1.1初识三层交换
三层交换中的三层是指 OSI 七层模型中的第三层,即网络层。网络层的核心设备是路由器,传统的交换机位于第二层,那么把第三层和交换机联系在一起,意味着该交换机可以工作在第三层,运行路由协议。所以,三层交换机是一个普通的二层交换机和三层路由器的结合体,它同时具备二层交换机和三层路由器的特性。
1.2三层交换机的配置
1.配置命令
1)启动路由功能
三层交换机在默认情况下的配置与二层交换机相同,如果想要在三层交互机上配置路由,首先需要在三层交换机上启动路由功能,配置命令如下
swi(config)#ip routing
2)配置虚拟接口的 IP 地址
虚拟接口的IP地址命令如下
swi(config)#interface vlan 10 //进入vlan10接口
swi(config-if)#ip address 192.168.10.254 255.255.255.0 //配置vlan IP地址
swi(config-if)#no shutdown //打开接口
swi(config-if)#exit //退出接口
swi(config)#
3)配置路由接口
三层交换机的接口默认情况下是二层接口,如果需要然让交换机与路由器实现点到点的连接,需要将交换机上的某个接口配置为路由接口,才能为这个接口配置IP地址。配置命令如下
swi(config-if)#no switchport
1.3三层交换机实现vlan互通实例
实验环境为一台三层交换机 一台路由器 一台二层交换机 一台二层傻瓜式交换机 加一台DHCP服务器 三台PC组成
1)先配置PC的IP地址和默认网关 其他两台 PC 除IP 网关之外 差不多相同配置在此就不做演示了
注意:因为本案例没有PC的ISO镜像文件 所以PC是路由器变化的图片
PC1(config)#interface ethernet 0/1 //进入PC1 e0/1接口
PC1(config-if)#duplex full //配置全双工模式
PC1(config-if)#ip address 192.168.10.1 255.255.255.0 //配置IP地址
PC1(config-if)#no shutdown //打开接口
PC1(config-if)#exit //退出接口
*Feb 7 12:15:33.489: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Feb 7 12:15:34.490: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up
PC1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.254 //配置默认路由
- 可以使用命令:PC1#show ip interface brief 查看IP是否配置成功
PC1#show ip interface brief //查看IP配置命令
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM administratively down down
Ethernet0/1 192.168.10.1 YES manual up up
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Ethernet1/0 unassigned YES NVRAM administratively down down
3.可以使用命令:PC1#show ip route 查看路由表 查看是否配置成功
PC1#show ip route //查看路由表
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.10.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.10.254 //配置成功
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Ethernet0/1
L 192.168.10.1/32 is directly connected, Ethernet0/1
3.在SW1上创建vlan 20,30
SW1(config)#vlan 20,30 //创建vlan
SW1(config-vlan)#exit //退出创建
SW1(config)#do show vlan //查看vlan是否创建成功
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/0, Et0/1, Et0/2, Et0/3
Et1/0, Et1/1, Et1/2, Et1/3
Et2/0, Et2/1, Et2/2, Et2/3
Et3/0, Et3/1, Et3/2, Et3/3
20 VLAN0020 active //vlan20创建成功
30 VLAN0030 active //vlan30创建成功
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
4.将链路配置成access接入链路并划分vlan 配置0/3接口为trunk模式
SW1(config)#interface e0/1 //进入e0/1接口
SW1(config-if)#switchport mode access //配置模式为access接入链路
SW1(config-if)#switchport access vlan 20 //将e0/1接口加入到vlan20
SW1(config-if)#exit //退出接口
SW1(config)#interface e0/2 //进入e0/2接口
SW1(config-if)#switchport mode access //配置模式为access接入链路
SW1(config-if)#switchport access vlan 30 //将0/2接口划分到vlan30
SW1(config-if)#exit //退出接口
SW1(config)#do show vlan //查看是否划分成功vlan
SW1(config)#interface e0/3 //进入e0/3接口
SW1(config-if)#switchport trunk encapsulation dot1q //打上802.1Q标签
SW1(config-if)#switchport mode trunk //配置为trunk干道模式
SW1(config-if)#exit //退出接口
5.在SL3三层交换机上创建vlan 10,20,30
SL3(config)#vlan 10,20,30 //创建vlan 10,20,30
SL3(config-vlan)#exit //退出创建
SL3(config)#do show vlan //查看是否配置成功
6.配置虚拟接口的IP地址
SL3(config)#interface vlan 10 //进入vlan10
SL3(config-if)#ip address 192.168.10.254 255.255.255.0 //配置IP地址
SL3(config-if)#no shutdown //打开接口
SL3(config-if)#exit //退出接口
SL3(config)#interface vlan 20 //进入vlan20
