论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2011-04-22 10:01 |只看该作者 |倒序浏览

cisco4500交换机+华为4600路由器

在交换机上基于接口划分若干vlan，其中vlan600起了两个地址：172.16.6.1和218.14.16.1，此接口上级联的老三层交换机上接了若干服务器

现在已经实现：所有内网vlan可以访问外网和218.14.16.*的服务器，218.14.16.*可以访问内网和外网

问题：除172.16.6.*之外内网无法访问某个特定内网地址（如172.16.6.2，这是个内部FTP地址），也就是说内网无法访问另外某个特定内网地址，问题可能出在哪里呢？

VLAN, VLAN

文库|博客

满天星

小富即安

论坛徽章:: 0

2楼 [报告]

发表于 2011-04-22 13:12 |只看该作者

无法访问的内网与172.16.6.2之间是否路由可达？是否存在软、硬件防火墙？
组网图最好画清楚点，自己提供一个基本故障排查的结果，否则谁也不晓得你的环境和问题

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

zhaoliang8899

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2011-04-22 16:21 |只看该作者

组网图最好画清楚点，自己提供一个基本故障排查的结果，否则谁也不晓得你的环境和问题

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

aplah

小富即安

论坛徽章:: 0

4楼 [报告]

发表于 2011-04-24 20:15 |只看该作者

描述的看不明白，上个top吧

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

linuxflj

白手起家

论坛徽章:: 0

5楼 [报告]

发表于 2011-04-26 21:33 |只看该作者

先看网关有问题没有
在看防火墙
在看具体主机

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

lasfer

丰衣足食

论坛徽章:: 0

6楼 [报告]

发表于 2011-04-27 22:03 |只看该作者

没有防火墙

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

aplah

小富即安

论坛徽章:: 0

7楼 [报告]

发表于 2011-04-28 11:15 |只看该作者

cisco4500的配置贴出来看看

内网机器的ipconfig /all

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

lasfer

丰衣足食

论坛徽章:: 0

8楼 [报告]

发表于 2011-05-04 18:14 |只看该作者

cisco#show run
Building configuration...

