无网关实现VLAN间互通的两个另类方法

VLAN间的互通一般是由路由器或三层交换机作为各自VLAN的网关实现，除此之外还有两种不需要设置网关的方法也可以实现VLAN间的通讯。

方法一：arp-proxy。拓扑图如下：

需要特别说明的地方：

• 不同的VLAN中需要互通的主机必须满足IP在一个网段内。
• 需要在各交换机上开启三层VLAN接口，并确保VLAN接口在协议层是UP的。一般给相应的VLAN接口配置IP地址来实现。
• 在三层的VLAN接口中打开arp-proxy，此VLAN接口收到arp请求的目标IP在其他VLAN时会使用自己的MAC作为回应。
• 开启arp-proxy代理的VLAN接口以代理的方式完成VLAN间的数据通讯。
• 跨VLAN时，只有开启arp-proxy的VLAN可以ping通其他VLAN，没有开启arp-proxy的VLAN不能ping通其他VLAN。

各设备的具体配置如下：

<LSW1>dis current-configuration 
#
sysname LSW1
#
vlan batch 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif20
 ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
 ip address 192.168.3.1 255.255.255.0
 arp-proxy enable
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 30
#

[LSW2]dis current-configuration 
#
sysname LSW2
#
vlan batch 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif20
 ip address 192.168.2.254 255.255.255.0
 arp-proxy enable
#
interface Vlanif30
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#

方法二：使用hybird接口实现不同VLAN互通。

需要特别说明的地方：

• 不需要开启三层VLAN接口
• 基于端口的互通，需要互通的接口都需要untag所有的互通的VLANID
• 无需设置网关

各交换机的具体配置如下：

[LSW1]dis current-configuration 
#
sysname LSW1
#
vlan batch 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/4
 port hybrid pvid vlan 30
 port hybrid untagged vlan 20 30
#

[LSW2]dis current-configuration 
#
sysname LSW2
#
vlan batch 20 30
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password simple admin
 local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
 port hybrid pvid vlan 20
 port hybrid untagged vlan 20 30
#