虛擬局域網（VLAN）路由配置手冊

一、虛擬局域網(VLAN)

當前在我們構造企業網絡時所采用的主干網絡技術一般都是基于交換和虛擬網絡的。交換技術將共享介質改為獨占介質,大大提高網絡速度。虛擬網絡技術打破了地理環境的制約,在不改動網絡物理連接的情況下可以任意將工作站在工作組或子網之間移動,工作站組成邏輯工作組或虛擬子網,提高信息系統的運作性能,均衡網絡數據流量,合理利用硬件及信息資源。同時,利用虛擬網絡技術,大大減輕了網絡管理和維護工作的負擔,降低網絡維護費用。隨著虛擬網絡技術的應用，隨之必然產生了在虛擬網間如何通訊的問題．

?

二、交換機間鏈路（ISL）協議

　　ISL(Interior Switching Link)協議用于實現交換機間的VLAN中繼。它是一個信息包標記協議，在支持ISL接口上發送的幀由一個標準以太網幀及相關的VLAN信息組成。如下圖所示，在支持ISL的接口上可以傳送來自不同VLAN的數據。

三、虛擬局域網（VLAN）路由實例

3.1. 例一：

設備選用Catalyst5500交換機1臺，安裝WS-X5530-E3管理引擎，多塊WS-X5225R及WS-X5302路由交換模塊,WS-X5302被直接插入交換機，通過二個通道與系統背板上的VLAN 相連，從用戶角度看認為它是1個1接口的模塊，此接口支持ISL。在交換機內劃有3個虛擬網，分別名為default、qbw、rgw，通過WS-X5302實現虛擬網間路由。

以下加重下橫線部分，如set system name? 5500C為需設置的命令。

? 設置如下：

Catalyst 5500配置：

? begin

set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70

set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70

set prompt Console>

set length 24 default

set logout 20

set banner motd ^C^C

!

#system

set system baud? 9600

set system modem disable

set system name? 5500C

set system location

set system contact?

!

#ip

set interface sc0 1 10.230.4.240 255.255.255.0 10.230.4.255

? set interface sc0 up

set interface sl0 0.0.0.0 0.0.0.0

set interface sl0 up

set arp agingtime 1200

set ip redirect?? enable

set ip unreachable?? enable

set ip fragmentation enable

set ip route 0.0.0.0 10.230.4.15 1

set ip alias default 0.0.0.0

!

#Command alias

!

#vtp

set vtp domain hne

set vtp mode server

set vtp v2 disable

set vtp pruning disable

set vtp pruneeligible 2-1000

clear vtp pruneeligible 1001-1005

set vlan 1 name default type ethernet mtu 1500 said 100001 state active

set vlan 777 name rgw type ethernet mtu 1500 said 100777 state active

set vlan 888 name qbw type ethernet mtu 1500 said 100888 state active

set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active

set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieee

set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active bridge 0x0 stp ibm

set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active parent 0 ring 0x0 mode srb aremaxhop 7 stemaxhop 7

!

#set boot command

set boot config-register 0x102

set boot system flash bootflash:cat5000-sup3.4-3-1a.bin

!

#module 1 : 2-port 1000BaseLX Supervisor

set module name??? 1???

set vlan 1??? 1/1-2

set port enable???? 1/1-2

!

#module 2 : empty

!

#module 3 : 24-port 10/100BaseTX Ethernet

set module name??? 3???

set module enable? 3

set vlan 1??? 3/1-22

set vlan 777? 3/23

set vlan 888? 3/24

set trunk 3/1? on isl 1-1005

#module 4 empty

!

#module 5 empty

!

#module 6 : 1-port Route Switch

set module name??? 6???

set port level????? 6/1? normal

set port trap?????? 6/1? disable

set port name?????? 6/1

set cdp enable?? 6/1

set cdp interval 6/1 60

set trunk 6/1? on isl 1-1005

!

#module 7 : 24-port 10/100BaseTX Ethernet

set module name??? 7???

set module enable? 7

set vlan 1??? 7/1-22

set vlan 888? 7/23-24

set trunk 7/1 on isl 1-1005

set trunk 7/2 on isl 1-1005

!

#module 8 empty

!

#module 9 empty

!

#module 10 : 12-port 100BaseFX MM Ethernet

set module name??? 10??

set module enable? 10

set vlan 1??? 10/1-12

set port channel 10/1-4 off

set port channel 10/5-8 off

set port channel 10/9-12 off

set port channel 10/1-2 on

set port channel 10/3-4 on

set port channel 10/5-6 on

set port channel 10/7-8 on

set port channel 10/9-10 on

set port channel 10/11-12 on

#module 11 empty

!

#module 12 empty

!

#module 13 empty

!

#switch port analyzer

!set span 1 1/1 both inpkts disable

set span disable

!

#cam

set cam agingtime 1-2,777,888,1003,1005 300

end

5500C> (enable)

? WS-X5302路由模塊設置：

? Router#wri t

Building configuration...

? Current configuration:

!

version 11.2

no service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname Router

!

enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6.

!

ip subnet-zero

!

interface Vlan1

?ip address 10.230.2.56 255.255.255.0

!

interface Vlan777

?ip address 10.230.3.56 255.255.255.0

!

interface Vlan888

?ip address 10.230.4.56 255.255.255.0

!

no ip classless

!

line con 0

line aux 0

line vty 0 4

?password router

?login

!

end

? Router#

? 3.1. 例二：

交換設備仍選用Catalyst5500交換機1臺，安裝WS-X5530-E3管理引擎，多塊WS-X5225R在交換機內劃有3個虛擬網，分別名為default、qbw、rgw，通過Cisco3640路由器實現虛擬網間路由。交換機設置與例一類似。

路由器Cisco3640，配有一塊NM-1FE-TX模塊，此模塊帶有一個快速以太網接口可以支持ISL。Cisco3640快速以太網接口與交換機上的某一支持ISL的端口實現連接，如交換機第3槽第1個接口（3/1口）。

? Router#wri t

Building configuration...?

Current configuration:

!

version 11.2

no service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname Router

!

enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6.

!

ip subnet-zero

!

interface FastEthernet1/0

!

interface FastEthernet1/0.1

?encapsulation isl 1

?ip address 10.230.2.56 255.255.255.0

!

interface FastEthernet1/0.2

encapsulation isl 777

?ip address 10.230.3.56 255.255.255.0

!

interface FastEthernet1/0.3

?encapsulation isl 888

?ip address 10.230.4.56 255.255.255.0

!

no ip classless

!

line con 0

line aux 0

line vty 0 4

?password router

?login

!

end

? Router#