Noriu/Cyber_Security_Notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a73406fcfe
Cyber_Security_Notes/A. 第一阶段/14_VLAN间通信.md
Noriu db8e5d5016 2024年8月29日 08:54:50
2024-08-29 08:54:54 +08:00

3.2 KiB
Raw Blame History

VLAN间通信

一、VLANIF虚接口

  1. 三层交换机是具有网络层路由功能的交换机
  2. VLANIF接口是一种三层虚拟接口可以实现VLAN间的三层互通
  3. VLANIF配置接口IP地址作为VLAN内主机的网关

二、VLANIF虚接口实验

image-20240828194442794

  • 需求

    让所有vlan内的所有pc主机都可以互通

  • 配置步骤

    • 配置PC的IP地址和掩码、网关
    • 交换机SW2/SW3 上创建VLAN配置接口接口加入VLAN
    • 在SW1上创建VLAN并且给VLANIF 虚拟接口配置IP地址

  • 配置命令

    • SW1配置

      [SW1]vlan batch  10 20 30 40
[SW1]port-group group-member g0/0/1 g0/0/2
[SW1-port-group]port  link-type  trunk
[SW1-port-group]port  trunk  allow-pass  vlan all
[SW1-port-group]quit
[SW1]interface vlanif 10
[SW1-vlanif10] ip address  192.168.10.254  24
[SW1-vlanif10]interface vlanif 20
[SW1-vlanif20]ip address  192.168.20.254  24
[SW1-vlanif20]interface vlanif 30
[SW1-vlanif30]ip address  192.168.30.254  24
[SW1-vlanif30]interface vlanif 40
[SW1-vlanif40]ip address  192.168.40.254  24

    • SW2配置

      [SW2]vlan batch  10 20 30 40
[SW2]interface  g0/0/1
[SW2-g0/0/1]port link-type  trunk
[SW2-g0/0/1]port  trunk   allow-pass  vlan  all
[SW2-g0/0/1]interface  g0/0/2
[SW2-g0/0/2]port  link-type access
[SW2-g0/0/2]port  default  vlan 10
[SW2-g0/0/2]interface  g0/0/3
[SW2-g0/0/3]port  link-type access
[SW2-g0/0/3]port  default  vlan 20

    • SW3配置

      [SW3]vlan batch  10 20 30 40
[SW3]interface  g0/0/1
[SW3-g0/0/1]port link-type  trunk
[SW3-g0/0/1]port  trunk   allow-pass  vlan  all
[SW3-g0/0/1]interface  g0/0/2
[SW3-g0/0/2]port  link-type access
[SW3-g0/0/2]port  default  vlan 30
[SW3-g0/0/2]interface  g0/0/3
[SW3-g0/0/3]port  link-type access
[SW3-g0/0/3]port  default  vlan 40

  • 测试与验证

    Vlan10主机192.168.10.1  ping  192.168.20.1
							 192.168.30.1
							 192.168.40.1

三、三层交换连接路由实现全网互通

image-20240828194823206

  • 配置步骤1通过三层交换实现vlan10vlan20vlan30vlan40之间的通信具体命令参考1前一个实验

  • 配置步骤2配置三层交换连接路由器并实现全网互通用

  • 三层交换机配置

    [S3]vlan 50
[S3]interfaceVlanif 50
[S3-Vlanif50]IPaddress 192.168.50.1 24
[S3]interfaceGigabitEthernet 0/0/1
[S3-GigabitEthernet0/0/1]portlink-type access
[S3-GigabitEthernet0/0/1]portdefault vlan 50
[S3]IP route-static 192.168.60.0 24 192.168.50.2

    路由配置

    [R1]interfaceGigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]IPaddress 192.168.60.254 24
[R1]interfaceGigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]IPaddress 192.168.50.2 24
[R1]ip route-static 0.0.0.0 0 192.168.50.1

  • 验证

    192.168.60.1的主机 ping  192.168.10.1
                       192.168.20.1
                       192.168.30.1
                       192.168.40.1