实验原理:
VLANIF接口是一种第三层的逻辑接口,用于在第三层实现不同VLAN 之间的通信。
每个VALN有一个VLANIF接口,并通过该接口在网络层转发 VLAN通信。由于每个VLAN是一个广播域,每个 VLAN 可以被看作是一个 IP 网段,因此可以把 VLANIF 接口当作该VLAN的网关,通过在VLANIF 接口上配置IP地址,并允许其基于IP地址进行第三层分组转发,就可以实现VLAN之间在第三层上的互相通信。
案例:
设备配置
LSW1的配置
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sysname LSW1 [LSW1]vlan batch 10 30 Info: This operation may take a few seconds. Please wait for a moment...done. [LSW1] Sep 17 2023 11:07:12-08:00 LSW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2 5.191.3.1 configurations have been changed. The current change number is 5, the change loop count is 0, and the maximum number of records is 4095. [LSW1]undo info-center enable Info: Information center is disabled. [LSW1]port-group pvlan10 [LSW1-port-group-pvlan10]group-member g0/0/9 to g0/0/12 [LSW1-port-group-pvlan10]port link-type access [LSW1-GigabitEthernet0/0/9]port link-type access [LSW1-GigabitEthernet0/0/10]port link-type access [LSW1-GigabitEthernet0/0/11]port link-type access [LSW1-GigabitEthernet0/0/12]port link-type access [LSW1-port-group-pvlan10]port default vlan 10 [LSW1-GigabitEthernet0/0/9]port default vlan 10 [LSW1-GigabitEthernet0/0/10]port default vlan 10 [LSW1-GigabitEthernet0/0/11]port default vlan 10 [LSW1-GigabitEthernet0/0/12]port default vlan 10 [LSW1-port-group-pvlan10]q [LSW1]port-group pvlan30 [LSW1-port-group-pvlan30]group-member g0/0/13 to g0/0/16 [LSW1-port-group-pvlan30]port link-type access [LSW1-GigabitEthernet0/0/13]port link-type access [LSW1-GigabitEthernet0/0/14]port link-type access [LSW1-GigabitEthernet0/0/15]port link-type access [LSW1-GigabitEthernet0/0/16]port link-type access [LSW1-port-group-pvlan30]port default vlan 30 [LSW1-GigabitEthernet0/0/13]port default vlan 30 [LSW1-GigabitEthernet0/0/14]port default vlan 30 [LSW1-GigabitEthernet0/0/15]port default vlan 30 [LSW1-GigabitEthernet0/0/16]port default vlan 30 [LSW1-port-group-pvlan30]qu [LSW1]interface g0/0/24 [LSW1-GigabitEthernet0/0/24]port link-type trunk [LSW1-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 30 [LSW1-GigabitEthernet0/0/24]qu [LSW1]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/1(D) GE0/0/2(D) GE0/0/3(D) GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(U) 10 common UT:GE0/0/9(U) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) TG:GE0/0/24(U) 30 common UT:GE0/0/13(U) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) TG:GE0/0/24(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 10 enable default enable disable VLAN 0010 30 enable default enable disable VLAN 0030 [LSW1]display IP routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 2 Routes : 2 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
LSW2也是相同的配置
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]sysname LSW2 [LSW2] Sep 17 2023 11:14:23-08:00 LSW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.2 5.191.3.1 configurations have been changed. The current change number is 4, the change loop count is 0, and the maximum number of records is 4095. [LSW2]undo info-center enable Info: Information center is disabled. [LSW2]vlan batch 10 30 Info: This operation may take a few seconds. Please wait for a moment...done. [LSW2]port-group pvlan10 [LSW2-port-group-pvlan10]group-member g0/0/9 to g0/0/12 [LSW2-port-group-pvlan10]port