同一交换机两个网段能互ping通,但访问不了web服务。
- 0关注
- 1收藏,1891浏览
问题描述:
同一交换机有两个网段 192.168.14.0/24 vlan 14 和192.168.20.0/24 vlan 20 两个网段可以ping通,vlan14网段一台电脑主机开了web服务端口号8008,同网段可以访问,但是vlan 20内的主机访问不了vlan14内的这台web服务器,请问是交换机默认所有基于端口的互访关掉了吗?要如何设置才能让两个网段基于端口的服务可以互通
组网及组网描述:
version 5.20, Release 1513P15
# sysname H3C
# irf mac-address persistent timer irf auto-update enable undo irf link-delay
# domain default enable system
# vlan 1
# vlan 14
# vlan 20 to 22
# vlan 30
# vlan 60
# domain system access-limit disable state active idle-cut disable self-service-url disable
# dhcp server ip-pool vlan14 network 192.168.14.0 mask 255.255.255.0 gateway-list 192.168.14.1 dns-list 192.168.1.2 202.96.128.86 120.196.165.24 8.8.8.8 expired day 0 hour 8
# dhcp server ip-pool vlan20 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 192.168.1.2 202.96.128.86 120.196.165.24 8.8.8.8 expired day 0 hour 8
# dhcp server ip-pool vlan21 network 192.168.21.0 mask 255.255.255.0 gateway-list 192.168.21.1 dns-list 192.168.1.2 202.96.128.86 120.196.165.24 8.8.8.8 expired day 0 hour 8
# dhcp server ip-pool vlan30 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 192.168.1.2 202.96.128.86 120.196.165.24 8.8.8.8 expired day 0 hour 8
# dhcp server ip-pool vlan60 network 192.168.60.0 mask 255.255.255.0 gateway-list 192.168.60.1 dns-list 192.168.1.2 202.96.128.86 120.196.165.24 8.8.8.8 expired day 0 hour 8
# interface NULL0 # interface Vlan-interface1 ip address 192.168.1.5 255.255.255.0
# interface Vlan-interface14 ip address 192.168.14.1 255.255.255.0
# interface Vlan-interface20 ip address 192.168.20.1 255.255.255.0
# interface Vlan-interface21 ip address 192.168.21.1 255.255.255.0
# interface Vlan-interface30 ip address 192.168.30.1 255.255.255.0
# interface Vlan-interface60 ip address 192.168.60.1 255.255.255.0
# interface GigabitEthernet1/0/1
# interface GigabitEthernet1/0/2
# interface GigabitEthernet1/0/3 port access vlan 20
# interface GigabitEthernet1/0/4 port access vlan 20
# interface GigabitEthernet1/0/5 port access vlan 20
# interface GigabitEthernet1/0/6 port access vlan 20
# interface GigabitEthernet1/0/7 port access vlan 20
# interface GigabitEthernet1/0/8 port access vlan 20
# interface GigabitEthernet1/0/9 port access vlan 20
# interface GigabitEthernet1/0/10 port access vlan 20
# interface GigabitEthernet1/0/11 port access vlan 21
# interface GigabitEthernet1/0/12
# interface GigabitEthernet1/0/13
# interface GigabitEthernet1/0/14
# interface GigabitEthernet1/0/15
# interface GigabitEthernet1/0/16
# interface GigabitEthernet1/0/17
# interface GigabitEthernet1/0/18
# interface GigabitEthernet1/0/19 port access vlan 21
# interface GigabitEthernet1/0/20 port access vlan 21
# interface GigabitEthernet1/0/21 port access vlan 21
# interface GigabitEthernet1/0/22
# interface GigabitEthernet1/0/23 port access vlan 14
# interface GigabitEthernet1/0/24
# interface GigabitEthernet1/0/25
# interface GigabitEthernet1/0/26
interface GigabitEthernet1/0/27
# interface GigabitEthernet1/0/28
# ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
# dhcp server forbidden-ip 192.168.14.1 192.168.14.99 dhcp server forbidden-ip 192.168.20.1 192.168.20.99 dhcp server forbidden-ip 192.168.21.1 192.168.21.99 dhcp server forbidden-ip 192.168.30.1 192.168.30.99 dhcp server forbidden-ip 192.168.60.1 192.168.60.99
# dhcp enable
# load tr069-configuration
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user-interface vty 5 15
- 2018-08-20提问
- 举报
-
(0)
最佳答案
交换机对发过来的报文一般做硬件转发,看配置也没有过滤策略,是不会对基于端口的互访关掉的,这种情况下最好看看 vlan 20内的主机的web服务的端口是不是开启了,之后可以通过抓包确认一下这个http的报文是丢哪了
- 2018-08-20回答
- 评论(2)
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
在交换机上做端口镜像,然后用wireshark进行抓包,确认这个http的访问报文是不是丢在交换机上了