H3C S5560三层交换机VLAN互访问题
- 0关注
- 1收藏,2541浏览
问题描述:
三层交换机设置了默认VLAN1,另外VLAN10,VLAN20,现在是默认在VLAN1的网段192.168.1.0可以访问VLAN10,VLAN20网段192.168.10.0和20.0,但是反过来,10.0和20.0却无法访问,没有做别的什么设置,把对应端口加入VLAN1,启用三层虚接口,下面PC的网关都是VLAN地址对应的IP,都可以正常上网的,就是不能互访。默认应该和华为交换机一样吧,可以互通吧,请大神帮忙分析下。需要别的ACL设置吗
组网及组网描述:
- 2020-10-14提问
- 举报
-
(0)
最佳答案
默认是互通的,vlan1能访问vlan10和20,那说明整体互通是没问题的,因为交互都是双向的,从现象看,不像交换机问题,建议流统确认丢包位置
- 2020-10-14回答
- 评论(1)
- 举报
-
(0)
sysname H3C # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dhcp enable dhcp server forbidden-ip 192.168.10.1 dhcp server forbidden-ip 192.168.10.110 192.168.10.120 dhcp server forbidden-ip 192.168.20.1 # dhcp snooping enable # lldp global enable # port-isolate group 1 # password-recovery enable # vlan 1 # vlan 10 # vlan 20 # vlan 50 # traffic classifier c1 operator and if-match acl 3003 # traffic classifier c20 operator and if-match acl 3003 # traffic behavior b1 filter permit # traffic behavior b20 filter permit # qos policy P20 # qos policy p1 classifier c1 behavior b1 # qos policy p20 classifier c20 behavior b20 # stp global enable # dhcp server ip-pool 1 gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.255.0 dns-list 202.96.104.17 114.114.114.114 expired day 0 hour 12 # dhcp server ip-pool vlan20 gateway-list 192.168.20.1 network 192.168.20.0 mask 255.255.255.0 dns-list 202.96.104.17 223.5.5.5 # interface Bridge-Aggregation1 # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.2 255.255.255.0 packet-filter 3003 inbound packet-filter 2000 inbound packet-filter 3003 outbound packet-filter 2000 outbound # interface Vlan-interface10 ip address 192.168.10.1 255.255.255.0 # interface Vlan-interface20 ip address 192.168.20.1 255.255.255.0 # interface Vlan-interface50 ip address 192.168.50.1 255.255.255.252 # interface GigabitEthernet1/0/1 dhcp snooping trust # interface GigabitEthernet1/0/2 dhcp snooping trust # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 qos apply policy p1 inbound qos apply policy p1 outbound loopback-detection enable vlan 1 loopback-detection action shutdown # interface GigabitEthernet1/0/5 loopback-detection enable vlan 1 loopback-detection action shutdown # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface GigabitEthernet1/0/9 # interface GigabitEthernet1/0/10 # interface GigabitEthernet1/0/11 # interface GigabitEthernet1/0/12 shutdown # interface GigabitEthernet1/0/13 # interface GigabitEthernet1/0/14 # interface GigabitEthernet1/0/15 port link-aggregation group 1 # interface GigabitEthernet1/0/16 port link-aggregation group 1 # interface GigabitEthernet1/0/17 port access vlan 10 packet-filter 3001 inbound loopback-detection enable vlan 10 loopback-detection action shutdown # interface GigabitEthernet1/0/18 port access vlan 10 shutdown packet-filter 3001 inbound # interface GigabitEthernet1/0/19 shutdown # interface GigabitEthernet1/0/20 shutdown # interface GigabitEthernet1/0/21 port access vlan 20 # interface GigabitEthernet1/0/22 port access vlan 10 shutdown # interface GigabitEthernet1/0/23 port access vlan 50 packet-filter 3002 inbound # interface GigabitEthernet1/0/24 # interface Ten-GigabitEthernet1/0/25 # interface Ten-GigabitEthernet1/0/26 # interface Ten-GigabitEthernet1/0/27 # interface Ten-GigabitEthernet1/0/28 port link-type trunk port trunk permit vlan all # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 authentication-mode password user-role network-admin set authentication password hash $h$6$3k1iachqeEEPoQx6$IvE83K+tKJ0igAt3Eg9NS8eJGmviOOo3gbwbBmmK/WjHNcr5oeu7AOfwvoTCrDMNDlNcR1yuIOPqXC+Wf058xQ== # line vty 0 4 