link-type access [LSW2-GigabitEthernet0/0/9]port link-type access [LSW2-GigabitEthernet0/0/10]port link-type access [LSW2-GigabitEthernet0/0/11]port link-type access [LSW2-GigabitEthernet0/0/12]port link-type access [LSW2-port-group-pvlan10]port default vlan 10 [LSW2-GigabitEthernet0/0/9]port default vlan 10 [LSW2-GigabitEthernet0/0/10]port default vlan 10 [LSW2-GigabitEthernet0/0/11]port default vlan 10 [LSW2-GigabitEthernet0/0/12]port default vlan 10 [LSW2-port-group-pvlan10]qu [LSW2]port-group pvlan30 [LSW2-port-group-pvlan30]group-member g0/0/13 to g0/0/16 [LSW2-port-group-pvlan30]port link-type access [LSW2-GigabitEthernet0/0/13]port link-type access [LSW2-GigabitEthernet0/0/14]port link-type access [LSW2-GigabitEthernet0/0/15]port link-type access [LSW2-GigabitEthernet0/0/16]port link-type access [LSW2-port-group-pvlan30]port default vlan 30 [LSW2-GigabitEthernet0/0/13]port default vlan 30 [LSW2-GigabitEthernet0/0/14]port default vlan 30 [LSW2-GigabitEthernet0/0/15]port default vlan 30 [LSW2-GigabitEthernet0/0/16]port default vlan 30 [LSW2-port-group-pvlan30]qu [LSW2]interface g0/0/24 [LSW2-GigabitEthernet0/0/24]port link-type trunk [LSW2-GigabitEthernet0/0/24]port trunk allow-pass vlan 10 30 [LSW2-GigabitEthernet0/0/24]qu [LSW2]display vlan The total number of vlans is : 3 -------------------------------------------------------------------------------- U: Up; D: Down; TG: Tagged; UT: Untagged; MP: Vlan-mapping; ST: Vlan-stacking; #: ProtocolTransparent-vlan; *: Management-vlan; -------------------------------------------------------------------------------- VID Type Ports -------------------------------------------------------------------------------- 1 common UT:GE0/0/1(D) GE0/0/2(D) GE0/0/3(D) GE0/0/4(D) GE0/0/5(D) GE0/0/6(D) GE0/0/7(D) GE0/0/8(D) GE0/0/17(D) GE0/0/18(D) GE0/0/19(D) GE0/0/20(D) GE0/0/21(D) GE0/0/22(D) GE0/0/23(D) GE0/0/24(U) 10 common UT:GE0/0/9(U) GE0/0/10(D) GE0/0/11(D) GE0/0/12(D) TG:GE0/0/24(U) 30 common UT:GE0/0/13(U) GE0/0/14(D) GE0/0/15(D) GE0/0/16(D) TG:GE0/0/24(U) VID Status Property MAC-LRN Statistics Description -------------------------------------------------------------------------------- 1 enable default enable disable VLAN 0001 10 enable default enable disable VLAN 0010 30 enable default enable disable VLAN 0030 [LSW2]display IP routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 2 Routes : 2 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [LSW2]
在PC-10-1命令窗口中输入以下命令,测试是否能与PC-10-2和PC-30-2通信
PC>ping 192.168.10.12 Ping 192.168.10.12: 32 data bytes, Press Ctrl_C to break From 192.168.10.12: bytes=32 seq=1 ttl=128 time=78 ms From 192.168.10.12: bytes=32 seq=2 ttl=128 time=93 ms From 192.168.10.12: bytes=32 seq=3 ttl=128 time=125 ms From 192.168.10.12: bytes=32 seq=4 ttl=128 time=94 ms From 192.168.10.12: bytes=32 seq=5 ttl=128 time=110 ms --- 192.168.10.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 78/100/125 ms PC>ping 192.168.30.12 Ping 192.168.30.12: 32 data bytes, Press Ctrl_C to break From 192.168.10.11: Destination host unreachable From 192.168.10.11: Destination host unreachable From 192.168.10.11: Destination host unreachable From 192.168.10.11: Destination host unreachable From 192.168.10.11: Destination host unreachable --- 192.168.10.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
