兩個華為交換機如何接入路由器(華為二層交換機與路由器對接上網配置示例)二層交換機與路由器對接上網配置示例二層交換機指的是僅能夠進行二層轉發，不能進行三層轉發的交換機。也就是說僅支持二層特性，不支持路由等三層特性的交換機。二層交換機一般部署在接入層，不能作為用戶的網關。組網需求如圖所示，某公司擁有多個部門且位于不同網段，各部門均有訪問Internet的需求?，F要求用戶通過二層交換機和路由器訪問外部網絡，且要求路由器作為用戶的網關。圖二層交換機與路由器對接上網組網圖配置思路采用如下思路進行配置：1)配置二層交換機基于接口劃分VLAN，實現二層轉發。2)配置路由器作為用戶的網關，通過子接口或VLANIF接口實現跨網段的三層轉發。3)配置路由器作為DHCP服務器，為用戶PC分配IP地址。4)配置路由器NAT功能，使內網用戶可以訪問外部網絡。操作步驟1、配置交換機#配置下行連接用戶的接口。system-view[HUAWEI]sysnameSwitch[Switch]vlanbatch23[Switch]interfacegigabitethernet0/0/2[Switch-GigabitEthernet0/0/2]portlink-typeaccess//配置接口接入類型為access[Switch-GigabitEthernet0/0/2]portdefaultvlan2//配置接口加入VLAN2[Switch-GigabitEthernet0/0/2]quit[Switch]interfacegigabitethernet0/0/3[Switch-GigabitEthernet0/0/3]portlink-typeaccess[Switch-GigabitEthernet0/0/3]portdefaultvlan3[Switch-GigabitEthernet0/0/3]quit#配置上行連接路由器的接口。[Switch]interfacegigabitethernet0/0/1[Switch-GigabitEthernet0/0/1]portlink-typetrunk[Switch-GigabitEthernet0/0/1]porttrunkallow-passvlan23//配置接口以trunk方式透傳VLAN2和VLAN3[Switch-GigabitEthernet0/0/1]quit2、配置路由器路由器的配置有兩種方式，配置子接口進行通信或者配置VLANIF接口進行通信，兩種方式選擇其一即可。配置路由器通過子接口終結VLAN，實現跨網段的三層轉發。#配置終結子接口。system-view[Huawei]sysnameRouter[Router]vlanbatch23[Router]interfacegigabitethernet0/0/1.1[Router-GigabitEthernet0/0/1.1]dot1qterminationvid2[Router-GigabitEthernet0/0/1.1]ipaddress192.168.1.124[Router-GigabitEthernet0/0/1.1]arpbroadcastenable//缺省狀態下，AR路由器終結子接口的ARP廣播功能在V200R003C01之前版本處于未使能狀態，在V200R003C01及之后版本處于使能狀態[Router-GigabitEthernet0/0/1.1]quit[Router]interfacegigabitethernet0/0/1.2[Router-GigabitEthernet0/0/1.2]dot1qterminationvid3[Router-GigabitEthernet0/0/1.2]ipaddress192.168.2.124[Router-GigabitEthernet0/0/1.2]arpbroadcastenable[Router-GigabitEthernet0/0/1.2]quit#配置DHCP功能，為內網用戶分配IP地址和指定DNS服務器地址。[Router]dhcpenable[Router]interfacegigabitethernet0/0/1.1[Router-GigabitEthernet0/0/1.1]dhcpselectinterface//DHCP使用接口地址池的方式為內網用戶分配IP地址[Router-GigabitEthernet0/0/1.1]dhcpserverdns-list114.114.114.114223.5.5.5//配置的DNS-List114.114.114.114是公用的DNS服務器地址，是不區分運營商的。在實際應用中，請根據運營商分配的DNS進行配置[Router-GigabitEthernet0/0/1.1]quit[Router]interfacegigabitethernet0/0/1.2[Router-GigabitEthernet0/0/1.2]dhcpselectinterface[Router-GigabitEthernet0/0/1.2]dhcpserverdns-list114.114.114.114223.5.5.5[Router-GigabitEthernet0/0/1.2]quit#配置公網接口的IP地址和靜態路由。[Router]interfacegigabitethernet0/0/2[Router-GigabitEthernet0/0/2]ipaddress200.0.0.2255.255.255.0//配置連接公網的接口GE0/0/2的IP地址200.0.0.2[Router-GigabitEthernet0/0/2]quit[Router]iproute-static0.0.0.00.0.0.0200.0.0.1//配置靜態缺省路由的下一跳指向公網提供的IP地址200.0.0.1#配置NAT功能，使內網用戶可以訪問外網。[Router]aclnumber2001[Router-acl-basic-2001]rule5permitsource192.168.0.00.0.255.255//NAT轉換只對源IP地址是192.168.0.0/16網段的生效，并在接口GE0/0/2的出方向進行轉換[Router-acl-basic-2001]quit[Router]interfacegigabitethernet0/0/2[Router-GigabitEthernet0/0/2]natoutbound2001[Router-GigabitEthernet0/0/2]quit配置路由器通過配置VLANIF接口，實現跨網段的三層轉發。#配置VLANIF接口。system-view[Huawei]sysnameRouter[Router]vlanbatch23[Router]interfacegigabitethernet0/0/1[Router-GigabitEthernet0/0/1]portswitch//將以太網接口從三層模式切換到二層模式。