思科三层交换机如何实现VLAN互访？

思科三层交换机如何实现VLAN互访？

思科三层交换机如何实现VLAN互访？

说明：本文基于思科模拟器配置VLAN，并实现VLAN互访。

一、概述

1.1 基础

三层交换机是具有路由功能的交换机，可以解决VLAN之间的互访。

1.2 问答

a. 如何判断交换机是否具有路由功能？

Switch>en
Switch#config t
Switch(config)#ip ?
 ftp FTP configuration commands
 host Add an entry to the ip hostname table
 local Specify local options
 route Establish static routes
 routing Enable IP routing

列出的命令中有 routing 则表示具有路由功能。VLAN划分了不同的网段，隔离了不同子网。要实现VLAN间的互访（即网络间的互访），则需要路由功能，可通过路由器实现，也可以通过三层交换机实现。下面通过三层交换机实现VLAN的划分与互通。

二、VLAN划分与互访的实现

2.1 网络规划

网络拓扑图如下：

2.2 配置终端PC的IP

（略）

2.3 配置VLAN

Switch>en
Switch#config t
Switch(config)#vlan 20
Switch(config-vlan)#exit
Switch(config)#vlan 30
Switch(config-vlan)#exit
Switch#

2.4 将端口划入VLAN

# fa 0/1 划入 vlan10
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport access Vlan 10
Switch(config-if)#exit
# fa 0/2 划入 vlan10
Switch(config)#interface FastEthernet 0/2
Switch(config-if)#switchport access Vlan 10
Switch(config-if)#exit
# fa 0/11 划入 vlan20
Switch(config)#int fa 0/11
Switch(config-if)#sw access Vlan 20
Switch(config-if)#exit
# fa 0/12 划入 vlan20
Switch(config)#int fa 0/12
Switch(config-if)#sw access vlan 20
Switch(config-if)#exit

2.5 设置VLAN的IP

Switch(config)#int Vlan 10 
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#ip address 192.168.10.1 255.255.255.0
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip addr 192.168.20.1 255.255.255.0
Switch(config-if)#exit

注：到此 192.168.10.1/24 和 192.168.20.1/24 均在内网可以ping通。使用 192.168.10.1/24 的 command prompt 进行ping测试，如下：

C:\>ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.10.1:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 192.168.10.12
Pinging 192.168.10.12 with 32 bytes of data:
Reply from 192.168.10.12: bytes=32 time<1ms TTL=128
Reply from 192.168.10.12: bytes=32 time<1ms TTL=128
Reply from 192.168.10.12: bytes=32 time<1ms TTL=128
Reply from 192.168.10.12: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.10.12:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.20.1:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 192.168.20.11
Pinging 192.168.20.11 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.20.11:
 Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

注意：此时可以ping通VLAN网关，但VLAN间不能互访。

2.6 VLAN互访

开启交换机路由功能:

Switch(config)#ip routing

测试：

C:\>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Reply from 192.168.20.1: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.20.1:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 192.168.20.12
Pinging 192.168.20.12 with 32 bytes of data:
Reply from 192.168.20.12: bytes=32 time<1ms TTL=127
Reply from 192.168.20.12: bytes=32 time=8ms TTL=127
Reply from 192.168.20.12: bytes=32 time<1ms TTL=127
Reply from 192.168.20.12: bytes=32 time<1ms TTL=127
Ping statistics for 192.168.20.12:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 0ms, Maximum = 8ms, Average = 2ms

三、总结

VLAN间的通信通过SVI（switch virtual interface）实现。交换机虚拟接口（Switch Virtual Interface，SVI）代表一个由交换端口构成的VLAN（其实就是通常所说的VLAN接口），以便于实现系统中路由和桥接的功能。一个交换机虚拟接口对应一个VLAN，当需要路由虚拟局域网之间的流量或桥接VLAN之间不可路由的协议，以及提供IP主机到交换机的连接的时候，就需要为相应的虚拟局域网配置相应的交换机虚拟接口，其实SVI就是指通常所说的VLAN接口，只不过它是虚拟的，用于连接整个VLAN，所以通常也把这种接口称为逻辑三层接口，也是三层接口。SVI接口是当在interface vlan全局配置命令后面键入具体的VLAN ID时创建的。

虚拟局域网VLAN（Virtual Local Area Network）。VLAN是一种将局域网设备从逻辑上划分成一个个网段，从而实现虚拟工作组的新兴数据交换技术。一般具有路由功能的交换机才可划分VLAN，即三层交换机。