路由器下接有3层交换机的情况 - 思科技术 - 51CTO技术论坛

新新人类

帖子 5
精华 0
无忧币 29
积分 13
阅读权限 20

注册日期 2008-1-31

最后登录 2008-2-2

离线

[查看资料] [发短消息] [Blog]

发表于:2008-1-31 01:28　　标题：路由器下接有3层交换机的情况
＜上一帖 | 下一帖＞

我单位的情况是这样：路由器CISCO2811的一个局域网口F0/0接内网的3560交换机
的g0/7口，另一个局域网口F0/1接外省的企业网A(IP段跟我单位不一样)，一个广
域网口F0/2/0接互联网B。3560下面还接了几个2950，然后是各楼宇的电脑。在
3560划分了VLAN11、VLAN12、VLAN13等，我按照方面的方法做配置，却无法实现
所有电脑都能访问A和B网。只有在将g0/7口划入VLAN11或其他VLAN时，才能使该
VLAN能访问A和B网，而其他VLAN下的电脑均不能访问A和B。未加CISCO2811之前，
3560直接接防火墙出外网了，所有VLAN都能访问外网。路由器下接有3层交换机的情况

附件(查看下载说明): 网络连接简图1.doc (2008-1-31 01:28,大小:28 K)
该附件被下载 10 次您下载该主题帖内所有附件同时将被扣掉2点无忧币　查看分数政策说明

2008-1-31 01:28

1楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-1-31 10:34　 ,被系统奖励 2 点无忧币

我来分析一下：
1、三层交换机上要建N个VLAN，为下面的二层交换机和服务器服务，同时把默认路由送到cisco2811，
2、cisco2811的配置最关键，要启至防火墙的默认路由，至行业网关地址的静态路由，至三层交换机的静态路由（内网网段）

2008-1-31 10:34

2楼

[ 顶部 ]

新新人类

帖子 5
精华 0
无忧币 29
积分 13
阅读权限 20

注册日期 2008-1-31

最后登录 2008-2-2

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-1 10:25　 ,被系统奖励 2 点无忧币

2811做了如下配置:no ip domain lookup
ip domain name yourdomain.com
ip name-server 218.85.157.99
ip name-server 10.12.1.2

interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.14.64.153 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/2/0
ip address 172.16.1.100 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 172.16.1.3
ip route 10.0.0.0 255.0.0.0 10.14.64.1

ip nat pool internet 172.16.1.4 172.16.1.254 netmask 255.255.255.0
ip nat pool atm 10.14.64.2 10.14.64.254 netmask 255.255.255.0
ip nat inside source route-map atm pool atm
ip nat inside source route-map internet pool internet
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
!
route-map internet permit 10
match ip address 100
match interface FastEthernet0/2/0
!
route-map atm permit 10
match ip address 100
match interface FastEthernet0/1

三层交换机的配置,原来都配置好了,直接接防火墙,所有内网IP都可以访问互联网.中间加这个2811后,三层就把路由改了一下,改为ip route 0.0.0.0 0.0.0.0 192.168.1.100
这样的情况,只有192.168.1.0网段的可以访问A和B网.其他不行.
你说的最后一点是回指路由吗?但是3层交换机接2811的那个口是没有配置IP的,如何指?如果我给它配了IP,跟2811的内网口同一网段,那G0/7这个口就不能划分到某个VLAN里了,那那些VLAN如何才能跟G0/7口通呢?
困惑中....

2008-2-1 10:25

3楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-2-1 10:56　 ,被系统奖励 2 点无忧币

你这个..
防火墙的功能是干什么的呢?
1、定义允许访问外网的功能。
2、公网与内网地址转换NAT

你的这个2811，根本不需要做什么NAT，把这些都删了。。
三层交换机，你就做好路由设置就行了。。
接口地址，要启至防火墙的默认路由，至行业网关地址的静态路由，至三层交换机的静态路由（内网网段
）
根本没那么复杂。。。你把自己搞晕了，

三层交换机殖民地2811肯定要分配IP地址啊，

SVI地址。
还不明白，你把的几台设备配置都发给我。。QQ：16398000

2008-2-1 10:56

4楼

[ 顶部 ]

新新人类

帖子 5
精华 0
无忧币 29
积分 13
阅读权限 20

注册日期 2008-1-31

最后登录 2008-2-2

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-1 11:29　 ,被系统奖励 2 点无忧币

2811上不做NAT?那内网的那些192.168....的IP如何能转换为10.14.64....和172.16.1.........呢?

