取消
显示结果 
搜索替代 
您的意思是: 
cancel
6500
查看次数
0
有帮助
3
回复

CISCO 2921路由和2960交换连接,VLAN互访

dakaiyan
Level 1
Level 1
大体网络拓扑
CISCO2960X连接公网和软路由(翻墙),再连接路由器CISCO2921,具体配置如下:
从配置看,CISCO2921没有启用单臂路由,CISCO2960是二层交换不能VLAN无法互访,但网段VLAN19能够pingVLAN15VLAN19也能访问VLAN8,是怎么实现的?
1、外网交换机_CISCO2960X_配置如下:
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 主机名
boot-start-marker
boot-end-marker
enable secret 5 密码
username cisco password 0 密码
no aaa new-model
clock timezone QD 8 0
no ip domain-lookup
vtp mode transparent
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 2,8,10,15,19-20,30
interface FastEthernet0
no ip address
shutdown
interface GigabitEthernet0/1
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/2
switchport accessvlan 15
interface GigabitEthernet0/3
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/4
switchport accessvlan 15
interface GigabitEthernet0/5
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/6
switchport accessvlan 15
spanning-tree portfast
interface GigabitEthernet0/7
switchport accessvlan 2
switchport modeaccess
spanning-treeportfast
interface GigabitEthernet0/8
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/9
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/10
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/11
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/12
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/13
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/14(连接软路由内网网口)
descriptionTO_RouterOS
switchport mode trunk
interface GigabitEthernet0/15
switchport accessvlan 15
spanning-tree portfast
interface GigabitEthernet0/16
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/17
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/18
switchport accessvlan 15
spanning-tree portfast
interface GigabitEthernet0/19
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/20
switchport mode trunk
interface GigabitEthernet0/21
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/22
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/23
switchport accessvlan 15
interface GigabitEthernet0/24
switchport accessvlan 15
spanning-treeportfast
interface GigabitEthernet0/25
switchport accessvlan 15
interface GigabitEthernet0/26(连接外网联通)
switchport accessvlan 8
switchport modeaccess
spanning-treeportfast
interface GigabitEthernet0/27
switchport accessvlan 15
interface GigabitEthernet0/28
switchport accessvlan 8
switchport modeaccess
interface GigabitEthernet0/29
switchport accessvlan 15
interface GigabitEthernet0/30
switchport accessvlan 8
switchport modeaccess
interface GigabitEthernet0/31
switchport accessvlan 15
interface GigabitEthernet0/32
switchport accessvlan 8
switchport modeaccess
interface GigabitEthernet0/33
switchport accessvlan 15
interface GigabitEthernet0/34
switchport accessvlan 8
switchport modeaccess
interface GigabitEthernet0/35
switchport accessvlan 15
interface GigabitEthernet0/36(连接软路由外网口)
switchport accessvlan 8
switchport modeaccess
spanning-treeportfast
interface GigabitEthernet0/37
switchport accessvlan 15
interface GigabitEthernet0/38
switchport accessvlan 15
interface GigabitEthernet0/39
switchport accessvlan 15
interface GigabitEthernet0/40
description ToCheJian_2F_1-1702
switchport accessvlan 15
switchport trunknative vlan 15
switchport mode trunk
interface GigabitEthernet0/41
switchport accessvlan 15
!
interface GigabitEthernet0/42
switchport accessvlan 15
interface GigabitEthernet0/43
switchport accessvlan 15
interface GigabitEthernet0/44
descriptionCheJian_3F_1_1702
switchport trunknative vlan 15
switchport mode trunk
