带有2900XL交换机的单端口2600路由器
带有2900XL交换机的单端口2600路由器
提问于 2012-12-04 23:30:48
我有一个设置,其中单个端口2600路由器位于交换机中的端口0/2,外部网络位于端口0/1,其余的(0/3-0/24)应该是由2600路由器管理的第二个网络的客户端。
我配置了两个VLAN:外部100 (0/2-0/24),内部200 (0/1-0/2)。0/2是两个VLAN的主干端口。
问题是我不能同时使用两个VLAN:软件不允许这样做。
现在,我可以将外部网络设备(172.16.7.1,172.16.7.103),甚至google (8.8.8.8)从路由器,但不是交换机。连接上的设备可以正常地获得DHCP租约,但不能在网络之外进行平分,只有路由器- 172.17.7.1和交换机本身,172.17.7.7。
路由器和交换机的配置在这里。,以及下面。
路由器:
rt.throom#sho run
Building configuration...
Current configuration : 1015 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rt.throom
!
enable password To053cret
!
!
!
!
!
no ip subnet-zero
ip dhcp excluded-address 172.17.7.1 172.17.7.2
ip dhcp excluded-address 172.17.7.3 172.17.7.4
ip dhcp excluded-address 172.17.7.5
!
ip dhcp pool VLAN200
network 172.17.7.0 255.255.255.0
default-router 172.17.7.1
dns-server 8.8.8.8
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.100
encapsulation dot1Q 100
ip address 172.16.7.15 255.255.255.0
ip nat outside
!
interface Ethernet0/0.200
encapsulation dot1Q 200
ip address 172.17.7.1 255.255.255.0
ip nat inside
!
router eigrp 20
network 172.16.0.0
network 172.17.0.0
no auto-summary
no eigrp log-neighbor-changes
!
no ip classless
no ip http server
!
access-list 1 permit 172.17.7.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
login
!
end开关:
sw.throom#sho run
Building configuration...
Current configuration:
!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname sw.throom
!
enable password Oh5053cret
!
!
no spanning-tree vlan 100
no spanning-tree vlan 200
ip subnet-zero
!
!
interface VLAN1
no ip address
no ip route-cache
!
interface FastEthernet0/1
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 200
spanning-tree portfast
!
!
line con 0
stopbits 1
line vty 0 4
login
line vty 5 9
login
!
endsho ip route给出:
Gateway of last resort is 172.16.7.1 to network 0.0.0.0
172.17.0.0/24 is subnetted, 1 subnets
C 172.17.7.0 is directly connected, Ethernet0/0.200
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.7.0 is directly connected, Ethernet0/0.100
S* 0.0.0.0/0 [1/0] via 172.16.7.1编辑1:这是起作用的配置:
路由器:
rt#sho run
Building configuration...
Current configuration : 1018 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rt
!
enable password To053cret
!
!
!
!
!
no ip subnet-zero
ip dhcp excluded-address 172.17.7.1 172.17.7.2
ip dhcp excluded-address 172.17.7.3 172.17.7.4
ip dhcp excluded-address 172.17.7.5
!
ip dhcp pool VLAN200
network 172.17.7.0 255.255.255.0
default-router 172.17.7.1
dns-server 8.8.8.8
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.100
encapsulation dot1Q 100
ip address 172.16.7.15 255.255.255.0
ip nat outside
!
interface Ethernet0/0.200
encapsulation dot1Q 200
ip address 172.17.7.1 255.255.255.0
ip nat inside
!
ip nat inside source list 1 interface Ethernet0/0.100 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.7.1
no ip http server
!
access-list 1 permit 172.17.7.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
password To053cret
login
!
end开关:
sw#sho run
Building configuration...
Current configuration:
!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname sw
!
enable password Oh5053cret
!
!
no spanning-tree vlan 100
no spanning-tree vlan 200
ip subnet-zero
ip name-server 8.8.8.8
!
!
interface VLAN1
ip address 172.17.7.7 255.255.255.0
no ip route-cache
shutdown
!
interface VLAN100
no ip route-cache
shutdown
!
interface VLAN200
ip address 172.17.7.7 255.255.255.255
no ip route-cache
!
interface FastEthernet0/1
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 200
spanning-tree portfast
!
ip default-gateway 172.17.7.1
!
line con 0
stopbits 1
line vty 0 4
password Oh5053cret
login
line vty 5 9
login
!
end谢谢大家的帮助!
回答 3
Server Fault用户
回答已采纳
发布于 2012-12-05 00:41:18
由于开关在您的配置中位于内部,它需要一个默认路径才能到达外部设备,就像内部的任何设备一样。在第三层(TCP/IP),交换机的作用就像普通的设备。
Server Fault用户
发布于 2012-12-04 23:36:43
- 为什么要将外部网络连接到交换机而不是路由器?
- 如果您指的是将ip地址分配给多个VLAN,那么您是正确的。该模型交换机只支持用于管理目的的ip地址,并且只允许为一个VLAN分配ip地址。至于VLAN本身,它当然支持拥有多个。
- 它是一个第二层交换机,因此不支持SVI (InterVLAN路由),因此只允许您为一个VLAN分配一个ip地址。来管理开关。
编辑1
我很抱歉没能早点发现这一点。外部路由器有172.17网络的路由吗?您已经在内部路由器上启用了EIGRP,但是没有通过EIGRP学习到的路由(从内部路由器输出的sh ip路由就是证明),这意味着外部路由器可能在其172.17网络的路由表中没有路由。如果外部路由器没有到172.17网络的路由,那么它就不能回复(或路由流量)回172.17网络。
编辑2
问题出在这里。再一次,我很抱歉没有早点抓到它。有时候显而易见的事情我们都逃不掉。
- D路由器只知道它直接连接到的网络.它不直接连接到172.17网络,因此不知道如何将流量路由到该网络。您需要将inside配置为通过内部路由器为172.17网络路由流量。
- 要使EIGRP工作,两个路由器都必须使用和参与EIGRP。您的doesn路由器绝对不使用EIGRP,因此它没有通过内部路由器到达172.17网络的路由。这方面的证据是,内部路由器并没有在它的路由表中显示任何EIGRP学习的路由。这意味着它不会收到来自D-链路路由器的EIGRP路由表更新.因为D-链路路由器不使用EIGRP。
因此,回顾一下:您需要通过内部路由器在D链路路由器上为172.17网络配置一条路由。
Server Fault用户
发布于 2012-12-05 03:25:25
您的NAT配置不做任何事情,我猜外部设备不能路由回172.17.1.0/24网络
需要翻译172.17.1.0/24至172.16.17.15
IP Nat内部源列表1接口ETH 0/0.100
让它旋转一下--一些来自路由器的显示命令会很有趣。
Sh传输
Sh路由
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/455109
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号