单臂路由(router-on-a-stick)是指在路由器的一个接口上通过配置子接口(或“逻辑接口”,并不存在真正物理接口)的方式,实现原来相互隔离的不同VLAN(虚拟局域网)之间的互联互通。

环境

  • Cisco Packet Tracer 5.3
  • Windows 10

    操作

    操作:按照如图所示连接拓扑图
    image.png

    实验步骤

    (1)创建拓扑,配置设备
    添加一台路由器、一台交换机和四台主机

PC0和PC1与交换机fa0/1、fa0/2 接口连接,划分在VLAN10中,IP分别为192.168.10.1、192.168.10.2,网关192.168.10.254。
PC2和PC3与交换机fa0/11、fa0/12 接口连接,划分在VLAN20中,IP分别为192.168.20.1、192.168.20.2,网关192.168.20.254。
交换机fa0/24端口与路由器fa0/1端口连接。

(2)配置交换机

  1. /* Part 1 配置交换机 */
  2. Switch>enable
  3. Switch#configure terminal
  4. Switch(config)#hostname SA
  5. SA(config)#vlan 10
  6. SA(config-vlan)#vlan 20
  7. SA(config-vlan)#exit
  8. SA(config)#interface range fa0/1-fa0/2
  9. SA(config-if-range)#switchport access vlan 10
  10. SA(config-if-range)#interface range fa0/11-fa0/12
  11. SA(config-if-range)#switchport access vlan 20
  12. SA(config-if-range)#interface fa0/24
  13. SA(config-if)#switchport mode trunk
  14. SA(config-if)#switchport trunk allowed vlan all
  16. /* Part 2 检查配置 */
  17. SA(config-if-range)#^Z         Ctrl+Z组合键)
  18. SA#show vlan
  19. ...
  20. VLAN Name                             Status    Ports
  21. ---- -------------------------------- --------- -------------------------------
  22. 1    default                          active    Fa0/3, Fa0/4, Fa0/5, Fa0/6
  23.                                                 Fa0/7, Fa0/8, Fa0/9, Fa0/10
  24.                                                 Fa0/13, Fa0/14, Fa0/15, Fa0/16
  25.                                                 Fa0/17, Fa0/18, Fa0/19, Fa0/20
  26.                                                 Fa0/21, Fa0/22, Fa0/23
  27. 10   VLAN0010                         active    Fa0/1, Fa0/2
  28. 20   VLAN0020                         active    Fa0/11, Fa0/12
  29. ...

(3)配置路由器

  1. /* Part 1 配置路由器 */
  2. Router>enable
  3. Router#configure terminal
  4. Router(config)#hostname RA
  5. RA(config)#interface fa0/0.1
  6. RA(config-subif)#encapsulation dot1Q 10
  7.   // (1:在路由器上配置trunk的封装协议的命令:
  8.   //  encapsulation [isl/dot1q] vlan
  9.   //  2:上面的路由器配置了dot1q中继封装,10vlan 10
  10.   //  3:Trunk的封装类型一共有 ISL802.1Q两种,而802.1Q在输入的时候为dot1q)
  11. RA(config-subif)#ip address 192.168.10.254 255.255.255.0
  12. RA(config-subif)#interface fa0/0.2
  13. RA(config-subif)#encapsulation dot1Q 20
  14. RA(config-subif)#ip address 192.168.20.254 255.255.255.0
  15. RA(config-subif)#exit
  16. RA(config)#interface fa0/0
  17. RA(config-if)#shutdown
  18. RA(config-if)#no shutdown     //(重启fa0/0接口)
  20. /* Part 2 检查配置 */
  21. RA>show interfaces fa0/0.1
  22. ...
  23.   Internet address is 192.168.1.254/24
  24. ...
  25.   Encapsulation 802.1Q Virtual LAN, Vlan ID 10
  26. ...
  28. RA>show interfaces fa0/0.2
  29. ...
  30.   Internet address is 192.168.2.254/24
  31. ...
  32.   Encapsulation 802.1Q Virtual LAN, Vlan ID 20
  33. ...

