1、集成路由和桥接IRB详解 集成路由和桥接(IRB)详解Cisco路由器提供集成的路由与桥接(Integrated Routing and Bridging,IRB)功能。当配置了IRB后,不可路由的协议数据流可以在配置为相同网桥组的端口上实现桥接交换,同时可以路由的协议数据流则在其他的路由端口或不同的网桥组之间实现路由。 这里提到了一个概念,即网桥组(Bridge-Group)。要实现不同的端口之间的桥接交换,必须将这些端口归到同一个网桥组当中。从概念上说,配置为同一个网桥组中的所有端口属于同一个第二层的广播域,不管这个端口类型是广域网端口还是以太网端口,也不管这个端口是物理端口还是逻辑端口(
2、如X.25的子口或以太网的VLAN子口)。Cisco路由器为每一个已配置的网桥组自动产生一个虚拟接口,称之为Beidge-Group Virtual Interface(BVI),在不同的BVI之间或BVI与其它的端口之间可以实现路由的能力。下面说明BVI的主要概念和IRB的配置任务。 SW1switch#conf tswitch(config)#vlan 2 switch(config-vlan)#exitswitch(config)#interface fastethernet0/1switch(config-if)#switchport mode accessswitch(config-
3、if)#switchport access vlan 1switch(config-if)#interface fastethernet 0/2switch(config-if)#switchport mode accessswitch(config-if)#switchport access vlan 2switch(config-if)#interface fastethernet 0/24switch(config-if)#encapsulation dot1qswitch(config-if)#switchport mode trunkSW2switch#configure termi
4、nalswitch(config)#vlan 2switch(config-vlan)#exitswitch(config)#interface fastethernet 0/1switch(config-if)#switchport mode accessswitch(config-if)#switchport access vlan 1switch(config-if)#interface fastethernet 0/2switch(config-if)#switchport mode accessswitch(config-if)#switchport accesss vlan 2sw
5、itch(config-if)#interface fastethernet 0/24switch(config-if)#encapsulation islswitch(config-if)#switchport mode trunkR1router#configure terminalrouter(config)#interface fastethernet 0/0router(config-if)#no shutrouter(config-if)#interface fastethernet 0/0.1router(config-subif)#encapsulation dot1q 1ro
6、uter(config-subif)#bridge-group 1router(config-subif)#interface fastethernet 0/0.2router(config-subif)#encapsultion dot1q 2router(config-subif)#bridge-group 2router(config-subif)#exitrouter(config-if)#interface fastetherent 0/1router(config-if)#no shutrouter(config-if)#interface fastethernet 0/1.1ro
7、uter(config-subif)#encapsulation isl 1router(config-subif)#brdige group 1router(config-subif)#interface fastethernet 0/1.2router(config-subif)#encapsulation isl 2router(config-subif)#brdige group 2router(config-subif)#exitrouter(config-if)#exitrouter(config)# bridge irbrouter(config)#bridge 1 protoc
8、ol ieeerouter(config)#bridge 2 protocol ieeerouter(config)#bridge 1 route iprouter(config)#brdige 2 route iprouter(config)#int bvi 1router(config-if)#ip add 192.168.1.254 255.255.255.0router(config-if)#int bvi 2router(config-if)#ip add 192.168.2.254 255.255.255.0Section III. 实验-子接口桥接 实验中的IP划分: SW1 V
9、LAN 2 192.168.2.250 VLAN 3 192.168.3.250 SW2 VLAN 2 192.168.2.249 VLAN 3 192.168.3.249 R1 bvi 1 192.168.2.251 bvi 2 192.168.3.251 R2 bvi 1 192.168.2.248 bvi 2 192.168.3.248 HSRP 2 192.168.2.254 HSRP 3 192.168.3.254 一。实验目的 了解桥接的作用:桥接”,是指依据OSI网络模型的链路层的地址,对网络数据包进行转发的过程。当路由器配置了桥接选项后,会处理所有接口上的所有的数据帧,并实时调
10、查每个主机的位置。若在某个接口上收入一个帧,就会在一个桥接内置入一个条目,列出发送数据的主机和接收到数据帧的接口MAC地址,这样路由表就被不断地在通信中完善起来。参考:二。实验内容 1。在实验中,我们使用的是二层交换机,通过路由器来实现VLAN之间的路由 在E0/0 E0/1下面划分子接口 int e0/0.1 int e0/0.2 en dot1q 2 en dot1q 3 分别封装VLAN 2 VLAN 3 2。因为在同一物理接口不能配置同一网段的IP地址,我们要通过桥接组来实现子接口之间的桥接 int e0/0.1 int e0/1.1 bridge-group 1 bridge-gro
11、up 2 建立两个桥接组 3。这只是简单的两层桥接,要实现三层桥接,我们要给桥接组配置IP地址 int bvi 1 int bvi 2 ip add 192.168.2.1 255.255.255.0 ip add 192.168.3.1 255.255.255.0 两个组分别使用VLAN2 与VLAN 3的网段,这样可以实现VLAN之间的路由 4。为了完成VLAN之间的路由,所有橙色线路的端口为trunk switchport mode truck switchport truck en do 5。所有PC接入端号使作protfast 端口,接到收敛速成度 spanning-stree pr
12、otfast 6。为了终端PC的安全,我们可以采用热备份协议,实现网关冗余 R1: int bvi 1 int bri 2 standy 1 ip 192.168.2.254 standy 2 ip 192.168.3.254 standy 1 pree standy 2 pree 开启抢占 R2: int bvi 1 standy 1 ip 192.168.2.254 standy 2 ip 192.168.3.254 standy 1 pree standy 2 pree 开启抢占 standy 1 pri 50 让R1成为VLAN 1主网关 standy 2 pri 200 让R2成为V
13、LAN 2的主网关 在第6中,我们分别分R1与R2成为VLAN 1与VLAN 2的主,彼此之间成为备份,使得网络更可靠 7。ISP与本地路由器之间采用路由协议,可以实现负载均衡在实验中用到如下命令: bridge 1 protocol ieee 封装协议 birdge 1 route ip 支持IP路由 birdge irb 将桥接接口集成路由功能二。实验配置 这个实验中,主要是难点是子接口的路由桥接,但这个设计早以最淘汰了,我们可以在三层路由来实现上面的功能 。另一个知识点就是为这个VLAN 建立备份网关,我们可以采用HSRP VRRP GLBP协议来实现三配置R1-up#sh runBui
14、lding configuration.Current configuration : 1119 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R1-up!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zero!ip cefbridge irb!interface Loopback1ip address 1.
