网络工程 - 无法连接到 VLAN 中的单个 IP 地址 - 吾爱随笔录

我有 3650 交换机，其中包含 VLAN 数量，我无法从特定 VLAN 连接到一个 IP 地址。但是路由配置正确，并且没有应用 ACL。甚至终端设备也没有任何额外的配置。终端设备是服务器，甚至防火墙也关闭了。

我无法登录192.168.2.10 (VLAN Y) from VLAN X

访问控制列表

10 deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
20 permit ip any any

SVI

interface VlanX
 ip address 192.168.15.253 255.255.255.0
 ip helper-address 192.168.2.13
 ip helper-address 192.168.2.12
!

interface VlanY
 ip address 192.168.2.253 255.255.255.0

路由

3650E#sh running-config | s ip ro
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 172.25.20.0 255.255.255.0 192.168.2.9
ip route 192.168.1.0 255.255.255.0 192.168.2.9
ip route 192.168.2.0 255.255.255.0 Vlan130
alias exec sir show ip route

接口 VLANX

3650#sh interfaces vlan 170
Vlan170 is up, line protocol is up
  Hardware is Ethernet SVI, address is 707d.b99f.9dc0 (bia 707d.b99f.9dc0)

  Internet address is 192.168.15.253/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 289000 bits/sec, 74 packets/sec
  5 minute output rate 844000 bits/sec, 84 packets/sec
     19196205 packets input, 3953954717 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     27249461 packets output, 34700295919 bytes, 0 underruns
     0 output errors, 2 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

接口 VLANY

3650#sh interfaces vlan 130
Vlan130 is up, line protocol is up
  Hardware is Ethernet SVI, address is 707d.b99f.9dfe (bia 707d.b99f.9dfe)
  Internet address is 192.168.2.253/24
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 21/255, rxload 4/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 17100000 bits/sec, 3322 packets/sec
  5 minute output rate 83756000 bits/sec, 9216 packets/sec
     478013275 packets input, 314465949967 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     1008540150 packets output, 915840064290 bytes, 0 underruns
     0 output errors, 2 interface resets
     12153 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

我可以从 VLAN X ping VLAN Y 中除 192.168.2.10 之外的所有 IP 地址。