主干似乎允许所有的vlans
主干似乎允许所有的vlans
提问于 2022-02-25 14:53:48
在一个小型办公网络上得到了一个催化剂2690,其中包括2个vlans,10个和20个,用于局域网和企业wifi的10个,以及20个供客人使用的wifi。
所有局域网端口都配置在访问模式vlan 10上。
接入点端口是中继模式,允许通过10和20个vlan,并且使用vlan 10本机。
连接到互联网的防火墙的端口是中继模式,允许vlan 20和10。
我做了一些测试,并连接到一个端口与vlan 30访问模式,我可以到达互联网或我的防火墙.
我的配置上缺少什么东西吗?为什么我能够到达连接在21端口上的互联网,这使得vlan 30在我的流量上
使用dhcp服务器监听fortinet的2个vlan接口。
Vlan 20似乎正在工作,因为它在此范围内分配ips。
这是我的配置文件
SW-2960-MAD#show running-config
Building configuration...
Current configuration : 6994 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-2960-MAD
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
username cisco privilege 15 password 0
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c2960s-48lps-l
!
!
!
!
crypto pki trustpoint TP-self-signed-2487309184
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2487309184
revocation-check none
rsakeypair TP-self-signed-2487309184
!
!
crypto pki certificate chain TP-self-signed-2487309184
certificate self-signed 01
30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343837 33303931 3834301E 170D3933 30333031 30303033
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383733
30393138 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BBAC 288F7E25 55FA2B7C 0221F097 3AED3F15 4BA07846 973243B1 79DDCBF7
9D4181A4 8843D98A 89EB360A FF60CBF2 EBAF7AD5 B7CC6E50 46EBC53D 41641545
465576AF B7078659 99ED7E2D 4E15CC9F 761D6007 E02B93D3 48E7B658 1F336E07
B1EC8038 0A1E8B48 5E842A7B 094A44BE 276E4B20 D0BCD303 A4D64ED7 5AD1CE63
41790203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
551D1104 10300E82 0C53572D 32393630 2D4D4144 2E301F06 03551D23 04183016
80142D70 963CC149 B3A9F166 B27B63AB B1EEE235 1410301D 0603551D 0E041604
142D7096 3CC149B3 A9F166B2 7B63ABB1 EEE23514 10300D06 092A8648 86F70D01
01040500 03818100 4A53119A DDFC16EB D7524E1D 30958B0D 522639B4 DF155F88
6A7E474F A5E993B0 14923A65 BB22231B AF0385A6 155537F2 0B3B94D1 DB808DDE
41DCA707 EF9CE982 0222D583 DBB6E59A 253E46DF 84594A4C 8F8FB0CA 422FB794
43A1AAD6 C2438736 B2526312 BF18F3FA 95A269B9 EFEAD09F 53D51E8F 786D80F3
E4FE2BEE FC47FE33
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/25
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/26
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/27
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/28
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/29
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/30
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/31
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/32
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/33
switchport trunk native vlan 10
switchport mode trunk
!
interface GigabitEthernet1/0/34
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/35
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/36
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/37
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/38
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/39
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/40
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/41
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/42
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/43
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/44
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/45
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20
switchport mode trunk
shutdown
!
interface GigabitEthernet1/0/46
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/47
description Aruba entrada
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface GigabitEthernet1/0/48
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.5 255.255.255.0
!
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
exec-timeout 0 0
line vty 0 4
password
line vty 5 15
password
!
!
monitor session 1 source interface Gi1/0/47
monitor session 1 destination interface Gi1/0/21 ingress untagged vlan 10
end谢谢
回答 1
Network Engineering用户
回答已采纳
发布于 2022-02-25 16:27:31
默认情况下,switchport mode trunk允许交换机上存在的所有VLAN。
结合在一起
interface GigabitEthernet1/0/21
switchport access vlan 30
switchport mode access该端口通过接口GigabitEthernet1/0/33与VLAN 30连接。如果不想这样,就必须限制每个主干端口上的VLAN连接,比如在GigabitEthernet1/0/45:switchport trunk allowed vlan 10,20上。
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://networkengineering.stackexchange.com/questions/78062
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号