The router divides VLANs by configuring the router as the gateway for each VLAN to implement inter-VLAN routing, which is also known as single-arm routing.
When configuring a router for VLAN, you cannot divide the physical port into a VLAN. Instead, you must divide the virtual sub-interface into a VLAN and configure the encapsulation protocol dot1q for it.
Detailed explanation:
Routers that provide inter-VLAN routing can only do single-arm routing, which means setting up sub-interfaces and encapsulation protocols.
Step one: Create a VLAN on the switch, and divide each port of the switch into the VLAN you created according to your wishes.
Example:
con t
vlan 10
vlan 20
vlan 30
< p>interface range fastetherner 0/1-8switchport access vlan 10
interface range fastethernet 0/9-16
switchprt aceess vlan 20
interface range fastethernet 0/17-23
switchprt aceess vlan 30
interface fastethernet 0/24 *Important step: Set up the trunk port on the switch
switchport mode trunk
switchport trunk allow vlan all *This is a command to open the trunk so that each vlan can pass, so that the trunk port can transmit data frames of each vlan.
The second step is to set up a sub-interface on a port on the router and configure an IP address for the sub-interface. This IP address will automatically become the gateway of each VLAN.
router#interface fa0/0
no ip addreess *Make it a layer 2 port and remove its ip address
The following begins to configure the sub-interface, sub-interface After configuring the tunck encapsulation mode, it becomes a trunk port
interface fa0/0.10 *Divide a sub-interface for vlan 10
encapsulate dot1q 10 *Configure this sub-interface for vlan 10 Trunk encapsulation mode
ip adrress 192.168.10.1 255.255.255.0 *Configure the ip address for the sub-interface of vlan 10
exit
interface fa0/0.20 * Vlan 20 divides a sub-interface
encapsulate dot1q 20 * Configure the trunk encapsulation mode of this sub-interface for vlan 20
ip adrress 192.168.20.1 255.255.255.0 * is the sub-interface of vlan 20 Interface configuration ip address
exit
interface fa0/0.30 *Create a sub-interface for vlan 30
encapsulate dot1q 30 *Configure this sub-interface for vlan 30 trunk encapsulation mode
ip adrress 192.168.30.1 255.255.255.0 *Configure the ip address for the sub-interface of vlan 30
exit
Finally, for insurance purposes, Use
router#ip routing in the global mode of the router.
OK, the configuration is complete.
At this time, the client in vlan 10 pings the client in vlan 20 and try.
Notes
1. Before configuring an IP address for the sub-interface of the router, the dot1q protocol must be encapsulated first.
2. The hosts in each VLAN must use the IP address of the corresponding VLAN sub-interface as the gateway.
VLAN (Virtual Local Area Network), also known as virtual LAN, refers to an end-to-end logical network built using network management software based on a switched LAN that can span different network segments and networks. A VLAN forms a logical subnet, that is, a logical broadcast domain, which can cover multiple network devices and allow network users in different geographical locations to join a logical subnet. Conditions for establishing a VLAN A VLAN is a logical subnet based on a physical network. Therefore, establishing a VLAN requires corresponding network equipment that supports VLAN technology. When different VLANs in the network communicate with each other, routing support is required. At this time, routing equipment needs to be added. To implement the routing function, either a router or a Layer 3 switch can be used. Basic strategies for dividing VLANs From a technical point of view, VLANs can be divided according to different principles. There are generally three division methods: 1. Port-based VLAN division. This division divides several ports on one or more switches into one. Logical grouping, this is the simplest and most effective way to divide. This method only requires the network administrator to reallocate the switching port of the network device, regardless of the device connected to the port. 2. VLAN division based on MAC address. The MAC address actually refers to the identifier of the network card. The MAC address of each network card is unique and fixed on the network card. The MAC address is represented by a 12-digit hexadecimal number. The first 8 digits are the manufacturer identification and the last 4 digits are the network card identification. Network administrators can divide some sites into a logical subnet based on MAC addresses. 3. Routing-based VLAN division Routing protocols work at the network layer, and the corresponding working equipment includes routers and routing switches (ie, layer 3 switches). This method allows one VLAN to span multiple switches, or one port to be in multiple VLANs. For now, the above-mentioned methods 1 and 3 are mainly adopted for VLAN division, and the second method is a auxiliary solution. Advantages of using VLAN Using VLAN has the following advantages: 1. Control broadcast storms. A VLAN is a logical broadcast domain. By creating a VLAN, broadcasts are isolated, the broadcast range is reduced, and the occurrence of broadcast storms can be controlled. 2. Improve the overall security of the network. Through VLAN division principles such as routing access lists and MAC address allocation, user access permissions and logical network segment sizes can be controlled, and different user groups can be divided into different VLANs, thereby improving the overall performance and security of the switched network. sex. 3. Network management is simple and intuitive. For switched Ethernet, if network segments are reassigned to some users, the network administrator needs to readjust the physical structure of the network system, and even needs to add network equipment, which increases the work of network management. quantity. For networks using VLAN technology, a VLAN can divide network users in different geographical locations into a logical network segment based on department functions, object groups or applications. Workstations can be moved between workgroups or subnets without changing the physical connections to the network. The use of virtual network technology greatly reduces the burden of network management and maintenance work and reduces network maintenance costs. In a switched network, VLAN provides a flexible combination mechanism for network segments and organizations. Layer 3 switching technology Traditional routers have functions such as routing and forwarding, firewalls, and broadcast isolation in the network. However, in a network divided into VLANs, communications between logically divided network segments still have to be forwarded through routers. Since the amount of communication data between different VLANs is very large on the LAN, if the router has to route each data packet once, as the amount of data on the network continues to increase, the router will be overwhelmed and the router will Become a bottleneck for the entire network operation. In this case, the third layer switching technology emerged, which is a technology that combines routing technology and switching technology into one.
After the Layer 3 switch routes the first data flow, it will generate a mapping table between MAC addresses and IP addresses. When the same data flow passes through again, it will pass directly through Layer 2 according to this table instead of routing again, thus It eliminates the network delay caused by the router's routing selection, improves the efficiency of data packet forwarding, and eliminates the network bottleneck problem that the router may cause. It can be seen that the three-layer switch integrates routing and switching, implements routing inside the switch, and improves the overall performance of the network. In a Gigabit network with three-layer switches as the core, in order to ensure the convenience and security of management of different functional departments and the stability of the entire network operation, VLAN technology can be used to divide the virtual network. The VLAN subnet isolates broadcast storms and implements security protection for some important departments; and when the physical location of a certain department changes, the network can be reorganized by simply setting the switch, which is very convenient, fast, and saves money. cost.