Linux 入门到精通,真的不用背命令!零基础小白靠「场景化学习法」,3 个月拿下运维 offer,第十七天(part5)

七、三层交换机

三层交换机的原理

三层交换机融合了交换机和路由器的双重功能,可在数据链路层(第二层)和网络层(第三层)实现高效数据转发,其核心运作机制如下:

硬件加速转发

采用专用集成电路(ASIC)或可编程门阵列(FPGA)进行硬件级数据转发,相比传统软件路由显著降低延迟并提高吞吐量。

智能路径优化

首次跨网段通信执行完整路由流程(包括路由表查询和ARP解析),后续相同流量则启用直通转发模式,大幅提升传输效率。

虚拟化路由

通过配置虚拟接口(SVI)实现VLAN间直接通信,每个SVI作为对应VLAN的默认网关,无需依赖外部路由设备。

双表协同机制

路由表:记录网络拓扑信息,通过静态配置或动态协议(如OSPF)维护 转发表:存储MAC-端口映射关系,支撑二层交换功能

多协议支持

同时兼容二层(如STP)和三层(如IP/ICMP)协议栈,并集成ACL、QoS等高级网络功能。

三层交换机的配置
关于三层交换机的配置,首先需要创建VLAN。
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.
 
Switch(vlan)#vlan 10
VLAN 10 added:
    Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
    Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
    Name: VLAN0030
Switch(vlan)#exit
APPLY completed.
Exiting....
将端口分配进VLAN
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 30
Switch(config-if)#no shutdown
Switch(config-if)#exit
进入VLAN进行地址网关的分配
Switch(config)#int vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
 
Switch(config-if)#ip address 192.168.10.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
 
Switch(config-if)#ip address 192.168.20.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
 
Switch(config-if)#ip address 192.168.30.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
一定要在全局模式下输入(此为开启交换机路由器功能的全局模式)
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#ip routing
配置交换机接口模式
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
三层交换机示例


主机-交换机-三层交换机-路由-主机全通信

主机配置p1-p5

交换机s1
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.
 
Switch(vlan)#vlan 10
VLAN 10 added:
    Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
    Name: VLAN0020
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
交换机s2
Switch>en
Switch#vlan database 
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.
 
Switch(vlan)#vlan 20
VLAN 20 added:
    Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
    Name: VLAN0030
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 30
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
三层交换机ms1
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
  as VLAN database mode is being deprecated. Please consult user
  documentation for configuring VTP/VLAN in config mode.
 
Switch(vlan)#vlan 10
VLAN 10 added:
    Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
    Name: VLAN0020
Switch(vlan)#vlan 30
VLAN 30 added:
    Name: VLAN0030
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#ip routing
Switch(config)#int vlan 10
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
 
Switch(config-if)#ip address 192.168.10.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 20
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
 
Switch(config-if)#ip address 192.168.20.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan30, changed state to up
 
Switch(config-if)#ip address 192.168.30.254 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/1
Switch(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport mode trunk
 
Switch(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
 
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#no switchport
Switch(config-if)#ip address 10.0.0.1 255.255.255.252
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
Switch(config)#end
Switch#
%SYS-5-CONFIG_I: Configured from console by console
路由器r1配置
Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int f0/0
Router(config-if)#ip address 10.0.0.2 255.255.255.252
Router(config-if)#no shutdown
 
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
 
Router(config-if)#exit
Router(config)#int f0/1
Router(config-if)#ip address 1.0.0.1 255.0.0.0
Router(config-if)#no shutdown
 
Router(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
 
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
 
Router(config-if)#exit
Router(config)#ip route 192.168.10.0 255.255.255.0 10.0.0.1
Router(config)#ip route 192.168.20.0 255.255.255.0 10.0.0.1
Router(config)#ip route 192.168.30.0 255.255.255.0 10.0.0.1
Router(config)#end
Router#
%SYS-5-CONFIG_I: Configured from console by console

输出互联结果

RIP版本特性对比
RIP v1特性:

