文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Cisco 1921上VLAN之间的路由选择

Cisco 1921上VLAN之间的路由选择
EN

Network Engineering用户
提问于 2017-11-01 18:23:11
回答 1查看 1K关注 0票数 3

我已经为正在安装的VoIP手机安装了一个新的VLAN。我想将他们的流量分割到10.20.77.0/24号子网。我向DHCP服务器添加了一个IP地址10.20.77.11,以帮助为此VLAN提供DHCP通信量。当我将笔记本电脑连接到此VLAN上的开关端口时,它不会获取IP地址,我也无法在DHCP服务器的地址10.20.77.11上进行平分。我认为我有一个ACL或NAT问题,但我不了解思科足够的故障排除在我自己。

路由器在运行Config

代码语言:javascript
复制
Current configuration : 6198 bytes
!
! Last configuration change at 10:09:23 gmt Wed Nov 1 2017 by admin
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EASI-FW1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
ethernet lmi ce
clock timezone gmt -8 0
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name contoso.local
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
license udi pid CISCO1921/K9 sn 
!
!
!
redundancy
!
!
!
!
lldp run
!
!
class-map match-any Voice
 match protocol sip
 match protocol rtp audio
class-map match-any QoS-Bulk
 match protocol secure-nntp
 match protocol smtp
 match protocol tftp
 match protocol ftp
class-map match-any QoS-Management
 match protocol snmp
 match protocol dns
 match protocol secure-imap
class-map match-any QoS-Inter-Video
 match protocol rtp video
class-map match-any QoS-Voice-Control
 match access-group name Voice-Control
!
policy-map QOS
 class Voice
  priority percent 25
  set dscp ef
 class QoS-Inter-Video
  bandwidth remaining percent 10
  set dscp af41
 class QoS-Bulk
  bandwidth remaining percent 5
  random-detect dscp-based
  set dscp af11
 class QoS-Management
  bandwidth remaining percent 1
  set dscp cs2
 class QoS-Voice-Control
  priority percent 5
  set dscp ef
 class class-default
  fair-queue
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.1
 description LAN
 encapsulation dot1Q 1 native
 ip address 10.20.75.1 255.255.255.0
 ip access-group Local in
 ip access-group Local out
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map LAN
!
interface GigabitEthernet0/0.76
 description SteelNet76
 encapsulation dot1Q 76
 ip address 10.20.76.1 255.255.255.0
 ip access-group Local in
 ip access-group Local out
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map WLAN76
!
interface GigabitEthernet0/0.200
 description Voice
 encapsulation dot1Q 200
 ip address 10.20.77.1 255.255.255.0
 ip access-group Local in
 ip access-group Local out
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map SIP200
!
interface GigabitEthernet0/1
 description TelusWAN
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 10.20.75.11 443 interface GigabitEthernet0/1 443
ip nat inside source static tcp 10.20.75.11 987 interface GigabitEthernet0/1 987
ip nat inside source static tcp 10.20.75.11 1723 interface GigabitEthernet0/1 1723
ip nat inside source route-map LAN interface GigabitEthernet0/1 overload
ip nat inside source route-map SIP200 interface GigabitEthernet0/1 overload
ip nat inside source route-map WLAN76 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 track 1
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
ip access-list extended LAN
 permit ip 10.20.75.0 0.0.0.255 any
 deny   ip any any
ip access-list extended SIP200
 permit ip 10.20.77.0 0.0.0.255 any
 deny   ip any any
ip access-list extended WLAN76
 permit ip 10.20.76.0 0.0.0.255 any
 deny   ip any any
!
!
route-map WLAN76 permit 20
 match ip address WLAN76
 set interface GigabitEthernet0/1
 set default interface GigabitEthernet0/1
!
route-map LAN permit 10
 match ip address LAN
 set interface GigabitEthernet0/1
 set default interface GigabitEthernet0/1
!
route-map SIP200 permit 30
 match ip address SIP200
 set interface GigabitEthernet0/1
 set default interface GigabitEthernet0/1
!
!
access-list 23 permit XXX.XX.XXX.196
access-list 23 permit 10.20.75.0 0.0.0.255
access-list 24 permit 10.20.77.0 0.0.0.255
access-list 120 permit ip 0.0.0.11 255.255.255.0 any
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

EASI-FW1#

路线图应该指定Gi0/1的子接口吗?

cisco
router
vlan
cisco-ios
dhcp
EN

回答 1

Network Engineering用户

回答已采纳

发布于 2017-11-01 18:36:50

听起来您的DHCP服务器只是在同一个VLAN上使用一个辅助地址作为其主地址。那是行不通的。您可以简单地为DHCP中继添加一个辅助地址。例如:

代码语言:javascript
复制
interface GigabitEthernet0/0.200
 description Voice
 encapsulation dot1Q 200
 ip address 10.20.77.1 255.255.255.0
 ip helper-address 10.20.75.11
!

这将在10.20.77.0/24网络上向10.20.75.11的DHCP服务器发送任何DHCP请求,并将来自服务器的任何响应发送回原始网络。如果在DHCP服务器上配置了正确的DHCP范围,那么一切都应该正常工作。

这样做就不需要DHCP服务器在10.20.77.0/24网络上有一个地址,所以您可以删除二级寻址。

如果您想要DHCP服务器上的辅助地址,那么您需要在交换机和服务器上设置一个主干接口。

票数 3
EN
页面原文内容由Network Engineering提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://networkengineering.stackexchange.com/questions/45397

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档