单臂路由及三层交换机实现不同vlan通信(华为eNSP）

单臂路由

单臂路由（router-on-a-stick）是指在路由器的一个接口上通过配置子接口（或“逻辑接口”，并不存在真正物理接口）的方式，实现原来相互隔离的不同VLAN（虚拟局域网）之间的互联互通。

链路类型：链接主机的端口为access链路，链接路由器的端口为Trunk链路

子接口：路由器的物理接口可以被划分为多个逻辑接口，每个子接口对应一个VLAN网段的网关

拓扑如图所示（所有均由华为设备演示）：

pc1地址为192.168.1.100/24   pc2地址为192.168.2.200/24

交换机配置

system-view 
[Huawei]vlan batch 10 20 
Info: This operation may take a few seconds. Please wait for a moment...done.

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-t  access 
[Huawei-Ethernet0/0/1]port default vlan 10

[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access 
[Huawei-Ethernet0/0/2]port default vlan 20
[Huawei-Ethernet0/0/2]q
[Huawei]

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20

路由器配置

system-view 
Enter system view, return user view with Ctrl+Z.

[Huawei]interface GigabitEthernet0/0/1.1
[Huawei-GigabitEthernet0/0/1.1]dot1q termination vid 10
[Huawei-GigabitEthernet0/0/1.1]ip address 192.168.1.1 24
[Huawei-GigabitEthernet0/0/1.1]arp broadcast enable  //开启ARP广播


[Huawei]interface GigabitEthernet0/0/1.2
[Huawei-GigabitEthernet0/0/1.2]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/1.2]ip address 192.168.2.1 24 
[Huawei-GigabitEthernet0/0/1.2]arp broadcast  enable 

注：这里需要在路由器的子接口开启ARP地址广播 否则不能ping通 会报request timeout 请求超时错误

测试：

PC>ping 192.168.2.200

Ping 192.168.2.200: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.2.200: bytes=32 seq=2 ttl=127 time=78 ms
From 192.168.2.200: bytes=32 seq=3 ttl=127 time=94 ms
From 192.168.2.200: bytes=32 seq=4 ttl=127 time=78 ms
From 192.168.2.200: bytes=32 seq=5 ttl=127 time=78 ms

--- 192.168.2.200 ping statistics ---
  5 packet(s) transmitted
  4 packet(s) received
  20.00% packet loss
  round-trip min/avg/max = 0/82/94 ms

三层交换机

引入三层交换机的原因是因为单臂路由容易形成网络瓶颈，子接口依赖于物理接口，应用也非常不灵活

原理是二层进行交换三层负责转发，二层交换是基于MAC寻址，三层交换则是转发基于第三层地址的业务流；除了必要的路由决定过程外，大部分数据转发过程由二层交换处理，提高了数据包转发的效率。

在企业网和教学网中，一般会将三层交换机用在网络的核心层，用三层交换机上的千兆端口或百兆端口连接不同的子网或VLAN。不过三层交换机出现最重要的目的是加快大型局域网内部的数据交换，所具备的路由功能也多是围绕这一目的而展开的，所以在安全、协议支持等方面还有许多欠缺，并不能完全取代路由器工作。

拓扑如图所示：

pc主机地址如图所示

配置vlan

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 2 3 

[Huawei-GigabitEthernet0/0/1]port link-type access 
[Huawei-port-group-default]port default vlan 1
	
[Huawei]int GigabitEthernet 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access 
[Huawei-GigabitEthernet0/0/2]port default vlan 2

[Huawei-GigabitEthernet0/0/2]int g0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access 
[Huawei-GigabitEthernet0/0/3]port default vlan 3

配置vlan网关 实现通信

[Huawei]int Vlanif 1
[Huawei-Vlanif1]ip address 192.168.1.254 24 

[Huawei-Vlanif1]int vlanif 2
[Huawei-Vlanif2]ip add 192.168.2.254 24 

[Huawei-Vlanif2]int vlanif 3
[Huawei-Vlanif3]ip add 192.168.3.254 24 

测试：

PC>ping 192.168.2.20

Ping 192.168.2.20: 32 data bytes, Press Ctrl_C to break
From 192.168.2.20: bytes=32 seq=1 ttl=127 time=47 ms
From 192.168.2.20: bytes=32 seq=2 ttl=127 time=47 ms
...

PC>ping 192.168.3.30

Ping 192.168.3.30: 32 data bytes, Press Ctrl_C to break
From 192.168.3.30: bytes=32 seq=1 ttl=127 time=63 ms
From 192.168.3.30: bytes=32 seq=2 ttl=127 time=47 ms
...

