Procurve VLAN 间路由

tag-icon tag-icon routing switch vlan hp-procurve
Procurve VLAN 间路由

我们的网络存在 VLAN 路由问题。我们有两个 ProCurve 5406zl 用作核心交换机,这些交换机上的每个 VLAN 都有一个 IP 地址,并且每个 VLAN 上都配置了 VRRP 以实现冗余。我已启用 IP 路由,VLAN 间路由在一定程度上可以正常工作,但还不够完善。

使用连接到同一核心交换机的一些设备进行测试,我能够从所有其他 VLAN ping 通 VLAN 30 上的设备。但 VLAN 30 上的设备无法 ping 通其他 VLAN 上的设备。

以下是我的测试结果。

JW3-CAB02-CORE02# ping 10.10.20.2
10.10.20.2 is alive, time = 14 ms
JW3-CAB02-CORE02# ping 10.10.20.2 source 10
Request timed out.
JW3-CAB02-CORE02# ping 10.10.20.2 source 20
Request timed out.
JW3-CAB02-CORE02# ping 10.10.20.2 source 30
Request timed out.
JW3-CAB02-CORE02# ping 10.10.20.2 source 40
10.10.20.2 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.10.20.2 source 50
Request timed out.

JW3-CAB02-CORE02# ping 10.30.33.41
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 10
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 20
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 30
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 40
10.30.33.41 is alive, time = 1 ms
JW3-CAB02-CORE02# ping 10.30.33.41 source 50
10.30.33.41 is alive, time = 1 ms

以下是 ARP 缓存表中显示的两个设备

 IP ARP table

  IP Address       MAC Address       Type    Port
  ---------------  ----------------- ------- ----
  10.30.33.41      00155d-053406     dynamic B9
  10.10.20.2       00181c-0253fd     dynamic A9

以下是交换机配置的重要部分

hostname "JW3-CAB02-CORE02"

ip route 0.0.0.0 0.0.0.0 10.30.255.254
ip routing   

router vrrp
   ipv4 enable
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged A9-A14,A18-A22,B1-B10
   untagged A1-A8,A15-A17,A23-A24,B11-B24
   ip address 192.168.255.252 255.255.255.0
   exit
vlan 10
   name "BMS"
   tagged A1-A8,B20,B22
   ip address 10.10.2.252 255.255.255.0
   vrrp vrid 10
      virtual-ip-address 10.10.2.251
      enable
      exit
   exit
vlan 20
   name "Security"
   untagged A12-A14
   tagged A1-A8,B20,B22
   ip address 10.10.3.252 255.255.255.0
   vrrp vrid 20
      virtual-ip-address 10.10.3.251
      enable
      exit
   exit
vlan 30
   name "JW3 Management"
   untagged A18-A22,B1-B10
   tagged A1-A8,B20,B22
   ip address 10.30.255.252 255.255.0.0
   ip proxy-arp
   ip helper-address 10.30.33.11
   vrrp vrid 30
      virtual-ip-address 10.30.255.251
      enable
      exit
   exit
vlan 40
   name "IPTV"
   untagged A9-A11
   tagged A1-A8,B20,B22
   ip address 10.10.20.252 255.255.255.0
   ip proxy-arp
   ip helper-address 10.10.20.30
   ip igmp
   vrrp vrid 40
      virtual-ip-address 10.10.20.251
      enable
      exit
   exit
vlan 50
   name "Public WiFi"
   tagged A1-A8,A19-A21,B20,B22
   ip address 10.34.255.252 255.255.252.0
   ip helper-address 10.34.255.254
   vrrp vrid 50
      virtual-ip-address 10.34.255.251
      enable
      exit
   exit

简化网络图

答案1

所以现在看起来这是可行的,最后我 ping 的特定设备没有由设备安装人员设置的正确的默认网关和/或子网掩码。

我错误地认为,如果交换机可以 ping 通它们,那么就足够了,并且设备应该能够 ping 通其他子网,但事实似乎并非如此。

相关内容