配置Sonicwall将VLAN流量路由到internet
配置Sonicwall将VLAN流量路由到internet
提问于 2012-10-05 16:04:56
我有一个Sonicwall 2400,它的配置重置,我有困难重新配置它。
Sonicwall的广域网端口(X1)连接到互联网。它的局域网端口(X0)连接到我连接的3Com 4500 G交换机(第3层启用)(集群?)另一个3 3Com 4500交换机。
交换机指定3个VLAN:
VLAN1 --数据VLAN --如果有什么用的话,用得不多
VLAN2 -语音VLAN - VoIP手机在这里连接。计算机通过他们的电话连接到网络。
VLAN4094 --路由VLAN --似乎被用来将网络流量路由到internet (?)
3 3Com 4500 G
这是直接连接到Sonicwall NSA 2400的交换机
4500 G组态
#
sysname #############
#
dhcp relay server-group 0 ip 192.168.10.4
dhcp relay server-group 0 ip 192.168.11.10
#
domain default enable system
#
local-server nas-ip 127.0.0.1 key 3com
#
telnet server enable
#
undo cluster enable
#
igmp-snooping
#
vlan 1
description Data VLAN
igmp-snooping enable
#
vlan 11
description Voice VLAN
#
vlan 4094
description Routing VLAN
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user admin
service-type telnet terminal
level 3
local-user manager
password simple manager
service-type telnet terminal
level 2
local-user monitor
password simple monitor
service-type telnet terminal
level 1
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.10.1 255.255.255.0
dhcp select relay
dhcp relay server-select 0
#
interface Vlan-interface11
ip address 192.168.11.1 255.255.255.0
dhcp select relay
dhcp relay server-select 0
#
interface Vlan-interface4094
ip address 192.168.255.2 255.255.255.0
rip poison-reverse
rip version 2 multicast
#
interface GigabitEthernet1/0/1
port access vlan 4094
broadcast-suppression pps 3000
undo jumboframe enable
description Uplink to SonicWALL
stp edged-port enable
#
interface GigabitEthernet1/0/2
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/3
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/4
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/5
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/6
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/7
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/8
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/9
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/10
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/11
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/12
port link-type trunk
port trunk permit vlan all
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/13
port access vlan 11
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/14
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/15
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/16
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/17
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/18
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/19
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/20
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/21
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/22
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/23
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/25
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
interface GigabitEthernet1/0/26
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
interface GigabitEthernet1/0/27
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
interface GigabitEthernet1/0/28
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
rip 1
undo summary
version 2
network 192.168.10.0
network 192.168.11.0
network 192.168.255.0
import-route direct
#
snmp-agent
snmp-agent local-engineid 8000002B0300247310B641
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
dhcp enable
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return4500 G路由表
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 Direct 0 0 192.168.10.1 Vlan1
192.168.10.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.11.0/24 Direct 0 0 192.168.11.1 Vlan11
192.168.11.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.255.0/24 Direct 0 0 192.168.255.2 Vlan4094
192.168.255.2/32 Direct 0 0 127.0.0.1 InLoop03 3Com 4500
这是连接VoIP系统的开关
4500配置
#
sysname ############
#
local-server nas-ip 127.0.0.1 key 3com
#
igmp-snooping enable
#
radius scheme system
#
domain system
#
local-user admin
service-type ssh telnet terminal
level 3
local-user manager
password simple manager
service-type ssh telnet terminal
level 2
local-user monitor
password simple monitor
service-type ssh telnet terminal
level 1
#
acl number 4999
rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
#
vlan 1
igmp-snooping enable
