtherChannel
• 在Catalyst 4908G-L3交換機上配置橋接
• 在Catalyst 4908G-L3交換機上配置VLAN中繼
• 在Catalyst 2900XL和3500XL交換機上配置VTP、VLAN和VLAN中繼
• 技術支援與文件 - Cisco Systems