多台交换机不同vlan实现通信

拓扑如图所示：

 vlan及pc地址如图所示

交换机LSW6配置

system-view 
Enter system view, return user view with Ctrl+Z.

[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type  access 
[Huawei-Ethernet0/0/1]port default vlan 1 
[Huawei-Ethernet0/0/1]q
[Huawei]vlan 2
[Huawei-vlan2]vlan 3
[Huawei-vlan3]q

[Huawei]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access 
[Huawei-Ethernet0/0/2]port default vlan 2

[Huawei-Ethernet0/0/2]int e0/0/3c	
[Huawei-Ethernet0/0/3]port link-type access 
[Huawei-Ethernet0/0/3]port default vlan 3

[Huawei-Ethernet0/0/3]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all 

交换机LSW7配置

system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan 4
[Huawei-vlan4]vlan 5

[Huawei-vlan5]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access 
[Huawei-Ethernet0/0/1]port default vlan 4

[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access 
[Huawei-port-group-e0/0/2]port default vlan 5

[Huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk 
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all

三层交换机LSW8配置

The device is running!
system-view 
Enter system view, return user view with Ctrl+Z.

[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk 
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[Huawei]vlan batch 1 to 5
[Huawei]int Vlanif 1
[Huawei-Vlanif1]ip add 192.168.1.254 24
[Huawei-Vlanif1]int vlanif 2
[Huawei-Vlanif2]ip add 192.168.2.254 24
[Huawei-Vlanif2]int vlanif 3
[Huawei-Vlanif3]ip add 192.168.3.254 24
[Huawei-Vlanif3]int vlanif 4
[Huawei-Vlanif4]ip add 192.168.4.254 24
[Huawei-Vlanif4]int vlanif 5
[Huawei-Vlanif5]ip add 192.168.5.254 24

测试

C>ping 192.168.2.20

Ping 192.168.2.20: 32 data bytes, Press Ctrl_C to break
From 192.168.2.20: bytes=32 seq=1 ttl=127 time=125 ms
From 192.168.2.20: bytes=32 seq=2 ttl=127 time=78 ms
...
PC>ping 192.168.5.50

Ping 192.168.5.50: 32 data bytes, Press Ctrl_C to break
From 192.168.5.50: bytes=32 seq=1 ttl=127 time=93 ms
From 192.168.5.50: bytes=32 seq=2 ttl=127 time=94 ms
...

 三层交换机和路由器的配置

拓扑如图所示：

 在上一个拓扑的基础上添加了路由器和主机

交换机LSW6和LSW7配置如上，这里略过。交换机LSW8 的GE 0/0/1 和 GE0/0/2 接口的配置同上，略过

主机pc13的IP地址如图所示

配置LSW8的新接口GE 0/0/3 

[Huawei]vlan 6

[Huawei]int g0/0/3
[Huawei -GigabitEthernet0/0/3]port link-type access
[Huawei -GigabitEthernet0/0/3]port default vlan 6

[Huawei]int Vlanif 6
[Huawei-Vlanif6]ip add 192.168.6.254 24

[Huawei]ip route-static 192.168.7.70 255.255.255.0 192.168.6.1

配置路由器AR2

[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.6.1 24
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.7.254 24
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.6.254
[Huawei]dis ip ro
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 11       Routes : 11       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        0.0.0.0/0   Static  60   0          RD   192.168.6.254   GigabitEthernet
0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
    192.168.6.0/24  Direct  0    0           D   192.168.6.1     GigabitEthernet
0/0/0
    192.168.6.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
  192.168.6.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
    192.168.7.70/24  Direct  0    0           D   192.168.7.254   GigabitEthernet
0/0/1
  192.168.7.254/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
  192.168.7.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

测试 看能否互相ping通

C>ping 192.168.7.70     //在主机3.30上

Ping 192.168.2.20: 32 data bytes, Press Ctrl_C to break
From 192.168.2.20: bytes=32 seq=1 ttl=127 time=125 ms
From 192.168.2.20: bytes=32 seq=2 ttl=127 time=78 ms
...
PC>ping 192.168.3.30    //在主机7.70上

Ping 192.168.5.50: 32 data bytes, Press Ctrl_C to break
From 192.168.5.50: bytes=32 seq=1 ttl=127 time=93 ms
From 192.168.5.50: bytes=32 seq=2 ttl=127 time=94 ms
...

PC>ping 192.168.5.50

Ping 192.168.5.50: 32 data bytes, Press Ctrl_C to break
From 192.168.5.50: bytes=32 seq=1 ttl=127 time=90 ms
From 192.168.5.50: bytes=32 seq=2 ttl=127 time=78 ms
...