Cisco 3560 交换机 Vlaning 问题

网络工程 思科 转变 局域网
2022-02-15 16:49:43

我正在尝试将门对讲机连接到 fastethernet 0/1,然后 8 个用户连接到 fe 0/2-fe 0/9 并让每个用户访问第一个端口(0/1)而不让他们互相访问。我已经在 Packet Tracer 中实现了代码,它在那里运行良好。但不幸的是,在我的 Cisco 3560 24PS-S 上它不起作用。你能帮我解决和解决这个问题吗?谢谢。

Switch#show running-config 
Building configuration...

Current configuration : 2589 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!         
!         
!         
!         
!         
spanning-tree mode pvst
spanning-tree extend system-id
!         
vlan internal allocation policy ascending
!         
!         
!         
!         
interface FastEthernet0/1
 no switchport
 ip address 192.168.10.2 255.255.255.252
!         
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
!         
interface FastEthernet0/3
 switchport access vlan 20
 switchport mode access
!         
interface FastEthernet0/4
 switchport access vlan 30
 switchport mode access
!         
interface FastEthernet0/5
 switchport access vlan 40
 switchport mode access
!         
interface FastEthernet0/6
 switchport access vlan 50
 switchport mode access
!         
interface FastEthernet0/7
 switchport access vlan 60
 switchport mode access
!         
interface FastEthernet0/8
 switchport access vlan 70
 switchport mode access
!         
interface FastEthernet0/9
 switchport access vlan 80
 switchport mode access
!             
interface Vlan1
 no ip address
 shutdown 
!         
interface Vlan10
 ip address 192.168.10.6 255.255.255.252
 ip access-group 101 in
!         
interface Vlan20
 ip address 192.168.10.10 255.255.255.252
 ip access-group 101 in
!         
interface Vlan30
 ip address 192.168.10.14 255.255.255.252
 ip access-group 101 in
!         
interface Vlan40
 ip address 192.168.10.18 255.255.255.252
 ip access-group 101 in
!         
interface Vlan50
 ip address 192.168.10.22 255.255.255.252
 ip access-group 101 in
!         
interface Vlan60
 ip address 192.168.10.26 255.255.255.252
 ip access-group 101 in
!         
interface Vlan70
 ip address 192.168.10.30 255.255.255.252
 ip access-group 101 in
!         
interface Vlan80
 ip address 192.168.10.34 255.255.255.252
 ip access-group 101 in
!                 
ip classless
ip http server
no ip http secure-server
!         
!         
access-list 101 permit ip any host 192.168.10.3
!         
!         
!         
line con 0
line vty 0 4
 login    
line vty 5 15
 login    
!         
end       

Switch#

显示版本的输出:

Switch#show version 
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 03-Mar-14 22:36 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Switch uptime is 2 hours, 24 minutes
System returned to ROM by power-on
System image file is "flash:c3560-ipservicesk9-mz.122-55.SE9/c3560-ipservicesk9-mz.122-55.SE9.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560-24PS (PowerPC405) processor (revision M0) with 131072K bytes of memory.
Processor board ID CAT0929Z00J
Last reset from power-on
10 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:14:F2:B4:32:00
Motherboard assembly number     : 73-9673-06
Power supply part number        : 341-0029-03
Motherboard serial number       : CAT09290NPC
Power supply serial number      : LIT092300JT
Model revision number           : M0
Motherboard revision number     : A0
Model number                    : WS-C3560-24PS-S
System serial number            : CAT0929Z00J
Top Assembly Part Number        : 800-25861-03
Top Assembly Revision Number    : A0
Version ID                      : V05
CLEI Code Number                : COM1X00ARB
Hardware Board Revision Number  : 0x01


Switch Ports Model              SW Version            SW Image                 
------ ----- -----              ----------            ----------               
*    1 26    WS-C3560-24PS      12.2(55)SE9           C3560-IPSERVICESK9-M     


Configuration register is 0xF

Switch#
1个回答

您在 Fa0/1 (192.168.10.2/30) 上的地址是前缀 192.168.10.0/30 的一部分。该接口上的另一个可用主机地址是 192.168.10.1。您已允许到该网络上的广播地址 (192.168.10.3) 的流量。确保主机(您的对讲机)在 192.168.10.1 上并相应地调整 ACL 101。

顺便说一下,看看 PVLAN 功能,因为它可能使这个设计更容易。您可以将所有端口放入同一个 VLAN(因此所有端口都在同一个子网中),将用户端口设置为隔离,将内部通信设置为混杂,您将实现相同的目标。

其它你可能感兴趣的问题
上一篇如何找到哪个端口有静态IP 下一篇“3D 通用边缘路由器”是什么意思?