*Feb 7 12:58:14.646: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down
SL3(config-if)#ip address 192.168.20.254 255.255.255.0 //配置IP地址
SL3(config-if)#no shutdown //打开接口
SL3(config-if)#exit //退出 接口
*Feb 7 12:58:24.190: %LINK-3-UPDOWN: Interface Vlan20, changed state to up
*Feb 7 12:58:25.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
SL3(config)#interface vlan 30 //进入vlan30
*Feb 7 12:58:31.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to down
SL3(config-if)#ip address 192.168.30.254 255.255.255.0 //配置IP地址
SL3(config-if)#no shutdown //打开接口
SL3(config-if)#exit //退出接口
7.三层交换机e0/1 e0/2配置access 和trunk链路
SL3(config)#interface e0/2 //进入e0/2接口
SL3(config-if)#switchport mode access //配置为接入模式
SL3(config-if)#switchport access vlan 10 //将e0/2接口划分到vlan10
SL3(config-if)#exit //退出接口
SL3(config)#interface e0/1 //进入e0/1接口
SL3(config-if)#switchport trunk encapsulation dot1q //打上802.1Q标签
SL3(config-if)#switchport mode trunk //配置为trunk模式
SL3(config-if)#exit //退出接口
8.测试连通性 (随便一台PC都可以这里我们使用PC1测试)测试成功这样我们就实现了三层交换机不通vlan间通信
PC1#ping 192.168.10.254 //ping 网关
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.254, timeout is 2 seconds:
.!!!! //联通成功
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
PC1#ping 192.168.20.1 //ping通PC2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
PC1#ping 192.168.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
PC1#
9.在R1路由器上创建测试接口 配置IP和默认路由
R1(config)#int e0/1 //进入0/1接口
R1(config-if)#duplex full //配置全双工模式
R1(config-if)#ip address 192.168.23.1 255.255.255.0 //配置IP地址
R1(config-if)#no shutdown //打开接口
R1(config-if)#exit //退出接口
*Feb 7 13:23:43.675: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Feb 7 13:23:44.684: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up
R1(config)#ip route 192.168.10.0 255.255.255.0 192.168.23.2 //配置去往10.0网段的路由
R1(config)#ip route 192.168.20.0 255.255.255.0 192.168.23.2 //配置去往20.0网段的路由
R1(config)#ip route 192.168.30.0 255.255.255.0 192.168.23.2 //配置去往30.0网段的路由
R1(config)#do show ip route
R1(config)#interface loopback 0 //进入测试接口
*Feb 7 13:26:35.827: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R1(config-if)#ip address 1.1.1.1 255.255.255.255 //配置测试IP地址
R1(config-if)#no shutdown //打开测试IP接口
R1(config-if)#exit //退出接口
R1#
10.三层交换配置IP和回程路由
SL3(config)#int e0/0 //进入e0/0接口
SL3(config-if)#no switchport //禁用二层设备
SL3(config-if)#ip address 192.168.23.2 255.255.255.0 //配置IP地址
SL3(config-if)#no shutdown //打开接口
SL3(config-if)#exit //退出接口
SL3(config)#ip route 0.0.0.0 0.0.0.0 192.168.23.1 //配置默认路由
11最后再测试连通性 这样整个网络就互通了
PC1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
PC1#
2.三层交换机配置DHCP中继
网络内配置了vlan,vlan能隔离广播,而DHCP协议使用广播,也就是说,
默认情况下DHCP协议只能在vlan内部使用。DHCP服务器在vlan100中,就只有该vlan内的客户机能从DHCP服务器哪里获取IP地址。如果vlan20或vlan30的客户机也需要通过这台DHCP服务器获取IP就需要在三层交换机上配置DHCP中继转发。
让三层交换机能够将DHCP这种特殊的广播信息在vlan之间转发,让其他vlan客户机也能从DHCP服务器哪里获得IP地址。
1.DHCP中继的配置
DHCP中继的配置命令如下
1.先再SL3上创建vlan100 配置成access接入链路
SL3(config)#vlan 100 //创建vlan100
SL3(config-vlan)#exit //退出创建
SL3(config)#interface vlan 100 //进入vlan100
*Feb 7 13:55:15.224: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
SL3(config-if)#ip address 192.168.100.254 255.255.255.0 //配置IP地址
SL3(config-if)#no shutdown //打开接口
