Question 1

由于 SG300 的限制，它不起作用。
SG300 没有路由端口。

我设置了一个干净的 SG300 配置，但无法访问 ISP 网关：
SG300 的配置：

config-file-header
switche5bce7
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router 

file SSD indicator encrypted
@
ssd-control-start 
ssd config 
ssd file passphrase control unrestricted 
no ssd file integrity control 
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 
!
vlan database
vlan 100,200 
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switche5bce7
no passwords complexity enable 
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15 
!
interface vlan 100
 name "VLAN100" 
 ip address 20.20.20.33 255.255.255.224 
!
interface vlan 200
 name "VLAN200" 
 ip address 20.20.20.129 255.255.255.224 
!
interface gigabitethernet1
 ip address 20.20.20.2 255.255.255.252 
!
interface gigabitethernet10
 switchport mode access 
 switchport access vlan 100 
!
interface gigabitethernet20
 switchport mode access 
 switchport access vlan 200 
!
exit
ip default-gateway 20.20.20.1

之后，我设置了具有相同 VLAN 和配置的 Catalyst 3750 交换机，并且能够no switchport在Interface Gigabit1/0/1.

现在我可以到达应有的 ISP 网关了。
3750的配置：

Current configuration : 3535 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750x-24p
system mtu routing 1500
ip routing
!
!
!         
!
crypto pki trustpoint TP-self-signed-2617031040
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2617031040
 revocation-check none
 rsakeypair TP-self-signed-2617031040
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
!
interface GigabitEthernet1/0/1
 no switchport
 ip address 20.20.20.2 255.255.255.252
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 switchport access vlan 100
 switchport mode access
!         
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
 no ip address
!
interface Vlan100
 ip address 20.20.20.33 255.255.255.224
!         
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.1
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
end

Question 2

你有几个问题：

不需要 VLAN 5。
VLAN 10 应使用环回处理。
VLAN 100 引用了一个不存在的 ACL。
VLAN 没有默认路由。

尝试将此配置添加到您的交换机中：

no interface vlan 5
!
no interface vlan 10
!
vlan database
 no vlan 5
 no vlan 10
exit
!
no ip dhcp pool network Pool_5
!
interface loopback 1
 name MGMT 
 ip address 10.10.10.10 255.255.255.0 
!
interface vlan 100
 no service-acl input VLAN_100-IN default-action permit-any 
!
ip route 0.0.0.0 0.0.0.0 20.20.20.1
!

Answer 1

由于 SG300 的限制，它不起作用。
SG300 没有路由端口。

我设置了一个干净的 SG300 配置，但无法访问 ISP 网关：
SG300 的配置：

config-file-header
switche5bce7
v1.4.5.02 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router 

file SSD indicator encrypted
@
ssd-control-start 
ssd config 
ssd file passphrase control unrestricted 
no ssd file integrity control 
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0 
!
vlan database
vlan 100,200 
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switche5bce7
no passwords complexity enable 
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15 
!
interface vlan 100
 name "VLAN100" 
 ip address 20.20.20.33 255.255.255.224 
!
interface vlan 200
 name "VLAN200" 
 ip address 20.20.20.129 255.255.255.224 
!
interface gigabitethernet1
 ip address 20.20.20.2 255.255.255.252 
!
interface gigabitethernet10
 switchport mode access 
 switchport access vlan 100 
!
interface gigabitethernet20
 switchport mode access 
 switchport access vlan 200 
!
exit
ip default-gateway 20.20.20.1

之后，我设置了具有相同 VLAN 和配置的 Catalyst 3750 交换机，并且能够no switchport在Interface Gigabit1/0/1.

现在我可以到达应有的 ISP 网关了。
3750的配置：

Current configuration : 3535 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750x-24p
system mtu routing 1500
ip routing
!
!
!         
!
crypto pki trustpoint TP-self-signed-2617031040
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2617031040
 revocation-check none
 rsakeypair TP-self-signed-2617031040
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
!
interface GigabitEthernet1/0/1
 no switchport
 ip address 20.20.20.2 255.255.255.252
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 switchport access vlan 100
 switchport mode access
!         
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
 no ip address
!
interface Vlan100
 ip address 20.20.20.33 255.255.255.224
!         
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.1
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
end

Answer 2

你有几个问题：

不需要 VLAN 5。
VLAN 10 应使用环回处理。
VLAN 100 引用了一个不存在的 ACL。
VLAN 没有默认路由。

尝试将此配置添加到您的交换机中：

no interface vlan 5
!
no interface vlan 10
!
vlan database
 no vlan 5
 no vlan 10
exit
!
no ip dhcp pool network Pool_5
!
interface loopback 1
 name MGMT 
 ip address 10.10.10.10 255.255.255.0 
!
interface vlan 100
 no service-acl input VLAN_100-IN default-action permit-any 
!
ip route 0.0.0.0 0.0.0.0 20.20.20.1
!

带有 VLAN 的 SG300 上的路由