网络工程 - 在中继模式下连接的网络上无法 ping 和访问 HP 开关 - 吾爱随笔录

在中继模式下连接的网络上无法 ping 和访问 HP 开关

网络工程转变交换网络核心网络发现拓扑

2021-07-14 05:28:42

我已经面临这个问题很长时间了。下面是切换情况的示意图：

问题是我一直在尝试通过网络访问 RIGHT(A3100) 上的交换机，但无法172.16.1.2从任何地方ping ( )。但是LEFT（A5500）上的开关可以通过ping甚至HP Web访问正常访问。现在，我只能通过控制台访问RIGHT（A3100）开关。

如我们所见，两台交换机都通过中继端口连接。

以下是来自左侧开关 (A5500) 的一些路由信息：

[Switch A5500]dis ip ro
Routing Tables: Public
        Destinations : 25       Routes : 25

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

0.0.0.0/0           Static 60   0            192.168.1.1     Vlan2
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
172.16.1.0/24       Direct 0    0            172.16.1.1      Vlan1
172.16.1.1/32       Direct 0    0            127.0.0.1       InLoop0
192.168.1.0/24      Direct 0    0            192.168.1.254   Vlan2
192.168.1.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.2.0/24      Direct 0    0            192.168.2.254   Vlan3
192.168.2.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.3.0/24      Direct 0    0            192.168.3.254   Vlan4
192.168.3.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.4.0/24      Direct 0    0            192.168.4.254   Vlan5
192.168.4.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.5.0/24      Direct 0    0            192.168.5.254   Vlan6
192.168.5.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.6.0/24      Direct 0    0            192.168.6.254   Vlan7
192.168.6.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.7.0/24      Direct 0    0            192.168.7.254   Vlan8
192.168.7.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.8.0/24      Direct 0    0            192.168.8.254   Vlan9
192.168.8.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.9.0/24      Direct 0    0            192.168.9.254   Vlan10
192.168.9.254/32    Direct 0    0            127.0.0.1       InLoop0
192.168.10.0/24     Direct 0    0            192.168.10.254  Vlan11
192.168.10.254/32   Direct 0    0            127.0.0.1       InLoop0

这是右侧（A3100）上开关的路由信息：

[Switch A3100]dis ip r
Routing Tables: Public
        Destinations : 4        Routes : 4

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
172.16.1.0/24       Direct 0    0            172.16.1.2      Vlan1
172.16.1.2/32       Direct 0    0            127.0.0.1       InLoop0

