中继似乎允许所有vlan

网络工程 思科 局域网 交换
2022-02-24 13:54:59

在一个包含 2 个 vlan、10 和 20、10 个用于局域网和公司 wifi 以及 20 个客人 wifi 的小型办公网络上获得了催化剂 2690。

所有局域网端口都配置在访问模式 vlan 10

接入点端口为中继模式,允许通过 10 和 20 个 vlan,并使用 vlan 10 本机

连接到互联网的防火墙的端口是中继模式,允许 vlan 20 和 10

我做了一些测试,在连接到具有 vlan 30 访问模式的端口后,我能够访问互联网或我的防火墙......

我的配置中是否缺少任何内容?为什么我能够访问连接在端口 21 上的互联网,这将 vlan 30 置于我的流量上

使用 dhcp 服务器在 fortinet 上侦听了 2 个 vlan 接口。

Vlan 20 似乎正在工作,因为它在该范围内分配 ips。

这是我的配置文件

https://pastebin.com/CabUydrJ

SW-2960-MAD#show running-config
Building configuration...

Current configuration : 6994 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-2960-MAD
!
boot-start-marker
boot-end-marker
!
enable secret 5 
enable password 
!
username cisco privilege 15 password 0 
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c2960s-48lps-l
!
!
!
!
crypto pki trustpoint TP-self-signed-2487309184
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2487309184
 revocation-check none
 rsakeypair TP-self-signed-2487309184
!
!
crypto pki certificate chain TP-self-signed-2487309184
 certificate self-signed 01
  30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32343837 33303931 3834301E 170D3933 30333031 30303033
  31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383733
  30393138 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BBAC 288F7E25 55FA2B7C 0221F097 3AED3F15 4BA07846 973243B1 79DDCBF7
  9D4181A4 8843D98A 89EB360A FF60CBF2 EBAF7AD5 B7CC6E50 46EBC53D 41641545
  465576AF B7078659 99ED7E2D 4E15CC9F 761D6007 E02B93D3 48E7B658 1F336E07
  B1EC8038 0A1E8B48 5E842A7B 094A44BE 276E4B20 D0BCD303 A4D64ED7 5AD1CE63
  41790203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
  551D1104 10300E82 0C53572D 32393630 2D4D4144 2E301F06 03551D23 04183016
  80142D70 963CC149 B3A9F166 B27B63AB B1EEE235 1410301D 0603551D 0E041604
  142D7096 3CC149B3 A9F166B2 7B63ABB1 EEE23514 10300D06 092A8648 86F70D01
  01040500 03818100 4A53119A DDFC16EB D7524E1D 30958B0D 522639B4 DF155F88
  6A7E474F A5E993B0 14923A65 BB22231B AF0385A6 155537F2 0B3B94D1 DB808DDE
  41DCA707 EF9CE982 0222D583 DBB6E59A 253E46DF 84594A4C 8F8FB0CA 422FB794
  43A1AAD6 C2438736 B2526312 BF18F3FA 95A269B9 EFEAD09F 53D51E8F 786D80F3
  E4FE2BEE FC47FE33
  quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/3
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/6
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/7
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/8
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/9
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/10
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/11
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/12
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/13
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/14
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/15
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/17
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/18
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/23
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/24
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/25
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/26
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/27
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/28
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/29
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/30
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/31
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/32
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/33
 switchport trunk native vlan 10
 switchport mode trunk
!
interface GigabitEthernet1/0/34
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/35
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/36
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/37
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/38
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/39
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/40
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/41
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/42
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/43
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/44
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/45
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20
 switchport mode trunk
 shutdown
!
interface GigabitEthernet1/0/46
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/47
 description Aruba entrada
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20
 switchport mode trunk
!
interface GigabitEthernet1/0/48
 switchport trunk allowed vlan 10,20
 switchport mode trunk
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.10.5 255.255.255.0
!
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
 exec-timeout 0 0
line vty 0 4
 password 
line vty 5 15
 password 
!
!
monitor session 1 source interface Gi1/0/47
monitor session 1 destination interface Gi1/0/21 ingress untagged vlan 10
end

谢谢

1个回答

switchport mode trunk默认情况下允许交换机上存在的所有 VLAN。

结合

interface GigabitEthernet1/0/21
 switchport access vlan 30
 switchport mode access

该端口通过接口与 VLAN 30 相连GigabitEthernet1/0/33如果您不希望您必须限制每个中继端口上的 VLAN 连接,例如 on GigabitEthernet1/0/45: switchport trunk allowed vlan 10,20

其它你可能感兴趣的问题
上一篇路由器可以得到大小超过 1500 字节的数据包? 下一篇使用下一跳 IP 地址配置静态路由的命令有哪些?