网络工程 - 实验室的互联网连接 - 吾爱随笔录

实验室的互联网连接

网络工程思科路由

2022-02-26 23:16:54

我正在设置我的 voip 系统，但在启动时遇到了麻烦。
在我的实验室环境中，我有以下内容：

isr4331 router: 10.3.222.100
be6km server: 10.3.222.101
3650 switch:  10.1.222.1
workstation:  10.1.1.1
Internet T-1: 65.xx.xx.xx/30

要安装 be6km，我需要对 be6km 和工作站进行互联网访问。目前我并不担心安全性，因为我有防火墙，一旦配置完成，这一切都会放在后面。

我对路由器的配置：

    !
    !
   interface GigabitEthernet0/0/0
    description ***uplink to 3650-1 10.1.222.1 ***
    ip address 10.3.222.100 255.255.0.0
    negotiation auto
   !
   interface GigabitEthernet0/0/1
    description ****INTERNET*****
    ip address 65.xx.xx.xx 255.255.255.248
    negotiation auto
   !
   interface GigabitEthernet0/0/2
    no ip address
    shutdown
    no negotiation auto
    !
   interface Vlan1
    no ip address
    shutdown
   !
   ip default-gateway 65.xx.xx.xx
   ip forward-protocol nd
   no ip http server
   no ip http secure-server
   ip tftp source-interface GigabitEthernet0
   ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
   !
   !
   !
   !
   !
   control-plane
   !
   !

我的交换机配置

 !
   interface GigabitEthernet0/0
    vrf forwarding Mgmt-vrf
    no ip address
    negotiation auto
   !
   interface GigabitEthernet1/0/1
    description *******TO ISR4331*****
    switchport access vlan 103
    switchport mode access
   !
   interface GigabitEthernet1/0/2
    description ***MAINVOIP*****
    switchport access vlan 103
    switchport mode access
   !
   interface GigabitEthernet1/0/3
    switchport access vlan 103
    switchport mode access
   !

   !
   interface Vlan1
    no ip address
    shutdown
   !
   interface Vlan100
    description COMP Wired Data VLAN
    ip address 10.1.222.1 255.255.0.0
   !
   interface Vlan103
    description COMP Wired VOIP VLAN
    ip address 10.3.222.1 255.255.0.0
    ip helper-address 10.3.222.102
   !
   interface Vlan104
    description COMP Wireless VOIP VLAN
    ip address 10.4.222.1 255.255.0.0
    ip helper-address 10.3.222.102
   !
   interface Vlan105
    description Wireless Data VLAN
    ip address 10.5.222.1 255.255.0.0
    ip helper-address 10.1.7.7
   !
   interface Vlan200
    ip address 65.xx.xx.xx 255.255.255.248
   !
   ip default-gateway 65.xx.xx.xx
   ip forward-protocol nd
   ip http server
   ip http authentication local
   ip http secure-server
   ip route 0.0.0.0 0.0.0.0 65.xx.xx.xx
   !

这是新配置：

   switch 1 provision ws-c3650-48pd
   !
   !
   !
   !
   !
   ip routing
   !
   !

   !
   !
   interface GigabitEthernet0/0
    description Trunk to 3650-1
    vrf forwarding Mgmt-vrf
    no ip address
    negotiation auto
   !
   interface GigabitEthernet1/0/1
    description Link to ISR4331
    no switchport
    ip address 10.0.0.2 255.255.255.252
   !
   interface GigabitEthernet1/0/2
    description ***MAINVOIP*****
    switchport access vlan 103
    switchport mode access
   !
   interface GigabitEthernet1/0/3
    switchport access vlan 100
    switchport mode access

   interface Vlan1
    no ip address
    shutdown
   !
   interface Vlan100
    description COMP Wired Data VLAN
    ip address 10.1.222.1 255.255.0.0
    ip helper-address 10.1.7.7
   !
   interface Vlan103
    description COMP Wired VOIP VLAN
    ip address 10.3.222.1 255.255.0.0
    ip helper-address 10.3.222.102
   !
   interface Vlan104
    description COMP Wireless VOIP VLAN
    ip address 10.4.222.1 255.255.0.0
    ip helper-address 10.3.222.102
   !
   interface Vlan105
    description Wireless Data VLAN
    ip address 10.5.222.1 255.255.0.0
    ip helper-address 10.1.7.7
   !
   router ospf 1
    auto-cost reference-bandwidth 100000
    network 0.0.0.0 255.255.255.255 area 0
   !
   ip forward-protocol nd
   ip http server
   ip http authentication local
   ip http secure-server
   !
   ip access-list extended AutoQos-4.0-Acl-Default
    permit ip any any
   !
   logging trap debugging
   logging host 10.1.10.117
   !

