在我使用 Cisco 路由器/SW C1111-8p 的网络中,本地 VLAN 1 未连接且没有 IP。
192.168.10.1/24带有 vlan10 DHCP 池的VLAN10192.168.20.1/24带有 vlan20 DHCP 池的VLAN20- 两者都连接到 NAT 以访问 Internet
# Setup ISP internet connection
configure terminal
interface GigabitEthernet 0/0/0
description WAN
ip address 219.a.b.d 255.255.255.252
ip nat outside
no shutdown
exit
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 219.a.b.c
ip dns server
ip name-server 221.110.33.164 221.110.33.132
# Set DHCP pools
configure terminal
service dhcp
ip dhcp pool vlan10Pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 221.110.33.164 221.110.33.132
ip dhcp pool vlan20Pool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 221.110.33.164 221.110.33.132
exit
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
ip access-list standard NAT
permit 192.168.10.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
exit
#Setup the trunk port between the switch and the WAP
configure terminal
interface GigabitEthernet 0/1/0
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan add 1,10,20
switchport nonegotiate
no shutdown
# Setup the switch ports
configure terminal
interface GigabitEthernet 0/1/2
switchport mode access
switchport access vlan 10
no shutdown
exit
interface GigabitEthernet 0/1/3
switchport mode access
switchport access vlan 20
no shutdown
exit
# Configure VLANs
ip routing
configure terminal
vlan 10
no shutdown
interface vlan 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
no shutdown
exit
vlan 20
no shutdown
interface vlan 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
no shutdown
exit
当我192.168.20.1从 VLAN10 中的主机ping vlan20 网关时,它无法到达。
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
Router#
我希望可以从 vlan10 访问 vlan20 服务器。为了测试,假设 vlan20 的网关。该服务器将用于 eap-tls 的 Radius 服务器以及 Squid 代理。
+--------------+
trunk port | |
+-----------------------------+ WIFI AP |
| VLAN 10 for SSID10 | SSID10 |
| VLAN 20 for SSID20 | SSID20 |
| | |
|0/1/0 | |
+---------------+ +--------------+
+----------+ | |
| | | | 0/1/2
|ISP modem +-------->+0/0/0 +-----------+ VLAN10 192.168.10.0/24
| | | |
+----------+ | |
| | 0/1/3
| +-----------+ VLAN20 192.168.20.0/24
+---------------+
显示运行配置:
Current configuration : 2350 bytes
!
! Last configuration change at 05:11:37 UTC Fri Apr 26 2019
!
version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip name-server 221.110.33.164 221.110.33.132
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool webuidhcp
!
ip dhcp pool vlan10Pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 221.110.33.164 221.110.33.132
!
ip dhcp pool vlan20Pool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 221.110.33.164 221.110.33.132
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address 219.a.b.c 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/1/1
shutdown
!
interface GigabitEthernet0/1/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/1/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/1/4
shutdown
!
interface GigabitEthernet0/1/5
shutdown
!
interface GigabitEthernet0/1/6
shutdown
!
interface GigabitEthernet0/1/7
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
ip http secure-server
ip dns server
ip route 0.0.0.0 0.0.0.0 219.b.c.d
!
!
ip access-list standard NAT
permit 192.168.10.0 0.0.0.255
permit 192.168.20.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end
我想念什么?
编辑:正如 Ron Maupin 评论的那样,必须至少有一台设备连接到 Vlan10 才能看到路由表。Vlan20 的路由表不存在,因为没有连接到它。
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.1/32 is directly connected, Vlan10