interface GigabitEthernet0/45
switchport accessvlan 15
interface GigabitEthernet0/46
switchport accessvlan 15
interface GigabitEthernet0/47
switchport accessvlan 15
interface GigabitEthernet0/48(连接CISCO2921 LNK2 EHWIC口,可能是Gi0/0/2
switchport accessvlan 2
interface GigabitEthernet0/49
interface GigabitEthernet0/50
interface Vlan1
no ip address
shutdown
interface Vlan15
ip address172.31.15.201 255.255.255.0
ip default-gateway 172.31.15.1
ip http server
ip http secure-server
line con 0
line vty 0 4
exec-timeout 15 0
logging synchronous
login local
transport inputtelnet ssh
line vty 5 15
exec-timeout 15 0
logging synchronous
login local
transport inputtelnet ssh
ntp source Vlan15
ntp server 203.158.118.2
ntp server pool.ntp.org
!
pnp profile pnp_cco_profile
transport https hostdevicehelper.cisco.com port 443
end
路由器_CISCO2921K9配置如下:
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 主机名
boot-start-marker
boot system flash0:/c2900-universalk9-mz.SPA.154-3.M7.bin
boot-end-marker
enable secret 4 m5zl0ruywg0JqT2k2JYhhOrGgQlZaJHMjQV.nHrgjDg
no aaa new-model
ip dhcp excluded-address 10.0.145.1
ip dhcp excluded-address 10.0.145.4
ip dhcp pool dhcp
network 10.0.145.0255.255.255.0
default-router10.0.145.1
dns-server 223.5.5.5114.114.114.114
ip dhcp pool wlan19
network 172.31.19.0255.255.255.0
default-router172.31.19.1
dns-server 223.5.5.5114.114.114.114
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
license udi pid CISCO2921/K9 sn FGL172311LP
username cisco secret 4 密码
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassemblyin
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
ip nat inside
ip virtual-reassemblyin
duplex auto
speed auto
interface GigabitEthernet0/0/0
switchport accessvlan 8
no ip address
interface GigabitEthernet0/0/1
no ip address
interface GigabitEthernet0/0/2
switchport accessvlan 2
no ip address
interface GigabitEthernet0/0/3
switchport accessvlan 15
switchport mode trunk
no ip address
interface Vlan1
description JianKong
ip address192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassemblyin
interface Vlan2
descriptionShiPinHuiYi
ip address 10.0.145.1255.255.255.0
ip nat inside
ip virtual-reassemblyin
interface Vlan8
description Waiwang
ip address 公网Ip 公网submask
ip nat outside
ip virtual-reassemblyin
interface Vlan15
ip address172.30.15.1 255.255.255.0
interface Vlan19
ip address172.31.19.1 255.255.255.0
ip nat inside
ip virtual-reassemblyin
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat service allow-h323-keepalive
ip nat service allow-h323-even-rtp-port
ip nat pool cisco 公网ip 公网ip netmask公网subunet
ip nat inside source list 10 pool cisco overload
ip nat inside source static 192.168.1.2 公网ip_ip2
ip nat inside source static 192.168.1.3公网ip_ip3
ip route 0.0.0.0 0.0.0.0 公网gateway
!
access-list 10 permit any
access-list 100 permit ip host 10.0.135.3 host 公网ip_ip3
access-list 100 permit ip host 96.11.26.91 host 公网ip_ip3
!
control-plane
!
line con 0
line aux 0
line 2
noactivation-character
no exec
transport preferrednone
transport output padtelnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 密码
login local
transport input all
line vty 5 15
password 密码
login local
transport input all
scheduler allocate 20000 1000
end
1 个已接受解答

已接受的解答

RenxChen
Spotlight
Spotlight
VLAN是二层的技术,同vlan之间才能建立通讯。
不同vlan之间的通讯,需要网关。只有路由才能互相访问。

在原帖中查看解决方案

3 条回复3

RenxChen
Spotlight
Spotlight
VLAN是二层的技术,同vlan之间才能建立通讯。
不同vlan之间的通讯,需要网关。只有路由才能互相访问。

one-time
Level 13
Level 13
感谢您的提问!稍后会有小伙伴为您解答的!

fortune
VIP Alumni
VIP Alumni
你的路由器有三层交换卡吧
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接