只允许本地 VLAN 的中继端口?

网络工程 思科 转变 局域网 树干
2022-02-07 04:50:38

我正在尝试建立一个访客网络。

我们的交换机(所有 Cisco Catalyst 交换机)的本机 VLAN 从未更改为 1(未标记)。我创建了 VLAN 20 用于访客网络。

我在 Cisco ASA 上使用物理 DMZ 接口作为访客网络的网关/DHCP 服务器。我已经将所有端口连接到无线控制器、接入点和 ASA 接口,并将它们设置为允许 VLAN 20。但是,彼此之间没有任何通信。

我决定通过将笔记本电脑连接到网关接口所连接的同一交换机上的端口来进行故障排除。两个端口都是中继的,并设置为允许 VLAN 1 和 20。端口显示为中继。我手动将机器的 IP 地址设置在与网关接口相同的子网中,但无法 ping。

但是,如果我将 GW 和 PC 的中继端口更改为使用 VLAN 20 作为本机 VLAN,它们确实会说话。我希望能够在所有中继端口上通过两个 VLAN,除了通往网关的一个(我可能会更改为 VLAN 20 的访问端口),因此两个网络都可以通过剩余的中继.

知道我错过了什么吗?自从我设置 VLAN 以来已经有很长一段时间了,我确信我忽略了一些东西,就我而言。

Ron M. - 截至目前,我只是使用一台交换机 Catalyst 3560 进行故障排除。端口 9 连接到 ASA 5512-x 的 DMZ 接口,IP 为 192.168.125.1。该端口是具有本地 VLAN 20 的中继,仅允许使用 VLAN 20。我正在排除故障的 PC 连接到端口 38,设置为中继以允许 VLAN 1 和 20。

Ron T. - 该命令的输出:

sh spanning-tree vlan 20

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    32788
             Address     0035.1aad.eb00
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0035.1aad.eb00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1             Desg FWD 4         128.1    P2p
Gi1/0/2             Desg FWD 19        128.2    P2p
Gi1/0/3             Desg FWD 4         128.3    P2p
Gi1/0/4             Desg FWD 4         128.4    P2p
Gi1/0/5             Desg FWD 4         128.5    P2p
Gi1/0/6             Desg FWD 4         128.6    P2p
Gi1/0/8             Desg FWD 4         128.8    P2p
Gi1/0/9             Desg FWD 4         128.9    P2p

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------

Gi1/0/12            Desg FWD 4         128.12   P2p
Gi1/0/30            Desg FWD 4         128.30   P2p
Gi1/0/38            Desg FWD 4         128.38   P2p
Gi1/0/42            Desg FWD 4         128.42   P2p
Gi1/0/44            Desg FWD 4         128.44   P2p
Gi1/0/46            Desg FWD 4         128.46   P2p
Gi1/0/47            Desg FWD 19        128.47   P2p
Gi1/0/48            Desg FWD 4         128.48   P2p

开关配置:

Building configuration...

Current configuration : 6527 bytes
!
! Last configuration change at 13:46:51 UTC Fri Apr 27 2018
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname MEDFORDCORESWITCH
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
no logging console

no aaa new-model
switch 1 provision ws-c3650-48ps
!
ip domain-name xxx.com
ip device tracking
!
!
!
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
!
ip ssh version 2
!
class-map match-any non-client-nrt-class
  match non-client-nrt
!
policy-map port_child_policy
 class non-client-nrt-class
    bandwidth remaining ratio 10
!
!
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/2
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/3
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/4
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/5
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/6
 switchport trunk native vlan 20
 switchport trunk allowed vlan 20
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/7
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/8
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/9
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/10
 duplex full
!
interface GigabitEthernet1/0/11
 duplex full
!
interface GigabitEthernet1/0/12
 switchport mode trunk
 power inline never
 duplex full
!
interface GigabitEthernet1/0/13
 duplex full
!
interface GigabitEthernet1/0/14
 duplex full
!
interface GigabitEthernet1/0/15
 duplex full
!
interface GigabitEthernet1/0/16
 duplex full
!
interface GigabitEthernet1/0/17
 duplex full
!
interface GigabitEthernet1/0/18
 duplex full
!
interface GigabitEthernet1/0/19
 duplex full
!
interface GigabitEthernet1/0/20
 duplex full
!
interface GigabitEthernet1/0/21
 duplex full
!
interface GigabitEthernet1/0/22
 duplex full
!
interface GigabitEthernet1/0/23
 duplex full
!
interface GigabitEthernet1/0/24
 duplex full
!
interface GigabitEthernet1/0/25
 duplex full
!
interface GigabitEthernet1/0/26
 duplex full
!
interface GigabitEthernet1/0/27
 duplex full
!
interface GigabitEthernet1/0/28
 duplex full
!
interface GigabitEthernet1/0/29
 duplex full
!
interface GigabitEthernet1/0/30
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/31
 duplex full
!
interface GigabitEthernet1/0/32
 duplex full
!
interface GigabitEthernet1/0/33
 duplex full
!
interface GigabitEthernet1/0/34
 duplex full
!
interface GigabitEthernet1/0/35
 duplex full
!
interface GigabitEthernet1/0/36
 duplex full
!
interface GigabitEthernet1/0/37
 duplex full
!
interface GigabitEthernet1/0/38
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/39
 duplex full
!
interface GigabitEthernet1/0/40
 duplex full
!
interface GigabitEthernet1/0/41
 duplex full
!
interface GigabitEthernet1/0/42
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/43
 duplex full
!
interface GigabitEthernet1/0/44
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/45
 duplex full
!
interface GigabitEthernet1/0/46
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/47
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/0/48
 switchport mode trunk
 duplex full
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 ip address 10.10.108.8 255.255.252.0
!
interface Vlan20
 ip address 192.168.125.10 255.255.255.0
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
line con 0
 password 7 046B0A151C361C5C0D4903341A0A0114237B2A3B72
 login
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password 7 1059280D061F3F2E02
 login local
 transport input ssh
line vty 5 15
 password 7 1059280D061F3F2E02
 login local
 transport input ssh
!
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
ap group default-group
end

