URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID6
Нить номер: 587
[ Назад ]

Исходное сообщение
"Что не так в связке Cat-3560-Cat3750?"

Отправлено Agahome , 10-Мрт-13 15:15 
Cat3560-48 подключен портом Fa 0/5 (vlan4) к WAN через межсетевой экран, а через Gigaбитные интерфейсы подключен к Cat3750, который своими другими гигабитными интерфейсами соединен с остальными свичами (Cat3560) локальной сети. Возникла задача - создать на портах Fa 0/13-15 основного коммутатора Cat3560 изолированный от всей остальной локальной сети вилан (VLAN 35 ip 210.32.35.0/24), из которого были видны только внешние сети в WAN. Почему то удаленные хосты, находящиеся за пределами локальной сети, видны только из коммутатора Cat3750, но не видны из Cat3560-48 и, соответственно, не видны с компьютеров, подключенных к его портам 13-15. Почему так, ведь пакеты в WAN идут через этот коммутатор? Кто может подсказать- где что не так? Спасибо!

Конфиг Cat3560-48:
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname cat3560-48-1
!
boot-start-marker
boot-end-marker
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
no ip domain-lookup
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
vlan internal allocation policy ascending
!
vlan 4
name FPS
!
vlan 16
name Ras
!
vlan 17
name VLAN_Scop
!
vlan 28
name VLAN_TEL
!
vlan 29
name VLAN_VIP
!
vlan 30
name VLAN_VFPS
!
vlan 35  
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface FastEthernet0/1
switchport trunk encapsulation isl
switchport mode trunk
!
interface FastEthernet0/2
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 4
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/6
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 4
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/8
spanning-tree portfast
!
interface FastEthernet0/9
spanning-tree portfast
!
interface FastEthernet0/10
spanning-tree portfast
!
interface FastEthernet0/11
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/12
spanning-tree portfast
!
interface FastEthernet0/13
description Class-Room
switchport access vlan 35
spanning-tree portfast
!
interface FastEthernet0/14
description Class-Room
switchport access vlan 35
spanning-tree portfast
!
interface FastEthernet0/15
description Class-Room
switchport access vlan 35
spanning-tree portfast
!
interface FastEthernet0/16
spanning-tree portfast
!        
interface FastEthernet0/17
spanning-tree portfast
!
interface FastEthernet0/18
spanning-tree portfast
!
interface FastEthernet0/19
spanning-tree portfast
!
interface FastEthernet0/20
spanning-tree portfast
!
interface FastEthernet0/21
spanning-tree portfast
!
interface FastEthernet0/22
spanning-tree portfast
!
interface FastEthernet0/23
spanning-tree portfast
!
interface FastEthernet0/24
spanning-tree portfast
!
interface FastEthernet0/25
spanning-tree portfast
!
interface FastEthernet0/26
spanning-tree portfast
!
interface FastEthernet0/27
spanning-tree portfast
!
interface FastEthernet0/28
description VKS_Stend
switchport access vlan 29
switchport trunk encapsulation dot1q
switchport trunk native vlan 29
switchport mode trunk
switchport voice vlan 28
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/29
spanning-tree portfast
!
interface FastEthernet0/30
spanning-tree portfast
!
interface FastEthernet0/31
spanning-tree portfast
!
interface FastEthernet0/32
spanning-tree portfast
!
interface FastEthernet0/33
spanning-tree portfast
!
interface FastEthernet0/34
spanning-tree portfast
!
interface FastEthernet0/35
spanning-tree portfast
!
interface FastEthernet0/36
spanning-tree portfast
!
interface FastEthernet0/37
spanning-tree portfast
!
interface FastEthernet0/38
spanning-tree portfast
!
interface FastEthernet0/39
spanning-tree portfast
!
interface FastEthernet0/40
description Polycom
switchport access vlan 29
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/41
description Polycom_318
switchport access vlan 29
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/42
description IP-Tel Boss
switchport access vlan 29
switchport trunk encapsulation dot1q
switchport trunk native vlan 29
switchport mode trunk
switchport voice vlan 28
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/43
description Polycom
switchport access vlan 29
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/44
description IP-Tel Secr
switchport access vlan 29
switchport trunk encapsulation dot1q
switchport trunk native vlan 29
switchport mode trunk
switchport voice vlan 28
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/45
description VFPS
switchport access vlan 30
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/46
description Polycom
switchport access vlan 29
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/47
description Polycom
switchport access vlan 29
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/48
description VFPS
switchport access vlan 30
speed 100
duplex full
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 1 mode active
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 1 mode active
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Vlan1
ip address 210.32.2.201 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan15
description class_room
no ip address
!
interface Vlan35
ip address 210.32.35.201 255
!
ip default-gateway 210.32.1.250
no ip classless
ip route 10.60.1.55 255.255.255.255 210.32.4.253
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
password 7 101D5841564445
logging synchronous
login
line vty 5 15
password 7 101D5841564445
logging synchronous
login
!
end


