Switch切完VLAN後使得每個VLAN無法相互連線,若想要在每個VLAN的設備還可以相互連線還需要用使用到Router做路由的動作,因每個VLAN都屬於不同的網段,所以在Router上就需要分割子介面,才可讓所有的VLAN可以相互連線囉!
vlan 10 網段為 192.168.10.0/24
vlan 20 網段為 192.168.20.0/24
vlan 30 網段為 192.168.30.0/24
vlan 40 網段為 192.168.40.0/24
router 網段為 192.168.100.0/24
新增子介面
Router(config)#interface fastEthernet 0/0.10 #在fastEthernet 0/0介面新增號碼10之子介面(子介面的號碼不需和VLAN ID相同) %LINK-5-CHANGED: Interface FastEthernet0/0.10, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.10, changed state to up Router(config-subif)#encapsulation dot1Q 10 #使用802.1q協定並加上Vlan 10標籤 Router(config-subif)#ip address 192.168.10.254 255.255.255.0 #設定IP及MASK Router(config-subif)#no shutdown #啟動子介面 Router(config-subif)#end #切換回enable模式 %SYS-5-CONFIG_I: Configured from console by console Router#show ip interface brief #查看介面狀態 Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.100.254 YES manual up up FastEthernet0/0.10 192.168.10.254 YES manual up up #新增的子介面已建立起來了 FastEthernet0/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down Router#configure terminal #進入全域模式 Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface fastEthernet 0/0.20 #在fastEthernet 0/0介面新增號碼20之子介面 %LINK-5-CHANGED: Interface FastEthernet0/0.20, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.20, changed state to up Router(config-subif)#encapsulation dot1Q 20 #使用802.1q協定並加上Vlan 20標籤 Router(config-subif)#ip address 192.168.20.254 255.255.255.0 Router(config-subif)#no shutdown Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.30 %LINK-5-CHANGED: Interface FastEthernet0/0.30, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.30, changed state to up Router(config-subif)#encapsulation dot1Q 30 Router(config-subif)#ip address 192.168.30.254 255.255.255.0 Router(config-subif)#no shutdown Router(config-subif)#exit Router(config)#interface fastEthernet 0/0.40 %LINK-5-CHANGED: Interface FastEthernet0/0.40, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0.40, changed state to up Router(config-subif)#encapsulation dot1Q 40 Router(config-subif)#ip address 192.168.40.254 255.255.255.0 Router(config-subif)#no shutdown Router(config-subif)#end #切換回enable模式 %SYS-5-CONFIG_I: Configured from console by console Router#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.100.254 YES manual up up FastEthernet0/0.10 192.168.10.254 YES manual up up FastEthernet0/0.20 192.168.20.254 YES manual up up FastEthernet0/0.30 192.168.30.254 YES manual up up FastEthernet0/0.40 192.168.40.254 YES manual up up #子介面及IP均設定完成 FastEthernet0/1 unassigned YES unset administratively down down Vlan1 unassigned YES unset administratively down down
測試連線狀態
C:\>ipconfig #查看本機IP FastEthernet0 Connection:(default port) Link-local IPv6 Address.........: FE80::201:63FF:FE66:9E5A IP Address......................: 192.168.10.1 Subnet Mask.....................: 255.255.255.0 Default Gateway.................: 192.168.10.254 C:\>ping 192.168.20.1 #與VLAN 20做連線測試 Pinging 192.168.20.1 with 32 bytes of data: Reply from 192.168.20.1: bytes=32 time=0ms TTL=127 Reply from 192.168.20.1: bytes=32 time=0ms TTL=127 Reply from 192.168.20.1: bytes=32 time=0ms TTL=127 Reply from 192.168.20.1: bytes=32 time=1ms TTL=127 Ping statistics for 192.168.20.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms C:\>ping 192.168.30.1 #與VLAN 30做連線測試 Pinging 192.168.30.1 with 32 bytes of data: Reply from 192.168.30.1: bytes=32 time=0ms TTL=127 Reply from 192.168.30.1: bytes=32 time=0ms TTL=127 Reply from 192.168.30.1: bytes=32 time=0ms TTL=127 Reply from 192.168.30.1: bytes=32 time=1ms TTL=127 Ping statistics for 192.168.30.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms C:\>ping 192.168.40.1 #與VLAN 40做連線測試 Pinging 192.168.40.1 with 32 bytes of data: Reply from 192.168.40.1: bytes=32 time=0ms TTL=127 Reply from 192.168.40.1: bytes=32 time=0ms TTL=127 Reply from 192.168.40.1: bytes=32 time=0ms TTL=127 Reply from 192.168.40.1: bytes=32 time=1ms TTL=127 Ping statistics for 192.168.40.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
觀念補充1: 每一個VLAN都是屬於一個Broadcast domain,也就是說不同VLAN彼此屬於不同網段
觀念補充2: 對L2 Switch而言, 同網段的IP可以自己送,但是不同網段必須要透過Router來轉送
觀念補充3: VLAN 1預設的情況下屬於Native VLAN,,也就是說,VLAN 1在預設的情況下是不帶Tag的,而不帶Tag的VLAN可以直接透過實體介面來轉送, 如fa0/0
觀念補充4: Trunk上可以同時傳送不同VLAN的資訊
觀念補充5: encapsulation doc1Q vlan-ID指令是用來為sub-interface加上識別VLAN ID所使用的Tag
觀念補充6: 所有不同網段的目的位址, 需要透過同網段位址來詢問,因此Router上需要針對不同VLAN切出sub-interface,以便轉換不同VLAN(網段)間的位址
觀念補充7: 一個完整的ICMP(ping)包含兩個部份, Request跟Ack, 也就是說,在終端網路裝置上必須設定gateway位置,才能夠將接收來自不同網段的ICMP封包送回去
留言列表