如果您需要更多信息，请询问。我还是个新手，不确定实际问题。提前致谢！

更新：两个开关配置

交换机 A5500

[Switch A5500]dis cur
#
 version 5.20, Release 2208P01
#
 sysname Switch A5500
#
 undo password-control aging enable
 undo password-control length enable
 undo password-control history enable
 password-control login-attempt 3 exceed lock-time 120
#
 super password level 3 cipher IR(#N/:K>:Q'J\EJT`94,A!!
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
#
local-user password-display-mode cipher-force
#
 ipv6
#
 telnet server enable
#
 management-vlan 9
#
 portal server 1 ip 192.168.8.223
 portal local-server http
#
ip vpn-instance 9
#
acl number 3997
 rule 0 permit ip dscp ef
 rule 1 permit tcp destination-port eq www
 rule 2 permit udp destination-port eq snmp
 rule 3 permit udp destination-port eq snmptrap
 rule 4 permit ip dscp cs6
 rule 5 permit ip dscp cs7
#
acl number 4999
 rule 0 permit type 8868 ffff
 rule 1 permit source-mac 00e0-bb00-0000 ffff-ff00-0000
 rule 2 permit source-mac 0003-6b00-0000 ffff-ff00-0000
 rule 3 permit source-mac 00e0-7500-0000 ffff-ff00-0000
 rule 4 permit source-mac 00d0-1e00-0000 ffff-ff00-0000
 rule 5 permit source-mac 0001-e300-0000 ffff-ff00-0000
 rule 6 permit source-mac 000f-e200-0000 ffff-ff00-0000
 rule 7 permit source-mac 0060-b900-0000 ffff-ff00-0000
 rule 8 deny dest-mac 0000-0000-0000 ffff-ffff-ffff
#
vlan 1
 description Vlan 1
#
vlan 2
 description Vlan 2
#
vlan 3
 description Vlan 3
#
vlan 4
 description Vlan 4
#
vlan 5
 description Vlan 5
#
vlan 6
 description Vlan 6
#
vlan 7
 description Vlan 7
#
vlan 8
 description Vlan 8
#
vlan 9
 description Vlan 9
#
vlan 10
 description Vlan 10
#
vlan 11
 description Vlan 11
#
vlan 12 to 4094
#
radius scheme system
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
local-user admin
 password cipher $2HRI'/MVL^,YWX*NZ55OA!!
 authorization-attribute level 3
 service-type telnet terminal
#
 stp enable
#
interface NULL0
#
interface Vlan-interface1
 ip address 172.16.1.1 255.255.255.0
 portal server 1 method layer3
#
interface Vlan-interface2
 ipv6 address 2400:7400:64:40::254/64
 ip address 192.168.1.254 255.255.255.0
#
interface Vlan-interface3
 ipv6 address 2400:7400:64:2::254/64
 ipv6 address auto link-local
 ip address 192.168.2.254 255.255.255.0
#
interface Vlan-interface4
 ipv6 address 2400:7400:64:3::254/64
 ipv6 address auto link-local
 ip address 192.168.3.254 255.255.255.0
#
interface Vlan-interface5
 ipv6 address 2400:7400:64:4::254/64
 ipv6 address auto link-local
 ip address 192.168.4.254 255.255.255.0
#
interface Vlan-interface6
 ipv6 address 2400:7400:64:5::254/64
 ipv6 address auto link-local
 ip address 192.168.5.254 255.255.255.0
#
interface Vlan-interface7
 ipv6 address 2400:7400:64:6::254/64
 ipv6 address auto link-local
 ip address 192.168.6.254 255.255.255.0
#
interface Vlan-interface8
 ipv6 address 2400:7400:64:7::254/64
 ipv6 address auto link-local
 ip address 192.168.7.254 255.255.255.0
#
interface Vlan-interface9
 ipv6 address 2400:7400:64:8::254/64
 ipv6 address auto link-local
 ip address 192.168.8.254 255.255.255.0
#
interface Vlan-interface10
 ipv6 address 2400:7400:64:9::254/64
 ipv6 address auto link-local
 ip address 192.168.9.254 255.255.255.0
#
interface Vlan-interface11
 ipv6 address 2400:7400:64:10::254/64
 ipv6 address auto link-local
 ip address 192.168.10.254 255.255.255.0
#
interface Vlan-interface12
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 description Default(Firewall)
 port access vlan 2
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/2
 port link-mode bridge
 port access vlan 2
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 port link-mode bridge
 port access vlan 11
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 port link-mode bridge
 port access vlan 6
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 port link-mode bridge
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 port link-mode bridge
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 port link-mode bridge
 port access vlan 3
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/8
 port link-mode bridge
 port access vlan 8
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/9
 port link-mode bridge
 port access vlan 10
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port link-mode bridge
 port access vlan 5
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/12
 port link-mode bridge
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/13
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/14
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/15
 port link-mode bridge
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/16
 port link-mode bridge
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/17
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/18
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/19
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/20
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/21
 port link-mode bridge
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/22
 port link-mode bridge
 shutdown
#
interface GigabitEthernet1/0/23
 port link-mode bridge
 shutdown
#
interface GigabitEthernet1/0/24
 port link-mode bridge
 shutdown
#
interface GigabitEthernet1/0/25
 port link-mode bridge
 port access vlan 5
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 port link-mode bridge
 port access vlan 5
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 port link-mode bridge
 port access vlan 6
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 port link-mode bridge
 port access vlan 6
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/29
 port link-mode bridge
 port access vlan 9
#
interface GigabitEthernet1/0/30
 port link-mode bridge
 port access vlan 9
#
interface GigabitEthernet1/0/31
 port link-mode bridge
 description To A3100 Switch
 port link-type trunk
 port trunk permit vlan all
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
#
interface GigabitEthernet1/0/32
 port link-mode bridge
 description To A3100 Switch
 port link-type trunk
 port trunk permit vlan all
 stp edged-port enable
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
 ipv6 route-static :: 0 2400:7400:64:40::1
#
 info-center synchronous
#
 snmp-agent
 snmp-agent local-engineid 8000002B001EC1800E806877
 snmp-agent community read public
 snmp-agent community write private
 snmp-agent sys-info version all
#
 load xml-configuration
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 4
 authentication-mode scheme
user-interface vty 5 15
#
return
[Switch A5500]

