ENSP
目录
一、实验目标
二、实验拓扑
三、场景需求
四、基本配置
五、创建VLAN
六、配置子接口
七、配置网关
八、验证配置
九、配置文件
一、实验目标
- 掌握在VLAN间路由的Trunk链路配置方法;
- 掌握在单个物理接口上配置多个子接口的方法;
- 掌握在VLAN间实现ARP通信的方法.
二、实验拓扑
三、场景需求
企业内部网络通常会通过划分不同的VLAN 来隔离不同部门之间的二层通信,并保证各部门间的信息安全。但是由于业务需要,部分部门之间需要实现跨VLAN通信, 网络管理员决定借助路由器,通过配置单臂路由实现R2与R3之间跨VLAN通信(三层通信)的需求。
四、基本配置
首先按照拓扑图上的IP地址划分,为R2和R3配置接口IP地址,并配置R2、R3、S1的设备名称:
R2:
[Huawei]sys
[Huawei]sysname R2
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.4.1 24
May 26 2022 21:17:13-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R2-GigabitEthernet0/0/0]
<R2>R3:
[Huawei]sys
[Huawei]sysname R3
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.8.1 24
May 26 2022 21:18:18-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R3-GigabitEthernet0/0/0]q
[R3]S1:
<Huawei>sys
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname S1
[S1]五、创建VLAN
在S1上创建VLAN4和VLAN8,并将E0/0/1和E0/0/3口分别加入到VLAN4和VLAN8中:
S1:
[S1]vlan batch 4 8
Info: This operation may take a few seconds. Please wait for a moment...done.
[S1]
May 26 2022 21:24:34-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 5, the ch
ange loop count is 0, and the maximum number of records is 4095.
[S1]interface e0/0/1
[S1-Ethernet0/0/1]port link-type access
May 26 2022 21:25:14-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 6, the ch
ange loop count is 0, and the maximum number of records is 4095.
[S1-Ethernet0/0/1]port default vlan 4
[S1-Ethernet0/0/1]q
[S1]interface e0/0/3
May 26 2022 21:25:24-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 7, the ch
ange loop count is 0, and the maximum number of records is 4095
[S1-Ethernet0/0/3]port link-type access
May 26 2022 21:25:44-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 8, the ch
ange loop count is 0, and the maximum number of records is 4095.8
[S1-Ethernet0/0/3]port default vlan 8
[S1-Ethernet0/0/3]q
[S1]
May 26 2022 21:25:54-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 9, the ch
ange loop count is 0, and the maximum number of records is 4095.将S1上连接R1的E0/0/2口配置为Trunk口,并允许VLAN4和VLAN8的报文通过:
S1:
[S1]interface E0/0/2
[S1-Ethernet0/0/2]port link-type trunk
May 26 2022 21:29:14-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 10, the c
hange loop count is 0, and the maximum number of records is 4095.
[S1-Ethernet0/0/2]port trunk allow-pass vlan 4 8
May 26 2022 21:29:24-08:00 S1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 11, the c
hange loop count is 0, and the maximum number of records is 4095.
[S1-Ethernet0/0/2]q
[S1]六、配置子接口
由于路由器只有一个实际的物理接口与交换机S1相连,而实际上不同部门属于不同VLAN 和不同网段,所以在路由器上配置不同的逻辑子接口来扮演不同的网关角色,在R1上配置子接口G0/0/1.1和G0/0/1.3使其分别作为VLAN4和VLAN8的网关:
在R1上配置VLAN的子接口,以实现VLAN间的通信:
R1:
<Huawei>sys
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface g0/0/0.1
[Huawei-GigabitEthernet0/0/1.1]ip address 10.0.4.254 24
[Huawei-GigabitEthernet0/0/1.1]dot1q termination vid 4
[Huawei-GigabitEthernet0/0/1.1]arp broadcast enable
[Huawei-GigabitEthernet0/0/1.1]q
[Huawei]
[Huawei]interface g0/0/0.2
[Huawei-GigabitEthernet0/0/1.3]ip address 10.0.8.254 24
[Huawei-GigabitEthernet0/0/1.3]dot1q termination vid 8
[Huawei-GigabitEthernet0/0/1.3]arp broadcast enable
[Huawei-GigabitEthernet0/0/1.3]q
[Huawei]七、配置网关
经过上面的操作, 已经基本实现了VLAN间的通信配置, 最后只需为R2和R3配置上第六步我们在R1上配置的两个网关就可以进行通信了, 由于这里是路由器,所以只需要配置一条指向网关的默认路由就可以了:
R2:
[R2]ip route-static 0.0.0.0 0 10.0.4.254
[R2]R3:
[R3]ip route-static 0.0.0.0 0 10.0.8.254
[R3]
八、验证配置
最后来测试R2与R3是否实现了跨VLAN的通信:
在R2上执行PING命令:
R2:
九、配置文件
R1:
[Huawei]display current-configuration
[V200R003C00]
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.1dot1q termination vid 4ip address 10.0.4.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/0.2dot1q termination vid 8ip address 10.0.8.254 255.255.255.0 arp broadcast enable
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1dot1q termination vid 4arp broadcast enable
#
interface GigabitEthernet0/0/1.3dot1q termination vid 8arp broadcast enable
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]R2:
<R2>display current-configuration
[V200R003C00]
#sysname R2
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 10.0.4.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.4.254
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R2> R3:
<R3>display current-configuration
[V200R003C00]
#sysname R3
#snmp-agent local-engineid 800007DB03000000000000snmp-agent
#clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#drop illegal-mac alarm
#set cpu-usage threshold 80 restore 75
#
aaa authentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$local-user admin service-type http
#
firewall zone Localpriority 15
#
interface GigabitEthernet0/0/0ip address 10.0.8.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.0.8.254
#
user-interface con 0authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>