authentication-mode scheme user-role network-operator # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 192.168.1.1 # snmp-agent snmp-agent local-engineid 800063A280AC74099D224C00000001 snmp-agent community read public snmp-agent sys-info version all # acl number 2000 rule 0 permit source 192.168.20.0 0 # acl number 3001 rule 1 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.87 0 rule 2 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.88 0 rule 3 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.85 0 rule 4 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.89 0 rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.182 0 rule 6 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.183 0 rule 7 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.252 0 # acl number 3003 rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$rox9NEXD7GS0NuNs$PWQYBLFyxGN3KabSrFSCQPwC6/+Sk0UbFhxmYy5jCpUTpOnPaBZ0wwM0b8E+P5EXrRmPibL3NuiFvxIakhc2hA== service-type telnet authorization-attribute user-role level-15 authorization-attribute user-role netword-admin authorization-attribute user-role network-operator # local-user ftpuser class manage password hash $h$6$r2kOO6oY9H7LRsjf$S1JRRK4eb+dtefDMf+CwJE3Wcnwp0N/3H9QL6e266J8ImkauccOWFLVxbps6gTjolV/ZW5cygy40PLS+46bZpA== service-type ftp service-type https authorization-attribute user-role level-15 authorization-attribute user-role network-operator
您好,请知:
关于VLAN互访的部署,以下是配置要点,请参考:
1、确保VLAN已经划分到端口,并配置了VLAN IP。
2、电脑填写正确的IP地址、子网掩码、默认网关,并确保端口UP。
3、确保电脑能PING通自己的网关和对端的网关。
4、电脑关闭系统防火墙看下是否能互通。
5、可以配置QOS流统确认下丢包的位置。
- 2020-10-14回答
- 评论(3)
- 举报
-
(0)
是按照正常的设置的呢,就是不知道哪里的问题啊我发了配置,可以帮我看下吗
您好,看到vlan中有应用了ACL,把ACL去掉看下是否能互访,能互访的话就是ACL的拦截了。
感谢大神们百忙中回复,下面的客户端都可以正常上网的,VLAN1访问VLNA10.20没问题的,就是10.20访问VLAN1,不行,具体要怎么检查吗。我都试了ACL也不行。
sysname H3C
#
telnet server enable
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
dhcp enable
dhcp server forbidden-ip 192.168.10.1
dhcp server forbidden-ip 192.168.10.110 192.168.10.120
dhcp server forbidden-ip 192.168.20.1
#
dhcp snooping enable
#
lldp global enable
#
port-isolate group 1
#
password-recovery enable
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 50
#
traffic classifier c1 operator and
if-match acl 3003
#
traffic classifier c20 operator and
if-match acl 3003
#
traffic behavior b1
filter permit
#
traffic behavior b20
filter permit
#
qos policy P20
#
qos policy p1
classifier c1 behavior b1
#
qos policy p20
classifier c20 behavior b20
#
stp global enable
#
dhcp server ip-pool 1
gateway-list 192.168.10.1
network 192.168.10.0 mask 255.255.255.0
dns-list 202.96.104.17 114.114.114.114
expired day 0 hour 12
#
dhcp server ip-pool vlan20
gateway-list 192.168.20.1
network 192.168.20.0 mask 255.255.255.0
dns-list 202.96.104.17 223.5.5.5
#
interface Bridge-Aggregation1
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.2 255.255.255.0
packet-filter 3003 inbound
packet-filter 2000 inbound
packet-filter 3003 outbound
packet-filter 2000 outbound
#
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
#
interface Vlan-interface20
ip address 192.168.20.1 255.255.255.0
#
interface Vlan-interface50
ip address 192.168.50.1 255.255.255.252
#
interface GigabitEthernet1/0/1
dhcp snooping trust
#
interface GigabitEthernet1/0/2
dhcp snooping trust
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
qos apply policy p1 inbound
qos apply policy p1 outbound
loopback-detection enable vlan 1
loopback-detection action shutdown
#
interface GigabitEthernet1/0/5
loopback-detection enable vlan 1
loopback-detection action shutdown
