我有一台 Sonicwall NSA 2400,其配置已重置,并且我无法重新配置它。
Sonicwall 的 WAN 端口 (X1) 连接到互联网。其 LAN 端口 (X0) 连接到 3Com 4500G 交换机(启用第 3 层),我将其连接(中继?)到另一台 3Com 4500 交换机。
交换机指定 3 个 VLAN:
VLAN1- 数据 VLAN - 用处不大,如果有的话
VLAN2- 语音 VLAN - VoIP 电话在此连接。计算机通过电话连接到网络。
VLAN4094- 路由 VLAN - 似乎用于将网络流量路由到互联网(?)
3Com 4500G
这是直接连接到 Sonicwall NSA 2400 的交换机
4500G 配置
#
sysname #############
#
dhcp relay server-group 0 ip 192.168.10.4
dhcp relay server-group 0 ip 192.168.11.10
#
domain default enable system
#
local-server nas-ip 127.0.0.1 key 3com
#
telnet server enable
#
undo cluster enable
#
igmp-snooping
#
vlan 1
description Data VLAN
igmp-snooping enable
#
vlan 11
description Voice VLAN
#
vlan 4094
description Routing VLAN
#
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
local-user admin
service-type telnet terminal
level 3
local-user manager
password simple manager
service-type telnet terminal
level 2
local-user monitor
password simple monitor
service-type telnet terminal
level 1
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.10.1 255.255.255.0
dhcp select relay
dhcp relay server-select 0
#
interface Vlan-interface11
ip address 192.168.11.1 255.255.255.0
dhcp select relay
dhcp relay server-select 0
#
interface Vlan-interface4094
ip address 192.168.255.2 255.255.255.0
rip poison-reverse
rip version 2 multicast
#
interface GigabitEthernet1/0/1
port access vlan 4094
broadcast-suppression pps 3000
undo jumboframe enable
description Uplink to SonicWALL
stp edged-port enable
#
interface GigabitEthernet1/0/2
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/3
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/4
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/5
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/6
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/7
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/8
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/9
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/10
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/11
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/12
port link-type trunk
port trunk permit vlan all
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/13
port access vlan 11
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/14
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/15
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/16
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/17
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/18
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/19
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/20
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/21
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/22
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/23
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
broadcast-suppression pps 3000
undo jumboframe enable
stp edged-port enable
#
interface GigabitEthernet1/0/25
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
interface GigabitEthernet1/0/26
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
interface GigabitEthernet1/0/27
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
interface GigabitEthernet1/0/28
broadcast-suppression pps 3000
undo jumboframe enable
shutdown
stp edged-port enable
#
rip 1
undo summary
version 2
network 192.168.10.0
network 192.168.11.0
network 192.168.255.0
import-route direct
#
snmp-agent
snmp-agent local-engineid 8000002B0300247310B641
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
dhcp enable
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return
4500G 路由表
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.10.0/24 Direct 0 0 192.168.10.1 Vlan1
192.168.10.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.11.0/24 Direct 0 0 192.168.11.1 Vlan11
192.168.11.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.255.0/24 Direct 0 0 192.168.255.2 Vlan4094
192.168.255.2/32 Direct 0 0 127.0.0.1 InLoop0
3Com 4500
这是连接 VoIP 系统的交换机
4500 配置
#
sysname ############
#
local-server nas-ip 127.0.0.1 key 3com
#
igmp-snooping enable
#
radius scheme system
#
domain system
#
local-user admin
service-type ssh telnet terminal
level 3
local-user manager
password simple manager
service-type ssh telnet terminal
level 2
local-user monitor
password simple monitor
service-type ssh telnet terminal
level 1
#
acl number 4999
rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff
#
vlan 1
igmp-snooping enable
