我们这边不太好找到测试环境,而且那部分代码没有变动,所以没有测试。
我们正在测试。
测试好了吗? 有人是三层交换机的连接吗 原帖由 gaara8811 于 2012-9-27 09:30 发表 http://www.panabit.com/forum/images/common/back.gif
测试好了吗?
你在命令行下执行:
ifconfig ifname -vlanhwtag
其中ifname为数据接口名称,针对每个数据接口,都执行一次。 我的环境很你的应该一样
外网------CISCO ASA5510防火墙--------Panabit--------CISCO 3550---------VLAN 内网 2层接入交换机-----------桌面
其中 CISCO 3550 交换机划分了7个VLAN,各VLAN从 3550上获得IP地址,最终通过3550连接到防火墙出去。
发现我这里也没有过多的设置什么,貌似下面的ip route 是关键
ip classless
ip forward-protocol spanning-tree
ip forward-protocol udp mobile-ip
ip route 0.0.0.0 0.0.0.0 192.168.251.254 (ASA5510的内网口IP)
ip http server 原帖由 allenpeng 于 2012-10-8 18:08 发表 http://www.panabit.com/forum/images/common/back.gif
我的环境很你的应该一样
外网------CISCO ASA5510防火墙--------Panabit--------CISCO 3550---------VLAN 内网 2层接入交换机-----------桌面
其中 CISCO 3550 交换机划分了7个VLAN,各VLAN从 3550上获得IP地址, ...
这是我的3550的配置,请参考。(VLAN有7个,VLAN2 也就是很防火墙内网连接的端口所在的是 VLAN,VLAN的地址是192.168.251.244)
Building configuration...
Current configuration : 5343 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname gpcn-core
!
enable secret 5 $1$sG.i$bU5zwvRF/NPa6F0NA99hR0
!
errdisable recovery cause loopback
ip subnet-zero
ip routing
ip dhcp excluded-address 192.168.10.101 192.168.10.254
ip dhcp excluded-address 192.168.20.101 192.168.20.254
ip dhcp excluded-address 192.168.30.101 192.168.30.254
ip dhcp excluded-address 192.168.40.101 192.168.40.254
ip dhcp excluded-address 192.168.50.101 192.168.50.254
ip dhcp excluded-address 192.168.60.101 192.168.60.254
ip dhcp excluded-address 192.168.251.101 192.168.251.254
ip dhcp excluded-address 192.168.251.59 192.168.251.61
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.10.254
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.20.254
!
ip dhcp pool vlan40
network 192.168.40.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.40.254
!
ip dhcp pool vlan50
network 192.168.50.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.50.254
!
ip dhcp pool vlan60
network 192.168.60.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.60.254
!
ip dhcp pool vlan2
network 192.168.251.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.251.244
!
ip dhcp pool vlan30
network 192.168.30.0 255.255.255.0
dns-server 192.168.251.252
default-router 192.168.30.254
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
interface Port-channel1
switchport mode dynamic desirable
!
interface FastEthernet0/1
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 60
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 60
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 50
switchport mode access
channel-group 1 mode desirable non-silent
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/6
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 40
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
!
interface Vlan2
description Servers
ip address 192.168.251.244 255.255.255.0
!
interface Vlan10
description Client Unit Department
ip address 192.168.10.254 255.255.255.0
!
interface Vlan20
description Server Unit Department
ip address 192.168.20.254 255.255.255.0
!
interface Vlan30
description Quality Assurance Unit Department
ip address 192.168.30.254 255.255.255.0
!
interface Vlan40
description Human Resource Department
ip address 192.168.40.254 255.255.255.0
!
interface Vlan50
description AP & Guest Accessing
ip address 192.168.50.254 255.255.255.0
!
interface Vlan60
description Operation & Method Department
ip address 192.168.60.254 255.255.255.0
!
ip classless
ip forward-protocol spanning-tree
ip forward-protocol udp mobile-ip
ip route 0.0.0.0 0.0.0.0 192.168.251.254
ip http server
! 原帖由 panabit 于 2012-10-8 17:06 发表 http://www.panabit.com/forum/images/common/back.gif
你在命令行下执行:
ifconfig ifname -vlanhwtag
其中ifname为数据接口名称,针对每个数据接口,都执行一次。
刚刚试了,没有用
哎 又重新装了次PA 外网接防火墙,内网接交换机
页:
1
[2]