2008-2-1 11:29

5楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-2-1 14:52　 ,被系统奖励 2 点无忧币

走三层路由，就可以互相访问了，没有必要进行NAT吧。
NAT的用途有二，
1、公网与私网IP地址转换
2、特殊原因要求。

2008-2-1 14:52

6楼

[ 顶部 ]

pc新手
技术员

帖子 401
精华 0
无忧币 257
积分 660
阅读权限 30

注册日期 2007-3-15

最后登录 2008-8-9

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-1 19:24　

学习，学习

2008-2-1 19:24

7楼

[ 顶部 ]

mjp12345

新新人类

帖子 54
精华 0
无忧币 309
积分 84
阅读权限 20

注册日期 2006-6-12

最后登录 2008-8-8

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-2 10:05　 ,被系统奖励 2 点无忧币

恩，看了小侠唐在飞的答复明白了，楼主自己把自己搞晕了

2008-2-2 10:05

8楼

[ 顶部 ]

水云阳

新新人类

帖子 36
精华 0
无忧币 35
积分 34
阅读权限 20

注册日期 2008-1-21

最后登录 2008-8-16

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-2 10:06　

学习

2008-2-2 10:06

9楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-2-2 10:31　 ,被系统奖励 2 点无忧币

很简单的一个东西.楼主把自己搞晕了

2008-2-2 10:31

10楼

[ 顶部 ]

mjp12345

新新人类

帖子 54
精华 0
无忧币 309
积分 84
阅读权限 20

注册日期 2006-6-12

最后登录 2008-8-8

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-2 10:39　 ,被系统奖励 2 点无忧币

能把你3560上的配置也放上来么，分析下。。

2008-2-2 10:39

11楼

[ 顶部 ]

新新人类

帖子 5
精华 0
无忧币 29
积分 13
阅读权限 20

注册日期 2008-1-31

最后登录 2008-2-2

离线

[查看资料] [发短消息] [Blog]

发表于:2008-2-2 11:43　 ,被系统奖励 2 点无忧币

是吗?我晕了?可是我怎么总觉得不是呢?我把3560的配置贴上来,请大家看看.
ip subnet-zero
ip routing
!
ip dhcp pool vlan11
network 192.168.11.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.11.1
!
ip dhcp pool vlan51
network 192.168.51.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.51.1
!
ip dhcp pool vlan12
network 192.168.12.0 255.255.255.0
   dns-server 202.101.98.54 202.101.98.55
default-router 192.168.12.1
!
ip dhcp pool vlan13
network 192.168.13.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.13.1
!
ip dhcp pool vlan21
network 192.168.21.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.21.1
!
ip dhcp pool vlan22
network 192.168.22.0 255.255.255.0
   dns-server 202.101.98.54 202.101.98.55
default-router 192.168.22.1
!
ip dhcp pool vlan23
network 192.168.23.0 255.255.255.0
   dns-server 202.101.98.54 202.101.98.55
default-router 192.168.23.1
!
ip dhcp pool vlan31
network 192.168.31.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.31.1
!
ip dhcp pool vlan32
network 192.168.32.0 255.255.255.0
   dns-server 202.101.98.54 202.101.98.55
default-router 192.168.32.1
!
ip dhcp pool vlan33
network 192.168.33.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.33.1
!
ip dhcp pool vlan41
network 192.168.41.0 255.255.255.0
dns-server 202.101.98.54 202.101.98.55
default-router 192.168.41.1
interface Vlan41
  ip address 192.168.41.1 255.255.255.0
ip access-group 41 out
!
interface Vlan42
ip address 192.168.42.1 255.255.255.0
ip access-group 42 out
!
interface Vlan43
  ip address 192.168.43.1 255.255.255.0
ip access-group 43 out
!
interface Vlan51
  ip address 192.168.51.1 255.255.255.0
ip access-group 51 out
!
interface Vlan52
  ip address 192.168.52.1 255.255.255.0
ip access-group 52 out
!
interface Vlan53
  ip address 192.168.53.1 255.255.255.0
ip access-group 53 out
!