如果接口已經是二層模式，跳過該步驟[Router-GigabitEthernet0/0/1]portlink-typetrunk[Router-GigabitEthernet0/0/1]porttrunkallow-passvlan23[Router-GigabitEthernet0/0/1]quit[Router]interfacevlanif2[Router-vlanif2]ipaddress192.168.1.124//配置VLANIF2的IP地址作為PC1的網關[Router-vlanif2]quit[Router]interfacevlanif3[Router-vlanif3]ipaddress192.168.2.124//配置VLANIF3的IP地址作為PC2的網關[Router-vlanif3]quit#配置DHCP功能，為內網用戶分配IP地址并指定DNS服務器地址。[Router]dhcpenable[Router]interfacevlanif2[Router-Vlanif2]dhcpselectinterface[Router-Vlanif2]dhcpserverdns-list114.114.114.114223.5.5.5//配置的DNS-List114.114.114.114是公用的DNS服務器地址，是不區分運營商的。在實際應用中，請根據運營商分配的DNS進行配置[Router-Vlanif2]quit[Router]interfacevlanif3[Router-Vlanif3]dhcpselectinterface[Router-Vlanif3]dhcpserverdns-list114.114.114.114223.5.5.5[Router-Vlanif3]quit#配置公網接口的IP地址和靜態路由。[Router]interfacegigabitethernet0/0/2[Router-GigabitEthernet0/0/2]ipaddress200.0.0.2255.255.255.0[Router-GigabitEthernet0/0/2]quit[Router]iproute-static0.0.0.00.0.0.0200.0.0.1//配置靜態缺省路由的下一跳指向公網提供的IP地址200.0.0.1#配置NAT功能，使內網用戶可以訪問外網。[Router]aclnumber2001[Router-acl-basic-2001]rule5permitsource192.168.0.00.0.255.255//NAT轉換只對源IP地址是192.168.0.0/16網段的生效，并在接口GE0/0/2的出方向進行轉換[Router-acl-basic-2001]quit[Router]interfacegigabitethernet0/0/2[Router-GigabitEthernet0/0/2]natoutbound2001[Router-GigabitEthernet0/0/2]quit3、檢查配置結果配置PC1的IP地址為192.168.1.2/24，網關為192.168.1.1；PC2的IP地址為192.168.2.2/24，網關為192.168.2.1。配置外網PC的IP地址為200.0.0.1/24，網關為200.0.0.2。配置完成后，PC1和PC2都可以Ping通外網的IP200.0.0.1/24，PC1和PC2都可以訪問Internet。配置文件Switch的配置文件#sysnameSwitch#vlanbatch2to3#interfaceGigabitEthernet0/0/1portlink-typetrunkporttrunkallow-passvlan2to3#interfaceGigabitEthernet0/0/2portlink-typeaccessportdefaultvlan2#interfaceGigabitEthernet0/0/3portlink-typeaccessportdefaultvlan3#returnRouter的配置文件（路由器通過子接口進行三層轉發的配置文件）#sysnameRouter#vlanbatch2to3#dhcpenable#aclnumber2001rule5permitsource192.168.0.00.0.255.255#interfaceGigabitEthernet0/0/1#interfaceGigabitEthernet0/0/1.1dot1qterminationvid2ipaddress192.168.1.1255.255.255.0arpbroadcastenabledhcpselectinterfacedhcpserverdns-list114.114.114.114223.5.5.5#interfaceGigabitEthernet0/0/1.2dot1qterminationvid3ipaddress192.168.2.1255.255.255.0arpbroadcastenabledhcpselectinterfacedhcpserverdns-list114.114.114.114223.5.5.5#interfaceGigabitEthernet0/0/2ipaddress200.0.0.2255.255.255.0natoutbound2001#iproute-static0.0.0.00.0.0.0200.0.0.1#returnRouter的配置文件（路由器通過VLANIF接口進行三層轉發的配置文件）#sysnameRouter#vlanbatch2to3#dhcpenable#aclnumber2001rule5permitsource192.168.0.00.0.255.255#interfaceVlanif2ipaddress192.168.1.1255.255.255.0dhcpselectinterfacedhcpserverdns-list114.114.114.114223.5.5.5#interfaceVlanif3ipaddress192.168.2.1255.255.255.0dhcpselectinterfacedhcpserverdns-list114.114.114.114223.5.5.5#interfaceGigabitEthernet0/0/1portswitchportlink-typetrunkporttrunkallow-passvlan2to3#interfaceGigabitEthernet0/0/2ipaddress200.0.0.2255.255.255.0natoutbound2001#iproute-static0.0.0.00.0.0.0200.0.0.1#return