防火墙和思科三层交换机之间无法使用Panabit？？紧急求助啊！

gaara8811

原帖由 panabit 于 2012-9-25 10:05 发表


我们这边不太好找到测试环境，而且那部分代码没有变动，所以没有测试。

我们正在测试。

测试好了吗?

aura327

有人是三层交换机的连接吗

panabit

原帖由 gaara8811 于 2012-9-27 09:30 发表


测试好了吗?

你在命令行下执行：

ifconfig ifname -vlanhwtag

其中ifname为数据接口名称，针对每个数据接口，都执行一次。

allenpeng

我的环境很你的应该一样
外网------CISCO ASA5510防火墙--------Panabit--------CISCO 3550---------VLAN 内网 2层接入交换机-----------桌面

其中 CISCO 3550 交换机划分了7个VLAN，各VLAN从 3550上获得IP地址，最终通过3550连接到防火墙出去。
发现我这里也没有过多的设置什么，貌似下面的ip route 是关键

ip classless
ip forward-protocol spanning-tree
ip forward-protocol udp mobile-ip
ip route 0.0.0.0 0.0.0.0 192.168.251.254 （ASA5510的内网口IP）
ip http server

allenpeng

原帖由 allenpeng 于 2012-10-8 18:08 发表
我的环境很你的应该一样
外网------CISCO ASA5510防火墙--------Panabit--------CISCO 3550---------VLAN 内网 2层接入交换机-----------桌面

其中 CISCO 3550 交换机划分了7个VLAN，各VLAN从 3550上获得IP地址， ...

这是我的3550的配置，请参考。（VLAN有7个，VLAN2 也就是很防火墙内网连接的端口所在的是 VLAN，VLAN的地址是192.168.251.244）
Building configuration...

Current configuration : 5343 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname gpcn-core
!
enable secret 5 $1$sG.i$bU5zwvRF/NPa6F0NA99hR0
!
errdisable recovery cause loopback
ip subnet-zero
ip routing
ip dhcp excluded-address 192.168.10.101 192.168.10.254
ip dhcp excluded-address 192.168.20.101 192.168.20.254
ip dhcp excluded-address 192.168.30.101 192.168.30.254
ip dhcp excluded-address 192.168.40.101 192.168.40.254
ip dhcp excluded-address 192.168.50.101 192.168.50.254
ip dhcp excluded-address 192.168.60.101 192.168.60.254
ip dhcp excluded-address 192.168.251.101 192.168.251.254
ip dhcp excluded-address 192.168.251.59 192.168.251.61
!
ip dhcp pool vlan10
   network 192.168.10.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.10.254
!
ip dhcp pool vlan20
   network 192.168.20.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.20.254
!
ip dhcp pool vlan40
   network 192.168.40.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.40.254
!
ip dhcp pool vlan50
   network 192.168.50.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.50.254
!
ip dhcp pool vlan60
   network 192.168.60.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.60.254
!
ip dhcp pool vlan2
   network 192.168.251.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.251.244
!
ip dhcp pool vlan30
   network 192.168.30.0 255.255.255.0
   dns-server 192.168.251.252
   default-router 192.168.30.254
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
interface Port-channel1
switchport mode dynamic desirable
!
interface FastEthernet0/1
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 60
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 60
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 50
switchport mode access
channel-group 1 mode desirable non-silent
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/6
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 40
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
!
interface Vlan2
description Servers
ip address 192.168.251.244 255.255.255.0
!
interface Vlan10
description Client Unit Department
ip address 192.168.10.254 255.255.255.0
!
interface Vlan20
description Server Unit Department
ip address 192.168.20.254 255.255.255.0
!
interface Vlan30
description Quality Assurance Unit Department
ip address 192.168.30.254 255.255.255.0
!
interface Vlan40
description Human Resource Department
ip address 192.168.40.254 255.255.255.0
!
interface Vlan50
description AP & Guest Accessing
ip address 192.168.50.254 255.255.255.0
!
interface Vlan60
description Operation & Method Department
ip address 192.168.60.254 255.255.255.0
!
ip classless
ip forward-protocol spanning-tree
ip forward-protocol udp mobile-ip
ip route 0.0.0.0 0.0.0.0 192.168.251.254
ip http server
!

gaara8811

原帖由 panabit 于 2012-10-8 17:06 发表


你在命令行下执行：

ifconfig ifname -vlanhwtag

其中ifname为数据接口名称，针对每个数据接口，都执行一次。

刚刚试了,没有用
哎 又重新装了次PA

ning235

外网接防火墙，内网接交换机