网络工程 - 交换机上的 VLAN 无法到达路由器 - 吾爱随笔录

交换机上的 VLAN 无法到达路由器

网络工程思科路由转变 VLAN 无处不在

2021-07-15 21:43:31

我无法让我的实验室交换机非主要 VLAN 能够 ping 我的实验室路由器。只有交换机 VLAN 1（默认）能够 ping 路由器接口。

我有一个带有 Cisco SG300-10 交换机和 EdgeRouter-X 路由器的家庭实验室，它连接到家庭网络的其余部分。我只能从 VLAN 1 访问实验室路由器，因此只能访问 Internet；其他 VLAN 不能 ping 交换机，但可以互相 ping 通。我假设处于 L3 模式的实验室交换机应该将 VLAN 流量路由到路由器。我的设置或配置有什么问题？注意，我尝试将实验室路由器 eth1 设置为 10.10.1.1/16。

路由器配置：

    firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address 192.168.1.254/24
        description Internet
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 10.10.1.1/24
        description "Cisco SG-300 Switch"
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description PC
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description "Wifi AP"
        duplex auto
        poe {
            output pthru
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.2.1/24
        description Local
        mtu 1500
        switch-port {
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}
protocols {
    static {
        route 10.10.0.0/16 {
            next-hop 10.10.1.254 {
                description "cisco sg300 switch"
                disable
                distance 1
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                dns-server 192.168.2.1
                lease 86400
                start 192.168.2.38 {
                    stop 192.168.2.243
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    domain-name xxx
    gateway-address 192.168.1.1
    host-name xxx
    login {
       xxx
        }
    }
    name-server 192.168.1.1
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/New_York
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.1.4939092.161214.0702 */

交换机配置：

config-file-header
xxx
v1.4.7.6 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router 
file SSD indicator excluded
@
vlan database
vlan 2-11 
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp pool network "VLAN2"
address low 192.168.2.200 high 192.168.2.220 255.255.255.0 
dns-server 8.8.8.8
exit
bonjour interface range vlan 1
ip access-list extended "iSCSI Isolation"
deny ip any any ace-priority 1
exit
hostname xxx
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
ip ssh server

sntp source-interface vlan 1 
ip name-server  192.168.1.1 8.8.8.8
ip telnet server
!
interface vlan 1
 ip address 10.10.1.254 255.255.255.0 
 no ip address dhcp 
!
interface vlan 2
 name "VMG 2" 
 ip address 10.10.2.1 255.255.255.0 
!
interface vlan 3
 name "VMG 3" 
 ip address 10.10.3.1 255.255.255.0 
!
interface vlan 11
 name iSCSI 
 ip address 10.10.11.1 255.255.255.0 
!
interface gigabitethernet1
 description nuc1-onboard
 switchport trunk allowed vlan add 2-4 
!
interface gigabitethernet2
 description nuc2-onboard
 switchport trunk allowed vlan add 2-4 
!
interface gigabitethernet3
 description nuc1-usb
 switchport trunk native vlan 11 
!
interface gigabitethernet4
 description nuc2-usb
 switchport trunk native vlan 11 
!
interface gigabitethernet5
 description "nas1-lag2 Public Home VLAN"
 channel-group 2 mode auto 
!
interface gigabitethernet6
 description "nas2-lag2 Public Home VLAN"
 channel-group 2 mode auto 
!
interface gigabitethernet7
 description "nas3-iscsi-lag1 VMware iSCSI network"
 channel-group 1 mode auto 
 switchport mode access 
!
interface gigabitethernet8
 description "nas4-iscsi-lag1 VMware iSCSI network"
 channel-group 1 mode auto 
 switchport mode access 
!
interface gigabitethernet9
 description Unused
 switchport mode access 
!
interface gigabitethernet10
 description "Router Uplink"
 switchport mode general 
!
interface Port-channel1
 description ISCSI
 switchport trunk native vlan 11 
!
interface Port-channel2
 description "Synology Home Network Pair"
 switchport mode access 
!
exit

macro auto processing type router enabled 
ip default-gateway 10.10.1.1

2个回答

您将交换机用作第 3 层交换机（路由器），但该ip default-gateway 10.10.1.1命令用于10.10.1.1/24VLAN 1 上的网络的第 2 层交换机。您不将该命令用于 IP 路由。Cisco 有一份解释差异的文档：使用 IP 命令配置最后的网关。

作为路由器，第 3 层交换机需要知道将其他目的地的流量发送到路由器。它可以通过三种方式学习路由：

直连网络
静态配置的路由
动态地通过路由协议

您要么需要在三层交换机上设置默认路由（可能是您想要做的），要么在三层交换机上设置静态路由，或者在三层交换机和路由器之间运行路由协议.

您可能还希望将第 3 层交换机和路由器之间的链接设为路由链接，而不是 VLAN。

我通过在路由器上添加丢失的路由来解决这个问题，我根据我在 GUI 中看到的内容做出假设，并且我发布的配置禁用了静态路由。

在路由器上，我首先将eth1接口从10.10.1.1/16（我在试验中，认为设置为/16也会自动设置路由）改为/24，然后添加静态路由10.10.0.0/16到10.10.1.254 .

现在我可以从其他 VLAN 访问 Internet。

其它你可能感兴趣的问题

上一篇交换机到交换机流量保护下一篇当每台机器都有一个全球唯一的MAC地址时，为什么我们需要本地MAC地址？