#1-5 配置三層交換
##實驗 1-5 配置三層交換
學習目標
掌握通過三層交換機實現VLAN間通訊的配置方法
掌握通過乙太網Trunk鏈路實現VLAN間通訊的配置方法
掌握在不同VLAN間配置動態路由協議OSPF的方法
場景
在企業網路中,通過使用三層交換機可以簡便的實現VLAN間通訊。作為企
業的網路管理員,您需要在三層交換機配置VLANIF介面的三層功能,使得如上所示拓撲圖中的網路能夠實現VLAN間通訊。此外,為了使S1和S2所連線的不同網路能夠進行三層通訊,還需要配置路由協議。
操作步驟
步驟一. 實驗環境準備
如果本任務中您使用的是空配置裝置,需要從步驟1開始,然後跳過步驟2。
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.4.1 24
system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R3
system-view
[Quidway]sysname S1
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]mode lacp-static
[S1-Eth-Trunk1]port link-type trunk
[S1-Eth-Trunk1]port trunk allow-pass vlan all
[S1-Eth-Trunk1]quit
[S1]interface GigabitEthernet 0/0/9
[S1-GigabitEthernet0/0/9]eth-trunk 1
[S1-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
[S1-GigabitEthernet0/0/10]eth-trunk 1
system-view
[Quidway]sysname S2
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]mode lacp-static
[S2-Eth-Trunk1]port link-type trunk
[S2-Eth-Trunk1]port trunk allow-pass vlan all
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/0/9
[S2-GigabitEthernet0/0/9]eth-trunk 1
[S2-GigabitEthernet0/0/9]interface GigabitEthernet 0/0/10
[S2-GigabitEthernet0/0/10]eth-trunk 1
system-view
[Quidway]sysname S3
[S3]interface Ethernet 0/0/7
[S3-Ethernet0/0/7]shutdown
system-view
[Quidway]sysname S4
[S4]interface Ethernet 0/0/14
[S4-Ethernet0/0/14]shutdown
步驟二. 清除裝置上原有的配置
清除裝置上的VLAN路由和子介面配置。
[R1]undo ip route-static 0.0.0.0 0
[R2]undo interface GigabitEthernet 0/0/1.1
[R2]undo interface GigabitEthernet 0/0/1.3
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]undo ip address
[R3-GigabitEthernet0/0/1]quit
[R3]undo ip route-static 0.0.0.0 0
[S1]undo vlan batch 4 8
[S1]interface GigabitEthernet 0/0/2
[S1-GigabitEthernet0/0/2]undo port trunk allow-pass vlan 4 8
[S1-GigabitEthernet0/0/2]quit
[S1]interface GigabitEthernet 0/0/13
[S1-GigabitEthernet0/0/13]undo shutdown
[S2]interface GigabitEthernet0/0/6
[S2-GigabitEthernet0/0/6]undo shutdown
重新開啟S1和S2間的Eth-Trunk介面。
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]undo shutdown
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]undo shutdown
步驟三. 在 S1 和 S2 批量建立 VLAN 3 到 VLAN 7
[S1]vlan batch 3 to 7
[S2]vlan batch 3 to 7
確認VLAN已成功建立。
[S1]display vlan
[S2]display vlan
步驟四. 配置 Eth-Trunk 鏈路
將S1上的G0/0/1和0/0/13埠分別加入VLAN 4和VLAN 3。將S2上的
G0/0/3和G0/0/24埠分別加入VLAN 6和VLAN 7。
[S1]interface Eth-Trunk 1
[S1-Eth-Trunk1]port trunk pvid vlan 5
[S1-Eth-Trunk1]quit
[S1]interface GigabitEthernet 0/0/1
[S1-GigabitEthernet0/0/1]port link-type access
[S1-GigabitEthernet0/0/1]port default vlan 4
[S1-GigabitEthernet0/0/1]quit
[S1]interface GigabitEthernet 0/0/13
[S1-GigabitEthernet0/0/13]port link-type access
[S1-GigabitEthernet0/0/13]port default vlan 3
[S2]interface Eth-Trunk 1
[S2-Eth-Trunk1]port trunk pvid vlan 5
[S2-Eth-Trunk1]quit
[S2]interface GigabitEthernet 0/0/3
[S2-GigabitEthernet0/0/3]port link-type access
[S2-GigabitEthernet0/0/3]port default vlan 6
[S2-GigabitEthernet0/0/3]quit
[S2]interface GigabitEthernet 0/0/6
[S2-GigabitEthernet0/0/6]port link-type access
[S2-GigabitEthernet0/0/6]port default vlan 7
配置完成後,執行display vlan命令檢視VLAN以及成員埠資訊。
步驟五. 配置 VLANIF 三層介面
分別為S1上的VLANIF 3、VLANIF 4和VLANIF 5以及S2上的VLANIF 5、
VLANIF 6和VLANIF 7配置IP地址。
[S1]interface Vlanif 3
[S1-Vlanif3]ip address 10.0.3.254 24
[S1-Vlanif3]interface Vlanif 4
[S1-Vlanif4]ip address 10.0.4.254 24
[S1-Vlanif4]interface Vlanif 5
[S1-Vlanif5]ip address 10.0.5.1 24
[S2]interface Vlanif 5
[S2-Vlanif5]ip address 10.0.5.2 24
[S2-Vlanif5]interface Vlanif 6
[S2-Vlanif6]ip address 10.0.6.254 24
[S2-Vlanif6]interface Vlanif 7
[S2-Vlanif7]ip address 10.0.7.254 24
步驟六. 為 R1、R3、S3 和 S4 配置 IP 地址和預設路由
本實驗中,R1、R3、S3和S4模擬客戶端主機,四臺裝置都需要配置一個用
戶IP地址,其中S3和S4使用VLANIF 1介面配置IP地址,然後將S3的E0/0/13端
