有一个这样的公司,客户要求对行政部,研发部,财务部和市场部划分四个VLAN分别是VLAN1,VLAN2,VLAN3,VLAN4
拓扑图如下
由上图可知,现在交换机上划分四个VLAN ,每个VLAN的接口地址如上图所示,现将交换机VLAN1接口与路由LAN口相连,各VLAN通过VLAN1上网。
1. 路由上不划分VLAN
1.1. 路由器设置
A添加静态路由
“网络设置”->“静态路由”,添加静态路由如下图所示:
启用静态路由
B为VLAN网络加入NAT上网支持
默认情况下,只有和路由局域网IP在同一网段的机器才能上网。进入“网络设置”->“局域网(LAN)”,在VLAN网络地址栏里添加三层交换上所划分的VLAN网络,如下:
此时,三层交换下的各VLAN网络里的客户机都可以通过路由联入互联网了。
注意
使用这种方法划分VLAN时,客户机的网关地址设置三层交换机上的VLAN接口IP地址。
1.2. 三层交换机设置
这里以华为交换机为例,配置如下:
#
vlan 1
#
vlan 2
#
vlan 3
#
vlan 4
#
interface Vlan-interface1
ip address 172.16.1.1255.255.255.0
#
interface Vlan-interface2
ip address 172.16.2.1255.255.255.0
#
interface Vlan-interface3
ip address 172.16.3.1255.255.255.0
#
interface Vlan-interface4
ip address 172.16.4.1255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
flow-control
#
interface Ethernet0/2
flow-control
#
interface Ethernet0/3
#
interface Ethernet0/4
#
interface Ethernet0/5
#
interface Ethernet0/6
#
interface Ethernet0/7
port access vlan 2
#
interface Ethernet0/8
port access vlan 2
#
interface Ethernet0/9
port access vlan 2
#
interface Ethernet0/10
port access vlan 2
#
interface Ethernet0/11
port access vlan 2
#
interface Ethernet0/12
port access vlan 2
#
interface Ethernet0/13
port access vlan 3
#
interface Ethernet0/14
port access vlan 3
#
interface Ethernet0/15
port access vlan 3
#
interface Ethernet0/16
port access vlan 3
#
interface Ethernet0/17
port access vlan 3
#
interface Ethernet0/18
port access vlan 3
#
interface Ethernet0/19
port access vlan 4
#
interface Ethernet0/20
port access vlan 4
#
interface Ethernet0/21
port access vlan 4
#
interface Ethernet0/22
port access vlan 4
#
interface Ethernet0/23
port access vlan 4
#
interface Ethernet0/24
port access vlan 4
#
interface GigabitEthernet1/1
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 172.16.1.2 preference 60
2. 路由上划分VLAN
有如下网络拓扑图:
某公司的网络拓扑图
中继接口使用 802.11q 封装,允许所有VLAN访问,在这种情况下,交换机上不需要设置默认路由。
路由的LAN口主IP地址为192.168.0.254,并建立了4个逻辑VLAN,和交换机上的VLAN相对应。
DHCP服务器对VLAN-1/2/3/4提供IP分配,每个VLAN获取对应网段的地址,即:
- VLAN-1 下的机器获得 192.168.1.0/255.255.255.0 段的IP
- VLAN-2 下的机器获得 192.168.2.0/255.255.255.0 段的IP
- VLAN-3 下的机器获得 192.168.3.0/255.255.255.0 段的IP
- VLAN-4 下的机器获得 192.168.4.0/255.255.255.0 段的IP
2.1.路由器设置
2.1.1划分vlan
“网络设置”->“VLAN虚拟局域网”,新增VLAN网段,配置如下图所示:
2.2. 交换机设置
H3C 交换机的设置
DIS current
#
sysname SystemTest
#
local-user admin
password simple admin
service-type telnet
level 3
local-user sxy
password simple sxy
service-type telnet
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface100
ip address 192.168.1.1 255.255.255.0
#
interface Vlan-interface200
ip address 192.168.2.1 255.255.255.0
#
interface Vlan-interface300
ip address 192.168.3.1 255.255.255.0
#
interface Vlan-interface400
ip address 192.168.4.1 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
port access vlan 100
#
interface Ethernet1/0/2
port access vlan 100
#
interface Ethernet1/0/3
port access vlan 100
#
interface Ethernet1/0/4
port access vlan 100
#
interface Ethernet1/0/5
port access vlan 100
#
interface Ethernet1/0/6
port access vlan 100
#
interface Ethernet1/0/7
port access vlan 200
#
interface Ethernet1/0/8
port access vlan 200
#
interface Ethernet1/0/9
port access vlan 200
#
interface Ethernet1/0/10
port access vlan 200
#
interface Ethernet1/0/11
port access vlan 200
#
interface Ethernet1/0/12
port access vlan 200
#
interface Ethernet1/0/13
port access vlan 300
#
interface Ethernet1/0/14
port access vlan 300
#
interface Ethernet1/0/15
port access vlan 300
#
interface Ethernet1/0/16
port access vlan 300
#
interface Ethernet1/0/17
port access vlan 300
#
interface Ethernet1/0/18
port access vlan 300
#
interface Ethernet1/0/19
port access vlan 400
#
interface Ethernet1/0/20
port access vlan 400
#
interface Ethernet1/0/21
port access vlan 400
#
interface Ethernet1/0/22
port access vlan 400
#
interface Ethernet1/0/23
port access vlan 400
#
interface Ethernet1/0/24
port link-type trunk
port trunk permit vlan 1 100 200 300 400
支付宝扫一扫
微信扫一扫
.png)
.png)
.png)