路由器

   !
   !
   !
   interface GigabitEthernet0/0/0
    description Link to 3650-1
    ip address 10.0.0.1 255.255.255.252
    negotiation auto
   !
   interface GigabitEthernet0/0/1
    description ****INTERNET*****
    ip address 65.xx.xx.xx 255.255.255.248
    negotiation auto
   !
   interface GigabitEthernet0/0/2
    no ip address
    shutdown
    no negotiation auto
   !
   interface Service-Engine0/1/0
   !
   interface Service-Engine0/2/0
   !
   interface Service-Engine0/4/0
   !
   interface Service-Engine1/0/0
   !
   interface GigabitEthernet0
    vrf forwarding Mgmt-intf
    no ip address
    shutdown
    negotiation auto
   !
   interface Vlan1
    no ip address
    shutdown
   !
   router ospf 1
    auto-cost reference-bandwidth 100000
    passive-interface GigabitEthernet0/0/1
    network 0.0.0.0 255.255.255.255 area 0
    default-information originate
   !
   ip forward-protocol nd
   no ip http server
   no ip http secure-server
   ip tftp source-interface GigabitEthernet0
   ip route 0.0.0.0 0.0.0.0 65.xx.218.193
   !
   !
   !

    !
    !
    !
    !
   !
   mgcp behavior rsip-range tgcp-only
   mgcp behavior comedia-role none
   mgcp behavior comedia-check-media-src disable
   mgcp behavior comedia-sdp-force disable
   !
   mgcp profile default
   !
   !
   !
   !
   !
   !
   line con 0
    stopbits 1
   line aux 0
    stopbits 1
   line vty 0 4
    login
   !
   !
   end

1个回答

您没有为 VLAN 100、104、105 和 200 进行路由。有几种方法可以做到这一点。

路由器上的路由：

路由器配置：

interface GigabitEthernet0/0/0
 description Trunk to 3650-1
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.100
 encapsulation dot1Q 100
 ip address 10.1.222.100 255.255.0.0
 ip helper-address 10.3.222.102
!
interface GigabitEthernet0/0/0.103
 encapsulation dot1Q 103
 ip address 10.3.222.100 255.255.0.0
 ip helper-address 10.3.222.102
!
interface GigabitEthernet0/0/0.104
 encapsulation dot1Q 104
 ip address 10.4.222.100 255.255.0.0
 ip helper-address 10.3.222.102
!
interface GigabitEthernet0/0/0.105
 encapsulation dot1Q 105
 ip address 10.5.222.100 255.255.0.0
 ip helper-address 10.3.222.102
!
ip route 0.0.0.0 0.0.0.0 65.xx.218.193
!
no ip default-gateway 65.xx.218.193
! Don't use the default gateway command for a router that is routing. You use the default route. The router *is* the gateway.

主机网关（包括交换机）应设置为正确 VLAN 的路由器地址。

开关配置：

interface GigabitEthernet1/0/1
 description Trunk to ISR4331
 switchport mode trunk
 switchport nonegotiate
!
interface Vlan100
 description COMP Wired Data VLAN
 ip address 10.1.222.1 255.255.0.0
!
interface Vlan103
 description COMP Wired VOIP VLAN
 no ip address
!
interface Vlan104
 description COMP Wireless VOIP VLAN
 ip address 10.4.222.1 255.255.0.0
 no ip address
!
interface Vlan105
 description Wireless Data VLAN
 ip address 10.5.222.1 255.255.0.0
 no ip address
!
ip default-gateway 10.1.222.100
!
no interface Vlan200
! The network cannot be defined on both the switch and the router if separated by layer-3.

或者，如果是三层交换机，你可以在交换机上做局域网路由，但是互联网是在路由器上路由的：

路由器配置：

interface GigabitEthernet0/0/0
 description Link to 3650-1
 ip address 10.0.0.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 65.xx.218.193
!
no ip default-gateway 65.xx.218.193
! Don't use the default gateway command for a router that is routing. You use the default route. The router *is* the gateway.
router ospf 1
 log-adjacency-changes
 auto-cost reference-bandwidth 100000
 passive interface GigabitEthernet0/0/1
 network 0.0.0.0 255.255.255.255 area 0
 default-information originate

开关配置：

ip routing
!
interface GigabitEthernet1/0/1
 description Link to ISR4331
 no switchport
 ip address 10.0.0.2 255.255.255.252
!
no interface Vlan200
! The network cannot be defined on both the switch and the router if separated by layer-3.
!
no ip default-gateway 65.xx.218.193
no ip route 0.0.0.0 0.0.0.0 65.xx.218.193
!
router ospf 1
 log-adjacency-changes
 auto-cost reference-bandwidth 100000
 network 0.0.0.0 255.255.255.255 area 0

除了 OSPF，您可以使用其他路由协议，或使用无法扩展的静态路由。

主机网关（包括交换机）应设置为正确 VLAN 的交换机 VLAN 地址。

编辑：

由于您尚未配置 NAT，因此这是一种方法：

路由器配置：

interface GigabitEthernet0/0/0
 description Link to 3650-1
 ip address 10.0.0.1 255.255.255.252
 ip nat inside
!
interface GigabitEthernet0/0/1
 description ****INTERNET*****
 ip address 65.xx.218.195 255.255.255.248
 ip nat outside
!
ip nat inside source list 10 interface GigabitEthernet0/0/1 overload
!
access-list 10 permit 10.0.0.0 0.255.255.255
!

这会将任何10.0.0.0/8地址转换为分配给您的 Internet 接口 ( GigabitEthernet0/0/1) 的公共 Internet 地址。

其它你可能感兴趣的问题

上一篇何时在 RSTP 中使用提案和协议标志下一篇增加 2960 交换机上的输出下降