在PC-30-1命令窗口中输入以下命令,测试是否能与PC-30-2和PC-10-2通信
PC>ping 192.168.30.12 Ping 192.168.30.12: 32 data bytes, Press Ctrl_C to break From 192.168.30.12: bytes=32 seq=1 ttl=128 time=47 ms From 192.168.30.12: bytes=32 seq=2 ttl=128 time=78 ms From 192.168.30.12: bytes=32 seq=3 ttl=128 time=78 ms From 192.168.30.12: bytes=32 seq=4 ttl=128 time=62 ms From 192.168.30.12: bytes=32 seq=5 ttl=128 time=109 ms --- 192.168.30.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 47/74/109 ms PC>ping 192.168.10.12 Ping 192.168.10.12: 32 data bytes, Press Ctrl_C to break From 192.168.30.11: Destination host unreachable From 192.168.30.11: Destination host unreachable From 192.168.30.11: Destination host unreachable From 192.168.30.11: Destination host unreachable From 192.168.30.11: Destination host unreachable --- 192.168.30.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
可以看到,在同一vlan的PC可以互相ping通,不在同一PC不能ping通
在交换机LSW1或在LSW2上配置VLANIF都可以,这里选择LSW1
#配置到vlan 10的vlanif接口的ip地址 [LSW1]interface vlanif 10 [LSW1-Vlanif10]ip address 192.168.10.1 24 [LSW1-Vlanif10]qu #配置到vlan 30的vlanif接口的ip地址 [LSW1]interface vlanif 30 [LSW1-Vlanif30]ip address 192.168.30.1 24 [LSW1-Vlanif30]qu #查看所有端口的状态 [LSW1]display interface brief PHY: Physical *down: administratively down (l): loopback (s): spoofing (b): BFD down (e): ETHOAM down (dl): DLDP down (d): Dampening Suppressed InUti/OutUti: input utility/output utility Interface PHY Protocol InUti OutUti inErrors outErrors GigabitEthernet0/0/1 down down 0% 0% 0 0 GigabitEthernet0/0/2 down down 0% 0% 0 0 GigabitEthernet0/0/3 down down 0% 0% 0 0 GigabitEthernet0/0/4 down down 0% 0% 0 0 GigabitEthernet0/0/5 down down 0% 0% 0 0 GigabitEthernet0/0/6 down down 0% 0% 0 0 GigabitEthernet0/0/7 down down 0% 0% 0 0 GigabitEthernet0/0/8 down down 0% 0% 0 0 GigabitEthernet0/0/9 up up 0% 0% 0 0 GigabitEthernet0/0/10 down down 0% 0% 0 0 GigabitEthernet0/0/11 down down 0% 0% 0 0 GigabitEthernet0/0/12 down down 0% 0% 0 0 GigabitEthernet0/0/13 up up 0% 0% 0 0 GigabitEthernet0/0/14 down down 0% 0% 0 0 GigabitEthernet0/0/15 down down 0% 0% 0 0 GigabitEthernet0/0/16 down down 0% 0% 0 0 GigabitEthernet0/0/17 down down 0% 0% 0 0 GigabitEthernet0/0/18 down down 0% 0% 0 0 GigabitEthernet0/0/19 down down 0% 0% 0 0 GigabitEthernet0/0/20 down down 0% 0% 0 0 GigabitEthernet0/0/21 down down 0% 0% 0 0 GigabitEthernet0/0/22 down down 0% 0% 0 0 GigabitEthernet0/0/23 down down 0% 0% 0 0 GigabitEthernet0/0/24 up up 0% 0% 0 0 #查看所有端口的ip信息 [LSW1]display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 4 The number of interface that is DOWN in Physical is 1 The number of interface that is UP in Protocol is 3 The number of interface that is DOWN in Protocol is 2 Interface IP Address/Mask Physical Protocol MEth0/0/1 unassigned down down NULL0 unassigned up up(s) Vlanif1 unassigned up down Vlanif10 192.168.10.1/24 up up Vlanif30 192.168.30.1/24 up up #查看vlanif接口ip配置 [LSW1]display IP interface vlanif 10 Vlanif10 current state : UP Line protocol current state : UP The Maximum Transmit Unit : 1500 bytes input packets : 0, bytes : 0, multicasts : 0 output packets : 0, bytes : 0, multicasts : 0 Directed-broadcast packets: received packets: 0, sent packets: 0 forwarded packets: 0, dropped packets: 0 