实验五利用三层交换机实现VLAN间路由Word格式.docx

1、三层交换机实现VLAN互访的原理是，利用三层交换机的路由功能，通过识别数据包的IP地址，查找路由表进行选路转发。三层交换机利用直连路由可以实现不同VLAN之间的互相访问。三层交换机给接口配置IP地址，采用SVI（交换虚拟接口）的方式实现VLAN间互连。SVI是指为交换机中的VLAN创建虚拟接口，并且配置IP地址。【实验步骤】第一步：配置两台交换机的主机名Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z.Switch（config）#hostname L2-SWL2-SW（c

2、onfig）#S3750#configure terminal S3750（config）#hostname L3-SWL3-SW（config）#第二步：在三层交换机上划分VLAN 添加端口，并设置TrunkL3-SW（config）#vlan 10L3-SW（config-vlan）#name xiaoshouL3-SW（config-vlan）#vlan 20L3-SW（config-vlan）#name jishuL3-SW（config-vlan）#exitL3-SW（config）#interface range fastEthernet 0/6-10L3-SW（config-if

3、-range）#switchport mode accessL3-SW（config-if-range）#switchport access vlan 10L3-SW（config-if-range）#exit L3-SW（config）#interface range fastEthernet 0/11-15L3-SW（config-if-range）#switchport access vlan 20L3-SW（config-if-range）#exitL3-SW（config）#interface fastEthernet 0/1L3-SW（config-if）#switchport m

4、ode trunkL3-SW（config-if）#exit第三步：在二层交换机上划分VLAN添加端口，并设置TrunkL2-SW（config）#vlan 10L2-SW（config-vlan）#name xiaoshouL2-SW（config-vlan）#vlan 20L2-SW（config-vlan）#name jishuL2-SW（config-vlan）#exitL2-SW（config）#interface range fastEthernet 0/6-10L2-SW（config-if-range）#switchport mode accessL2-SW（config-if

5、-range）#switchport access vlan 10L2-SW（config-if-range）#exitL2-SW（config）#interface fastEthernet 0/1L2-SW（config-if）#switchport mode trunkL2-SW（config-if）#exit第四步：查看VLAN和Trunk的配置L2-SW#show vlanVLAN Name Status Ports - - - -1 default active Fa0/1 ,Fa0/2 ,Fa0/3 Fa0/4 ,Fa0/5 ,Fa0/11 Fa0/12,Fa0/13,Fa0/1

6、4 Fa0/15,Fa0/16,Fa0/17 Fa0/18,Fa0/19,Fa0/20 Fa0/21,Fa0/22,Fa0/23 Fa0/2410 xiaoshou active Fa0/1 ,Fa0/6 ,Fa0/7 Fa0/8 ,Fa0/9 ,Fa0/1020 jishu active Fa0/1 L2-SW#L2-SW#show interfaces fastEthernet 0/1 switchport Interface Switchport Mode Access Native Protected VLAN lists - - - - - - -Fa0/1 Enabled Trun

7、k 1 1 Disabled AllL3-SW#show vlan- - - - 1 VLAN0001 STATIC Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/25, Gi0/26 Gi0/27, Gi0/28 10 xiaoshou STATIC Fa0/1, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10 20 jishu STATIC Fa0/1, Fa0/11, Fa0/12, Fa0/13 F

8、a0/14, Fa0/15 L3-SW#L3-SW#show interfaces fastEthernet 0/1 switchport Interface Switchport Mode Access Native Protected VLAN lists- - - - - - -FastEthernet 0/1 enabled TRUNK 1 1 Disabled ALL第五步：验证配置PC3和PC1都属于VLAN 10，它们的IP地址都在C类网络192.168.10.0/24内，PC2属于VLAN 20，它的IP地址在C类网络192.168.20.0/24内，此时，不同VLAN之间的P

9、C3和PC2是不能ping通的，如错误！未找到引用源。所示。图3-11 从PC3不能ping通PC2第六步：在三层交换机上配置SVI端口L3-SW#configure terminal L3-SW（config）#interface vlan 10！激活VLAN 10的SVI端口并配置IP地址L3-SW（config-if）#Dec 2 18:59:30 L3-SW %7:%LINE PROTOCOL CHANGE: Interface VLAN 10, changed state to UPL3-SW（config-if）#ip address 192.168.10.1 255.255.25

