作者:鄧聰聰
單臂路由
單臂路由(router-on-a-stick)是指在路由器的一個接口上通過配置子接口(或“邏輯接口”,並不存在真正物理接口)的方式,實現原來相互隔離的不同VLAN(虛擬局域網)之間的互聯互通。
單臂路由的子接口編輯
路由器的物理接口可以被划分為成多個邏輯接口,這些被划分后的邏輯接口被形象的稱為子接口。值得注意的是這些邏輯子接口不能被單獨的開啟或關閉,也就是說,當物理接口被開啟或關閉時,所有的該接口的子接口也隨之被開啟或關閉。
優缺點
VLAN能有效分割局域網,實現各網絡區域之間的訪問控制。但現實中,往往需要配置某些VLAN之間的互聯互通。比如,你的公司划分為領導層、銷售部、財務部、人力部、科技部、審計部,並為不同部門配置了不同的VLAN,部門之間不能相互訪問,有效保證了各部門的信息安全。但經常出現領導層需要跨越VLAN訪問其他各個部門,這個功能就由單臂路由來實現。
優點:實現不同vlan之間的通信,有助理解、學習VLAN原理和子接口概念。
缺點:容易成為網絡單點故障,配置稍有復雜,現實意義不大。
配置實例
核心出口路由器配置信息;
<Huawei>dis cu [V200R003C00] # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 # interface GigabitEthernet0/0/0.1 dot1q termination vid 10 ip address 10.1.1.1 255.255.255.252 arp broadcast enable # interface GigabitEthernet0/0/0.3 dot1q termination vid 20 ip address 20.1.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return <Huawei>
sw1的配置;
<Huawei>dis cu # sysname Huawei # vlan batch 10 20 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # interface GigabitEthernet0/0/3 port link-type access port default vlan 20 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return <Huawei>
PC端配置;
PC>ipconfig Link local IPv6 address...........: fe80::5689:98ff:fef4:292c IPv6 address......................: :: / 128 IPv6 gateway......................: :: IPv4 address......................: 10.1.1.2 Subnet mask.......................: 255.255.255.252 Gateway...........................: 10.1.1.1 Physical address..................: 54-89-98-F4-29-2C DNS server........................: PC>ping 10.1.1.2 Ping 10.1.1.2: 32 data bytes, Press Ctrl_C to break From 10.1.1.2: bytes=32 seq=1 ttl=128 time<1 ms --- 10.1.1.2 ping statistics --- 1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = 0/0/0 ms PC>