15、1.1.1 255.255.255.0!interface Ethernet0/0no ip addresshalf-duplex!interface Ethernet0/0.1encapsulation dot1Q 2bridge-group 1!interface Ethernet0/0.2encapsulation dot1Q 3bridge-group 2!interface Serial0/0ip address 10.1.1.1 255.255.255.0no fair-queue!interface Ethernet0/1no ip addresshalf-duplex!inte
16、rface Ethernet0/1.1encapsulation dot1Q 2bridge-group 1!interface Ethernet0/1.2encapsulation dot1Q 3bridge-group 2!interface BVI1ip address 192.168.2.251 255.255.255.0standby 1 ip 192.168.2.1standby 1 preempt!interface BVI2ip address 192.168.3.251 255.255.255.0standby 2 ip 192.168.3.1!ip http serveri
17、p classless!bridge 1 protocol ieeebridge 1 route ipbridge 2 protocol ieeebridge 2 route ip!line con 0line aux 0line vty 0 4login!endR2-down#sh runBuilding configuration.Current configuration : 1173 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service
18、 password-encryption!hostname R2-down!boot-start-markerboot-end-marker!no aaa new-modelip subnet-zeroip cef!ip audit po max-events 100!bridge irb!interface Ethernet0/0no ip addresshalf-duplex!interface Ethernet0/0.1encapsulation dot1Q 2bridge-group 1!interface Ethernet0/0.2encapsulation dot1Q 3bridg
19、e-group 2!interface Serial0/0no ip addressshutdownno fair-queue!interface Ethernet0/1no ip addresshalf-duplex!interface Ethernet0/1.1encapsulation dot1Q 2bridge-group 1!interface Ethernet0/1.2encapsulation dot1Q 3bridge-group 2!interface BVI1ip address 192.168.2.248 255.255.255.0standby 1 ip 192.168
20、.2.1standby 1 priority 50standby 1 preempt/桥接组1 并启用了HSRP!interface BVI2ip address 192.168.3.248 255.255.255.0standby 2 ip 192.168.3.1standby 2 priority 200standby 2 preempt/桥接组2 并启用了HSRP!ip http serverno ip http secure-serverip classless!bridge 1 protocol ieeebridge 1 route ipbridge 2 protocol ieeeb
21、ridge 2 route ip!line con 0line aux 0line vty 0 4!endSw1-up#sh runBuilding configuration.Current configuration:!version 12.0no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Sw1-up!ip subnet-zero!interface FastEthernet0/1switchport trun
22、k encapsulation dot1qswitchport mode trunk!interface FastEthernet0/2switchport trunk encapsulation dot1qswitchport mode trunk!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthe
23、rnet0/9!interface FastEthernet0/10switchport access vlan2spanning-tree portfast!interface FastEthernet0/11!interface FastEthernet0/12!interface VLAN1no ip directed-broadcastno ip route-cache!interface VLAN2ip address 192.168.2.250 255.255.255.0no ip directed-broadcastno ip route-cache!interface VLAN
24、3ip address 192.168.3.250 255.255.255.0no ip directed-broadcastno ip route-cache!line con 0transport input nonestopbits 1line vty 0 4loginline vty 5 15login!endSw1-up#Sw2-down#sh runBuilding configuration.Current configuration:!version 12.0no service padservice timestamps debug uptimeservice timesta
25、mps log uptimeno service password-encryption!hostname Sw2-down!ip subnet-zero!interface FastEthernet0/1switchport trunk encapsulation dot1qswitchport mode trunkspanning-tree portfast!interface FastEthernet0/2switchport trunk encapsulation dot1qswitchport mode trunkspanning-tree portfast!interface Fa
26、stEthernet0/3spanning-tree portfast!interface FastEthernet0/4spanning-tree portfast!interface FastEthernet0/5spanning-tree portfast!interface FastEthernet0/6spanning-tree portfast!interface FastEthernet0/7spanning-tree portfast!interface FastEthernet0/8spanning-tree portfast!interface FastEthernet0/
27、9spanning-tree portfast!interface FastEthernet0/10spanning-tree portfast!interface FastEthernet0/11spanning-tree portfast!interface FastEthernet0/12spanning-tree portfast!interface VLAN1no ip directed-broadcastno ip route-cache!interface VLAN2ip address 192.168.2.249 255.255.255.0no ip directed-broadcastno ip route-cache!interface VLAN3ip address 192.168.3.249 255.255.255.0no ip directed-broadcastno ip route-cache!line con 0transport input nonestopbits 1line vty 0 4loginline vty 5 15login!endSw2-down#
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1