1. Foreword
We mentioned earlier that the HYBRID mode of switch VLAN can realize cross-VLAN communication, but it must be the IP of the same network segment. When talking about the principle of routers, we said that routers can isolate broadcast domains and connect different network segments together to achieve communication. Obviously, routers can also implement communication between VLANs.
2. Review of networking methods
1. General switch network
All ports of a general switch network are interconnected, and devices on the same IP network segment can communicate with each other directly, but the problem is that when the network scale is large, the intercommunication characteristics of each port will cause broadcast storms, so it is only suitable for small-scale internal networks. .
2. General router + switch network
Routers can isolate broadcast domains and realize communication across network segments, and can be used to connect small networks composed of switches. The structure is clear and simple, and large-scale and cross-domain networks must rely on router connections. However, for an enterprise, the division of subnets depends on the number of routers, and the cost is relatively high.
3. Switch + VLAN networking
VLAN is used in a network composed of switches. When the network is large, the broadcast domain can be isolated without relying on routers. Generally, a company with a slightly larger network will use VLAN, which is the best solution for forming a company intranet. However, the subnets isolated by VLAN cannot communicate with each other, which has become a new problem.
4. New problems
The above three networking methods have their own advantages. Among them, the VLAN networking method is a must-choice solution for the enterprise intranet, but there is a problem with the communication between VLANs. Although we can use the HYBRID mode to realize a few special ports across VLANs, But it is more complicated to use and not suitable for large-scale applications. Obviously the combination of VLAN+router is a good way.
Three, multi-arm routing
Consider the following network structure, PC1 and PC2 are in the same network segment and VLAN, PC3 and PC4 are in the same network segment and VLAN, they can communicate with each other, but they cannot communicate with each other in different VLANs or network segments. At the same time, it should be noted that the G0/0/0 port of router AR1 is in VLAN 10, and the G0/0/1 port is in VLAN 30. The PC data of the same VLAN can reach the corresponding port of the router.
After configuring as shown in the figure, we check the routing table of router AR1, and we will find that it has direct routes to the 192.168.1.0 network segment and 192.168.3.0 network segment by default, that is, these two network segments are connected by the router .
At this time, if we use PC1 to ping PC3, we will find that it can be pinged through, and its communication path is shown in the figure below. It should be noted that PC1 and PC3 need to configure their default gateways (Gateway).
The simple process is as follows:
1. PC1 finds that the target IP is not in the same network segment, so it wants to throw the data to its default gateway
2. PC1 first uses the ARP protocol to find the default gateway, and its broadcast packets can be propagated in VLAN10, so G0/0/0 of the router can be found to be its default gateway, and switches LSW1 and LSW2 will generate corresponding MAC address tables.
3. After PC1 finds its default gateway, it throws the data to AR1. After receiving the data, AR1 finds that the network segment of the target IP is 192.168.3.0, so the router checks its routing table and finds that the target network segment is in G0/0/ 1 port.
4. Therefore, the router will use the ARP protocol on the G0/0/1 port to find the target IP. Since they are all in VLAN30, they can be found normally. At the same time, LSW2 and LSW3 will generate corresponding MAC address tables.
5. Finally, the router sends the data through the G0/0/1 port, and the switch will transfer the data to the correct PC according to the MAC address table.
6. The ACCESS port and TRUNK port also played an important role in this process. For example, the ARP packet path between PC1 and AR1 can be shown as follows.
Four, one-arm routing
The multi-arm routing above can connect different VLANs to achieve communication between VLANs, but the obvious problem is that one VLAN needs to occupy one port of the router, so it is not economically cost-effective (the ports of the router are more expensive), so there are Is there a solution that doesn't take up so many ports? This will use the sub-interface of the router, and the sub-interface seems to be used exclusively for inter-VLAN communication.
Subinterface configuration on AR1:
interface GigabitEthernet 0/0/1 #Clear the previous configuration first
undo ip address
quit
interface GigabitEthernet 0/0/0 #Clear the previous configuration first
undo ip address
quit
interface GigabitEthernet 0/0/0.10 #Create a sub-interface
dot1q termination vid 10 #equivalent to creating access for vlan10
arp broadcast enable #Enable the arp protocol of the sub-interface, the default is off
ip address 192.168.1.254 24
quit
interface GigabitEthernet 0/0/0.30 #Create a sub-interface
dot1q termination vid 30 #equivalent to creating access for vlan30
arp broadcast enable #Enable the arp protocol of the sub-interface, the default is off
ip address 192.168.3.254 24
quit
After configuration, let's look at the routing table and find that both 192.168.1.0 and 192.168.3.0 appear in the routing table.
We also need to modify the switch connected to G0/0/0 to TRUNK mode, finally as shown in the figure below.
In this way, only one port is needed to realize inter-VLAN communication. If there are multiple VLANs, only a few more sub-interfaces need to be opened.
5. Review
In this article, we first reviewed the networking methods mentioned before, raised the problem of inter-VLAN communication, and then talked about using routers to solve the problem of inter-VLAN communication. First, we talked about multi-arm routing, one for each VLAN, but the cost is relatively high. Gao, then I talked about one-arm routing, using router sub-interfaces (sub-ports) to achieve inter-VLAN communication, the effect is the same but the cost is extremely low.