A Layer 2 switch refers to a switch that can only perform Layer 2 forwarding, but cannot perform Layer 3 forwarding. That is to say, it only supports Layer 2 features and does not support Layer 3 features such as routing.
Layer 2 switches are generally deployed at the access layer and cannot be used as user gateways. Configuration precautions. The switch configuration in this example is applicable to all versions and products of S12700 and S12700E switches. The router configuration in this example uses AR3600 V200R007C00SPCc00 as an example. For configuration methods of other routers, refer to the corresponding documentation guide.
1. Networking requirements
As shown in the figure, a company has multiple departments located on different network segments, and each department needs to access the Internet. Now users are required to access the external network through Layer 2 switches and routers, and routers are required to be the gateways of users. The following figure shows the networking diagram of the Layer 2 switch and router connected to the Internet
Two, configuration ideas
Use the following ideas to configure:
Configure a Layer 2 switch to divide VLAN s based on interfaces to implement Layer 2 forwarding. Configure the router as the user's gateway to implement Layer 3 forwarding across network segments through sub-interfaces or VLANIF interfaces. Configure the router as a DHCP server to assign IP addresses to user PC s. Configure the NAT function of the router so that intranet users can access the external network.
3. Operation steps
3.1 Configure the switch
copy# Configure the interface for downlink users. <HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 2 3 [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type access //Configure the interface access type as access [Switch-GigabitEthernet1/0/2] port default vlan 2 //Configure the interface to join VLAN 2 [Switch-GigabitEthernet1/0/2] quit [Switch] interface gigabitethernet 1/0/3 [Switch-GigabitEthernet1/0/3] port link-type access [Switch-GigabitEthernet1/0/3] port default vlan 3 [Switch-GigabitEthernet1/0/3] quit
copy# Configure the interface connected to the router uplink [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 2 3 //Configure the interface to transparently transmit VLAN 2 and VLAN 3 in trunk mode [Switch-GigabitEthernet1/0/1] quit
3.2 Router configuration
There are two ways to configure the router, configure the sub-interface for communication or configure the VLANIF interface for communication, just choose one of the two ways.
Configure the router to terminate VLAN s through sub-interfaces to implement Layer 3 forwarding across network segments.
copy# Configure the termination sub-interface. <Huawei> system-view [Huawei] sysname Router [Router] vlan batch 2 3 [Router] interface gigabitethernet 0/0/1.1 [Router-GigabitEthernet0/0/1.1] dot1q termination vid 2 [Router-GigabitEthernet0/0/1.1] ip address 192.168.1.1 24 [Router-GigabitEthernet0/0/1.1] arp broadcast enable //By default, the ARP broadcast function of the AR router termination sub-interface is disabled in versions earlier than V200R003C01, and enabled in V200R003C01 and later versions. [Router-GigabitEthernet0/0/1.1] quit [Router] interface gigabitethernet 0/0/1.2 [Router-GigabitEthernet0/0/1.2] dot1q termination vid 3 [Router-GigabitEthernet0/0/1.2] ip address 192.168.2.1 24 [Router-GigabitEthernet0/0/1.2] arp broadcast enable [Router-GigabitEthernet0/0/1.2] quit
copy# Configure the DHCP function to allocate IP addresses and specify DNS server addresses for intranet users. [Router] dhcp enable [Router] interface gigabitethernet 0/0/1.1 [Router-GigabitEthernet0/0/1.1] dhcp select interface //DHCP uses the interface address pool to assign IP addresses to intranet users [Router-GigabitEthernet0/0/1.1] dhcp server dns-list 114.114.114.114 223.5.5.5 //The configured DNS-List 114.114.114.114 is the public DNS server address, which does not distinguish operators. In actual application, please configure according to the DNS assigned by the operator [Router-GigabitEthernet0/0/1.1] quit [Router] interface gigabitethernet 0/0/1.2 [Router-GigabitEthernet0/0/1.2] dhcp select interface [Router-GigabitEthernet0/0/1.2] dhcp server dns-list 114.114.114.114 223.5.5.5 [Router-GigabitEthernet0/0/1.2] quit
copy# Configure the IP address and static route of the public network interface. [Router] interface gigabitethernet 0/0/2 [Router-GigabitEthernet0/0/2] ip address 200.0.0.2 255.255.255.0 //Configure the IP address 200.0.0.2 of the interface GE0/0/2 connected to the public network [Router-GigabitEthernet0/0/2] quit [Router] ip route-static 0.0.0.0 0.0.0.0 200.0.0.1 //Configure the next hop of the static default route to point to the IP address 200.0.0.1 provided by the public network
copy# Configure the NAT function so that intranet users can access the external network. [Router] acl number 2001 [Router-acl-basic-2001] rule 5 permit source 192.168.0.0 0.0.255.255 //NAT translation only takes effect for the network segment whose source IP address is 192.168.0.0/16, and performs translation in the outbound direction of interface GE0/0/2 [Router-acl-basic-2001] quit [Router] interface gigabitethernet 0/0/2 [Router-GigabitEthernet0/0/2] nat outbound 2001 [Router-GigabitEthernet0/0/2] quit
Configure the router by configuring VLANIF interface to implement Layer 3 forwarding across network segments. # Configure VLANIF interfaces.