SL3(config-if)#exit //退出接口
SL3(config)#
*Feb 7 13:55:26.974: %LINK-3-UPDOWN: Interface Vlan100, changed state to up
*Feb 7 13:55:27.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
SL3(config)#int e0/3 //进入e0/3接口
SL3(config-if)#switchport mode access //配置为access接入链路
SL3(config-if)#switchport access vlan 100 //将e0/3划分到vlan100
SL3(config-if)#exit //退出接口
2.在DHCP服务器上配置DHCP发放地址服务
DHCP(config)#int e0/1 //进入e0/1接口
DHCP(config-if)#duplex full //配置全双工模式
DHCP(config-if)#ip address 192.168.100.1 255.255.255.0 //配置IP地址
DHCP(config-if)#no shutdown //打开接口
DHCP(config-if)#exit //退出接口
DHCP(config)#ip route 0.0.0.0 0.0.0.0 192.168.100.254 //配置默认路由
DHCP(config)#ip dhcp pool vlan10 //配置vlan10 DHCP
DHCP(dhcp-config)#network 192.168.10.0 /24 //配置地址池
DHCP(dhcp-config)#default-router 192.168.10.254 //配置网关
DHCP(dhcp-config)#dns-server 8.8.8.8 //配置DNS服务
DHCP(dhcp-config)#exit //退出配置
DHCP(config)#ip dhcp pool vlan20 //配置vlan20 DHCP
DHCP(dhcp-config)#network 192.168.20.0 /24 //配置地址池
DHCP(dhcp-config)#default-router 192.168.20.254 //配置网关
DHCP(dhcp-config)#exit //退出配置
DHCP(config)#ip dhcp pool vlan30 //配置vlan30 DHCP
DHCP(dhcp-config)#network 192.168.30.0 /24 //配置地址池
DHCP(dhcp-config)#default-router 192.168.30.254 //配置网关
DHCP(dhcp-config)#exit //退出配置
3.在三层交换机上配置DHCP中继
SL3(config)#interface vlan 10 //进入vlan10
SL3(config-if)#ip helper-address 192.168.100.1 //配置DHCP中继
SL3(config-if)#exit //退出接口
SL3(config)#interface vlan 20 //进入vlan20
SL3(config-if)#ip helper-address 192.168.100.1 //配置DHCP中继
SL3(config-if)#exit //退出接口
SL3(config)#interface vlan 30 //进入vlan30
SL3(config-if)#ip helper-address 192.168.100.1 //配置DHCP中继
SL3(config-if)#exit //退出接口
SL3(config)#^Z
*Feb 7 14:20:11.333: %SYS-5-CONFIG_I: Configured from console by console
SL3#show running-config interface vlan 20 查看DHCP中继是否配置成功
Building configuration...
Current configuration : 99 bytes
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.100.1
end
SL3#
4.PC拿DHCP发放地址 (这里我们用PC1 其他PC配置相同 在此便不演示了)
PC1(config)#default interface e0/1 //恢复默认接口
Interface Ethernet0/1 set to default configuration
PC1(config)#no ip route 0.0.0.0 0.0.0.0 192.168.10.254 //down掉默认路由
PC1(config)#interface ethernet 0/1 //进入e0/1接口
PC1(config-if)#ip address dhcp //设置地址为DHCP
PC1(config-if)#exit //退出配置
PC1(config)#exit //退回到特权模式
PC1#show ip int br //查看是否拿到IP
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES NVRAM administratively down down
Ethernet0/1 192.168.10.1 YES DHCP up up //成功拿到DHCP地址
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Ethernet1/0 unassigned YES NVRAM administratively down down
Ethernet1/1 unassigned YES NVRAM administratively down down
Ethernet1/2 unassigned YES NVRAM administratively down down
Ethernet1/3 unassigned YES NVRAM administratively down down
Serial2/0 unassigned YES NVRAM administratively down down
Serial2/1 unassigned YES NVRAM administratively down down
Serial2/2 unassigned YES NVRAM administratively down down
Serial2/3 unassigned YES NVRAM administratively down down
Serial3/0 unassigned YES NVRAM administratively down down
Serial3/1 unassigned YES NVRAM administratively down down
Serial3/2 unassigned YES NVRAM administratively down down
Serial3/3 unassigned YES NVRAM administratively down down
PC1#