10、5.0L3-SW（config-if）#no shutdown L3-SW（config）#interface vlan 20激活VLAN 20的SVI端口并配置IP地址L3-SW（config-if）#Dec 2 19:00:05 L3-SW %7: Interface VLAN 20, changed state to UPL3-SW（config-if）#ip address 192.168.20.1 255.255.255.0第七步：查看SVI端口的配置L3-SW#show ip routeCodes: C - connected, S - static, R - RIP B - BG

11、P O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultGateway of last resort is no setC 192.168.10.0/24 is dire

12、ctly connected, VLAN 10C 192.168.10.1/32 is local host. C 192.168.20.0/24 is directly connected, VLAN 20C 192.168.20.1/32 is local host. 从中可以看到，VLAN的虚拟端口上配置的IP地址，其网段成为了三层交换机的直连路由。L3-SW#show interfaces vlan 10Index（dec）:4106 （hex）:100aVLAN 10 is UP , line protocol is UP Hardware is VLAN, address is 0

13、0d0.f821.a543 （bia 00d0.f821.a543）Interface address is: 192.168.10.1/24ARP type: ARPA,ARP Timeout: 3600 seconds MTU 1500 bytes, BW 1000000 Kbit Encapsulation protocol is Ethernet-II, loopback not set Keepalive interval is 10 sec , set Carrier delay is 2 sec RXload is 1 ,Txload is 1 Queueing strategy

14、: WFQL3-SW#show interfaces vlan 204116 （hex）:1014VLAN 20 is UP , line protocol is UP 192.168.20.1/24第八步：给PC3添加网关192.168.10.1，如错误！所示，此时再从PC3去ping不同VLAN的主机PC2，是可以ping通的，如错误！图3-12 为PC3设置网关图3-13 设置三层交换机后，PC3可以ping通PC2【注意事项】1、两台交换机之间相连的端口应该设置为tag vlan模式。2、给SVI端口设置完IP地址后，一定要使用no shutdown命令进行激活，否则无法正常使用。3、

15、如果VLAN内没有激活的端口，相应VLAN的SVI端口将无法被激活。4、需要设置PC的网关为相应VLAN的SVI接口地址。【参考配置】L3-SW#show running-configBuilding configuration.Current configuration : 1605 bytes!version RGNOS 10.1.00（4）, Release（18443）（Tue Jul 17 19:51:54 CST 2007 -ubu6server）hostname L3-SWvlan 1vlan 10 name xiaoshouvlan 20 name jishuinterface

16、 FastEthernet 0/1 switchport mode trunkinterface FastEthernet 0/2interface FastEthernet 0/3interface FastEthernet 0/4interface FastEthernet 0/5interface FastEthernet 0/6 switchport access vlan 10interface FastEthernet 0/7interface FastEthernet 0/8interface FastEthernet 0/9interface FastEthernet 0/10

17、interface FastEthernet 0/11 switchport access vlan 20interface FastEthernet 0/12interface FastEthernet 0/13interface FastEthernet 0/14interface FastEthernet 0/15interface FastEthernet 0/16interface FastEthernet 0/17interface FastEthernet 0/18interface FastEthernet 0/19interface FastEthernet 0/20inte

18、rface FastEthernet 0/21interface FastEthernet 0/22interface FastEthernet 0/23interface FastEthernet 0/24interface GigabitEthernet 0/25interface GigabitEthernet 0/26interface GigabitEthernet 0/27interface GigabitEthernet 0/28interface VLAN 10 ip address 192.168.10.1 255.255.255.0interface VLAN 20 ip

19、address 192.168.20.1 255.255.255.0line con 0line vty 0 4 loginendL2-SW#show running-config System software version : 1.68 Build Apr 25 2007 Release 457 bytesversion 1.0hostname L2-SWinterface fastEthernet 0/1interface fastEthernet 0/6interface fastEthernet 0/7 interface fastEthernet 0/8interface fastEthernet 0/9interface fastEthernet 0/10