问

vlan 配置IP ping不通问题

VLAN

2023-11-29提问

0关注
0收藏，1200浏览

zhiliao_LJTHca

zhiliao_LJTHca 零段

粉丝：0人关注：0人

问题描述：

如图所示。一个很简单的拓扑

机器为华三S5500V2-28C-EI 三层交换机，没有做过ACL和端口隔离。

由电脑192.168.18.180 可ping通192.168.17.1、192.168.18.1、192.168.19.1、192.168.20.1、192.168.31.1

由电脑192.168.18.180 却ping不通192.168.32.1、192.168.62.1（做过实验，只要是32.1包括32.1以后的都是ping不通的。）

在H3C模拟器上测试是全都能通的。

大神能帮忙解释下么。困扰了我好久。

最佳答案

vlan划分50一次

vlan划分50一次九段

粉丝：22人关注：11人

有可能32.1对应的vlan虚接口是down的所以ping不通

回复zhiliao_LJTHca:

看了你的配置，是因为你做了策略路由，导致你的互访流量匹配上了ACL3499，扔给下一跳了，不能互访，只需要做个空节点就行了，你的aaa策略路由做一个比node 5 小的，里面只匹配acl不做任何动作，acl里面匹配互访流量比如rule 0 permit ip source 192.168.18.0 0.0.0.255 des 192.168.32.0 0.0.0.255

vlan划分50一次发表时间：2023-11-30 更多>>

接口是UP的

zhiliao_LJTHca 发表时间：2023-11-29

回复zhiliao_LJTHca:

vlan划分50一次发表时间：2023-11-30

5 个回答

按时间按赞数

zhiliao_sEUyB

zhiliao_sEUyB 九段

粉丝：227人关注：8人

正常是可以通的，现网不通的话检查下吧，感觉还是策略限制了，有没有地址冲突

zhiliao_xWiMF

zhiliao_xWiMF 四段

粉丝：1人关注：0人

得看现场的具体配置来分析，按你这么说肯定是可以通的

学道

学道七段

粉丝：6人关注：1人

在实际网络环境中 Dis ip int br 看接口ip是不是都up的

接口是UP的呢

zhiliao_LJTHca 发表时间：2023-11-29 更多>>

接口是UP的呢

zhiliao_LJTHca 发表时间：2023-11-29

zhiliao_LJTHca

zhiliao_LJTHca 知了小白

粉丝：0人关注：0人

[D-0]

[D-0]dis int b

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

GE1/0/23 UP UP 1.1.1.2 yidong-192.168.60.254-19

GE1/0/24 UP UP 10.10.2.2 dianxin-192.168.60.254-23

InLoop0 UP UP(s) --

MGE0/0/0 DOWN DOWN --

NULL0 UP UP(s) --

REG0 UP -- --

Vlan1 ADM DOWN --

Vlan17 UP UP 192.168.17.1

Vlan18 UP UP 192.168.18.1

Vlan19 UP UP 192.168.19.1

Vlan20 UP UP 192.168.20.1

Vlan21 UP UP 192.168.21.1

Vlan30 UP UP --

Vlan31 UP UP 192.168.31.1

Vlan32 UP UP 192.168.32.1

Vlan61 UP UP --

Vlan62 UP UP 192.168.62.1 Wireless

Brief information on interfaces in bridge mode:

Link: ADM - administratively down; Stby - standby

Speed: (a) - auto

Duplex: (a)/A - auto; H - half; F - full

Type: A - access; T - trunk; H - hybrid

Interface Link Speed Duplex Type PVID Description

GE1/0/1 UP 1G(a) F(a) T 1 192.168.17.14

GE1/0/2 UP 1G(a) F(a) T 1 192.168.17.13

GE1/0/3 UP 1G(a) F(a) T 1 192.168.17.12

GE1/0/4 UP 1G(a) F(a) T 1 192.168.17.11

GE1/0/5 DOWN auto A A 18

GE1/0/6 UP 1G(a) F(a) A 20

GE1/0/7 ADM auto A T 1 h3c ac

GE1/0/8 UP 1G(a) F(a) A 20 JK

GE1/0/9 UP 1G(a) F(a) A 20 JK

GE1/0/10 UP 1G(a) F(a) A 20 JK

GE1/0/11 UP 1G(a) F(a) A 20 JK

GE1/0/12 UP 1G(a) F(a) A 20 JK

GE1/0/13 UP 1G(a) F(a) A 20 JK

GE1/0/14 UP 100M(a) F(a) A 18 Server

GE1/0/15 UP 1G(a) F(a) A 61 AP

GE1/0/16 UP 1G(a) F(a) A 18 AC

GE1/0/17 UP 1G(a) F(a) A 18 MW-network

GE1/0/18 UP 1G(a) F(a) A 20 MW-JK

GE1/0/19 UP 1G(a) F(a) A 20 4 hao JK

GE1/0/20 UP 1G(a) F(a) A 18 4 hao OFFICE

GE1/0/21 UP 1G(a) F(a) T 1 h3c ac

GE1/0/22 UP 100M(a) F(a) A 18 office LED

XGE1/0/25 UP 1G(a) F(a) T 1 1 zongxian

XGE1/0/26 UP 1G(a) F(a) T 1 2 zongxian

XGE1/0/27 UP 1G(a) F(a) T 1 3 zongxian

XGE1/0/28 DOWN auto A T 1

[D-0]