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
shutdown
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
port link-aggregation group 1
#
interface GigabitEthernet1/0/16
port link-aggregation group 1
#
interface GigabitEthernet1/0/17
port access vlan 10
packet-filter 3001 inbound
loopback-detection enable vlan 10
loopback-detection action shutdown
#
interface GigabitEthernet1/0/18
port access vlan 10
shutdown
packet-filter 3001 inbound
#
interface GigabitEthernet1/0/19
shutdown
#
interface GigabitEthernet1/0/20
shutdown
#
interface GigabitEthernet1/0/21
port access vlan 20
#
interface GigabitEthernet1/0/22
port access vlan 10
shutdown
#
interface GigabitEthernet1/0/23
port access vlan 50
#
interface GigabitEthernet1/0/24
#
interface Ten-GigabitEthernet1/0/25
#
interface Ten-GigabitEthernet1/0/26
#
interface Ten-GigabitEthernet1/0/27
#
interface Ten-GigabitEthernet1/0/28
port link-type trunk
port trunk permit vlan all
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
authentication-mode password
user-role network-admin
set authentication password hash $h$6$3k1iachqeEEPoQx6$IvE83K+tKJ0igAt3Eg9NS8eJGmviOOo3gbwbBmmK/WjHNcr5oeu7AOfwvoTCrDMNDlNcR1yuIOPqXC+Wf058xQ==
#
line vty 0 4
authentication-mode scheme
user-role network-operator
#
line vty 5 63
user-role network-operator
#
ip route-static 0.0.0.0 0 192.168.1.1
#
snmp-agent
snmp-agent local-engineid 800063A280AC74099D224C00000001
snmp-agent community read public
snmp-agent sys-info version all
#
acl number 2000
rule 0 permit source 192.168.20.0 0
#
acl number 3001
rule 1 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.87 0
rule 2 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.88 0
rule 3 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.85 0
rule 4 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.89 0
rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.182 0
rule 6 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.183 0
rule 7 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.252 0
#
acl number 3003
rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
- 2020-10-14回答
- 评论(0)
- 举报
-
(0)
这个配置有点乱。这个三层交换机是核心交换机?192.168.1.1在哪儿呢?192.168.10.1和192.168.20.1又在哪儿呢?
- 2020-10-14回答
- 评论(2)
- 举报
-
(0)
你好,1.1是上级路由,10.1和20.1是三层上的另外2个网段下的PC
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
sysname H3C # telnet server enable # irf mac-address persistent timer irf auto-update enable undo irf link-delay irf member 1 priority 1 # dhcp enable dhcp server forbidden-ip 192.168.10.1 dhcp server forbidden-ip 192.168.10.110 192.168.10.120 dhcp server forbidden-ip 192.168.20.1 # dhcp snooping enable # lldp global enable # port-isolate group 1 # password-recovery enable # vlan 1 # vlan 10 # vlan 20 # vlan 50 # traffic classifier c1 operator and if-match acl 3003 # traffic classifier c20 operator and if-match acl 3003 # traffic behavior b1 filter permit # traffic behavior b20 filter permit # qos policy P20 # qos policy p1 classifier c1 behavior b1 # qos policy p20 classifier c20 behavior b20 # stp global enable # dhcp server ip-pool 1 gateway-list 192.168.10.1 network 192.168.10.0 mask 255.255.255.0 dns-list 202.96.104.17 114.114.114.114 expired day 0 hour 12 # dhcp server ip-pool vlan20 gateway-list 192.168.20.1 network 192.168.20.0 mask 255.255.255.0 dns-list 202.96.104.17 223.5.5.5 # interface Bridge-Aggregation1 # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.2 255.255.255.0 packet-filter 3003 inbound packet-filter 2000 inbound packet-filter 3003 outbound packet-filter 2000 outbound # interface Vlan-interface10 ip address 192.168.10.1 