Current configuration : 83069 bytes
!
! Last configuration change at 17:43:19 UTC Wed May 4 2011
! NVRAM config last updated at 16:00:18 UTC Tue May 3 2011
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service compress-config
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$oHgE$jkKu.fcz.o4tjMYtWR2PC/
enable password 7 070C285F4D06
!
no aaa new-model
qos
vtp mode transparent
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
vlan 11
name vlan11
!
vlan 100
name vlan100
!
vlan 120
name cantingsilou_A
!
vlan 130
name cantingsilou_B
!
vlan 200
name vlan200
!
vlan 300
name vlan300
!
vlan 500
name vlan500
!
vlan 600
name vlan600
!
vlan 700
name cantingwulou
!
vlan 710
name cantingliulou
!
vlan 720
name cantingliulou_a
!
vlan 730
name cantingwulou_b
!
vlan 800
name vlan800
!
vlan 900
name vlan900
!
vlan 1000
name xiaonei
!
vlan 1010
name 10_gongyulou
!
vlan 1020
name zonghelou_xueshengjifang
!
class-map match-all limit_bt
!
!
interface Port-channel2
switchport
switchport access vlan 1000
!
interface GigabitEthernet1/1
no switchport
no ip address
!
interface GigabitEthernet1/2
no switchport
no ip address
!
interface GigabitEthernet2/1
!
interface GigabitEthernet2/2
switchport access vlan 900
switchport mode access
!
interface GigabitEthernet2/3
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet2/4
switchport access vlan 720
switchport mode access
!
interface GigabitEthernet2/5
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet2/6
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet2/7
switchport access vlan 720
switchport mode access
!
interface GigabitEthernet2/8
switchport access vlan 730
switchport mode access
!
interface GigabitEthernet2/9
switchport access vlan 500
switchport mode access
ip access-group 169 in
!
interface GigabitEthernet2/10
switchport access vlan 1000
channel-group 2 mode on
!
interface GigabitEthernet2/11
switchport access vlan 1000
channel-group 2 mode on
!
interface GigabitEthernet2/12
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet2/13
switchport access vlan 730
switchport mode access
!
interface GigabitEthernet2/14
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet2/15
switchport access vlan 710
switchport mode access
!
interface GigabitEthernet2/16
switchport access vlan 710
!
interface GigabitEthernet2/17
switchport access vlan 700
switchport mode access
!
interface GigabitEthernet2/18
switchport access vlan 700
!
interface GigabitEthernet2/19
switchport access vlan 120
switchport mode access
!
interface GigabitEthernet2/20
switchport access vlan 600
switchport mode access
!
interface GigabitEthernet2/21
switchport access vlan 120
switchport mode access
!
interface GigabitEthernet2/22
switchport access vlan 800
switchport mode access
ip access-group 179 in
!
interface GigabitEthernet2/23
switchport access vlan 130
switchport mode access
!
interface GigabitEthernet2/24
switchport access vlan 130
switchport mode access
!
interface GigabitEthernet5/1
!
interface GigabitEthernet5/2
switchport access vlan 1010
switchport mode access
!
interface GigabitEthernet5/3
!
interface GigabitEthernet5/4
!
interface GigabitEthernet5/5
!
interface GigabitEthernet5/6
!
interface GigabitEthernet5/7
!
interface GigabitEthernet5/8
!
interface GigabitEthernet5/9
!
interface GigabitEthernet5/10
!
interface GigabitEthernet5/11
!
interface GigabitEthernet5/12
!
interface GigabitEthernet5/13
!
interface GigabitEthernet5/14
!
interface GigabitEthernet5/15
!
interface GigabitEthernet5/16
!
interface GigabitEthernet5/17
!
interface GigabitEthernet5/18
!
interface GigabitEthernet5/19
!
interface GigabitEthernet5/20
!
interface GigabitEthernet5/21
!
interface GigabitEthernet5/22
!
interface GigabitEthernet5/23
!
interface GigabitEthernet5/24
switchport access vlan 1020
switchport mode access
!
interface Vlan1
ip address 125.219.161.249 255.255.255.252
!
interface Vlan11
ip address 218.28.106.66 255.255.255.240
!
interface Vlan100
ip address 125.219.160.1 255.255.255.224 secondary
ip address 172.16.1.1 255.255.255.0
no ip redirects
!
interface Vlan120
no ip address
ip access-group 100 in
!
interface Vlan200
ip address 172.16.2.1 255.255.255.128
!
interface Vlan300
ip address 172.16.3.1 255.255.255.128
!
interface Vlan500
ip address 172.16.5.1 255.255.255.128
!
interface Vlan600
ip address 172.16.6.1 255.255.255.0
no ip redirects
!
interface Vlan700
no ip address
ip access-group 100 in
!
interface Vlan800
ip address 172.16.8.1 255.255.255.128
!
interface Vlan900
ip address 172.16.9.1 255.255.255.0
!
interface Vlan1010
ip address 172.16.10.1 255.255.255.128
!
interface Vlan1020
ip address 172.16.11.1 255.255.255.224
!
ip route 0.0.0.0 0.0.0.0 125.219.161.250
no ip http server
!
!
!
line con 0
stopbits 1
line vty 0 4
password 7 030E531F0B0B396C0F435A40522C
login
!
!
monitor session 1 source interface Gi2/1 , Gi2/3 - 9 , Gi2/12 -
monitor session 1 destination interface Gi2/2
time-range ceshi
periodic Monday Saturday 7:50 to 12:00
!
time-range jifangduanwang_a
periodic daily 21:40 to 23:59
!
time-range jifangduanwang_b
periodic daily 0:01 to 7:30
!
time-range jifangduanwang_c
periodic weekdays 7:31 to 11:50
!
time-range jifangduanwang_d
periodic weekdays 14:30 to 16:00
!
time-range jifangduanwang_e
periodic daily 21:40 to 23:59
!
time-range jifangduanwangx_a
periodic daily 21:40 to 23:59
!
time-range jifangduanwangx_b
periodic daily 0:01 to 7:40
!
time-range jifangduanwangx_c
periodic weekdays 7:40 to 11:40
!