(4)连通性测试

  1. /* Part 1 PC0 Ping 自己网关 */
  2. PC>ping 192.168.1.254
  4. Pinging 192.168.1.254 with 32 bytes of data:
  6. Reply from 192.168.1.254: bytes=32 time=11ms TTL=255
  7. Reply from 192.168.1.254: bytes=32 time=12ms TTL=255
  8. Reply from 192.168.1.254: bytes=32 time=11ms TTL=255
  9. Reply from 192.168.1.254: bytes=32 time=12ms TTL=255
  11. Ping statistics for 192.168.1.254:
  12.     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  13. Approximate round trip times in milli-seconds:
  14.     Minimum = 11ms, Maximum = 12ms, Average = 11ms
  16. /* Part 2 PC0 Ping PC1 */
  17. PC>ping 192.168.1.2
  19. Pinging 192.168.1.2 with 32 bytes of data:
  21. Reply from 192.168.1.2: bytes=32 time=25ms TTL=128
  22. Reply from 192.168.1.2: bytes=32 time=10ms TTL=128
  23. Reply from 192.168.1.2: bytes=32 time=12ms TTL=128
  24. Reply from 192.168.1.2: bytes=32 time=14ms TTL=128
  26. Ping statistics for 192.168.1.2:
  27.     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  28. Approximate round trip times in milli-seconds:
  29.     Minimum = 10ms, Maximum = 25ms, Average = 15ms
  32. /* Part 3 PC0 Ping PC2 PC3网关 */
  33. PC>ping 192.168.2.254
  35. Pinging 192.168.2.254 with 32 bytes of data:
  37. Reply from 192.168.2.254: bytes=32 time=11ms TTL=255
  38. Reply from 192.168.2.254: bytes=32 time=14ms TTL=255
  39. Reply from 192.168.2.254: bytes=32 time=11ms TTL=255
  40. Reply from 192.168.2.254: bytes=32 time=12ms TTL=255
  42. Ping statistics for 192.168.2.254:
  43.     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  44. Approximate round trip times in milli-seconds:
  45.     Minimum = 11ms, Maximum = 14ms, Average = 12ms
  48. /* Part 4 PC0 Ping PC2 */
  49. PC>ping 192.168.2.1
  51. Pinging 192.168.2.1 with 32 bytes of data:
  53. Reply from 192.168.2.1: bytes=32 time=24ms TTL=127
  54. Reply from 192.168.2.1: bytes=32 time=19ms TTL=127
  55. Reply from 192.168.2.1: bytes=32 time=21ms TTL=127
  56. Reply from 192.168.2.1: bytes=32 time=20ms TTL=127
  58. Ping statistics for 192.168.2.1:
  59.     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  60. Approximate round trip times in milli-seconds:
  61.     Minimum = 19ms, Maximum = 24ms, Average = 21ms
  64. /* Part 5 PC0 Ping PC3 */
  65. PC>ping 192.168.2.2
  67. Pinging 192.168.2.2 with 32 bytes of data:
  69. Request timed out.
  70. Reply from 192.168.2.2: bytes=32 time=24ms TTL=127
  71. Reply from 192.168.2.2: bytes=32 time=22ms TTL=127
  72. Reply from 192.168.2.2: bytes=32 time=19ms TTL=127
  74. Ping statistics for 192.168.2.2:
  75.     Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
  76. Approximate round trip times in milli-seconds:
  77.     Minimum = 19ms, Maximum = 24ms, Average = 21ms

结论

由实验可知,划分VLAN后不同VLAN间的主机不能通信,可以使用路由器进行VLAN间通信。

注意: 1、主机需要配网关。 2、当出现Ping不通别的主机时,可以采用由近及远的检查方式,即依次Ping自己、自己的网关、对方主机的网关、对方主机以便于发现错误位置。

实验工程

单臂路由.zip