255.255.255.0 # interface Vlan-interface20 ip address 192.168.20.1 255.255.255.0 # interface Vlan-interface50 ip address 192.168.50.1 255.255.255.252 # interface GigabitEthernet1/0/1 dhcp snooping trust # interface GigabitEthernet1/0/2 dhcp snooping trust # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 qos apply policy p1 inbound qos apply policy p1 outbound loopback-detection enable vlan 1 loopback-detection action shutdown # interface GigabitEthernet1/0/5 loopback-detection enable vlan 1 loopback-detection action shutdown # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface GigabitEthernet1/0/9 # interface GigabitEthernet1/0/10 # interface GigabitEthernet1/0/11 # interface GigabitEthernet1/0/12 shutdown # interface GigabitEthernet1/0/13 # interface GigabitEthernet1/0/14 # interface GigabitEthernet1/0/15 port link-aggregation group 1 # interface GigabitEthernet1/0/16 port link-aggregation group 1 # interface GigabitEthernet1/0/17 port access vlan 10 packet-filter 3001 inbound loopback-detection enable vlan 10 loopback-detection action shutdown # interface GigabitEthernet1/0/18 port access vlan 10 shutdown packet-filter 3001 inbound # interface GigabitEthernet1/0/19 shutdown # interface GigabitEthernet1/0/20 shutdown # interface GigabitEthernet1/0/21 port access vlan 20 # interface GigabitEthernet1/0/22 port access vlan 10 shutdown # interface GigabitEthernet1/0/23 port access vlan 50 packet-filter 3002 inbound # interface GigabitEthernet1/0/24 # interface Ten-GigabitEthernet1/0/25 # interface Ten-GigabitEthernet1/0/26 # interface Ten-GigabitEthernet1/0/27 # interface Ten-GigabitEthernet1/0/28 port link-type trunk port trunk permit vlan all # scheduler logfile size 16 # line class aux user-role network-admin # line class vty user-role network-operator # line aux 0 authentication-mode password user-role network-admin set authentication password hash $h$6$3k1iachqeEEPoQx6$IvE83K+tKJ0igAt3Eg9NS8eJGmviOOo3gbwbBmmK/WjHNcr5oeu7AOfwvoTCrDMNDlNcR1yuIOPqXC+Wf058xQ== # line vty 0 4 authentication-mode scheme user-role network-operator # line vty 5 63 user-role network-operator # ip route-static 0.0.0.0 0 192.168.1.1 # snmp-agent snmp-agent local-engineid 800063A280AC74099D224C00000001 snmp-agent community read public snmp-agent sys-info version all # acl number 2000 rule 0 permit source 192.168.20.0 0 # acl number 3001 rule 1 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.87 0 rule 2 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.88 0 rule 3 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.85 0 rule 4 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.89 0 rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.182 0 rule 6 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.183 0 rule 7 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.252 0 # acl number 3003 rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 # radius scheme system user-name-format without-domain # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$rox9NEXD7GS0NuNs$PWQYBLFyxGN3KabSrFSCQPwC6/+Sk0UbFhxmYy5jCpUTpOnPaBZ0wwM0b8E+P5EXrRmPibL3NuiFvxIakhc2hA== service-type telnet authorization-attribute user-role level-15 authorization-attribute user-role netword-admin authorization-attribute user-role network-operator # local-user ftpuser class manage password hash $h$6$r2kOO6oY9H7LRsjf$S1JRRK4eb+dtefDMf+CwJE3Wcnwp0N/3H9QL6e266J8ImkauccOWFLVxbps6gTjolV/ZW5cygy40PLS+46bZpA== service-type ftp service-type https authorization-attribute user-role level-15 authorization-attribute user-role network-operator