开关A3100

[Switch A3100]dis cur
#
 version 5.20, Release 5103P01
#
 sysname Switch A3100
#
 super password level 3 cipher IR(#N/:K>:Q'J\EJT`94,A!!
#
 domain default enable system
#
#
local-user password-display-mode cipher-force
#
 telnet server enable
#
 management-vlan 11
#
 portal local-server http
#
acl number 3997
 rule 0 permit ip dscp ef
 rule 1 permit tcp destination-port eq www
 rule 2 permit udp destination-port eq snmp
 rule 3 permit udp destination-port eq snmptrap
 rule 4 permit ip dscp cs6
 rule 5 permit ip dscp cs7
#
acl number 4999
 rule 0 permit type 8868 ffff
#
vlan 1
 description Vlan 1
#
vlan 2
 description Vlan 2
#
vlan 3
 description Vlan 3
#
vlan 4
 description Vlan 4
#
vlan 5
 description Vlan 5
#
vlan 6
 description Vlan 6
#
vlan 7
 description Vlan 7
#
vlan 8
 description Vlan 8
#
vlan 9
 description Vlan 9
#
vlan 10
 description Vlan 10
#
vlan 11 to 4094
#
radius scheme system
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
user-group system
#
local-user admin
 password cipher $2HRI'/MVL^,YWX*NZ55OA!!
 authorization-attribute level 3
 service-type telnet terminal
#
 stp enable
 undo stp port-log all
#
interface NULL0
#
interface Vlan-interface1
 ip address 172.16.1.2 255.255.255.0
#
interface Ethernet1/0/1
 port access vlan 11
#
interface Ethernet1/0/2
 port access vlan 6
#
interface Ethernet1/0/3
 port access vlan 6
#
interface Ethernet1/0/4
 port access vlan 6
#
interface Ethernet1/0/5
 port access vlan 6
#
interface Ethernet1/0/6
 port access vlan 6
#
interface Ethernet1/0/7
 port access vlan 6
#
interface Ethernet1/0/8
 port access vlan 6
#
interface Ethernet1/0/9
 port access vlan 6
 stp edged-port enable
#
interface Ethernet1/0/10
 port access vlan 6
 stp edged-port enable
#
interface Ethernet1/0/11
 port access vlan 9
 stp edged-port enable
#
interface Ethernet1/0/12
 port access vlan 10
#
interface Ethernet1/0/13
 port access vlan 6
#
interface Ethernet1/0/14
 port access vlan 8
#
interface Ethernet1/0/15
 port access vlan 8
#
interface Ethernet1/0/16
 port access vlan 7
#
interface Ethernet1/0/17
 port access vlan 7
#
interface Ethernet1/0/18
 port access vlan 6
#
interface Ethernet1/0/19
 port access vlan 5
#
interface Ethernet1/0/20
 port access vlan 4
#
interface Ethernet1/0/21
 port access vlan 6
#
interface Ethernet1/0/22
 port access vlan 11
#
interface Ethernet1/0/23
 port access vlan 6
 stp edged-port enable
#
interface Ethernet1/0/24
 port access vlan 2
#
interface GigabitEthernet1/0/25
 description From Switch 5500
 port link-type trunk
 port trunk permit vlan all
 shutdown
 stp loop-protection
#
interface GigabitEthernet1/0/26
 description From Switch 5500
 port link-type trunk
 port trunk permit vlan all
 stp loop-protection
#
 ip route-static 192.168.0.0 255.255.240.0 172.16.1.1
#
 info-center synchronous
#
 load xml-configuration
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 15
#
return
[Switch A3100]

4个回答

（免责声明：我不熟悉 HP 开关，因此我无法为显示/显示命令提供正确的命令语法）。

首先，让我们将所有路由讨论放在一边。AS5500 和 AS3100 位于 VLAN1 上的公共子网 (172.16.1.0/24) 上，因此它们必须能够直接相互通信。从“别处”访问 AS3100 是为了稍后，我们首先要解决一个切换问题——或者确认我们没有切换问题。