ASA 配置(修整):

medfordasa5512# sh run
: Saved

:
: Serial Number: xxxxxxxxxx
: Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)
:
ASA Version 9.8(2)20
!
hostname 
enable password 
names
no mac-address auto

!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address x.x.x.x 255.255.224.0 standby x.x.x.x
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 10.10.108.1 255.255.252.0 standby 10.10.108.2
!
interface GigabitEthernet0/2
 nameif dmz
 security-level 50
 ip address 192.168.125.1 255.255.255.0 standby 192.168.125.253
!
interface GigabitEthernet0/3
 nameif point-to-point
 security-level 100
 ip address 172.16.10.2 255.255.255.0 standby 172.16.10.3
!
interface GigabitEthernet0/4
 description LAN Failover Interface
!
interface GigabitEthernet0/5
 description STATE Failover Interface
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 no ip address
!
boot system disk0:/asa982-20-smp-k8.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network tierpoint-lan
 subnet 10.20.10.0 255.255.255.0
object network tp-anyconnect
 subnet 10.50.50.0 255.255.255.0
object network everett
 subnet 10.1.0.0 255.255.252.0
object-group service Security-Ports tcp
 port-object eq 10554
 port-object eq 8000
 port-object eq 8080
 port-object eq https
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any object security object-group Security-Ports
access-list outside_cryptomap extended permit ip 10.10.108.0 255.255.252.0 object winchester-lan
access-list outside_cryptomap_1 extended permit ip 10.10.108.0 255.255.252.0 object providence-lan
access-list outside_cryptomap_2 extended permit ip 10.10.108.0 255.255.252.0 object allston-lan
access-list outside_cryptomap_5 extended permit ip 10.10.108.0 255.255.252.0 object bronx-lan
access-list outside_cryptomap_4 extended permit ip 10.10.108.0 255.255.252.0 object bu-lan
access-list outside_cryptomap_3 extended permit ip 10.10.108.0 255.255.252.0 object beverly-lan
access-list outside_cryptomap_8 extended permit ip 10.10.108.0 255.255.252.0 object ct-370james-lan
access-list outside_cryptomap_6 extended permit ip 10.10.108.0 255.255.252.0 object harvarddef-lan
access-list outside_cryptomap_9 extended permit ip 10.10.108.0 255.255.252.0 object ct-garage-lan
access-list outside_cryptomap_10 extended permit ip 10.10.108.0 255.255.252.0 object smast-lan
access-list outside_cryptomap_11 extended permit ip 10.10.108.0 255.255.252.0 object eprov-brownu-lan
access-list outside_cryptomap_12 extended permit ip 10.10.108.0 255.255.252.0 object everett
access-list outside_cryptomap_15 extended permit ip 10.10.108.0 255.255.252.0 object harvardsackler-lan
access-list outside_cryptomap_13 extended permit ip 10.10.108.0 255.255.252.0 object massport-termb-lan
access-list outside_cryptomap_14 extended permit ip 10.10.108.0 255.255.252.0 object brandeis-lan
access-list outside_cryptomap_20 extended permit ip 10.10.108.0 255.255.252.0 object mit-lan
access-list outside_cryptomap_19 extended permit ip 10.10.108.0 255.255.252.0 object medway-lan
access-list outside_cryptomap_17 extended permit ip 10.10.108.0 255.255.252.0 object sterling-lan
access-list outside_cryptomap_18 extended permit ip 10.10.108.0 255.255.252.0 object needham-lan
access-list outside_cryptomap_16 extended permit ip 10.10.108.0 255.255.252.0 object ngrid-southie-lan
access-list outside_cryptomap_21 extended permit ip 10.10.108.0 255.255.252.0 object massportcu-lan
access-list outside_mpc extended permit ip any any
pager lines 24
logging asdm informational
flow-export destination outside x.x.x.x 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu point-to-point 1500
mtu management 1500
failover
failover lan unit secondary
failover lan interface FailoverLink GigabitEthernet0/4
failover key *****
failover link StatefulFailoverLink GigabitEthernet0/5
failover interface ip FailoverLink 172.16.88.1 255.255.255.0 standby 172.16.88.2
failover interface ip StatefulFailoverLink 172.16.89.1 255.255.255.0 standby 172.16.89.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-791-151.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static winchester-lan winchester-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static providence-lan providence-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static allston-lan allston-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static beverly-lan beverly-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static bu-lan bu-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static bronx-lan bronx-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static harvarddef-lan harvarddef-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static ct-370james-lan ct-370james-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static ct-garage-lan ct-garage-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static smast-lan smast-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static eprov-brownu-lan eprov-brownu-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static everett everett no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static massport-termb-lan massport-termb-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static brandeis-lan brandeis-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static harvardsackler-lan harvardsackler-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static ngrid-southie-lan ngrid-southie-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static sterling-lan sterling-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static needham-lan needham-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static medway-lan medway-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static mit-lan mit-lan no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.10.108.0_22 NETWORK_OBJ_10.10.108.0_22 destination static massportcu-lan massportcu-lan no-proxy-arp route-lookup
!
object network security
 nat (any,any) static 50.225.18.224
!
nat (any,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route point-to-point 10.20.10.0 255.255.255.0 172.16.10.1 5
route outside 10.20.10.0 255.255.255.0 x.x.x.x 20
route point-to-point 10.50.50.0 255.255.255.0 172.16.10.1 10
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http x.x.x.x 255.255.255.255 outside
snmp-server host outside x.x.x.x community ***** version 2c
snmp-server location Medford - 3rd Floor Data Closet
snmp-server contact
snmp-server community *****

crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a

  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 10.10.108.0 255.255.252.0 inside
ssh 0.0.0.0 0.0.0.0 point-to-point
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 10.10.111.1-10.10.111.250 inside
dhcpd dns 10.10.108.5 10.20.10.30 interface inside
dhcpd domain bondbros.com interface inside
dhcpd option 4 ip 10.10.108.5 interface inside
dhcpd option 156 ascii ftpServers=10.20.10.46,configServers=10.20.10.46 interface inside
dhcpd enable inside
!
dhcpd address 192.168.125.50-192.168.125.240 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd enable dmz
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_allston internal
group-policy GroupPolicy_allston attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_needham internal
group-policy GroupPolicy_needham attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_beverly internal
group-policy GroupPolicy_beverly attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_medway internal
group-policy GroupPolicy_medway attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_bronx internal
group-policy GroupPolicy_bronx attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_sterling internal
group-policy GroupPolicy_sterling attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_harvarddef internal
group-policy GroupPolicy_harvarddef attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_providence internal
group-policy GroupPolicy_providence attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_bu internal
group-policy GroupPolicy_bu attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_ctgarage internal
group-policy GroupPolicy_ctgarage attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_brownu internal
group-policy GroupPolicy_brownu attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_massportcu internal
group-policy GroupPolicy_massportcu attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_smast internal
group-policy GroupPolicy_smast attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_everett internal
group-policy GroupPolicy_everett attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_ngrid internal
group-policy GroupPolicy_ngrid attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_mit internal
group-policy GroupPolicy_mit attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_370james internal
group-policy GroupPolicy_370james attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_brandeis internal
group-policy GroupPolicy_brandeis attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_winchester internal
group-policy GroupPolicy_winchester attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
group-policy GroupPolicy_massporttermb internal
group-policy GroupPolicy_massporttermb attributes
 vpn-tunnel-protocol ikev2 l2tp-ipsec
group-policy GroupPolicy_harvardsackler internal
group-policy GroupPolicy_harvardsackler attributes
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
dynamic-access-policy-record DfltAccessPolicy

!
class-map global-class
 match any
class-map inspection_default
 match default-inspection-traffic
class-map outside-class
 match access-list outside_mpc
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
 class global-class
  flow-export event-type all destination 207.x.x.x
policy-map outside-policy
 class outside-class
  sfr fail-open
!
service-policy global_policy global
service-policy outside-policy interface outside
prompt hostname context
call-home reporting anonymous
Cryptochecksum:09f6e7626cfc0128d85c80b24dcbf159
: end
1个回答

根据您的配置,端口 38 是中继。

默认情况下,VLAN 1 是本地的。因此,您的 PC 将看不到来自 VLAN 20 的数据,因为 VLAN 20 已标记,而 PC 不理解标记的 VLAN。

如果您希望您的 PC 在 VLAN 20 上通话,请使其在该端口上本地化,或将端口更改为访问模式并将其分配给 VLAN 20。

其它你可能感兴趣的问题
上一篇如何在 YANG 中定义对同一数据模型的不同视图? 下一篇IPv6 VPN 源地址选择