华为S5720,vlan三层互通,但vlan下的接口允许设置为其它vlan的IP段信息的设备通信
- 0关注
- 0收藏,626浏览
问题描述:
网络拓扑如下图,正常情况下,vlan20接口上的设备,把IP信息设置为vlan30的,是无法通过交换机通信的,但现在乱套了,把vlan20接口上的设备的IP和网关设置为vlan30的、vlan30接口下的设备的IP和网关设置为vlan20的,都能通信,这是哪里出问题了?怎么纠正?
出现这种问题后,有拿一台单独的S5720交换机做过测试,不接另外一台C2960交换机,其它配置一样,没有以上的问题。
组网及组网描述:
- 2025-03-18提问
- 举报
-
(0)
最佳答案
看一下华为交换机配置是不是两个段使用子接口的方式啊
- 2025-03-18回答
- 评论(1)
- 举报
-
(0)
没有配置子接口
没有配置子接口
你这个拓扑图还是有很多疑问的?
1、华为192.168.20.0/24在Vlan20,为什么思科192.168.20.0/24又在vlan1呢?
2、你说的通信是指怎么样的通信呢?
3、“把vlan20接口上的设备的IP和网关设置为vlan30的”是指把所有的vlan20上的PC都同时改吗?
- 2025-03-18回答
- 评论(2)
- 举报
-
(0)
1,说错了,我刚刚再检查了一下配置,是我抄错了,在C2960的vlan20上配置的IP,不是在vlan1上
1,思科上的vlan1配置了一个IP,应该是方便通过网络连接到这台交换机进行维护,我也想不明白为啥要配个vlan20段的IP,可能就是这个配置引起的问题也说不好。 2,通信就是指pc能上网,能访问vlan20,vlwn30接口下连接的电脑和设备,比如打印机,服务器。 3,随便拿台电脑 ,配置成vlan30段的IP和网关,接到vlan20所属的交换机端口上,都能正常访问网络。 我是接手后,发现有这个问题,按原样画出的拓扑图.
1,说错了,我刚刚再检查了一下配置,是我抄错了,在C2960的vlan20上配置的IP,不是在vlan1上
配置 问题,把两台配置 粘贴出来看看
- 2025-03-18回答
- 评论(2)
- 举报
-
(0)
没道理啊,dis int brief , dis mac address 结果,反馈一下,并标识是哪个口的IP地址可以随便换。
华为S5720配置(以下内容中的加密密码太长,去掉了,其它未改动) !Software Version V200R019C10SPC500 # sysname Switch # undo info-center enable # vlan batch 10 20 30 40 # authentication-profile name default_authen_profile authentication-profile name dot1x_authen_profile authentication-profile name dot1xmac_authen_profile authentication-profile name mac_authen_profile authentication-profile name multi_authen_profile authentication-profile name portal_authen_profile # telnet server enable # clock timezone Beijing,Chongqing,Hongkon,Urumqi add 08:00:00 # diffserv domain default # radius-server template default # pki realm default certificate-check none # free-rule-template name default_free_rule # portal-access-profile name portal_access_profile # drop-profile default # aaa authentication-scheme default authentication-mode local authentication-scheme radius authentication-mode radius authorization-scheme default authorization-mode local accounting-scheme default accounting-mode none local-aaa-user password policy administrator password history record number 0 password expire 0 domain default authentication-scheme radius accounting-scheme default radius-server default domain default_admin authentication-scheme default accounting-scheme default local-user bbq local-user bbq privilege level 15 local-user bbq service-type all local-user admin local-user admin privilege level 15 local-user admin service-type all # ntp-service disable # interface Vlanif1 # interface Vlanif10 ip address 192.168.10.10 255.255.255.0 # interface Vlanif20 ip address 192.168.20.1 255.255.255.0 # interface Vlanif30 ip address 192.168.30.1 255.255.255.0 # interface Vlanif40 ip address 192.168.40.1 255.255.255.0 # interface MEth0/0/1 ip address 192.168.1.253 255.255.255.0 # interface GigabitEthernet0/0/1 port default vlan 10 # interface GigabitEthernet0/0/2 port default vlan 40 # interface GigabitEthernet0/0/3 port default vlan 40 # interface GigabitEthernet0/0/4 port default vlan 40 # interface GigabitEthernet0/0/5 port default vlan 20 # interface GigabitEthernet0/0/6 port default vlan 20 # interface GigabitEthernet0/0/7 port default vlan 20 # interface GigabitEthernet0/0/8 port default vlan 20 # interface GigabitEthernet0/0/9 port default vlan 20 # interface GigabitEthernet0/0/10 port default vlan 20 # interface GigabitEthernet0/0/11 port default vlan 20 # interface GigabitEthernet0/0/12 port default vlan 20 # interface GigabitEthernet0/0/13 port default vlan 20 # interface GigabitEthernet0/0/14 port default vlan 20 # interface GigabitEthernet0/0/15 port default vlan 20 # interface GigabitEthernet0/0/16 port default vlan 20 # interface GigabitEthernet0/0/17 port default vlan 20 # interface GigabitEthernet0/0/18 port default vlan 20 # interface GigabitEthernet0/0/19 port default