采用有类地址体系(Classful Addressing),例如192.168.1.0(默认掩码255.255.255.0) • 自动执行子网汇总:更新报文会将子网路由汇总至主类网络边界(如将192.168.1.0/24汇总为192.168.0.0/16),可能导致路由信息失真或产生环路 • 通过广播方式发送更新(目标地址255.255.255.255) • 缺乏认证机制,存在安全隐患 • 15跳的拓扑限制仅适合小型网络部署

RIP v2改进特性:

支持无类地址(Classless Addressing),可携带精确的子网掩码信息(如192.168.1.0/26) 默认关闭自动汇总功能(需配置no auto-summary命令),确保路由信息精确传递 • 采用组播更新(目标地址224.0.0.9)提高传输效率 • 支持MD5认证机制,提升协议安全性 • 保留15跳限制,但通过支持VLSM和CIDR等特性,更适合现代网络部署需求

RIP动态路由协议详解

RIP(Routing Information Protocol)是一种基于距离矢量的动态路由协议,主要应用于中小型网络环境。该协议以跳数(hop count)作为路径选择的度量标准,最大有效跳数为15,超过16跳的路由将被标记为不可达。RIP通过周期性广播或组播路由更新(默认间隔30秒)实现网络拓扑信息的动态同步。以下针对RIP v1和v2版本进行详细说明,并补充协议实现要点、配置方法及注意事项。

完整配置步骤

在Cisco设备上配置RIP协议时,首先需要进入全局配置模式(configure terminal)。关键配置步骤是使用network命令指定路由器直连的IP网段,这些网段必须与接口IP地址相匹配。以下示例展示了RIPv1和RIPv2的典型配置场景。

示例:配置RIP v1(传统模式)
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# router rip  ! 启用RIP进程(默认v1)
Switch(config-router)# network 172.16.0.0  ! 指定直连网段,例如172.16.0.0/16
Switch(config-router)# exit
Switch(config)# exit
Switch# write memory
示例:配置RIP v2(推荐用于无类地址环境)
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# router rip  ! 启用RIP进程
Switch(config-router)# version 2  ! 切换到v2版本
Switch(config-router)# no auto-summary  ! 禁用自动汇总
Switch(config-router)# network 192.168.1.0  ! 指定直连网段,例如192.168.1.0/24
Switch(config-router)# network 10.0.0.0  ! 添加另一个直连网段,例如10.0.0.0/8
Switch(config-router)# exit
Switch(config)# exit
Switch# write memory  ! 保存配置到NVRAM
关键配置说明:
network命令:

需指定路由器直连接口的网段地址(如192.168.1.0)。RIP协议仅在这些配置网段上收发更新,每个网段需单独配置。

版本切换:

在router rip配置模式下,通过version 2升级协议版本;若不配置则默认使用RIP v1。

禁用汇总:

RIP v2需配置no auto-summary关闭自动汇总功能,防止子网路由信息丢失。

认证配置(v2可选):

可通过key chain结合ip rip authentication命令启用MD5认证,增强路由交互安全性。

注意事项与最佳实践

网络设计
  • 推荐在小型网络(跳数少于10)中使用RIP协议
  • 对于大型网络,建议采用OSPF或EIGRP协议
  • 使用RIPv2时,确保所有路由器运行相同版本以避免兼容性问题
性能优化
  • 调整计时器:通过timers basic命令修改更新间隔(默认30秒),可设为20秒加快收敛,但会增加带宽开销
  • 设置被动接口:在router rip模式下使用passive-interface命令阻止接口发送更新,减少不必要流量
常见问题排查
  • 路由环路:
    • 启用split-horizon(默认开启)
    • 或使用poison reverse机制进行预防
  • 更新丢失:
    • 检查network语句是否包含所有直连网段
    • 使用show ip rip database查看路由表信息
  • 安全风险:
    • RIPv1存在安全漏洞
    • 使用RIPv2时必须配置认证机制
迁移建议
  • 从RIPv1升级到RIPv2时建议分阶段实施:
    1. 先在部分路由器启用v2版本
    2. 测试验证通过后再全网切换
  • 监控工具:使用debug ip rip命令实时查看更新信息

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值