#
vlan 11
description Voice VLAN
#
vlan 4094
description Routing VLAN
#
interface Vlan-interface1
description Data vlan
#
interface Vlan-interface4094
ip address 192.168.255.3 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
poe enable
stp edged-port enable
broadcast-suppression pps 3000
port access vlan 11
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/2
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/3
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/4
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/5
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/6
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/7
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/8
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/9
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/10
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/11
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/12
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/13
poe enable
stp edged-port enable
broadcast-suppression pps 3000
port access vlan 11
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/14
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/15
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/16
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/17
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/18
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/19
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/20
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/21
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/22
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/23
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface Ethernet1/0/24
poe enable
stp edged-port enable
port link-type hybrid
port hybrid vlan 11 tagged
port hybrid vlan 1 untagged
broadcast-suppression pps 3000
packet-filter inbound link-group 4999 rule 0
#
interface GigabitEthernet1/0/25
port link-type trunk
port trunk permit vlan all
shutdown
#
interface GigabitEthernet1/0/26
port link-type trunk
port trunk permit vlan all
shutdown
#
interface GigabitEthernet1/0/27
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/28
port link-type trunk
port trunk permit vlan all
#
undo xrn-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Siemens AG phone
voice vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone
voice vlan mac-address 0013-1900-0000 mask ffff-ff00-0000 description Cisco 7960 phone
voice vlan mac-address 0015-2b00-0000 mask ffff-ff00-0000 description Cisco 7940 phone
voice vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips and NEC AG phone
#
ip route-static 0.0.0.0 0.0.0.0 192.168.255.2 preference 60
#
snmp-agent
snmp-agent local-engineid 8000002B00247373B0406877
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
user-interface aux 0 7
authentication-mode scheme
screen-length 22
user-interface vty 0 4
authentication-mode scheme
#
return
4500 路由表
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
0.0.0.0/0 STATIC 60 0 192.168.255.2 Vlan-interface4094
127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.255.0/24 DIRECT 0 0 192.168.255.3 Vlan-interface4094
192.168.255.3/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Sonicwall 的现状
- Sonicwall 已成功连接到互联网。
Sonicwall 的 LAN 端口(X0)配置为:
IP: 192.168.255.1 Mask: 255.255.255.0LAN口(X0)上已配置两个子接口
X0:V1 IP: 192.168.10.1 Mask: 255.255.255.0 XO:V11 IP: 192.168.11.1 Mask: 255.255.255.0Sonicwall 上启用了 DHCP,每个 X0 接口在其子网内都有一个范围
- 已为 4500G 交换机分配静态 IP(不确定是否需要):192.168.255.2
使用 Sonicwall 尝试过的事情
- XO 子接口 IP 地址设置为 4500G 交换机配置中找到的 DHCP 中继服务器 IP 地址:分别为 192.168.10.4 和 192.168.11.10。
- 在 Sonicwall 中设置 ARP 条目以拦截发送到 VLAN 接口的数据包并将其路由到 Sonicwall 网关
我想要实现的目标
我想将 VLAN11 连接到互联网(如果可能的话,也可以将 VLAN1 连接到互联网)。我希望完成此操作后电话系统将继续工作。
我想保留原来的交换机设置,因为它们仍应按照网络运行时的方式进行配置。
现在可能已经很明显了,但我对 VLAN 和防火墙还很陌生。有人能给我一些关于如何将我的 VLAN 连接到互联网的建议吗?
答案1
我让它工作了。
首先,这是硬件问题
我将一台廉价的 Linksys 交换机插入 Sonicwall 的 LAN (X0) 端口。3Com 4500G 交换机和我的笔记本电脑连接到廉价交换机。这样,交换机和我的笔记本电脑都可以连接到 Sonicwall 上的 LAN (X0) 端口。
原来 3Com 交换机插在了廉价交换机的一个坏端口上,导致无法正确测试软件设置。我将 3Com 交换机切换到了廉价交换机的另一个端口上。
然后我只需要设置路线
在 Sonicwall 上,我配置了两条路由,以便任何发往 VLAN 1 或 VLAN 11 IP 地址的流量都通过 VLAN 4094 路由。
然后,在 3Com 交换机上,我设置了到 Sonicwall IP 的静态路由,有效地告诉交换机如果不知道将流量发送到哪里,就将流量发送到 Sonicwall。
有了这种组合,流量就开始在网络上正确地流动、流动和跨网络流动。
注意:我可以在 Sonicwall 上启用 RIP,并将 Sonicwall IP 作为默认路由广播到 3Com 交换机,而不是在交换机上设置静态路由。它最终会出现在交换机路由表的相同位置,据说会执行相同的操作。我最终可能会启用 RIP 并禁用当前的静态路由,但它现在正在运行,所以我会暂时不去管它。