<Huawei> system-view
[Huawei] sysname Router
[Router] vlan batch 2 3
[Router] interface gigabitethernet 0/0/1
[Router-GigabitEthernet0/0/1] portswitch //Switch the Ethernet interface from Layer 3 mode to Layer 2 mode. If the interface is already in Layer 2 mode, skip this step
[Router-GigabitEthernet0/0/1] port link-type trunk
[Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 3
[Router-GigabitEthernet0/0/1] quit [Router] interface vlanif 2
[Router-vlanif2] ip address 192.168.1.1 24 //Configure the IP address of VLANIF2 as the gateway of PC1
[Router-vlanif2] quit
[Router] interface vlanif 3
[Router-vlanif3] ip address 192.168.2.1 24 //Configure the IP address of VLANIF3 as the gateway of PC2
[Router-vlanif3] quit
copy# Configure the DHCP function to assign IP addresses to intranet users and specify DNS server addresses. [Router] dhcp enable [Router] interface vlanif 2 [Router-Vlanif2] dhcp select interface [Router-Vlanif2] dhcp server dns-list 114.114.114.114 223.5.5.5 //The configured DNS-List 114.114.114.114 is the public DNS server address, which does not distinguish operators. In actual application, please configure according to the DNS assigned by the operator [Router-Vlanif2] quit [Router] interface vlanif 3 [Router-Vlanif3] dhcp select interface [Router-Vlanif3] dhcp server dns-list 114.114.114.114 223.5.5.5 [Router-Vlanif3] quit
copy# Configure the IP address and static route of the public network interface. [Router] interface gigabitethernet 0/0/2 [Router-GigabitEthernet0/0/2] ip address 200.0.0.2 255.255.255.0 [Router-GigabitEthernet0/0/2]quit [Router] ip route-static 0.0.0.0 0.0.0.0 200.0.0.1 //Configure the next hop of the static default route to point to the IP address 200.0.0.1 provided by the public network
copy# Configure the NAT function so that intranet users can access the external network. [Router] acl number 2001 [Router-acl-basic-2001] rule 5 permit source 192.168.0.0 0.0.255.255 //NAT translation only takes effect for the network segment whose source IP address is 192.168.0.0/16, and performs translation in the outbound direction of interface GE0/0/2 [Router-acl-basic-2001] quit [Router] interface gigabitethernet 0/0/2 [Router-GigabitEthernet0/0/2] nat outbound 2001 [Router-GigabitEthernet0/0/2] quit
Check configuration results
Set the IP address of PC1 to 192.168.1.2/24 and the gateway to 192.168.1.1; the IP address of PC2 to 192.168.2.2/24 and the gateway to 192.168.2.1. Configure the IP address of the PC on the external network as 200.0.0.1/24 and the gateway as 200.0.0.2.
After the configuration is complete, both PC1 and PC2 can Ping the IP 200.0.0.1/24 of the external network, and both PC1 and PC2 can access the Internet.
4. Configuration file
Configuration file for Switch
copy# sysname Switch # vlan batch 2 to 3 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/2 port link-type access port default vlan 2 # interface GigabitEthernet1/0/3 port link-type access port default vlan 3 # return
Router configuration file (configuration file for Layer 3 forwarding by the router through sub-interfaces)
copy# sysname Router # vlan batch 2 to 3 # dhcp enable # acl number 2001 rule 5 permit source 192.168.0.0 0.0.255.255 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/1.1 dot1q termination vid 2 ip address 192.168.1.1 255.255.255.0 arp broadcast enable dhcp select interface dhcp server dns-list 114.114.114.114 223.5.5.5 # interface GigabitEthernet0/0/1.2 dot1q termination vid 3 ip address 192.168.2.1 255.255.255.0 arp broadcast enable dhcp select interface dhcp server dns-list 114.114.114.114 223.5.5.5 # interface GigabitEthernet0/0/2 ip address 200.0.0.2 255.255.255.0 nat outbound 2001 # ip route-static 0.0.0.0 0.0.0.0 200.0.0.1 # return
Router configuration file (the configuration file for the router to perform Layer 3 forwarding through the VLANIF interface)
copy# sysname Router # vlan batch 2 to 3 # dhcp enable # acl number 2001 rule 5 permit source 192.168.0.0 0.0.255.255 # interface Vlanif2 ip address 192.168.1.1 255.255.255.0 dhcp select interface dhcp server dns-list 114.114.114.114 223.5.5.5 # interface Vlanif3 ip address 192.168.2.1 255.255.255.0 dhcp select interface dhcp server dns-list 114.114.114.114 223.5.5.5 # interface GigabitEthernet0/0/1 portswitch port link-type trunk port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet0/0/2 ip address 200.0.0.2 255.255.255.0 nat outbound 2001 # ip route-static 0.0.0.0 0.0.0.0 200.0.0.1 # return