ip default-gateway 192.168.1.100
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip http server
!
access-list 11 deny 192.168.12.0 0.0.0.255
access-list 11 deny 192.168.21.0 0.0.0.255
access-list 11 deny 192.168.22.0 0.0.0.255
access-list 11 deny 192.168.23.0 0.0.0.255
access-list 11 deny 192.168.31.0 0.0.0.255
access-list 11 deny 192.168.32.0 0.0.0.255
access-list 11 deny 192.168.33.0 0.0.0.255
access-list 11 deny 192.168.41.0 0.0.0.255
access-list 11 deny 192.168.42.0 0.0.0.255
access-list 11 deny 192.168.43.0 0.0.0.255
access-list 11 deny 192.168.51.0 0.0.0.255
access-list 11 deny 192.168.52.0 0.0.0.255
access-list 11 deny 192.168.53.0 0.0.0.255
access-list 11 permit any
access-list 12 deny 192.168.11.0 0.0.0.255
access-list 12 deny 192.168.21.0 0.0.0.255
access-list 12 deny 192.168.22.0 0.0.0.255
access-list 12 deny 192.168.23.0 0.0.0.255
access-list 12 deny 192.168.31.0 0.0.0.255
access-list 12 deny 192.168.32.0 0.0.0.255
access-list 12 deny 192.168.33.0 0.0.0.255
access-list 12 deny 192.168.41.0 0.0.0.255
access-list 12 deny 192.168.42.0 0.0.0.255
access-list 12 deny 192.168.43.0 0.0.0.255
access-list 12 deny 192.168.51.0 0.0.0.255
access-list 12 deny 192.168.52.0 0.0.0.255
access-list 12 deny 192.168.53.0 0.0.0.255
access-list 12 permit any
access-list 13 deny 192.168.21.0 0.0.0.255
access-list 13 deny 192.168.22.0 0.0.0.255
access-list 13 deny 192.168.23.0 0.0.0.255
access-list 13 deny 192.168.31.0 0.0.0.255
access-list 13 deny 192.168.41.0 0.0.0.255
access-list 13 deny 192.168.32.0 0.0.0.255
access-list 13 deny 192.168.33.0 0.0.0.255
access-list 13 deny 192.168.42.0 0.0.0.255
access-list 13 deny 192.168.43.0 0.0.0.255
access-list 13 deny 192.168.51.0 0.0.0.255
access-list 13 deny 192.168.52.0 0.0.0.255
access-list 13 deny 192.168.53.0 0.0.0.255
access-list 13 deny 192.168.11.0 0.0.0.255
access-list 13 deny 192.168.12.0 0.0.0.255
access-list 13 permit any
access-list 21 deny 192.168.11.0 0.0.0.255
access-list 21 deny 192.168.12.0 0.0.0.255
access-list 21 deny 192.168.13.0 0.0.0.255
access-list 21 deny 192.168.31.0 0.0.0.255
access-list 21 deny 192.168.32.0 0.0.0.255
access-list 21 deny 192.168.33.0 0.0.0.255
access-list 21 deny 192.168.41.0 0.0.0.255
access-list 21 deny 192.168.42.0 0.0.0.255
access-list 21 deny 192.168.43.0 0.0.0.255
access-list 21 deny 192.168.51.0 0.0.0.255
access-list 21 deny 192.168.52.0 0.0.0.255
access-list 21 deny 192.168.53.0 0.0.0.255
access-list 21 permit any
access-list 21 deny 192.168.22.0 0.0.0.255
access-list 22 deny 192.168.11.0 0.0.0.255
access-list 22 deny 192.168.12.0 0.0.0.255
access-list 22 deny 192.168.13.0 0.0.0.255
access-list 22 deny 192.168.21.0 0.0.0.255
access-list 22 deny 192.168.31.0 0.0.0.255
access-list 22 deny 192.168.32.0 0.0.0.255
access-list 22 deny 192.168.33.0 0.0.0.255
access-list 22 deny 192.168.41.0 0.0.0.255
access-list 22 deny 192.168.42.0 0.0.0.255
access-list 22 deny 192.168.43.0 0.0.0.255
access-list 22 deny 192.168.51.0 0.0.0.255
access-list 22 deny 192.168.52.0 0.0.0.255
