iT邦幫忙

0

L3 兩個PORT各為一個VLAN 如何讓兩個VLAN互通

小弟公司目前要架設的網路架構:
在L3上每個PORT為一個VLAN每個PORT會有64個IP,目前使用兩個PORT做測試,PORT2=VLAN2 PORT3=VLAN3
VLAN2 IP:192.168.1.0
VLAN3 IP:10.1.1.1
小弟上網查使用SVI就可以做到兩個VLAN互通,但實際上設定完不能通阿~~
我該如何讓兩個VLAN可以互通?以下是小弟的Show run 拜託高手替我解答
SW1#sh run
Building configuration...

Current configuration : 10614 bytes
!
! Last configuration change at 12:08:14 taipei Thu Dec 13 2018
!
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname SW1
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$gPL3$1izvtL27YQB4GOVLGYfGd1
!
no aaa new-model
clock timezone taipei 8 0
switch 1 provision ws-c3650-24td
!
!
!
!
ip routing
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1054917964
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1054917964
revocation-check none
rsakeypair TP-self-signed-1054917964
!
!
crypto pki certificate chain TP-self-signed-1054917964
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303534 39313739 3634301E 170D3138 31313236 30363133
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353439
31373936 34308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100D34F 72E99FD7 A0C765FA 3F7E927C C7269995 2642AF4A 98FA4B39
CE8820B3 9981C115 3329F8A5 837E39BC AC009533 685474BA F661A8E0 DD30654F
5611181A 63DD75CA 098BB53A 1AF9EEC1 4AD9B8E5 6A9BD13D 799A8E78 C2EC2AEC
01E78A68 95F351FE 3C81FCF9 D7148234 86DA8B59 EFA31AEB 0F8268A1 2C996909
B480ADF6 8233D626 874649AB 8709FFD5 55AD57F1 87CA0FBA E30493F0 32ED4DB6
A324BB70 FAC0D946 FB4E87B2 66EACD28 D95F3283 3ABF0676 5BF074B4 00D762B2
9A882E65 E05F778C ABEB1717 C666DC68 821445D5 0D98109F 1ABE2E2F 07BFDE2C
50D85215 A471418D 970513B1 FB62E2FD 599DB465 83FD97EC 365BC7BF 8BEE4607
19DE8BF8 2E770203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14AD5F05 C63204F4 5D4EBF48 C9DA925A 02F0EE94
97301D06 03551D0E 04160414 AD5F05C6 3204F45D 4EBF48C9 DA925A02 F0EE9497
300D0609 2A864886 F70D0101 05050003 82010100 1EABBA0F 4DAACDE1 03CBB824
6AA49C70 B947D9E5 A30D1E8A BBFD8D83 2C6235E1 2C8DE2D1 3E13DEBD BBD73CCF
2E5C1DA0 411A10FC D72E834B 6901DCAC 94DF15B7 96EB202C 79CF0D5D 1DF1A20D
D979DA21 5470237D 868A75A8 F565D85C E4439E10 67966065 C9B40FF2 28E31D15
95824D5A B313E1C7 4C61858C 6E72FF55 5495739A EDFCA3E3 D23790DA B0D1DD54
27991AA9 9170AC1D 2590D31E 3B5C0C6C 08FD3AC0 F98B8D38 08E91E46 A7286FF8
5F7A8C98 165C0DA5 00B0C4D7 9B34DD76 54BF4093 8C4C0C41 88334C53 3C2862D3
F6808802 27F5F588 2CAF55C8 37AE7722 05D9F0DC E64C0521 C8BF8DB0 A0F9C839
DC8B787B B09F3FCC 2EEA7A70 5D57B43A 3EF0D7D3
quit
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
username admin privilege 15 secret 5 $1$kwSa$nTn/nwx3XORNO6zfLL6mP1
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet1/0/1
description TO_Sophos_P3
no switchport
ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/6
switchport mode access
!
interface GigabitEthernet1/0/7
switchport mode access
!
interface GigabitEthernet1/0/8
switchport mode access
!
interface GigabitEthernet1/0/9
switchport mode access
!
interface GigabitEthernet1/0/10
switchport mode access
!
interface GigabitEthernet1/0/11
switchport mode access
!
interface GigabitEthernet1/0/12
switchport mode access
!
interface GigabitEthernet1/0/13
switchport mode access
!
interface GigabitEthernet1/0/14
switchport mode access
!
interface GigabitEthernet1/0/15
switchport mode access
!
interface GigabitEthernet1/0/16
switchport mode access
!
interface GigabitEthernet1/0/17
switchport mode access
!
interface GigabitEthernet1/0/18
switchport mode access
!
interface GigabitEthernet1/0/19
switchport mode access
!
interface GigabitEthernet1/0/20
switchport mode access
!
interface GigabitEthernet1/0/21
switchport mode access
!
interface GigabitEthernet1/0/22
switchport mode access
!
interface GigabitEthernet1/0/23
switchport mode access
!
interface GigabitEthernet1/0/24
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.1.0 255.255.255.0
interface Vlan3
ip address 10.1.1.1 255.255.255.0

ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip tftp source-interface GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080

control-plane
service-policy input system-cpp-policy
!
!
no vstack
!
line con 0
exec-timeout 30 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
session-timeout 30
password cisco
logging synchronous
login
transport input telnet ssh
line vty 5 15
login
!
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

SW1#write
Building configuration...
[OK]

看更多先前的討論...收起先前的討論...
看一下sh ip route吧.
SVI跟routed port是什麼環境下設定出來的.
yesongow iT邦大師 1 級 ‧ 2018-12-18 11:54:16 檢舉
cisco switch 已經有下了 ip routing指令了!
czmabc111 iT邦新手 5 級 ‧ 2018-12-19 00:43:16 檢舉
小弟看過 ip route了 並且Port都有up/up了,且pc可以互相ping 到對方的gw,但是其他電腦的Ip卻ping不到
czmabc111 iT邦新手 5 級 ‧ 2018-12-19 00:51:20 檢舉
SW1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.1.0/8 is variably subnetted, 4 subnets, 2 masks
C 192.168.1.0/26 is directly connected, Vlan2
L 192.168.1.62/32 is directly connected, Vlan2
C 10.1.1.1/26 is directly connected, Vlan3
L 10.1.1.126/32 is directly connected, Vlan3


SW1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan2 192.168.1.62 YES NVRAM up up
Vlan3 10.1.1.126 YES NVRAM up up
routing table看起來跟config對不起來,
interface Vlan2
ip address 192.168.1.0 255.255.255.0 <--/24 用0??
interface Vlan3
ip address 10.1.1.1 255.255.255.0
bluegrass iT邦高手 1 級 ‧ 2019-01-03 11:15:44 檢舉
既然都每個PORT都是一個VLAN的GATEWAY
為什麼不直接在PORT上邊no switchport再打IP就好
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

1 個回答

0
唬爛
iT邦好手 1 級 ‧ 2018-12-19 16:44:45

interface Vlan2
ip address 192.168.1.0 255.255.255.0 => 192.168.1.0是Net ID,請修正

我要發表回答

立即登入回答