三层交换机与路由器组网如何正确配置

小编：小丢更新时间：2023-04-16

在网络架构中，三层交换机和路由器都扮演着非常重要的角色。三层交换机主要用于在局域网内部进行数据包转发和过滤，而路由器则用于连接不同的网络并进行路由选择和跨网络通信。正确配置三层交换机和路由器可以提高网络的性能和安全性，从而确保网络的正常运行。由于网络配置的复杂性和多样性，不同的网络架构可能需要不同的配置方法。在本篇文章中，我整理了一份通用的三层交换机和路由器配置方法，以帮助有需要的友友们更好地了解相关技能。希望友友们可以从中获得一些有用的信息。

实验内容及目标：

1、不同vlan 下的客户端能够访问外网【2.2.2.1】

2、了解路由器和三层交换机之间的连接及配置

3、了解三层交换机和接入交换机之间的连接及配置

实验拓扑图：

实验设备及版本：

本实验所用到的设备为：

1、交换机：华为 Quidway S5700-28C-HI VRP (R) software, Version 5.110

2、路由器：华为 AR1200 VRP (R) software, Version 5.130

3、PC主机：

实验过程：

一、建立物理连接

按照拓扑图进行组网

二、接入交换机配置

这里以红框内的第一个交换机为例

sys Enter system view, return user view with Ctrl+Z. [Huawei] [Huawei]sysname [Huawei]sysname switch1 Apr 9 2023 19:11:09-08:00 switch1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011. 5.25.191.3.1 configurations have been changed. The current change number is 4, t he change loop count is 0, and the maximum number of records is 4095. [switch1]undo info-center enable Info: Information center is disabled. [switch1] #创建vlan [switch1] [switch1]vlan bat [switch1]vlan batch 1 to 3 Info: This operation may take a few seconds. Please wait for a moment...done. [switch1] #将接口加入到vlan 中 [switch1]interface GigabitEthernet 0/0/2 [switch1-GigabitEthernet0/0/2]port link-type access [switch1-GigabitEthernet0/0/2]port default vlan 1 [switch1-GigabitEthernet0/0/2]q [switch1] [switch1]interface GigabitEthernet 0/0/3 [switch1-GigabitEthernet0/0/3]port link-type access [switch1-GigabitEthernet0/0/3]port default vlan 1 [switch1-GigabitEthernet0/0/3]q [switch1] [switch1] #设置与三层核心交换机相连的接口为trunk，并设置运行通过vlan 1，vlan2，vlan3 [switch1]interface GigabitEthernet 0/0/1 [switch1-GigabitEthernet0/0/1]dis this # interface GigabitEthernet0/0/1 # return [switch1-GigabitEthernet0/0/1]port link-type trunk [switch1-GigabitEthernet0/0/1] [switch1-GigabitEthernet0/0/1]port trunk allow-pass vlan 1 to 3 [switch1-GigabitEthernet0/0/1] [switch1-GigabitEthernet0/0/1]q [switch1]

其他的几个接入交换机配置过程相同，配置时，注意接口。

三、三层交换机配置

#创建VLAN接口并配置IP地址： sys Enter system view, return user view with Ctrl+Z. [Huawei]undo in [Huawei]undo info-center en [Huawei]undo info-center enable Info: Information center is disabled. [Huawei] [Huawei]interface Vlanif 1 [Huawei-Vlanif1]ip address 192.168.1.1 24 [Huawei-Vlanif1] [Huawei-Vlanif1]q [Huawei]int [Huawei]interface vlan [Huawei]interface Vlanif 2 Error: The VLAN does not exist. [Huawei]vlan batch 2 to 3 Info: This operation may take a few seconds. Please wait for a moment...done. [Huawei] [Huawei]interface Vlanif 2 [Huawei-Vlanif3] [Huawei-Vlanif3]ip ad [Huawei-Vlanif3]ip address 192.168.2.1 24 [Huawei-Vlanif3] [Huawei-Vlanif3]q [Huawei]int [Huawei]interface vla [Huawei]interface Vlanif 3 [Huawei-Vlanif3] [Huawei-Vlanif3] [Huawei-Vlanif3]ip add [Huawei-Vlanif3]ip address 192.168.3.1 24 [Huawei-Vlanif3] [Huawei-Vlanif3] [Huawei-Vlanif3]q [Huawei] [Huawei] [Huawei]sysna [Huawei]sysname Switch-Hexin [Switch-Hexin] [Switch-Hexin] #配置三层交换机上连接到接入交换机的接口为Trunk模式，并允许相应VLAN通过： [Switch-Hexin]interface GigabitEthernet 0/0/2 [Switch-Hexin-GigabitEthernet0/0/2]port link-type trunk [Switch-Hexin-GigabitEthernet0/0/2]port trunk allow-pass vlan 1 to 3 [Switch-Hexin-GigabitEthernet0/0/2]q # 配置与路由器相连的接口 [Switch-Hexin] [Switch-Hexin]vlan batch 10 Info: This operation may take a few seconds. Please wait for a moment...done. [Switch-Hexin] [Switch-Hexin]interface GigabitEthernet 0/0/1 [Switch-Hexin-GigabitEthernet0/0/1] [Switch-Hexin-GigabitEthernet0/0/1]port link-type access [Switch-Hexin-GigabitEthernet0/0/1]port default vlan 10 [Switch-Hexin-GigabitEthernet0/0/1]q [Switch-Hexin]interface Vlanif 10 [Switch-Hexin-Vlanif10]ip address 192.168.10.2 24 [Switch-Hexin-Vlanif10] [Switch-Hexin-Vlanif10]q [Switch-Hexin] #配置静态路由 [Switch-Hexin] [Switch-Hexin]ip route-static 0.0.0.0 0.0.0.0 192.168.10.1 [Switch-Hexin]

四、路由器配置

[Router]interface GigabitEthernet 0/0/1 [Router-GigabitEthernet0/0/1]ip address 192.168.10.1 255.255.255.0 [Router-GigabitEthernet0/0/1]q [Router]interface GigabitEthernet 0/0/0 [Router-GigabitEthernet0/0/0]ip address 2.2.2.2 24 [Router-GigabitEthernet0/0/0] [Router-GigabitEthernet0/0/0]q [Router]ip route-static 0.0.0.0 0.0.0.0 2.2.2.1 [Router] [Router]ip route-static 192.168.0.0 255.255.0.0 192.168.10.2 [Router] #配置NAT 转换 [Router]acl number 2001 [Router-acl-basic-2001]rule 5 permit source 192.168.0.0 0.0.255.255 [Router-acl-basic-2001]q [Router]interface GigabitEthernet 0/0/0 [Router-GigabitEthernet0/0/0]nat outbound 2001 [Router-GigabitEthernet0/0/0]qu [Router]

五、测试：