access-list 22 deny 192.168.53.0 0.0.0.255
access-list 22 permit any
access-list 23 deny 192.168.11.0 0.0.0.255
access-list 23 deny 192.168.12.0 0.0.0.255
access-list 23 deny 192.168.13.0 0.0.0.255
access-list 23 deny 192.168.21.0 0.0.0.255
access-list 23 deny 192.168.22.0 0.0.0.255
access-list 23 deny 192.168.31.0 0.0.0.255
access-list 23 deny 192.168.32.0 0.0.0.255
access-list 23 deny 192.168.33.0 0.0.0.255
access-list 23 deny 192.168.41.0 0.0.0.255
access-list 23 deny 192.168.42.0 0.0.0.255
access-list 23 deny 192.168.43.0 0.0.0.255
access-list 23 deny 192.168.51.0 0.0.0.255
access-list 23 deny 192.168.52.0 0.0.0.255
access-list 23 deny 192.168.53.0 0.0.0.255
access-list 23 permit any
access-list 31 deny 192.168.11.0 0.0.0.255
access-list 31 deny 192.168.12.0 0.0.0.255
access-list 31 deny 192.168.13.0 0.0.0.255
access-list 31 deny 192.168.21.0 0.0.0.255
access-list 31 deny 192.168.22.0 0.0.0.255
access-list 31 deny 192.168.23.0 0.0.0.255
access-list 31 deny 192.168.41.0 0.0.0.255
access-list 31 deny 192.168.42.0 0.0.0.255
access-list 31 deny 192.168.43.0 0.0.0.255
access-list 31 deny 192.168.51.0 0.0.0.255
access-list 31 deny 192.168.52.0 0.0.0.255
access-list 31 deny 192.168.53.0 0.0.0.255
access-list 31 permit any
access-list 31 deny 192.168.32.0 0.0.0.255
access-list 32 deny 192.168.11.0 0.0.0.255
access-list 32 deny 192.168.12.0 0.0.0.255
access-list 32 deny 192.168.13.0 0.0.0.255
access-list 32 deny 192.168.21.0 0.0.0.255
access-list 32 deny 192.168.22.0 0.0.0.255
access-list 32 deny 192.168.23.0 0.0.0.255
access-list 32 deny 192.168.31.0 0.0.0.255
access-list 32 deny 192.168.41.0 0.0.0.255
access-list 32 deny 192.168.42.0 0.0.0.255
access-list 32 deny 192.168.43.0 0.0.0.255
access-list 32 deny 192.168.51.0 0.0.0.255
access-list 32 deny 192.168.52.0 0.0.0.255
access-list 32 deny 192.168.53.0 0.0.0.255
access-list 32 permit any
access-list 33 deny 192.168.11.0 0.0.0.255
access-list 33 deny 192.168.12.0 0.0.0.255
access-list 33 deny 192.168.13.0 0.0.0.255
access-list 33 deny 192.168.21.0 0.0.0.255
access-list 33 deny 192.168.22.0 0.0.0.255
access-list 33 deny 192.168.23.0 0.0.0.255
access-list 33 deny 192.168.31.0 0.0.0.255
access-list 33 deny 192.168.32.0 0.0.0.255
access-list 33 deny 192.168.41.0 0.0.0.255
access-list 33 deny 192.168.42.0 0.0.0.255
access-list 33 deny 192.168.43.0 0.0.0.255
access-list 33 deny 192.168.51.0 0.0.0.255
access-list 33 deny 192.168.52.0 0.0.0.255
access-list 33 deny 192.168.53.0 0.0.0.255
access-list 33 permit any
access-list 41 deny 192.168.11.0 0.0.0.255
access-list 41 deny 192.168.12.0 0.0.0.255
access-list 41 deny 192.168.13.0 0.0.0.255
access-list 41 deny 192.168.21.0 0.0.0.255
access-list 41 deny 192.168.22.0 0.0.0.255
access-list 41 deny 192.168.23.0 0.0.0.255
access-list 41 deny 192.168.31.0 0.0.0.255
access-list 41 deny 192.168.32.0 0.0.0.255
access-list 41 deny 192.168.33.0 0.0.0.255
access-list 41 deny 192.168.51.0 0.0.0.255
access-list 41 deny 192.168.52.0 0.0.0.255
access-list 41 deny 192.168.53.0 0.0.0.255
access-list 41 permit any