#
vlan 11
description Voice VLAN
#
vlan 4094
description Routing VLAN
#
interface Vlan-interface1
description Data vlan
#
interface Vlan-interface4094
ip address 192.168.255.3 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
poe enable
stp edged-port enable
broadcast-suppression pps 3000
port access vlan 11
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/2
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/3
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/4
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/5
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/6
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/7
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/8
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/9
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/10
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/11
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/12
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/13
poe enable
stp edged-port enable
broadcast-suppression pps 3000
port access vlan 11
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/14
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/15
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/16
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/17
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/18
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/19
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/20
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/21
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/22
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/23
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/24
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface GigabitEthernet1/0/25
port link-type trunk
port trunk permit vlan all
shutdown
#
interface GigabitEthernet1/0/26
port link-type trunk
port trunk permit vlan all
shutdown
#
interface GigabitEthernet1/0/27
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/28
port link-type trunk
port trunk permit vlan all
#
undo xrn-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Siemens AG phone
voice vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone
voice vlan mac-address 0013-1900-0000 mask ffff-ff00-0000 description Cisco 7960 phone
voice vlan mac-address 0015-2b00-0000 mask ffff-ff00-0000 description Cisco 7940 phone
voice vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips and NEC AG phone
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.2 preference 60
#
snmp-agent
snmp-agent local-engineid 8000002B00247373B0406877
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
user-interface aux 0 7
authentication-mode scheme
screen-length 22
user-interface vty 0 4
authentication-mode scheme
#
return 4500路由表
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
0.0.0.0/0 STATIC 60 0 192.168.255.2 Vlan-interface4094
127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.255.0/24 DIRECT 0 0 192.168.255.3 Vlan-interface4094
192.168.255.3/32 DIRECT 0 0 127.0.0.1 InLoopBack0声墙
的现状
- Sonicwall成功地连接到了互联网上。
- Sonicwall的局域网端口(X0)配置为: IP: 192.168.255.1掩码: 255.255.255.0
- 局域网端口(X0) X0:V1 IP: 192.168.10.1掩码: 255.255.255.0 XO:V11 IP: 192.168.11.1掩码: 255.255.255.0
- 在Sonicwall上启用了DHCP,每个X0接口在其子网中都有一个范围。
- 静态IP已分配给4500 G交换机(不确定是否需要):192.168.255.2
Things与Sonicwall
一起尝试
- 设置为DHCP中继服务器IP地址的XO子接口IP地址分别位于4500 G开关配置中: 192.168.10.4和192.168.11.10。
- 在Sonicwall中设置ARP条目以拦截发送到VLAN接口的数据包并将它们路由到Sonicwall网关
我想要实现的
我想让VLAN11连接到互联网(如果可能的话,VLAN1也是)。我希望电话系统一旦完成就能继续工作。
我希望保持开关设置的原样,因为它们仍然应该按照网络正常运行时的方式配置。
到目前为止,这可能是相当明显的,但我是一个新手,一个VLAN和防火墙。有人对如何让我的VLAN连接到互联网有什么建议吗?
回答 1
Server Fault用户
发布于 2012-10-09 17:47:40
我让它起作用了。
首先,它是一个硬件问题,
我有一个廉价的Linksys开关,插入了Sonicwall的局域网(X0)端口。3Com 4500 G开关和我的笔记本电脑连接到便宜的-o开关。这样,开关和我的笔记本电脑都可以连接到Sonicwall上的局域网(X0)端口。
事实证明,3 3Com交换机是插入到一个坏端口上的廉价-o开关,使软件设置无法正确测试。我在便宜的交换机上把3 3Com换到了另一个端口。
,然后我必须设置路线,
在Sonicwall上,我配置了两条路由,以便发送给VLAN 1或VLAN 11 IP地址的任何流量都通过VLAN 4094路由。
然后,在3 3Com交换机上,我设置了一条通向Sonicwall IP的静态路由,有效地告诉交换机,如果它不知道在哪里发送,就将流量发送到Sonicwall。
随着这一组合到位,流量开始正确地上上下下,并在整个网络。
注意:我可以在Sonicwall上启用RIP,并将Sonicwall IP广播到3 3Com交换机作为默认路由,而不是在交换机上设置静态路由。它最终会出现在交换机路由表上的同一个位置,据推测它会做同样的事情。我可能最终会启用RIP并禁用当前的静态路由,但它目前正在工作,所以我将暂时不使用它。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/435287
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号