Internet Address is 192.168.10.1/24 Broadcast address : 192.168.10.255 TTL being 1 packet number: 0 TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 [LSW1]display IP interface vlanif 30 Vlanif30 current state : UP Line protocol current state : UP The Maximum Transmit Unit : 1500 bytes input packets : 0, bytes : 0, multicasts : 0 output packets : 0, bytes : 0, multicasts : 0 Directed-broadcast packets: received packets: 0, sent packets: 0 forwarded packets: 0, dropped packets: 0 Internet Address is 192.168.30.1/24 Broadcast address : 192.168.30.255 TTL being 1 packet number: 0 TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 #查看交换机ip路由表 [LSW1]display IP routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.10.0/24 Direct 0 0 D 192.168.10.1 Vlanif10 192.168.10.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 192.168.30.0/24 Direct 0 0 D 192.168.30.1 Vlanif30 192.168.30.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 [LSW1]
用ping验证不同vlan之间实现相互通信
此时,在PC-10-1命令窗口中输入以下命令,测试是否能与PC-10-2和PC-30-2通信
通过tracert 192.168.30.12可以看出
192.168.10.11---->192.168.10.1---->192.168.30.12
PC>ping 192.168.10.12 Ping 192.168.10.12: 32 data bytes, Press Ctrl_C to break From 192.168.10.12: bytes=32 seq=1 ttl=128 time=78 ms From 192.168.10.12: bytes=32 seq=2 ttl=128 time=94 ms From 192.168.10.12: bytes=32 seq=3 ttl=128 time=78 ms From 192.168.10.12: bytes=32 seq=4 ttl=128 time=62 ms From 192.168.10.12: bytes=32 seq=5 ttl=128 time=62 ms --- 192.168.10.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/74/94 ms PC>ping 192.168.30.12 Ping 192.168.30.12: 32 data bytes, Press Ctrl_C to break From 192.168.30.12: bytes=32 seq=1 ttl=127 time=125 ms From 192.168.30.12: bytes=32 seq=2 ttl=127 time=63 ms From 192.168.30.12: bytes=32 seq=3 ttl=127 time=62 ms From 192.168.30.12: bytes=32 seq=4 ttl=127 time=62 ms From 192.168.30.12: bytes=32 seq=5 ttl=127 time=94 ms --- 192.168.30.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/81/125 ms PC>tracert 192.168.30.12 traceroute to 192.168.30.12, 8 hops max (ICMP), press Ctrl+C to stop 1 192.168.10.1 31 ms 32 ms 31 ms 2 192.168.30.12 94 ms 78 ms 94 ms
在PC-30-1命令窗口中输入以下命令,测试是否能与PC-10-2和PC-30-2通信
通过tracert 192.168.10.12可以看出
192.168.30.11---->192.168.30.1---->192.168.10.12
PC>ping 192.168.30.12 Ping 192.168.30.12: 32 data bytes, Press Ctrl_C to break From 192.168.30.12: bytes=32 seq=1 ttl=128 time=63 ms From 192.168.30.12: bytes=32 seq=2 ttl=128 time=63 ms From 192.168.30.12: bytes=32 seq=3 ttl=128 time=79 ms From 192.168.30.12: bytes=32 seq=4 ttl=128 time=62 ms From 192.168.30.12: bytes=32 seq=5 ttl=128 time=93 ms --- 192.168.30.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/72/93 ms PC>ping 192.168.10.12 Ping 192.168.10.12: 32 data bytes, Press Ctrl_C to break From 192.168.10.12: bytes=32 seq=1 ttl=127 time=125 ms From 192.168.10.12: bytes=32 seq=2 ttl=127 time=94 ms From 192.168.10.12: bytes=32 seq=3 ttl=127 time=78 ms From 192.168.10.12: bytes=32 seq=4 ttl=127 time=93 ms From 192.168.10.12: bytes=32 seq=5 ttl=127 time=78 ms --- 192.168.10.12 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 78/93/125 ms PC>tracert 192.168.10.12 traceroute to 192.168.10.12, 8 hops max (ICMP), press Ctrl+C to stop 1 192.168.30.1 32 ms 15 ms 31 ms 2 192.168.10.12 79 ms 78 ms 78 ms
