取消
显示结果 
搜索替代 
您的意思是: 
cancel
4343
查看次数
0
有帮助
8
回复

3650核心交换机堆叠后连接防火墙

seasonli72658
Spotlight
Spotlight
175605t8i4xv9r9ilgyrg7.png
我的200.1和200.1两台3650做了堆叠,然后我的2911路由和ASA5515防火墙怎么接到堆叠交换机上呢,大家有什么好的方案麻烦告诉我,哪种方案好一些呢麻烦分享给我谢谢。
8 条回复8

防火墙也是可以做portchannel的

YilinChen
Spotlight
Spotlight
链路聚合呀,2911和ASA5515都是2根线分别接到已经堆叠的二台交换机上

seasonli72658
Spotlight
Spotlight
YilinChen 发表于 2019-10-11 09:23
链路聚合呀,2911和ASA5515都是2根线分别接到已经堆叠的二台交换机上

ASA5515防火墙
interface Port-channel2
no switchport
ip address 10.99.201.1 255.255.255.248
interface GigabitEthernet0/0
nameif inside1
security-level 100
channel-group 2 mode active
policy-route route-map rmap-to-Liantong

interface GigabitEthernet0/5
nameif inside1
security-level 100
channel-group 2 mode active
policy-route route-map rmap-to-Liantong
2911路由器
interface Port-channel3
no switchport
ip address 10.99.203.1 255.255.255.248
nterface GigabitEthernet0/0
no switchport
no ip address
channel-group 3 mode active

interface GigabitEthernet0/2
no switchport
no ip address
channel-group 3 mode active
3650核心交换机
interface Port-channel2
no switchport
ip address 10.99.201.4 255.255.255.248
interface GigabitEthernet1/0/18
no switchport
no ip address
channel-group 2 mode active

interface Port-channel3
no switchport
ip address 10.99.203.4 255.255.255.248
interface GigabitEthernet1/0/23
no switchport
no ip address
channel-group 3 mode active

interface GigabitEthernet2/0/23
no switchport
no ip address
channel-group 3 mode active
interface GigabitEthernet2/0/18
no switchport
no ip address
channel-group 2 mode active
配置这样写可以吗,但是我写完后,我的防火墙可以ping通堆叠交换机,但是堆叠交换机ping不通防火墙呢网也不通

wyc_chao
Spotlight
Spotlight
防火墙是不是禁PING了;P

yanglei
Level 1
Level 1
交换机路由怎么配置的

seasonli72658
Spotlight
Spotlight
wyc_chao 发表于 2019-10-11 12:18
防火墙是不是禁PING了

没有禁ping的

seasonli72658
Spotlight
Spotlight
yanglei@kans.cn 发表于 2019-10-11 16:20
交换机路由怎么配置的

ASA5515防火墙
interface Port-channel2
no switchport
ip address 10.99.201.1 255.255.255.248
interface GigabitEthernet0/0
nameif inside1
security-level 100
channel-group 2 mode active
policy-route route-map rmap-to-Liantong
interface GigabitEthernet0/5
nameif inside1
security-level 100
channel-group 2 mode active
policy-route route-map rmap-to-Liantong
2911路由器
interface Port-channel3
no switchport
ip address 10.99.203.1 255.255.255.248
nterface GigabitEthernet0/0
no switchport
no ip address
channel-group 3 mode active
interface GigabitEthernet0/2
no switchport
no ip address
channel-group 3 mode active
3650核心交换机
interface Port-channel2
no switchport
ip address 10.99.201.4 255.255.255.248
interface GigabitEthernet1/0/18
no switchport
no ip address
channel-group 2 mode active
interface Port-channel3
no switchport
ip address 10.99.203.4 255.255.255.248
interface GigabitEthernet1/0/23
no switchport
no ip address
channel-group 3 mode active
interface GigabitEthernet2/0/23
no switchport
no ip address
channel-group 3 mode active
interface GigabitEthernet2/0/18
no switchport
no ip address
channel-group 2 mode active

liu_zhimin
Spotlight
Spotlight
防火墙可能禁PING了,建议你检查业务是否正常,并检查portchannel状态是否正常,谢谢
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接