我有一个带有 2 个 VLAN 和 2 个 WAN 的 Cisco C891F，每个 VLAN 都有一个路由映射，因此 VLAN1 使用 WAN1，VLAN2 使用 WAN2。

设备在其路由的出站 WAN 接口上正确连接到 Internet。

来自 VLAN1 的设备可以到达 VLAN2 的网关，反之亦然，但它们无法到达来自另一个 VLAN 的设备，执行跟踪路由它通过 WAN 接口发送它们而无法找到目的地，因为它们从路由器外部进入 Internet .

缩略配置：

 !
 ip dhcp excluded-address 10.0.0.1 10.0.0.50
 ip dhcp excluded-address 10.0.1.1 10.0.1.50
 !
 ip dhcp pool vlan1
   network 10.0.0.0 255.255.255.0
   default-router 10.0.0.1
   dns-server 10.0.0.12 10.0.0.10
 !
 ip dhcp pool vlan2
   network 10.0.1.0 255.255.255.0
   default-router 10.0.1.1
   dns-server 10.0.0.12 10.0.0.10
 !
 interface GigabitEthernet8
   description WAN1
   ip address 10.0.10.42 255.255.255.248
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
   no keepalive
   no cdp enable
!
interface FastEthernet0
  description WAN2
  ip address dhcp
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly in
  duplex full
  speed auto
  no keepalive
  no cdp enable
!
interface Vlan1
  description VLAN1
  ip address 10.0.0.1 255.255.255.0
  ip access-group VIRUS in
  no ip proxy-arp
  ip nat inside
  ip inspect Firewall in
  ip virtual-reassembly in
  ip policy route-map ISP_SELECT
!
interface Vlan2
  description VLAN2
  ip address 10.0.1.1 255.255.255.0
  ip access-group VIRUS in
  no ip proxy-arp
  ip nat inside
  ip inspect Firewall in
  ip virtual-reassembly in
  ip policy route-map ISP_SELECT
!
ip nat inside source list WAN1 interface GigabitEthernet8 overload
ip nat inside source list WAN2 interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 10.0.10.41
ip route 0.0.0.0 0.0.0.0 FastEthernet0
!
ip access-list standard WAN1
  permit 10.0.0.0 0.0.0.255
ip access-list standard WAN2
  permit 10.0.1.0 0.0.0.255
!
route-map ISP_SELECT permit 10
  match ip address WAN1
  set interface GigabitEthernet8
!
route-map ISP_SELECT permit 20
 match ip address WAN2
 set interface FastEthernet0
!

我不明白为什么只有网关可以从相反的 VLAN 访问，而不是整个子网。