这是因为我忘记了一个开关。如果你很无聊,请继续阅读
SonicWALL NSA 3500 连接到 Cisco Catalyst 3850。SonicWALL 有“子接口”(VLAN)V2、V800 和 V802。2 和 802 一直运行良好,我现在正尝试添加 800,但没有流量通过中继。查看我的配置图片。我无法获得带有要连接的设备的下游“交换机端口访问 VLAN 800”端口,并且在交换机上我无法 ping 172.16.16.7,这是 SonicWALL 子接口 IP,但我可以 ping VLAN 802 的 IP。
编辑- 自从使用“ip classless”配置 Cisco 以来,我能够让 Spanning-Tree 退出“BKN”状态,并且 VLAN 800 现在在“sh int gi1/0/2 中继“但我的主要问题仍然是无法传递流量或连接该 VLAN 上的接入设备。
如果图像太小看不清,请提供以下图像链接:http://oi60.tinypic.com/15cllp1.jpg
编辑
转变#sh 跨度总和
Switch is in pvst mode
Root bridge for: VLAN0800
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 9 9
VLAN0002 0 0 0 14 14
VLAN0003 0 0 0 9 9
VLAN0004 0 0 0 10 10
VLAN0005 0 0 0 10 10
VLAN0006 0 0 0 9 9
VLAN0007 0 0 0 9 9
VLAN0008 0 0 0 9 9
VLAN0009 0 0 0 9 9
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0010 0 0 0 9 9
VLAN0011 0 0 0 9 9
VLAN0012 0 0 0 10 10
VLAN0013 0 0 0 9 9
VLAN0014 0 0 0 9 9
VLAN0015 0 0 0 11 11
VLAN0016 0 0 0 9 9
VLAN0017 0 0 0 9 9
VLAN0018 0 0 0 11 11
VLAN0103 0 0 0 9 9
VLAN0104 0 0 0 10 10
VLAN0105 0 0 0 10 10
VLAN0106 0 0 0 9 9
VLAN0107 0 0 0 9 9
VLAN0111 0 0 0 9 9
VLAN0800 0 0 0 9 9
VLAN0802 0 0 0 10 10
VLAN0803 0 0 0 9 9
---------------------- -------- --------- -------- ---------- ----------
27 vlans 0 0 0 258 258
转变#sh 跨度 VLAN 800
VLAN0800
Spanning tree enabled protocol ieee
Root ID Priority 4896
Address dca5.f433.4980
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4896 (priority 4096 sys-id-ext 800)
Address dca5.f433.4980
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/2 Desg FWD 19 128.2 P2p
Gi1/0/14 Desg FWD 4 128.14 P2p
Gi1/0/15 Desg FWD 4 128.15 P2p
Gi1/0/16 Desg FWD 4 128.16 P2p
Gi1/0/17 Desg FWD 4 128.17 P2p
Te1/1/3 Desg FWD 4 128.55 P2p
Te1/1/4 Desg FWD 4 128.56 P2p
Po1 Desg FWD 3 128.2027 P2p
Po2 Desg FWD 3 128.2028 P2p
转变#sh int gi1/0/2 交换机端口
Name: Gi1/0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
*请参阅我的顶部编辑 - VLAN 800 现在显示在“sh int gi1/0/2 trunk”作为非修剪 VLAN,但这并没有改变我无法连接该 VLAN 上任何东西的问题,而且我仍然无法 ping 172.16.16.7
答案1
这听起来像是路由问题。确保 Cisco Catalyst 3850 具有到 SonicWALL NSA 3500 的默认路由或通过 SonicWALL 直接到 172.16.16.0/24 目的地的路由。没有正确的路由将导致交换机无法 PING 不在同一子网上的 IP 地址。
我很好奇,想知道 vlan 800 上的设备是否可以 PING 172.16.16.7。
提供一些 TRACEROUTE 结果也会对从交换机到 172.16.16.7 以及到 vlan 800 上的设备以及从 vlan 800 上的设备到 172.16.16.7 以及到交换机有所帮助。
答案2
天哪,我真是个白痴。思科和 SonicWALL 之间有一个交换机,我完全忘了,直到我上去安装网络分路器时才发现。它本应该把所有东西都传下去,但我一时兴起,决定检查一下它的配置,发现switchport trunk allowed vlan 1,2,802,1002-1005两个端口都出现了问题。很抱歉浪费了大家的时间和精力。它现在可以正常工作了。