我们正在尝试设置,以便交换机处理几个 VLAN 之间的路由和通信。然后建立到防火墙的链路网络。
配置如下:
运行配置:
; J9145A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-24G"
module 1 type j9145a
ip access-list extended "105"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
20 permit ip-in-ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "test"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
11 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
12 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list standard "allow"
10 permit 0.0.0.0 0.0.0.0
exit
ip access-list standard "test2"
10 permit 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.16.1
ip route 0.0.0.0 0.0.0.0 192.168.16.1
ip routing
interface 1
ip access-group "test" in
flow-control
exit
interface 2
ip access-group "test" in
exit
interface 3
ip access-group "test" in
exit
interface 4
ip access-group "test" in
exit
interface 5
ip access-group "test" in
exit
interface 6
ip access-group "test" in
exit
interface 7
ip access-group "test" in
exit
interface 8
ip access-group "test" in
exit
interface 9
ip access-group "test" in
exit
interface 10
ip access-group "test" in
exit
interface 11
ip access-group "test" in
exit
interface 12
ip access-group "test" in
exit
interface 13
ip access-group "test" in
exit
interface 14
ip access-group "test" in
exit
interface 15
ip access-group "test" in
exit
interface 16
ip access-group "test" in
exit
interface 17
ip access-group "test" in
exit
interface 18
ip access-group "test" in
exit
interface 19
ip access-group "test" in
exit
interface 20
ip access-group "test" in
exit
interface 21
ip access-group "test" in
exit
interface 22
ip access-group "test" in
exit
interface 23
ip access-group "test" in
exit
interface 24
ip access-group "test" in
exit
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-2,4
untagged 3,5-24
ip address 192.168.16.135 255.255.255.0
exit
vlan 861
name "ine-Back-Localexample.net"
untagged 4
tagged 1-2
ip address 10.250.32.1 255.255.255.128
ip rip 10.250.32.1
ip rip 10.250.32.1 receive v1-only
ip rip 10.250.32.1 send v1-only
protocol "IPv4,ARP"
exit
vlan 862
name "ine-Front-Inetexample.net"
tagged 1-2
ip address 10.250.32.129 255.255.255.128
ip rip 10.250.32.129
ip rip 10.250.32.129 receive v1-only
ip rip 10.250.32.129 send v1-only
protocol "IPv4,ARP"
exit
vlan 863
name "ine-Back-Inetexample.net"
tagged 1-2
ip address 10.250.33.1 255.255.255.0
protocol "IPv4,ARP"
exit
vlan 864
name "ine-Front-s-example.net"
tagged 1-2
ip address 10.250.34.1 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 865
name "ine-Back-s.example.net"
tagged 1-2
ip address 10.250.34.129 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 866
name "ine-esx-uplink.example.net"
untagged 1-2
ip address 10.250.37.2 255.255.255.252
protocol "IPv4,ARP"
exit
vlan 867
name "ine-Front-Ihostnet-example.net"
tagged 1-2
ip address 10.250.35.1 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 868
name "ine-Back-Ihostnet-example.net"
tagged 1-2
ip address 10.250.35.129 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 869
name "ine-Client-nat.example.net"
tagged 1-2
ip address 10.250.36.1 255.255.255.0
protocol "IPv4,ARP"
exit
password manager
这是配置的 pastbinhttp://pastebin.com/tvp5dRKp
路由从管理网络工作,我们可以访问每个 VLAN 及其上的资源。但是从 Vlan 862 开始,我们无法访问 VLAN 861。(我们可以向其上的所有主机发送 ICMP 流量)但机器人可以通过 HTTP/SSH 等访问任何服务器。
任何建议都非常好!