网络工程 - 从路由器ping互联网没问题，但我无法从swich访问互联网 - 吾爱随笔录

从路由器ping互联网没问题，但我无法从swich访问互联网

网络工程思科路由互联网

2021-07-08 00:24:25

路由器连接到3500系列的ISP。有一个核心交换机连接到路由器到内部网络。我可以从路由器ping Internet。但我无法从核心交换机 ping 互联网并访问交换机。请问有什么帮助吗？这是配置：

1个路由器

OWWDSEROUTER#sh run
Building configuration...
Current configuration : 1552 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OWWDSEROUTER
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxx
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid C3900-SPE150/K9 sn FOC19102APP
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.151.49.234 255.255.240.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.10.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 192.168.10.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list NATADDRESSES interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.151.48.1
!
ip access-list standard NATADDRESSES
 permit 10.0.0.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
line con 0
 password pa55w0rd
 logging synchronous
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password Pa55w0rd
 login
 transport input all
line vty 5 15
 login
 transport input none
!
scheduler allocate 20000 1000
!
end

2核心交换机配置

OWWDSECS#sh run
Building configuration...
Current configuration : 5423 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname OWWDSECS
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
ip dhcp excluded-address 10.1.10.1 10.1.10.20
ip dhcp excluded-address 10.1.20.1 10.1.20.20
!
ip dhcp pool vlan20
   network 10.1.20.0 255.255.255.0
   domain-name owwdse.gov.et
   dns-server 213.55.96.166
   default-router 10.1.20.1
!
ip dhcp pool vlan10
   network 10.1.10.0 255.255.255.0
   default-router 10.1.10.1
   domain-name OWWDSE.GOV.ET
   dns-server 213.55.96.148 4.2.2.2
!
!
no ip domain-lookup
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-3930400128
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3930400128
 revocation-check none
 rsakeypair TP-self-signed-3930400128
!
!
crypto pki certificate chain TP-self-signed-3930400128
 certificate self-signed 01
  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33393330 34303031 3238301E 170D3933 30333031 30303031
  31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39333034
  30303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BA3F C1ED6F08 0A7015C1 38713F23 AD545F99 5ED37090 822C5E83 D2A1FD1E
  35EF4E41 1F56637B C7364828 BF407113 48F4283E 3FA354F4 3415BFB4 E3B0B99B
  7B4DDA78 6FCD06FF CED2D5E9 DE22D914 7CC3C5FA D07B1AC0 F810A046 E1110294
  435D8C8E D98D1776 267F4A19 AE69DC19 82C18255 BA3BA6FD DBBA7795 3DC1622C
  45770203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
  551D1104 0D300B82 094F5757 44534543 532E301F 0603551D 23041830 1680145D
  75FE33FC 207F4677 776D4C37 D9739CA3 7501F730 1D060355 1D0E0416 04145D75
  FE33FC20 7F467777 6D4C37D9 739CA375 01F7300D 06092A86 4886F70D 01010405
  00038181 00B08206 69843C74 87C271CB 3A214EFB D5DD8FB3 D6D152D9 7741A520
  BEC7A10D 2B6690B7 F29DA32E 283E0E45 5EE1138A 8DC702B5 735599C9 71E1F2B5
  868012A6 0E803AEF D2DB7E10 6683F1A2 9F98A370 8CA7F3D0 F26E618D C748B0FC
  F5C447C2 A41C7333 AB621F84 E9251AD2 02EB4C25 0763F885 F5C884D2 CE3B4142
  0684AD2F BF
  quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 5
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 no switchport
 ip address 192.168.10.2 255.255.255.252
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/6
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/7
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/8
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/9
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/10
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/11
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet0/12
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet0/13
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet0/14
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/15
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/16
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/17
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/18
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/19
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/20
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/21
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/22
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
 description MANAGEMENT
 ip address 10.1.1.2 255.255.255.0
!
interface Vlan2
 no ip address
 shutdown
!
interface Vlan10
 description DATA
 ip address 10.1.10.1 255.255.255.0
!
interface Vlan20
 description INTERNET
 ip address 10.1.20.1 255.255.255.0
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.10.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
ip http server
ip http secure-server
!
!
!
!
line con 0
 password pa55w0rd
 logging synchronous
 login
line vty 0 4
 password pa55w0rd
 login
 transport input all
line vty 5 15
 login
 transport input none
!
end

2个回答

这是您的 vlan 接口配置：

interface Vlan10
 description DATA
 ip address 10.1.10.1 255.255.255.0

interface Vlan20
description INTERNET
ip address 10.1.20.1 255.255.255.0

使用 IP 地址 10.1.20.1 和 10.1.10.1，那么，我猜：10.1.10.0/24 和 10.1.20.0/24

但是在您的访问列表中，在 nat 部分，您只匹配一个网络 10.0.0.0：

ip access-list standard NATADDRESSES
permit 10.0.0.0 0.0.0.255

就是这样，10.0.0.0/24 从 10.0.0.1 到 10.0.0.254，而不是 10.1.10.0 和 10.1.20.0。我想您需要像这样更改 NATADDRESSES：

ip access-list standard NATADDRESSES
 permit 10.1.10.0 0.0.0.255
 permit 10.1.20.0 0.0.0.255

似乎是在您的设置中运行的 RIP 和静态路由。由于静态路由的管理距离比 RIP 低，路由器仍然选择静态路由

路由器中没有配置指向 coreswitch 出口接口的特定静态路由以进行反向流量。配置此路由并进一步检查连通性。然后您应该也可以从核心交换机 ping 通。

Router(config)# ip route 10.0.0.0 subnetmask 255.255.255.255 pointing towards gateway 192.168.10.2

其它你可能感兴趣的问题

上一篇OpenFlow 示例：我的理解是否正确？下一篇如何将 HQ 和 Branch 之间的 SP 以太网连接用于第 2 层和第 3 层