我认为我对 Trunking 的理解是错误的。我在两个 vlan 下有两个 cisco 交换机,连接到单个 SRX240。我可以从交换机连接到 SRX,但无法通过它。交换机在vlan 89下可以ping通192.168.8.4,但是在vlan 16下ping不通192.168.16.2。
SRX 配置
interfaces {
ge-0/0/0 {
unit 0 {
description "Eric's Connection";
family ethernet-switching {
port-mode access;
vlan {
members Group-16;
}
}
}
}
ge-0/0/1 {
unit 0 {
description "JSS's Connection";
family ethernet-switching {
port-mode access;
vlan {
members JSS-89;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
unit 16 {
family inet {
address 192.168.16.2/24;
}
}
unit 89 {
family inet {
address 192.168.8.4/24;
}
}
}
}
开关配置
interface FastEthernet1/0/1
switchport access vlan 89
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/2
switchport access vlan 89
switchport mode access
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
switchport access vlan 89
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 89
switchport mode access
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
switchport access vlan 89
switchport mode access
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
switchport access vlan 89
switchport mode access
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface Vlan1
no ip address
shutdown
!
interface Vlan89
ip address 192.168.8.3 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
FE1/0/10 是到 SRX 的连接。
任何指导都会很棒。
谢谢。