在 Cisco Catalyst 3850 堆栈上,有一个连接到运营商的链接,该运营商提供了一些与 vlan(100,101,...)分开的连接,所以我在我的思科交换机上创建了一个 VLAN 100 并设置了一个 IP 地址,但以防万一我捕获了我的接口上的流量没有显示任何 ICMP 包。VLAN ID 仅用于为运营商标记流量,远程站点上的设备不是 VLAN 的成员,并且未标记流量。
这是我的接口和 VLAN 配置:
!
interface GigabitEthernet2/0/8
switchport trunk allowed vlan 100,101
switchport mode trunk
end
!
interface Vlan100
ip address 10.1.18.9 255.255.255.252
end
配置后,我在端口 gi2/0/8 上开始捕获并尝试 Ping 到 10.1.18.10 但在 PCAP 中没有 ICMP 包,我的设置有什么问题?
完整的运行配置:
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname cat03
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision ws-c3850-12s
switch 2 provision ws-c3850-12s
!
!
!
!
!
!
!
!
!
!
!
!
qos queue-softmax-multiplier 100
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
hw-switch switch 2 logging onboard message level 3
!
redundancy
mode sso
!
!
vlan configuration 100,404,408-409
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel2
switchport trunk native vlan 10
switchport mode trunk
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.1.20.6 255.255.255.0
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 400
speed nonegotiate
!
interface GigabitEthernet1/0/2
description PortChannel ISR
switchport trunk native vlan 10
switchport mode trunk
channel-group 2 mode on
!
interface GigabitEthernet1/0/3
switchport access vlan 408
!
interface GigabitEthernet1/0/4
switchport access vlan 403
!
interface GigabitEthernet1/0/5
no switchport
no ip address
!
interface GigabitEthernet1/0/6
no switchport
no ip address
!
interface GigabitEthernet1/0/7
no switchport
no ip address
!
interface GigabitEthernet1/0/8
no switchport
no ip address
!
interface GigabitEthernet1/0/9
switchport access vlan 404
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
description PortChannel ISR
switchport trunk native vlan 10
switchport mode trunk
channel-group 2 mode on
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
no switchport
ip address 10.1.18.1 255.255.255.252
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
switchport trunk allowed vlan 100,101
switchport mode trunk
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface TenGigabitEthernet2/1/3
!
interface TenGigabitEthernet2/1/4
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 10.1.18.9 255.255.255.252
!
ip default-gateway 10.1.20.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.1.20.1 name Mgmt-DefaultRoute
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
ip access-list extended icmpacl
permit icmp any any echo
permit icmp any any echo-reply
!
access-list 144 permit icmp any any echo
access-list 144 permit icmp any any echo-reply
!
snmp-server community private RO
snmp-server trap-source GigabitEthernet0/0
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
login local
transport input ssh
!
!
monitor session 1 source interface Gi1/0/10
monitor session 1 source interface Gi2/0/10
monitor session 1 destination interface Gi1/0/12 encapsulation dot1q ingress dot1q vlan 401
monitor session 2 source interface Gi1/0/11
monitor session 2 source interface Gi2/0/11
monitor session 2 destination interface Gi2/0/12 encapsulation dot1q ingress dot1q vlan 401
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end
在 Switch 控制台上,我尝试 ping 10.1.18.10,这是接口的状态:
sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan100 10.1.18.9 YES manual up up
GigabitEthernet2/0/8 unassigned YES unset up up
这是我的 ping 命令的输出:
cat03#ping 10.1.18.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.18.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
cat03#
为了捕获,我创建了这个捕获:
cat03#sh mon cap dumpPing para
monitor capture dumpPing interface GigabitEthernet2/0/8 both
monitor capture dumpPing match any
monitor capture dumpPing file location flash-1:dumpICMP.pcap buffer-size 10
monitor capture dumpPing limit packets 100
在 ping 到 10.1.18.10 之后,我在这个 pcap 中看不到 ICMP PAckage
更新
这是 sh vlan br 的输出
#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi2/0/6, Gi2/0/7, Gi2/0/9
100 VLAN0100 active
400 VLAN0400 active Gi1/0/1
401 VLAN0401 active Gi1/0/10, Gi1/0/11, Gi2/0/10, Gi2/0/11
402 VLAN0402 active Gi2/0/1
403 VLAN0403 active Gi1/0/4
404 VLAN0404 active Gi1/0/9
405 VLAN0405 active Gi2/0/3
406 VLAN0406 active
407 VLAN0407 active
408 VLAN0408 active Gi1/0/3
409 VLAN0409 active Gi2/0/5
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
更新
CDP 已启用,我可以看到远程设备:
#sh cdp neighbors detail
Device ID: ext-par1.de
Entry address(es):
IP address: 10.1.18.10
Platform: Cisco CISCO2921/K9, Capabilities: Switch IGMP
Interface: GigabitEthernet2/0/8, Port ID (outgoing port): GigabitEthernet0/1
Holdtime : 125 sec
Version :
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Duplex: full