cisco3560+ROS 各VLAN的PPPOE拨入问题?
本帖最后由 heartsdal 于 2010-5-18 18:38 编辑Hi,
划分VLAN后,因ROS不能读取三层交换机下的电脑的MAC地址,决定设置为跟ROS同VLAN2的电脑用IP绑定来限制上网,其它VLAN用PPPOE拨入上网,但已经研究了3天,对照了网上各种教程,还是不行,希望大家帮我看看,我上传各配置图。
ROS 内网卡LAN IP地址:192.168.0.1/24,通过WAN网卡接入电信, ROS内网卡接网线到CISCO 3560 F0/1口, VLAN2 :192.168.0.2VLAN3:192.168.20.1VLAN4 192.168.30.1
在ROS里LAN网卡建立3个跟3560一样ID的3个VLAN, 再分配IP如下:VLAN2:192.168.0.3VLAN3:192.168.20.2 VLAN4:192.168.30.2
现在遇到的情况就是只有跟ROS一起的VLAN2 里的电脑可以通过PPPOE拨入上网,其它VLAN不能拨入?一直找不到原因,先谢了,Any help would be greatly appreciated。
Current configuration : 2888 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname Switch
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 3
switchport mode access
interface FastEthernet0/17
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 3
switchport mode access
interface FastEthernet0/21
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 4
switchport mode access
interface FastEthernet0/23
switchport access vlan 4
switchport mode access
interface FastEthernet0/24
switchport access vlan 4
switchport mode access
interface GigabitEthernet0/1
switchport access vlan 2
interface GigabitEthernet0/2
switchport access vlan 3
switchport mode access
interface Vlan1
no ip address
shutdown
interface Vlan2
ip address 192.168.0.2 255.255.255.0
interface Vlan3
ip address 192.168.20.1 255.255.255.0
interface Vlan4
ip address 192.168.30.1 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
ip http secure-server
control-plane
line con 0
line vty 0 4
password cisco
login
length 0
line vty 5 15
login
end 还有一个问题:
如果我把LAN ARP设成enable,那所有VLAN里的电脑都可以上网,那怎么禁止约150多台电脑上网呢?
当然如果有办法能让ROS读取到三层交换机下面电脑的MAC地址更好了,不知道有没有办法办到? 沉得好快~~~~~~~~~~~~~~ 在ROS中给你不要上网的IP做限制就行了,难吗? 回复 4# xiasha11
电脑很多怎么办?一台一台设?IP地址被改动了怎么办? 在三层上做IP MAC绑定,在ROS上做限制 本帖最后由 胡天胡地 于 2010-5-18 20:16 编辑
3560的1口,要设成TRUNK口,不要划到VLAN里
switmode turnk
swit trunk encap dot1q 感谢楼上,我把1口设成TRUNK口,撤出VLAN2,我把ROS LAN口网线接在1口时,全部VLAN不能上网。 是不是还要其它操作? 帮你顶 TRUNK口去除VLAN的TAG标志。。要不就要在ROS启用对应VALN号。。 回复 10# 小小鸟
感谢各位的回复,谢谢。
引用百度里的TAG回复:不同交换机之间通过trunk端口连接,两个交换机都有vlan10 且都有一台pc机。这是从一台pc ping另一台pc机通过trunk口的时候才会打上tag标签。到达另一个交换机的时候就会去掉tag。注意:trunk口需要设置允许vlan10通过。两边相同配置。还有就是默认pvid是vlan1 也就是vlan1不需要打标签通过。如果两端端口设置pvid为10,此时vlan10的数据也是不需要打tag 还是不行,我哭,咱回事,贴出VLAN配置图
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
2 VLAN0002 active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Gi0/1
3 VLAN0003 active Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Gi0/2
4 VLAN0004 active Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN TypeSAID MTU Parent RingNo BridgeNo StpBrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet100001 1500- - - - - 0 0
2 enet100002 1500- - - - - 0 0
3 enet100003 1500- - - - - 0 0
4 enet100004 1500- - - - - 0 0
1002 fddi101002 1500- - - - - 0 0
1003 tr 101003 1500- - - - - 0 0
1004 fdnet 101004 1500- - - ieee - 0 0
1005 trnet 101005 1500- - - ibm- 0 0
Remote SPAN VLANs
Primary Secondary Type Ports 本帖最后由 guoying 于 2010-5-23 11:15 编辑
在ros中ping下内网,看是否能通!!! 本帖最后由 guoying 于 2010-5-23 11:18 编辑
楼主起用了ip routing,内网是通的.所以重点还是在ros网关上,其实加入静态路由,不用在ros上划分vlan,也可以访问所有访问内网. 如果不绑定ARP,在ROS中PING内网是通的,一旦绑定ARP,只有跟ROS同VLAN中的电脑是通的,其它VLAN是不通的
页:
[1]
2