3,812
社区成员
发帖
与我相关
我的任务
分享怎样做路由让其可以同时上内外网。
三层交换机的配置如下:
CHIN#show startup
Building configuration,please wait...
Current configuration:
system version : 3
#begin
hostname CHIN
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
router rip
#
service dhcp server
ip dhcp pool pool1
default-router 192.168.2.1
dns-server 172.16.1.1
range 192.168.2.2 192.168.2.254 255.255.255.0
lease 1 0 0
#
clock set 5:49:31 1 1 1993
calendar set 5:49:31 1 1 1993
interface fastEthernet 0/1
no switchport
ip address 172.16.1.2 255.255.255.252
#
interface fastEthernet 0/2
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/3
vlan 3
switchport access vlan 3
#
interface fastEthernet 0/4
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/5
vlan 2
switchport mode trunk
switchport trunk vlan 1-4,100
#
interface fastEthernet 0/6
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/7
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/8
switchport mode trunk
switchport trunk vlan 1-2,100
#
interface fastEthernet 1/1
vlan 4
#
interface fastEthernet 1/2
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 1/3
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 1/4
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 1/5
vlan 2
switchport access vlan 2
#
interface fastEthernet 1/6
vlan 2
switchport access vlan 2
#
interface fastEthernet 1/7
vlan 2
switchport access vlan 2
#
interface fastEthernet 1/8
no switchport
ip address 192.168.5.1 255.255.255.0
#
interface gigabitEthernet 1
#
interface vlan 1
#
interface vlan 2
no shutdown
ip address 192.168.2.1 255.255.255.0
ip dhcp enable
#
interface vlan 3
no shutdown
ip address 192.168.1.1 255.255.255.0
#
interface vlan 4
no shutdown
ip address 192.168.3.200 255.255.255.0
ip access-group 101
#
interface vlan 100
no shutdown
ip address 192.168.0.1 255.255.255.0
#
ip route 192.168.1.0 255.255.255.0 192.168.3.200 1
ip route 192.168.5.0 255.255.255.0 192.168.5.1 1
ip route 0.0.0.0 0.0.0.0 172.16.1.1 1
#end
vlan 2 可以上外网(只能让其上外网,自动获得IP。不可以让其上内网)。
VLAN 4 只能上内网服务器(用固定IP),现在我想让属于VLAN 4 的二层交换机的端口可以上内网同时也可以上外网,请问在三层交换机怎么做路由。
这个问题比较那个,可我不会。请各位高手给予指教。不胜感激。
CHIN#show startup
Building configuration,please wait...
Current configuration:
system version : 3
#begin
hostname CHIN
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
router rip
#
service dhcp server
ip dhcp pool pool1
default-router 192.168.2.1
dns-server 172.16.1.1
range 192.168.2.2 192.168.2.254 255.255.255.0
lease 1 0 0
#
clock set 5:49:31 1 1 1993
calendar set 5:49:31 1 1 1993
interface fastEthernet 0/1
no switchport
ip address 172.16.1.2 255.255.255.252
#
interface fastEthernet 0/2
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/3
vlan 3
switchport access vlan 3
#
interface fastEthernet 0/4
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/5
vlan 2
switchport mode trunk
switchport trunk vlan 1-4,100
#
interface fastEthernet 0/6
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/7
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/8
switchport mode trunk
switchport trunk vlan 1-2,100
#
interface fastEthernet 1/1
vlan 4
#
interface fastEthernet 1/2
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 1/3
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 1/4
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 1/5
vlan 2
switchport access vlan 2
#
interface fastEthernet 1/6
vlan 2
switchport access vlan 2
#
interface fastEthernet 1/7
vlan 2
switchport access vlan 2
#
interface fastEthernet 1/8
no switchport
ip address 192.168.5.1 255.255.255.0
#
interface gigabitEthernet 1
#
interface vlan 1
#
interface vlan 2
no shutdown
ip address 192.168.2.1 255.255.255.0
ip dhcp enable
#
interface vlan 3
no shutdown
ip address 192.168.1.1 255.255.255.0
#
interface vlan 4
no shutdown
ip address 192.168.3.200 255.255.255.0
ip access-group 101
#
interface vlan 100
no shutdown
ip address 192.168.0.1 255.255.255.0
#
ip route 192.168.1.0 255.255.255.0 192.168.3.200 1
ip route 192.168.5.0 255.255.255.0 192.168.5.1 1