vlan 20 # interface GigabitEthernet0/0/20 port default vlan 30 # interface GigabitEthernet0/0/21 port default vlan 30 # interface GigabitEthernet0/0/22 port default vlan 30 # interface GigabitEthernet0/0/23 port default vlan 30 # interface GigabitEthernet0/0/24 port link-type trunk port trunk allow-pass vlan 2 to 4094 # interface GigabitEthernet0/0/25 port default vlan 20 # interface GigabitEthernet0/0/26 port default vlan 20 # interface GigabitEthernet0/0/27 port default vlan 20 # interface GigabitEthernet0/0/28 port default vlan 20 # interface GigabitEthernet0/0/29 # interface GigabitEthernet0/0/30 # interface GigabitEthernet0/0/31 # interface GigabitEthernet0/0/32 # interface NULL0 # undo icmp name timestamp-request receive # ip route-static 0.0.0.0 0.0.0.0 192.168.10.1 # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256 ssh client cipher aes256_ctr aes128_ctr ssh client hmac sha2_256 ssh server dh-exchange min-len 2048 # user-interface con 0 authentication-mode password set authentication password cipher user-interface vty 0 4 authentication-mode aaa user privilege level 15 protocol inbound telnet user-interface vty 16 20 # dot1x-access-profile name dot1x_access_profile # mac-access-profile name mac_access_profile # ops # return 思科C2960配置(中间去掉了一段证书的内容,其它未改动) ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service sequence-numbers ! hostname Switch ! boot-start-marker boot-end-marker ! enable secret 5 ! username username ! ! no aaa new-model ! ! ! ! crypto pki trustpoint TP-self-signed-1973211136 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1973211136 revocation-check none rsakeypair TP-self-signed-1973211136 ! ! crypto pki certificate chain TP-self-signed-1973211136 certificate self-signed 01 308202 C2BD . . . . 5892 7ED4CF quit spanning-tree mode pvst spanning-tree extend system-id ! ! ! ! vlan internal allocation policy ascending ! ip ftp username ftp ip ftp password ftp ! interface FastEthernet0 no ip address ! interface GigabitEthernet0/1 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/2 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/3 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/4 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/5 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/6 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/7 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/8 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/9 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/10 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/11 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/12 switchport access vlan 20 switchport mode access ! interface GigabitEthernet0/13 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/14 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/15 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/16 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/17 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/18 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/19 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/20 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/21 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/22 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/23 switchport access vlan 30 switchport mode access ! interface GigabitEthernet0/24 switchport mode trunk ! interface GigabitEthernet0/25 ! interface GigabitEthernet0/26 ! interface Vlan1 no ip address ! interface Vlan20 ip address 192.168.20.2 255.255.255.0 ! ip http server ip http secure-server ! line con 0 line vty 0 4 login local line vty 5 login local line vty 6 15 login ! end
没道理啊,dis int brief , dis mac address 结果,反馈一下,并标识是哪个口的IP地址可以随便换。
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明