VLAN-----与外网互通的三层交换
程序员文章站
2022-06-13 12:37:36
...
一.实验环境
- GNS3模拟器(CRT终端,wireshark抓包工具)
- 三台VPCs
- 三台c3725路由器(两台改成交换机)
二.实验原理和目的
工作原理:数据从PC1发出经由二层交换标记vlan10并转发, 从中继链路发往三层交换机上,三层交换机拆分信息识别目的IP地址之后寻找 相应的虚拟子接口,再把信息重新封装、标记,发往二层交换机上,二层设备识别标签并且脱掉标签,把信息发给PC2.
目的:使得pc1,pc2这两个不同网段不同vlan能通信,使得pc1,pc2能够访问外网pc3,但是pc3不能访问pc1,pc2(注:这里应使用ACL和NAT,使外网不能访问内网,但是笔者并未学习,所以仅在R1上配置静态路由,使pc1,pc2,pc3互通)
三.网络拓扑图
四.实验步骤
-
配置pc1,pc2,pc3的IP地址和默认网关
PC1> ip 192.168.10.10 255.255.255.0 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.10 255.255.255.0 gateway 192.168.10.1PC2> ip 192.168.20.20 255.255.255.0 192.168.20.1
Checking for duplicate address...
PC1 : 192.168.20.20 255.255.255.0 gateway 192.168.20.1PC3> ip 20.0.0.2 255.255.255.0 20.0.0.1
Checking for duplicate address...
PC1 : 20.0.0.2 255.255.255.0 gateway 20.0.0.1-
配置sw-2
- 分别划分vlan10,20给端口f1/0,f1/1,并且验证vlan
sw-2(config)#vlan 10,20
sw-2(config-vlan)#int f1/0
sw-2(config-if)#sw mo acc
sw-2(config-if)#sw acc vlan 10
sw-2(config-if)#int f1/1
sw-2(config-if)#sw mo acc
sw-2(config-if)#sw acc vlan 20
sw-2(config)#do show vlan-sw b
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/10
Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
10 VLAN0010 active Fa1/0
20 VLAN0020 active Fa1/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
- 给f1/2端口设置trunk,并且验证f1/2端口
sw-2(config-if)#int f1/2
sw-2(config-if)#sw mo tr
sw-2(config-if)#sw tr en do
sw-2(config-if)#do show int f1/2 switchport
Name: Fa1/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,10,20
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none-
配置sw-3
- 给f1/1给配置vlan10,20,并给f1/1配置trunk,且验证f1/1的信息
sw-3#conf t
sw-3(config)#vlan 10,20
sw-3(config-vlan)#int f1/1
sw-3(config-if)#sw mo trunk
sw-3(config-if)#sw tr en do
sw-3(config-if)#do show int f1/1 switchport
Name: Fa1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1,10,20
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none- 给sw-3虚拟接口配置IP地址和子网掩码,并查看路由表
sw-3(config)#int vlan 10
sw-3(config-if)#ip add 192.168.10.1 255.255.255.0
sw-3(config-if)#no shut
sw-3(config)#int vlan 20
sw-3(config-if)#ip add 192.168.20.1 255.255.255.0
sw-3(config-if)#no shut
sw-3(config-if)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
- 先关闭f1/2的二层功能,再给f1/2接口配置IP地址和静态路由,使数据包能够到达pc3,并验证信息
sw-3(config)#int f1/2
sw-3(config-if)#no switch
sw-3(config-if)#ip add 10.0.0.1 255.255.255.0
sw-3(config-if)#no shut
sw-3(config-if)#exit
sw-3(config)#ip route 20.0.0.0 255.255.255.0 10.0.0.2
sw-3(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
S 20.0.0.0 [1/0] via 10.0.0.2
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet1/2-
配置R1
- 配置R1接口的IP地址和再f0/0接口上通向pc1,pc2的静态路由,并验证信息
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip add 10.0.0.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#int f0/1
R1(config-if)#ip add 20.0.0.1 255.255.255.0
R1(config-if)#no shut
R1(config)#int f0/1
R1(config-if)#ip route 192.168.10.0 255.255.255.0 10.0.0.1
R1(config)#int f0/1
R1(config-if)#ip route 192.168.20.0 255.255.255.0 10.0.0.1
R1(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/1
S 192.168.10.0/24 [1/0] via 10.0.0.1
S 192.168.20.0/24 [1/0] via 10.0.0.1
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
五.实验结果
-
PC1,PC2,PC3之间的互ping
-
使用抓包工具在sw-2和sw-3之间查看信息流
实验结束!
上一篇: Java基础Day06
下一篇: pythonweb day12
推荐阅读