access-list 41 deny 192.168.42.0 0.0.0.255
access-list 42 deny 192.168.11.0 0.0.0.255
access-list 42 deny 192.168.12.0 0.0.0.255
access-list 42 deny 192.168.13.0 0.0.0.255
access-list 42 deny 192.168.21.0 0.0.0.255
access-list 42 deny 192.168.22.0 0.0.0.255
access-list 42 deny 192.168.23.0 0.0.0.255
access-list 42 deny 192.168.31.0 0.0.0.255
access-list 42 deny 192.168.32.0 0.0.0.255
access-list 42 deny 192.168.33.0 0.0.0.255
access-list 42 deny 192.168.41.0 0.0.0.255
access-list 42 deny 192.168.51.0 0.0.0.255
access-list 42 deny 192.168.52.0 0.0.0.255
access-list 42 deny 192.168.53.0 0.0.0.255
access-list 42 permit any
access-list 43 deny 192.168.11.0 0.0.0.255
access-list 43 deny 192.168.12.0 0.0.0.255
access-list 43 deny 192.168.13.0 0.0.0.255
access-list 43 deny 192.168.21.0 0.0.0.255
access-list 43 deny 192.168.22.0 0.0.0.255
access-list 43 deny 192.168.23.0 0.0.0.255
access-list 43 deny 192.168.31.0 0.0.0.255
access-list 43 deny 192.168.32.0 0.0.0.255
access-list 43 deny 192.168.33.0 0.0.0.255
access-list 43 deny 192.168.41.0 0.0.0.255
access-list 43 deny 192.168.51.0 0.0.0.255
access-list 43 deny 192.168.52.0 0.0.0.255
access-list 43 deny 192.168.53.0 0.0.0.255
access-list 43 permit any
access-list 51 deny 192.168.11.0 0.0.0.255
access-list 51 deny 192.168.12.0 0.0.0.255
access-list 51 deny 192.168.13.0 0.0.0.255
access-list 51 deny 192.168.22.0 0.0.0.255
access-list 51 deny 192.168.21.0 0.0.0.255
access-list 51 deny 192.168.23.0 0.0.0.255
access-list 51 deny 192.168.31.0 0.0.0.255
access-list 51 deny 192.168.32.0 0.0.0.255
access-list 51 deny 192.168.33.0 0.0.0.255
access-list 51 deny 192.168.41.0 0.0.0.255
access-list 51 deny 192.168.42.0 0.0.0.255
access-list 51 deny 192.168.43.0 0.0.0.255
access-list 51 permit any
access-list 51 deny 192.168.52.0 0.0.0.255
access-list 52 deny 192.168.11.0 0.0.0.255
access-list 52 deny 192.168.12.0 0.0.0.255
access-list 52 deny 192.168.13.0 0.0.0.255
access-list 52 deny 192.168.22.0 0.0.0.255
access-list 52 deny 192.168.21.0 0.0.0.255
access-list 52 deny 192.168.23.0 0.0.0.255
access-list 52 deny 192.168.31.0 0.0.0.255
access-list 52 deny 192.168.32.0 0.0.0.255
access-list 52 deny 192.168.33.0 0.0.0.255
access-list 52 deny 192.168.41.0 0.0.0.255
access-list 52 deny 192.168.42.0 0.0.0.255
access-list 52 deny 192.168.43.0 0.0.0.255
access-list 52 deny 192.168.51.0 0.0.0.255
access-list 52 permit any
access-list 53 deny 192.168.11.0 0.0.0.255
access-list 53 deny 192.168.12.0 0.0.0.255
access-list 53 deny 192.168.13.0 0.0.0.255
access-list 53 deny 192.168.22.0 0.0.0.255
access-list 53 deny 192.168.21.0 0.0.0.255
access-list 53 deny 192.168.23.0 0.0.0.255
access-list 53 deny 192.168.31.0 0.0.0.255
access-list 53 deny 192.168.32.0 0.0.0.255
access-list 53 deny 192.168.33.0 0.0.0.255
access-list 53 deny 192.168.41.0 0.0.0.255
access-list 53 deny 192.168.42.0 0.0.0.255
access-list 53 deny 192.168.43.0 0.0.0.255
access-list 53 deny 192.168.51.0 0.0.0.255
access-list 53 deny 192.168.52.0 0.0.0.255
access-list 53 permit any

