我正在使用 ASA5520 到 Cisco 2960X 交换机设置新的远程办公室设置。我在内部对 ASA 进行了子接口,以允许有线和无线子网。在 2960 上,我为有线创建了一个 Vlan 100,为无线创建了一个 Vlan 200。我可以从 ASA 向下游 ping 通到 Vlan100 和 Vlan200 的交换机。
在交换机上,我可以通过 vlan100 ping 上游到 ASA,因为它位于同一子网上,但我无法从 vlan 200 ping 上游。我想也许 ip route 语句可以工作,但仍然不行。感谢您的任何见解。
作为一个
interface GigabitEthernet0/0
description INSIDE
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.1
vlan 100
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/0.2
vlan 200
nameif Wireless
security-level 100
ip address 192.168.3.1 255.255.255.0
2960X
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
最多 1/0/44 相同
interface GigabitEthernet1/0/45
description WIRELESS WAPS
switchport trunk native vlan 100
switchport mode trunk
spanning-tree portfast
!
` interface GigabitEthernet1/0/46
description WIRELESS WAPS
switchport trunk native vlan 100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/47
description Connection to ASA
switchport mode trunk
!
interface GigabitEthernet1/0/48
description X-Connect to Sw2
switchport mode trunk
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.2.5 255.255.255.0
!
interface Vlan200
ip address 192.168.3.5 255.255.255.0
!
ip default-gateway 192.168.2.1
ip http server
ip http secure-server
!
ip route 192.168.3.0 255.255.255.0 192.168.2.1``