这里有两个测试程序来查看 VLAN1 是否真的“通过”，如果它是一个跨越两台交换机的单个广播域

查找接口 VLAN1 的 A3100 和 AS5500 的 MAC 地址。我们希望这些 MAC 地址在尝试与之交谈后出现在相邻设备的 ARP 缓存中。HP 的等效项 show ip interface vlan 1应该显示这些 MAC 地址。
在两台交换机上配置一个交换机端口，进入 VLAN1，未标记。用 172.16.1.xx 配置笔记本电脑的 NIC 并将其依次连接到两个端口。
从那台笔记本电脑 Ping AS5500 和 AS3100 的 IP 地址。确保膝上型电脑实际上是从其 172.16.1.x 地址尝试此操作（例如，通过为测试禁用任何 WiFi 或 3G/4G 接口）。写下测试结果，看看是否出现了某种正常/不正常的模式。
无论 ping 是否有效，请始终查看笔记本电脑的 ARP 缓存（Windows 上为“arp -a”，类似 *nix 的操作系统上为“arp -na”）。查看是否以及为 AS5500 和 AS3100 的 IP 地址学习了哪些 MAC 地址 - 它们应该是步骤 1 中的那些。

或者这样：

从 AS5500 生成一些流量（在扩展中：ping A3100 的 IP 地址）。确保此流量实际上是从 AS5500 的接口 VLAN1 生成的 - 可能有一个命令行选项来设置 ping 源地址。
不管ping 是否成功，检查AS5500 的ARP 缓存，看它是否已经学习到AS3100 的MAC 地址。
检查 AS5500 的 CAM 表。VLAN1 的MAC 地址表。AS3100 的 VLAN 1 MAC 地址应该在端口 1/0/32 上可见。如果不是 - 那么 VLAN1 就不是一个单一的广播域。
从 AS3100 到 AS5500 重复 1-3。

这些测试应该有助于确定 VLAN1 的广播域是否真的在两台交换机上“运行”。我的怀疑是事实并非如此。

我发现您的配置有所不同：

AS5500：

interface GigabitEthernet1/0/32
 port link-mode bridge           
 description To A3100 Switch
 port link-type trunk
 port trunk permit vlan all
 stp edged-port enable   <-- IMO, that should not be here if you connect a switch to this port.

AS3100：

interface GigabitEthernet1/0/26
 description From Switch 5500
 port link-type trunk
 port trunk permit vlan all
 stp loop-protection

有根据的猜测：

在stp edged-port enable上AS5500，国际海事组织不应该存在。边缘类型端口用于边缘：PC、打印机、服务器等。永远不要使用其他桥接器/交换机。

我怀疑它对交换机如何处理未标记的流量有一些影响。由于 VLAN1 通常用作默认（“本机”）VLAN，因此来自 VLAN1 的帧通常不带标签发送。如果一台交换机标记它们，而另一台交换机没有标记，或者希望它们被标记，并丢弃传入的未标记帧，或将未标记帧映射到另一个 VLAN，该怎么办？

关于两种不同交换机模型的标记/未标记帧的默认行为也可能有所不同 - 您必须查阅文档才能找到答案。

您应该检查门户服务器限制，因为它在 A5500 Vlan 1 接口上启用：

#
interface Vlan-interface1
ip address 172.16.1.1 255.255.255.0
portal server 1 method layer3
#

虽然门户服务器没有状态数据包检查功能，但当定向到 A5500 端的任何 IP 地址时，它可以阻止 icmp 回显回复响应通过 Vlan 1 第 3 层接口。

您右侧的交换机 (A3100) 没有默认网关，也没有通往其他子网的路由来响应。它只能与子网 172.16.1.0/24 内的机器通信。

如果您从任何其他子网发送 ping，它不知道将应答数据包发送到何处。

添加一个类似于 192.168.0.0/20 netxhop 172.16.1.1 的路由，你应该没问题（A5500 应该负责路由，/20 覆盖从 192.168.0.0 到 192.168.15.255 所以它会包含你的 10/24个块路线）。

要通过远程访问交换机，交换机应该有路由或默认网关。

使用以下推荐您将能够访问 RIGHT(A3100)

ip 路由静态 0.0.0.0 0.0.0.0 172.16.1.1

其它你可能感兴趣的问题

上一篇做802.1X端口认证时，交换机怎么知道怎么到达认证服务器的？下一篇单根电缆上的多个 POE