VLAN 在 SonicWALL 和 Cisco 之間的中繼中不起作用
這是因為我忘記了開關。僅當您非常無聊時才繼續閱讀
SonicWALL NSA 3500 連接到 Cisco Catalyst 3850。SonicWALL 具有“子介面”(VLAN) V2、V800 和 V802。2 和 802 一直執行良好,我現在正在嘗試添加 800,但沒有流量通過主幹。請參閱我的配置的圖像。我無法使用要連接的設備獲得下游“switchport access vlan 800”埠,並且在交換機上我無法 ping 172.16.16.7,這是 SonicWALL 子介面 IP,而我可以 ping VLAN 的 IP 802。
編輯- 由於使用“ip classless”配置 Cisco,我能夠讓生成樹擺脫“BKN”狀態,並且 VLAN 800 現在在“ sh int gi1/0/2 trunk ”中顯示為未修剪的 VLAN但我無法通過流量或連接該 VLAN 上的訪問設備的主要問題仍然存在。
這是圖像的連結,以防它太小而無法在這裡看到:http: //oi60.tinypic.com/15cllp1.jpg
編輯
開關# sh span summ
Switch is in pvst mode Root bridge for: VLAN0800 Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0001 0 0 0 9 9 VLAN0002 0 0 0 14 14 VLAN0003 0 0 0 9 9 VLAN0004 0 0 0 10 10 VLAN0005 0 0 0 10 10 VLAN0006 0 0 0 9 9 VLAN0007 0 0 0 9 9 VLAN0008 0 0 0 9 9 VLAN0009 0 0 0 9 9 Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0010 0 0 0 9 9 VLAN0011 0 0 0 9 9 VLAN0012 0 0 0 10 10 VLAN0013 0 0 0 9 9 VLAN0014 0 0 0 9 9 VLAN0015 0 0 0 11 11 VLAN0016 0 0 0 9 9 VLAN0017 0 0 0 9 9 VLAN0018 0 0 0 11 11 VLAN0103 0 0 0 9 9 VLAN0104 0 0 0 10 10 VLAN0105 0 0 0 10 10 VLAN0106 0 0 0 9 9 VLAN0107 0 0 0 9 9 VLAN0111 0 0 0 9 9 VLAN0800 0 0 0 9 9 VLAN0802 0 0 0 10 10 VLAN0803 0 0 0 9 9 ---------------------- -------- --------- -------- ---------- ---------- 27 vlans 0 0 0 258 258交換機# sh span vlan 800
VLAN0800 Spanning tree enabled protocol ieee Root ID Priority 4896 Address dca5.f433.4980 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4896 (priority 4096 sys-id-ext 800) Address dca5.f433.4980 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi1/0/2 Desg FWD 19 128.2 P2p Gi1/0/14 Desg FWD 4 128.14 P2p Gi1/0/15 Desg FWD 4 128.15 P2p Gi1/0/16 Desg FWD 4 128.16 P2p Gi1/0/17 Desg FWD 4 128.17 P2p Te1/1/3 Desg FWD 4 128.55 P2p Te1/1/4 Desg FWD 4 128.56 P2p Po1 Desg FWD 3 128.2027 P2p Po2 Desg FWD 3 128.2028 P2pSwitch# sh int gi1/0/2 switchport
Name: Gi1/0/2 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none*請參閱我的頂部編輯 - VLAN 800 現在作為未修剪的 VLAN 顯示在“ sh int gi1/0/2 trunk”中,但這並沒有改變我無法在該 VLAN 上連接任何東西的問題,我仍然不能平 172.16.16.7
天哪,我真是個白痴。Cisco 和 SonicWALL 之間有一個交換機,我完全忘記了,直到我在那裡準備將我的網路分接頭安裝到位。它應該一直在傳遞所有東西,但是我一時興起決定檢查它的配置並
switchport trunk allowed vlan 1,2,802,1002-1005在涉及的兩個埠上找到。很抱歉浪費了大家的時間和腦力。現在可以了。
這聽起來像一個路由問題。確保 Cisco Catalyst 3850 具有到 SonicWALL NSA 3500 的預設路由或通過 SonicWALL 直接到 172.16.16.0/24 目標的路由。沒有正確的路由會阻止交換機 PING 不在同一子網上的 IP 地址。
我很想知道 vlan 800 上的設備是否可以 PING 172.16.16.7。
從交換機到 172.16.16.7 以及對 vlan 800 上的設備以及從 vlan 800 上的設備到 172.16.16.7 以及交換機,提供一些 TRACEROUTE 結果也將有所幫助。