Конфиг Cat3750:
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname cat3750-12
!
no aaa new-model
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-12s
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
vlan internal allocation policy ascending
!
vlan 4
name FPS
!
vlan 16
name Ras
!
vlan 17
name VLAN_scop
!        
vlan 28
name VLAN_TEL
!
vlan 29
name VLAN_VIP
!
vlan 30
name VLAN_VFPS
!
vlan 35
name Class-Room
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel3
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel4
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel5
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel6
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel7
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel8
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel9
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel10
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel11
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface Port-channel12
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 1 mode active
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 2 mode active
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 3 mode active
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 4 mode active
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 5 mode active
!
interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 6 mode active
!
interface GigabitEthernet1/0/7
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 7 mode active
!
interface GigabitEthernet1/0/8
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 8 mode active
!
interface GigabitEthernet1/0/9
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 9 mode active
!
interface GigabitEthernet1/0/10
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 10 mode active
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 11 mode active
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level pps 150 100
storm-control multicast level pps 150 100
storm-control action trap
channel-group 12 mode active
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface Vlan1
description VLAN_INTERNAL
ip address 210.32.1.250 255.255.240.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan4
description VLAN_EXTERNAL
ip address 210.32.254.246 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan16
description VLAN_Ras
ip address 210.32.16.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan17
description VLAN_scop
ip address 210.32.17.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan28
description VLAN_TEL
ip address 210.32.230.20 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan29
description VLAN_VIP
ip address 210.32.230.10 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan30
description VLAN_VFPS
ip address 210.2.230.250 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan35
description Class-Room
ip address 210.32.35.250 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip classless
ip route 0.0.0.0 0.0.0.0 210.32.254.250
ip route 10.65.128.0 255.255.255.0 210.32.230.253
ip route 10.67.5.55 255.255.255.255 210.32.254.253
ip route 10.72.0.0 255.255.255.0 210.32.230.253
ip route 10.78.215.0 255.255.255.0 210.32.230.253
ip route 10.79.0.0 255.255.255.0 210.32.230.253
ip route 10.97.0.0 255.255.255.0 210.32.230.253
ip route 105.151.230.0 255.255.255.0 210.32.230.253
ip route 150.151.30.0 255.255.255.0 210.32.230.253
ip route 210.42.30.0 255.255.255.0 210.32.230.253
no ip http server
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
login local
line vty 5 15
login local
!
end


Содержание

Сообщения в этом обсуждении
"Что не так в связке Cat-3560-Cat3750?"
Отправлено Mr. Mistoffelees , 11-Мрт-13 17:09 
Привет,

> Конфиг Cat3560-48:
> vlan 35

Добавьте name для этого VLAN-а и, возможно, восцариться счастье. А почему так? Спросите у кошководов.

WWell,


"Что не так в связке Cat-3560-Cat3750?"
Отправлено Agahome , 16-Мрт-13 14:34 
Спасибо!
Получилось!

> Привет,
>> Конфиг Cat3560-48:
>> vlan 35
> Добавьте name для этого VLAN-а и, возможно, восцариться счастье. А почему так?
> Спросите у кошководов.
> WWell,


"Что не так в связке Cat-3560-Cat3750?"
Отправлено Andrey , 11-Мрт-13 18:43 
У вас на 3560 стоит команда ip default-gateway.
Команда ip default-gateway применяется если на коммутаторе не включена маршрутизация.
А строчки ip route 0.0.0.0 0.0.0.0 <куда-то туда> у вас на 3560 нет.
Сделайте из свитча нормальную L3 железку и потом нарезайте на ней интерфейсы VLAN для маршрутизации.

З.Ы.: Вау! Какие красивые парольки на консольки! :)