Cyber_Security_Notes/A. 第一阶段/14_VLAN间通信.md

# VLAN间通信

### 一、VLANIF虚接口

1. 三层交换机是具有网络层路由功能的交换机
2. VLANIF接口是一种三层虚拟接口，可以实现VLAN间的三层互通
3. VLANIF配置接口IP地址，作为VLAN内主机的网关

### 二、VLANIF虚接口实验

![image-20240828194442794](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240828194442794.png)

- **需求**

  > 让所有vlan内的所有pc主机都可以互通

- **配置步骤**

  - 配置PC的IP地址和掩码、网关
  - 交换机SW2/SW3 上创建VLAN，配置接口接口加入VLAN
  - 在SW1上创建VLAN，并且给VLANIF 虚拟接口配置IP地址

- **配置命令**

  - SW1配置

    ```
    [SW1]vlan batch  10 20 30 40
    [SW1]port-group group-member g0/0/1 g0/0/2
    [SW1-port-group]port  link-type  trunk
    [SW1-port-group]port  trunk  allow-pass  vlan all
    [SW1-port-group]quit
    [SW1]interface vlanif 10
    [SW1-vlanif10] ip address  192.168.10.254  24
    [SW1-vlanif10]interface vlanif 20
    [SW1-vlanif20]ip address  192.168.20.254  24
    [SW1-vlanif20]interface vlanif 30
    [SW1-vlanif30]ip address  192.168.30.254  24
    [SW1-vlanif30]interface vlanif 40
    [SW1-vlanif40]ip address  192.168.40.254  24
    ```

  - SW2配置

    ```
    [SW2]vlan batch  10 20 30 40
    [SW2]interface  g0/0/1
    [SW2-g0/0/1]port link-type  trunk
    [SW2-g0/0/1]port  trunk   allow-pass  vlan  all
    [SW2-g0/0/1]interface  g0/0/2
    [SW2-g0/0/2]port  link-type access
    [SW2-g0/0/2]port  default  vlan 10
    [SW2-g0/0/2]interface  g0/0/3
    [SW2-g0/0/3]port  link-type access
    [SW2-g0/0/3]port  default  vlan 20
    ```

  - SW3配置

    ```
    [SW3]vlan batch  10 20 30 40
    [SW3]interface  g0/0/1
    [SW3-g0/0/1]port link-type  trunk
    [SW3-g0/0/1]port  trunk   allow-pass  vlan  all
    [SW3-g0/0/1]interface  g0/0/2
    [SW3-g0/0/2]port  link-type access
    [SW3-g0/0/2]port  default  vlan 30
    [SW3-g0/0/2]interface  g0/0/3
    [SW3-g0/0/3]port  link-type access
    [SW3-g0/0/3]port  default  vlan 40
    ```

- 测试与验证

  ```
  Vlan10主机192.168.10.1  ping  192.168.20.1
  							 192.168.30.1
  							 192.168.40.1
  ```

### 三、三层交换连接路由实现全网互通

![image-20240828194823206](https://picgo-noriu.oss-cn-beijing.aliyuncs.com/Images/image-20240828194823206.png)

- 配置步骤1：通过三层交换实现vlan10，vlan20，vlan30，vlan40之间的通信（具体命令参考1前一个实验）

- 配置步骤2：配置三层交换连接路由器并实现全网互通用

- 三层交换机配置

  ```
  [S3]vlan 50
  [S3]interfaceVlanif 50
  [S3-Vlanif50]IPaddress 192.168.50.1 24
  [S3]interfaceGigabitEthernet 0/0/1
  [S3-GigabitEthernet0/0/1]portlink-type access
  [S3-GigabitEthernet0/0/1]portdefault vlan 50
  [S3]IP route-static 192.168.60.0 24 192.168.50.2
  ```

  路由配置

  ```
  [R1]interfaceGigabitEthernet 0/0/0
  [R1-GigabitEthernet0/0/0]IPaddress 192.168.60.254 24
  [R1]interfaceGigabitEthernet 0/0/1
  [R1-GigabitEthernet0/0/1]IPaddress 192.168.50.2 24
  [R1]ip route-static 0.0.0.0 0 192.168.50.1
  ```

- 验证

  ```
  192.168.60.1的主机 ping  192.168.10.1
                         192.168.20.1
                         192.168.30.1
                         192.168.40.1
  ```