2008-2-2 11:43

12楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-2-2 15:15　 ,被系统奖励 2 点无忧币

发现问题之所在了..
1,3560配置上起了三层路由,OK!
3560上划发N个VLAN,并指定了SVI OK!
3560把默认路由指向了2811的接口地址192.168.10.100,OK!
这已经符合我前面说的要求..
但是..3560与2811之间互联的接口呢是哪个?我怎么没看到啊?
至少要建一个VLAN,然后在SVI中设置一个IP地址吧,并把这个互联接口划到VLAN里
看你的图,好像这个地址应当是192.168.1.1
但我没看见配置中在哪?哪个接口?

2你的2811上没有至3560的回程路由,,
ip route 0.0.0.0 0.0.0.0 172.16.1.3
ip route 10.0.0.0 255.0.0.0 10.14.64.1
应当再加一条
ip route 192.168.0.0 255.255.0.0 192.168.1.1

要把访问3560下的几个地址段的路由指回来.

[ 本帖最后由小侠唐在飞于 2008-2-2 15:16 编辑 ]

2008-2-2 15:15

13楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-2-2 15:26　 ,被系统奖励 2 点无忧币

QUOTE:

原帖由 sucaac 于 2008-2-1 10:25 发表
三层交换机的配置,原来都配置好了,直接接防火墙,所有内网IP都可以访问互联网.中间加这个2811后,三层就把路由改了一下,改为ip route 0.0.0.0 0.0.0.0 192.168.1.100
这样的情况,只有192.168.1.0网段的可以访问A和B网.其他不行.
你说的最后一点是回指路由吗?但是3层交换机接2811的那个口是没有配置IP的,如何指?如果我给它配了IP,跟2811的内网口同一网段,那G0/7这个口就不能划分到某个VLAN里了,那那些VLAN如何才能跟G0/7口通呢?

帅哥:
1,路由器的IP地址很好设置,只需要在接口中直接设置IP就行了.三层交换机呢,当然也要设置地址.只是不能在接口中设置,必须要在SVI中设置.
建议:3560做如下设置
interface Vlan 100 假设VLAN为100
ip address 192.168.1.1 255.255.255.0

interface FastEthernet0/0 假如是这个口与2811互联.
switchport access vlan 100 要把这个接口划至VLAN100

恭喜,路由器与三层交换互联就可以了.
三层交换机与三层交换机互联的时候方法一样,只是两个三层交换机互联所属VLAN属于一样..

当你完成这个工作,你就可以在2811上,做一个静态回程路由了..
ip route 192.168.0.0 255.255.0.0 192.168.1.1

累死

2008-2-2 15:26

14楼

[ 顶部 ]

荣誉会员

帖子 1593
精华 2
无忧币 2517
积分 1864
阅读权限 140
来自 (保密)

注册日期 2006-6-15

最后登录 2008-9-5

在线

[查看资料] [发短消息] [Blog]

[个人主页]

发表于:2008-2-2 15:31　 ,被系统奖励 2 点无忧币

2811就至简单了..我给你做个简单修改.

no ip domain lookup
ip domain name yourdomain.com
ip name-server 218.85.157.99
ip name-server 10.12.1.2

interface FastEthernet0/0
description to_3560
ip address 192.168.1.100 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description to_hangyewangguan
ip address 10.14.64.153 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/2/0
description to_fir-SONIC
ip address 172.16.1.100 255.255.255.0
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 172.16.1.3
ip route 10.0.0.0 255.0.0.0 10.14.64.1
ip route 192.168.0.0 255.255.0.0 192.168.1.1

把与NAT有关的全删了..

1互联接口配置IP
2.设置静态路由至防火墙\ 行业网关\3560
其他的用默认值

另外:考虑至不同设置互联有时间端口协商模式会有问题,建议全部改为100M全双工

[ 本帖最后由小侠唐在飞于 2008-2-2 15:32 编辑 ]