[D-0]dis cu

#
version 7.1.070, Release 6312P01
#
sysname D-0
#
clock timezone Beijing add 08:00:00
clock protocol none
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
dhcp server forbidden-ip 192.168.62.2 192.168.62.3
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
vlan 2 to 21
#
vlan 30 to 32
#
vlan 61 to 62
#
dhcp server ip-pool 62
gateway-list 192.168.62.1
network 192.168.62.0 mask 255.255.255.0
dns-list 114.114.114.114
#
policy-based-route aaa permit node 5
if-match acl 3498
apply next-hop 1.1.1.1
#
policy-based-route aaa permit node 10
if-match acl 3499
apply next-hop 10.10.2.1
#
interface NULL0
#
interface Vlan-interface1
shutdown
ip address dhcp-alloc
dhcp client identifier ascii 9023b4cf2e82-VLAN0001
#
interface Vlan-interface17
ip address 192.168.17.1 255.255.255.0
ip policy-based-route aaa
#
interface Vlan-interface18
ip address 192.168.18.1 255.255.255.0
ip policy-based-route aaa
#
interface Vlan-interface19
ip address 192.168.19.1 255.255.255.0
ip policy-based-route aaa
#
interface Vlan-interface20
ip address 192.168.20.1 255.255.255.0
ip policy-based-route aaa
#
interface Vlan-interface21
ip address 192.168.21.1 255.255.255.0
#
interface Vlan-interface30
#
interface Vlan-interface31
ip address 192.168.31.1 255.255.255.0
#
interface Vlan-interface32
ip address 192.168.32.1 255.255.255.0
#
interface Vlan-interface61
#
interface Vlan-interface62
description Wireless
ip address 192.168.62.1 255.255.255.0
dhcp server apply ip-pool 62
#
interface GigabitEthernet1/0/23
port link-mode route
description yidong-192.168.60.254-19
combo enable auto
ip address 1.1.1.2 255.255.255.252
#
interface GigabitEthernet1/0/24
port link-mode route
description dianxin-192.168.60.254-23
combo enable auto
ip address 10.10.2.2 255.255.255.252
#
interface GigabitEthernet1/0/1
port link-mode bridge
description 192.168.17.14
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/2
port link-mode bridge
description 192.168.17.13
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/3
port link-mode bridge
description 192.168.17.12
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/4
port link-mode bridge
description 192.168.17.11
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/5
port link-mode bridge
port access vlan 18
#
interface GigabitEthernet1/0/6
port link-mode bridge
port access vlan 20
#
interface GigabitEthernet1/0/7
port link-mode bridge
description h3c ac
port link-type trunk
port trunk permit vlan all
shutdown
#
interface GigabitEthernet1/0/8
port link-mode bridge
description JK
port access vlan 20
#
interface GigabitEthernet1/0/9
port link-mode bridge
description JK
port access vlan 20
#
interface GigabitEthernet1/0/10
port link-mode bridge
description JK
port access vlan 20
#
interface GigabitEthernet1/0/11
port link-mode bridge
description JK
port access vlan 20
#
interface GigabitEthernet1/0/12
port link-mode bridge
description JK
port access vlan 20
#
interface GigabitEthernet1/0/13
port link-mode bridge
description JK
port access vlan 20
#
interface GigabitEthernet1/0/14
port link-mode bridge
description Server
port access vlan 18
#
interface GigabitEthernet1/0/15
port link-mode bridge
description AP
port access vlan 61
#
interface GigabitEthernet1/0/16
port link-mode bridge
description AC
port access vlan 18
#
interface GigabitEthernet1/0/17
port link-mode bridge
description MW-network
port access vlan 18
combo enable auto
#
interface GigabitEthernet1/0/18
port link-mode bridge
description MW-JK
port access vlan 20
combo enable auto
#
interface GigabitEthernet1/0/19
port link-mode bridge
description 4 hao JK
port access vlan 20
combo enable auto
#
interface GigabitEthernet1/0/20
port link-mode bridge
description 4 hao OFFICE
port access vlan 18
combo enable auto
#
interface GigabitEthernet1/0/21
port link-mode bridge
description h3c ac
port link-type trunk
port trunk permit vlan all
combo enable auto
#
interface GigabitEthernet1/0/22
port link-mode bridge
description office LED
port access vlan 18
combo enable auto
#
interface M-GigabitEthernet0/0/0
#
interface Ten-GigabitEthernet1/0/25
port link-mode bridge
description 1 zongxian
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/26
port link-mode bridge
description 2 zongxian
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/27
port link-mode bridge
description 3 zongxian
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/28
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class usb
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-operator
#
line vty 5 63
user-role network-operator
#
ip route-static 0.0.0.0 0 10.10.2.1 preference 50
ip route-static 0.0.0.0 0 1.1.1.1 preference 52
#
snmp-agent
snmp-agent local-engineid 800063A2809023B4CF2E8600000001
snmp-agent community Fushanpaper user-role network-operator
snmp-agent sys-info version v2c v3
#
ssh server enable
#
acl number 3000
rule 100 deny tcp destination-port eq 443
rule 200 deny tcp destination-port eq www
#
acl advanced 3498
description vlan19,20-yidong
rule 0 permit ip source 192.168.19.0 0.0.0.255
rule 5 permit ip source 192.168.20.0 0.0.0.255
rule 15 permit ip source 192.168.17.0 0.0.0.255
#
acl advanced 3499
description vlan17,18-dianxin
rule 0 permit ip source 192.168.18.0 0.0.0.255
rule 10 permit ip source 192.168.32.0 0.0.0.255
#
radius scheme system
user-name-format without-domain
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$Rmwgi/b9oKvTRTOn$YRZynPFBYOsHIo40WkS7MyV29WXL1oCDLh0IrZ2hKNy1jP97g0Kq540S1mPfOnjhcXxyEM5j9nrQhvAoUxdiGA==
service-type telnet http https ssh
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user root class manage
password hash $h$6$mrxM4rF5jGGKGNDw$8a1Lbl9HSKJYPO44ceB1TENDN4cPnURknVB6TWzAGpbArOQg3Ht0hJ6eJ4vcTALV11cAsS/yUbfkwigZkerkSQ==
service-type telnet http https ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ip http enable
#
cloud-management server domain oasis.h3c.com
#
return