ip route 0.0.0.0 0.0.0.0 172.16.1.1 1
#end
vlan 2 可以上外网(只能让其上外网,自动获得IP。不可以让其上内网)。
VLAN 4 只能上内网服务器(用固定IP),现在我想让属于VLAN 4 的二层交换机的端口可以上内网同时也可以上外网,请问在三层交换机怎么做路由。
这个问题比较那个,可我不会。请各位高手给予指教。不胜感激。
...全文
请发表友善的回复…
发表回复
zhangblade 2004-11-23
- 打赏
- 举报
把你的配置精简了一下,看起来简单一些:)
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
router rip
service dhcp server
ip dhcp pool pool1
default-router 192.168.2.1
dns-server 172.16.1.1
range 192.168.2.2 192.168.2.254 255.255.255.0
interface fastEthernet 0/2
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/3
vlan 3
switchport access vlan 3
#
interface fastEthernet 0/4
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/5
vlan 2
switchport mode trunk
switchport trunk vlan 1-4,100
#
interface fastEthernet 0/6
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/7
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/8
switchport mode trunk
switchport trunk vlan 1-2,100
#
interface vlan 1
#
interface vlan 2
no shutdown
ip address 192.168.2.1 255.255.255.0
ip dhcp enable
#
interface vlan 3
no shutdown
ip address 192.168.1.1 255.255.255.0
#
interface vlan 4
no shutdown
ip address 192.168.3.200 255.255.255.0
ip access-group 101
#
interface vlan 100
no shutdown
ip address 192.168.0.1 255.255.255.0
#
ip route 192.168.1.0 255.255.255.0 192.168.3.200 1
ip route 192.168.5.0 255.255.255.0 192.168.5.1 1
ip route 0.0.0.0 0.0.0.0 172.16.1.1 1
#end
要求:
vlan 2 可以上外网(只能让其上外网,自动获得IP。不可以让其上内网)。
VLAN 4 只能上内网服务器(用固定IP),现在我想让属于VLAN 4 的二层交换机的端口可以上内网同时也可以上外网,请问在三层交换机怎么做路由。
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
router rip
service dhcp server
ip dhcp pool pool1
default-router 192.168.2.1
dns-server 172.16.1.1
range 192.168.2.2 192.168.2.254 255.255.255.0
interface fastEthernet 0/2
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/3
vlan 3
switchport access vlan 3
#
interface fastEthernet 0/4
vlan 4
switchport access vlan 4
#
interface fastEthernet 0/5
vlan 2
switchport mode trunk
switchport trunk vlan 1-4,100
#
interface fastEthernet 0/6
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/7
switchport mode trunk
switchport trunk vlan 1-2,4,100
#
interface fastEthernet 0/8
switchport mode trunk
switchport trunk vlan 1-2,100
#
interface vlan 1
#
interface vlan 2
no shutdown
ip address 192.168.2.1 255.255.255.0
ip dhcp enable
#
interface vlan 3
no shutdown
ip address 192.168.1.1 255.255.255.0
#
interface vlan 4
no shutdown
ip address 192.168.3.200 255.255.255.0
ip access-group 101
#
interface vlan 100
no shutdown
ip address 192.168.0.1 255.255.255.0
#
ip route 192.168.1.0 255.255.255.0 192.168.3.200 1
ip route 192.168.5.0 255.255.255.0 192.168.5.1 1
ip route 0.0.0.0 0.0.0.0 172.16.1.1 1
#end
要求:
vlan 2 可以上外网(只能让其上外网,自动获得IP。不可以让其上内网)。
VLAN 4 只能上内网服务器(用固定IP),现在我想让属于VLAN 4 的二层交换机的端口可以上内网同时也可以上外网,请问在三层交换机怎么做路由。
zhangblade 2004-11-23
- 打赏
- 举报
to brighteye:
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
这个acl白写了,后面access-list 101 deny ip any any就对了
你的配置好长,下次请稍微精简一点,同样的配置可以压缩一下。
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
这个acl白写了,后面access-list 101 deny ip any any就对了
你的配置好长,下次请稍微精简一点,同样的配置可以压缩一下。
BrightEye 2004-11-23
- 打赏
- 举报
sorry,应该是:
access-list 101 deny ip any any
access-list 101 deny ip any any
BrightEye 2004-11-23
- 打赏
- 举报
ip route 192.168.3.0 255.255.255.0 192.168.2.1
BrightEye 2004-11-23
- 打赏
- 举报
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
ggscf 2004-11-23
- 打赏
- 举报
zhangblade(张不雷|又要忙了,有事发短信
我觉得也好像有问题,这不是我配置的。这方面我只是初学。还请高手你多多指教
你看应该怎么做?
我觉得也好像有问题,这不是我配置的。这方面我只是初学。还请高手你多多指教
你看应该怎么做?
roland_c 2004-11-22
- 打赏
- 举报
ip route 192.168.3.200 255.255.255.255 192.168.2.1
DNS设为172.16.1.1
DNS设为172.16.1.1
BrightEye 2004-11-22
- 打赏
- 举报
acl是写错了。
zhangblade 2004-11-22
- 打赏
- 举报
你的配置好像有问题,你的acl怎么会是这么写呢?反码,怎么会写成掩码?
ggscf 2004-11-22
- 打赏
- 举报
roland_c(日子过去,风从往昔吹来...)你好
我按你的说的设置了,用IP为:192。168。3。X 掩码为 :255。255。255。255。0
网关为:192。168。3。200 DNS:为172。16。1。1 可还是不能上外网
我按你的说的设置了,用IP为:192。168。3。X 掩码为 :255。255。255。255。0
网关为:192。168。3。200 DNS:为172。16。1。1 可还是不能上外网