口和S4的E0/0/6埠加入到VLAN 1中。R1的地址應配置為10.0.4.1/24。最後
為每臺裝置配置一條預設靜態路由指向閘道器。
[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.4.254
[S3]interface Vlanif 1
[S3-Vlanif1]ip address 10.0.3.3 24
[S3-Vlanif1]quit
[S3]ip route-static 0.0.0.0 0.0.0.0 10.0.3.254
[R3]interface GigabitEthernet 0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.0.6.3 24
[R3-GigabitEthernet0/0/2]quit
[R3]ip route-static 0.0.0.0 0.0.0.0 10.0.6.254
[S4]interface Vlanif 1
[S4-Vlanif1]ip address 10.0.7.4 24
[S4]interface Vlanif 1
[S4-Vlanif1]ip address 10.0.7.4 24
檢測R1和R3之間的連通性。
ping 10.0.6.3
回顯資訊表明R1和R3無法互相通訊。執行tracert命令,查詢通訊失敗的原
因。
[R1]tracert 10.0.6.3
由顯示資訊可以看出,R1向目的地址10.0.6.3傳送了資料報文,但是資料報
文僅能到達地址為10.0.4.254的閘道器裝置。
在閘道器裝置S1上檢視是否擁有到達目的網路的路由條目。
[S1]display ip routing-table
由顯示資訊可以看出,R1向目的地址10.0.6.3傳送了資料報文,但是資料報
文僅能到達地址為10.0.4.254的閘道器裝置。
在閘道器裝置S1上檢視是否擁有到達目的網路的路由條目。
[S1]display ip routing-table
由顯示資訊可以看出,由於網段10.0.6.0/24並非S1直連網段,且S1上也並
未配置任何靜態路由或用動態路由協議獲取該網段路由資訊,因而S1沒有通往該網段的路由條目,S1就無法將資料包正確轉發到該網段。
步驟八. 在 S1 和 S2 上配置 OSPF 協議
[S1]ospf
[S1-ospf-1]area 0
[S1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
[S2]ospf
[S2-ospf-1]area 0
[S2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255
配置完成後,待OSPF收斂完成,再檢視S1的路由表。
[S1]display ip routing-table
可以觀察到S1已經通過OSPF學習到了10.0.6.0/24和10.0.7.0/24這兩條路
由。再次檢測R1和R3間的連通性。
[R1]ping 10.0.6.3
配置檔案
[R1]display current-configuration
[V200R007C00SPC600]
sysname R1
interface GigabitEthernet0/0/1
ip address 10.0.4.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 10.0.4.254
user-interface con 0
authentication-mode password
set authentication password cipher %
dD#}P<HzJ;Xs%X>hOkm!,.+Iq61QKK6t I}cc-;k_o
user-interface vty 0 4
return
[S1]display current-configuration
!Software Version V200R008C00SPC500
sysname S1
vlan batch 3 to 7
interface Vlanif3
ip address 10.0.3.254 255.255.255.0
interface Vlanif4
ip address 10.0.4.254 255.255.255.0
interface Vlanif5
ip address 10.0.5.1 255.255.255.0
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp
interface GigabitEthernet0/0/1
port link-type access
port default vlan 4
interface GigabitEthernet0/0/9
eth-trunk 1
lacp priority 100
undo negotiation auto
speed 100
interface GigabitEthernet0/0/10
eth-trunk 1
lacp priority 100
undo negotiation auto
speed 100
interface GigabitEthernet0/0/13
port link-type access
port default vlan 3
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
user-interface con 0
user-interface vty 0 4
return
[S2]display current-configuration
!Software Version V200R008C00SPC500
sysname S2
vlan batch 3 to 7
interface Vlanif5
ip address 10.0.5.2 255.255.255.0
interface Vlanif6
ip address 10.0.6.254 255.255.255.0
interface Vlanif7
ip address 10.0.7.254 255.255.255.0
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp
interface GigabitEthernet0/0/3
port link-type access
port default vlan 6
interface GigabitEthernet0/0/6
port link-type access
port default vlan 7
interface GigabitEthernet0/0/9
eth-trunk 1
undo negotiation auto
speed 100
interface GigabitEthernet0/0/10
eth-trunk 1
undo negotiation auto
speed 100
ospf 1
area 0.0.0.0
network 10.0.0.0 0.255.255.255
user-interface con 0
user-interface vty 0 4
return
[S3]display current-configuration
!Software Version V100R006C05
sysname S3
interface Vlanif1
ip address 10.0.3.3 255.255.255.0
interface Ethernet0/0/7
shutdown
ip route-static 0.0.0.0 0.0.0.0 10.0.3.254
user-interface con 0
user-interface vty 0 4
return
[S4]display current-configuration
!Software Version V100R006C05
sysname S4
undo http server enable
drop illegal-mac alarm
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
ip address 10.0.7.4 255.255.255.0
interface Ethernet0/0/14
shutdown
ip route-static 0.0.0.0 0.0.0.0 10.0.7.254
user-interface con 0
user-interface vty 0 4
return