close

Switch切完VLAN後使得每個VLAN無法相互連線,若想要在每個VLAN的設備還可以相互連線還需要用使用到Router做路由的動作,因每個VLAN都屬於不同的網段,所以在Router上就需要分割子介面,才可讓所有的VLAN可以相互連線囉!

vlan route.png

vlan 10 網段為 192.168.10.0/24
vlan 20 網段為 192.168.20.0/24
vlan 30 網段為 192.168.30.0/24
vlan 40 網段為 192.168.40.0/24
router  網段為 192.168.100.0/24

新增子介面

Router(config)#interface fastEthernet 0/0.10                      #在fastEthernet 0/0介面新增號碼10之子介面(子介面的號碼不需和VLAN ID相同)
%LINK-5-CHANGED: Interface FastEthernet0/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.10, changed state to up
Router(config-subif)#encapsulation dot1Q 10                       #使用802.1q協定並加上Vlan 10標籤
Router(config-subif)#ip address 192.168.10.254 255.255.255.0      #設定IP及MASK
Router(config-subif)#no shutdown                                  #啟動子介面
Router(config-subif)#end                                          #切換回enable模式
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip interface brief                                    #查看介面狀態
Interface              IP-Address      OK? Method Status                Protocol
 
FastEthernet0/0        192.168.100.254 YES manual up                    up
 
FastEthernet0/0.10     192.168.10.254  YES manual up                    up     #新增的子介面已建立起來了
 
FastEthernet0/1        unassigned      YES unset  administratively down down
 
Vlan1                  unassigned      YES unset  administratively down down

Router#configure terminal                                        #進入全域模式
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface fastEthernet 0/0.20                     #在fastEthernet 0/0介面新增號碼20之子介面
%LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state to up

Router(config-subif)#encapsulation dot1Q 20                      #使用802.1q協定並加上Vlan 20標籤
Router(config-subif)#ip address 192.168.20.254 255.255.255.0
Router(config-subif)#no shutdown 
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.30
%LINK-5-CHANGED: Interface FastEthernet0/0.30, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.30, changed state to up

Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip address 192.168.30.254 255.255.255.0
Router(config-subif)#no shutdown 
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.40
%LINK-5-CHANGED: Interface FastEthernet0/0.40, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.40, changed state to up

Router(config-subif)#encapsulation dot1Q 40
Router(config-subif)#ip address 192.168.40.254 255.255.255.0
Router(config-subif)#no shutdown 
Router(config-subif)#end                                          #切換回enable模式
%SYS-5-CONFIG_I: Configured from console by console

Router#show ip interface brief 
Interface              IP-Address      OK? Method Status                Protocol
 
FastEthernet0/0        192.168.100.254 YES manual up                    up
 
FastEthernet0/0.10     192.168.10.254  YES manual up                    up
 
FastEthernet0/0.20     192.168.20.254  YES manual up                    up
 
FastEthernet0/0.30     192.168.30.254  YES manual up                    up
 
FastEthernet0/0.40     192.168.40.254  YES manual up                    up      #子介面及IP均設定完成
 
FastEthernet0/1        unassigned      YES unset  administratively down down
 
Vlan1                  unassigned      YES unset  administratively down down

測試連線狀態

C:\>ipconfig                                          #查看本機IP

FastEthernet0 Connection:(default port)

   Link-local IPv6 Address.........: FE80::201:63FF:FE66:9E5A
   IP Address......................: 192.168.10.1
   Subnet Mask.....................: 255.255.255.0
   Default Gateway.................: 192.168.10.254

C:\>ping 192.168.20.1                               #與VLAN 20做連線測試

Pinging 192.168.20.1 with 32 bytes of data:

Reply from 192.168.20.1: bytes=32 time=0ms TTL=127
Reply from 192.168.20.1: bytes=32 time=0ms TTL=127
Reply from 192.168.20.1: bytes=32 time=0ms TTL=127
Reply from 192.168.20.1: bytes=32 time=1ms TTL=127

Ping statistics for 192.168.20.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\>ping 192.168.30.1                              #與VLAN 30做連線測試

Pinging 192.168.30.1 with 32 bytes of data:

Reply from 192.168.30.1: bytes=32 time=0ms TTL=127
Reply from 192.168.30.1: bytes=32 time=0ms TTL=127
Reply from 192.168.30.1: bytes=32 time=0ms TTL=127
Reply from 192.168.30.1: bytes=32 time=1ms TTL=127

Ping statistics for 192.168.30.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\>ping 192.168.40.1                             #與VLAN 40做連線測試

Pinging 192.168.40.1 with 32 bytes of data:

Reply from 192.168.40.1: bytes=32 time=0ms TTL=127
Reply from 192.168.40.1: bytes=32 time=0ms TTL=127
Reply from 192.168.40.1: bytes=32 time=0ms TTL=127
Reply from 192.168.40.1: bytes=32 time=1ms TTL=127

Ping statistics for 192.168.40.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

觀念補充1:    每一個VLAN都是屬於一個Broadcast domain,也就是說不同VLAN彼此屬於不同網段
觀念補充2:    對L2 Switch而言, 同網段的IP可以自己送,但是不同網段必須要透過Router來轉送
觀念補充3:    VLAN 1預設的情況下屬於Native VLAN,,也就是說,VLAN 1在預設的情況下是不帶Tag的,而不帶Tag的VLAN可以直接透過實體介面來轉送, 如fa0/0
觀念補充4:    Trunk上可以同時傳送不同VLAN的資訊
觀念補充5:    encapsulation doc1Q vlan-ID指令是用來為sub-interface加上識別VLAN ID所使用的Tag
觀念補充6:    所有不同網段的目的位址, 需要透過同網段位址來詢問,因此Router上需要針對不同VLAN切出sub-interface,以便轉換不同VLAN(網段)間的位址
觀念補充7:    一個完整的ICMP(ping)包含兩個部份, Request跟Ack, 也就是說,在終端網路裝置上必須設定gateway位置,才能夠將接收來自不同網段的ICMP封包送回去

arrow
arrow
    文章標籤
    cisco ccna sub-interface
    全站熱搜
    創作者介紹
    創作者 小必 的頭像
    小必

    David Liao's Blog

    小必 發表在 痞客邦 留言(0) 人氣()