七、三层交换机
三层交换机的原理
三层交换机融合了交换机和路由器的双重功能,可在数据链路层(第二层)和网络层(第三层)实现高效数据转发,其核心运作机制如下:
硬件加速转发
采用专用集成电路(ASIC)或可编程门阵列(FPGA)进行硬件级数据转发,相比传统软件路由显著降低延迟并提高吞吐量。
智能路径优化
首次跨网段通信执行完整路由流程(包括路由表查询和ARP解析),后续相同流量则启用直通转发模式,大幅提升传输效率。
虚拟化路由
通过配置虚拟接口(SVI)实现VLAN间直接通信,每个SVI作为对应VLAN的默认网关,无需依赖外部路由设备。
双表协同机制
路由表:记录网络拓扑信息,通过静态配置或动态协议(如OSPF)维护 转发表:存储MAC-端口映射关系,支撑二层交换功能
多协议支持
同时兼容二层(如STP)和三层(如IP/ICMP)协议栈,并集成ACL、QoS等高级网络功能。
三层交换机的配置
关于三层交换机的配置,首先需要创建VLAN。
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
Name: VLAN0030
Switch(vlan)#exit
APPLY completed.
Exiting....
将端口分配进VLAN
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 30
Switch(config-if)#no shutdown
Switch(config-if)#exit
进入VLAN进行地址网关的分配
Switch(config)#int vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#ip address 192.168.10.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip address 192.168.20.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
Switch(config-if)#ip address 192.168.30.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
一定要在全局模式下输入(此为开启交换机路由器功能的全局模式)
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ip routing
配置交换机接口模式
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
三层交换机示例
主机-交换机-三层交换机-路由-主机全通信

主机配置p1-p5





交换机s1
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
交换机s2
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
Name: VLAN0030
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 30
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
三层交换机ms1
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
Name: VLAN0030
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ip routing
Switch(config)#int vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
Switch(config-if)#ip address 192.168.10.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
Switch(config-if)#ip address 192.168.20.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
Switch(config-if)#ip address 192.168.30.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/1
Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#no switchport
Switch(config-if)#ip address 10.0.0.1 255.255.255.252
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
Switch(config)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
路由器r1配置
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip address 10.0.0.2 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Router(config-if)#exit
Router(config)#int f0/1
Router(config-if)#ip address 1.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Router(config-if)#exit
Router(config)#ip route 192.168.10.0 255.255.255.0 10.0.0.1
Router(config)#ip route 192.168.20.0 255.255.255.0 10.0.0.1
Router(config)#ip route 192.168.30.0 255.255.255.0 10.0.0.1
Router(config)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console
输出互联结果

RIP版本特性对比
RIP v1特性:
采用有类地址体系(Classful Addressing),例如192.168.1.0(默认掩码255.255.255.0) • 自动执行子网汇总:更新报文会将子网路由汇总至主类网络边界(如将192.168.1.0/24汇总为192.168.0.0/16),可能导致路由信息失真或产生环路 • 通过广播方式发送更新(目标地址255.255.255.255) • 缺乏认证机制,存在安全隐患 • 15跳的拓扑限制仅适合小型网络部署
RIP v2改进特性:
支持无类地址(Classless Addressing),可携带精确的子网掩码信息(如192.168.1.0/26) 默认关闭自动汇总功能(需配置no auto-summary命令),确保路由信息精确传递 • 采用组播更新(目标地址224.0.0.9)提高传输效率 • 支持MD5认证机制,提升协议安全性 • 保留15跳限制,但通过支持VLSM和CIDR等特性,更适合现代网络部署需求
RIP动态路由协议详解
RIP(Routing Information Protocol)是一种基于距离矢量的动态路由协议,主要应用于中小型网络环境。该协议以跳数(hop count)作为路径选择的度量标准,最大有效跳数为15,超过16跳的路由将被标记为不可达。RIP通过周期性广播或组播路由更新(默认间隔30秒)实现网络拓扑信息的动态同步。以下针对RIP v1和v2版本进行详细说明,并补充协议实现要点、配置方法及注意事项。
完整配置步骤
在Cisco设备上配置RIP协议时,首先需要进入全局配置模式(configure terminal)。关键配置步骤是使用network命令指定路由器直连的IP网段,这些网段必须与接口IP地址相匹配。以下示例展示了RIPv1和RIPv2的典型配置场景。
示例:配置RIP v1(传统模式)
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# router rip ! 启用RIP进程(默认v1)
Switch(config-router)# network 172.16.0.0 ! 指定直连网段,例如172.16.0.0/16
Switch(config-router)# exit
Switch(config)# exit
Switch# write memory
示例:配置RIP v2(推荐用于无类地址环境)
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# router rip ! 启用RIP进程
Switch(config-router)# version 2 ! 切换到v2版本
Switch(config-router)# no auto-summary ! 禁用自动汇总
Switch(config-router)# network 192.168.1.0 ! 指定直连网段,例如192.168.1.0/24
Switch(config-router)# network 10.0.0.0 ! 添加另一个直连网段,例如10.0.0.0/8
Switch(config-router)# exit
Switch(config)# exit
Switch# write memory ! 保存配置到NVRAM
关键配置说明:
network命令:
需指定路由器直连接口的网段地址(如192.168.1.0)。RIP协议仅在这些配置网段上收发更新,每个网段需单独配置。
版本切换:
在router rip配置模式下,通过version 2升级协议版本;若不配置则默认使用RIP v1。
禁用汇总:
RIP v2需配置no auto-summary关闭自动汇总功能,防止子网路由信息丢失。
认证配置(v2可选):
可通过key chain结合ip rip authentication命令启用MD5认证,增强路由交互安全性。
注意事项与最佳实践
网络设计
- 推荐在小型网络(跳数少于10)中使用RIP协议
- 对于大型网络,建议采用OSPF或EIGRP协议
- 使用RIPv2时,确保所有路由器运行相同版本以避免兼容性问题
性能优化
- 调整计时器:通过
timers basic命令修改更新间隔(默认30秒),可设为20秒加快收敛,但会增加带宽开销 - 设置被动接口:在
router rip模式下使用passive-interface命令阻止接口发送更新,减少不必要流量
常见问题排查
- 路由环路:
- 启用split-horizon(默认开启)
- 或使用poison reverse机制进行预防
- 更新丢失:
- 检查
network语句是否包含所有直连网段 - 使用
show ip rip database查看路由表信息
- 检查
- 安全风险:
- RIPv1存在安全漏洞
- 使用RIPv2时必须配置认证机制
迁移建议
- 从RIPv1升级到RIPv2时建议分阶段实施:
- 先在部分路由器启用v2版本
- 测试验证通过后再全网切换
- 监控工具:使用
debug ip rip命令实时查看更新信息
904

被折叠的 条评论
为什么被折叠?



