华为5700 不同Vlan互通

2024年11月20日 00:41

有1个网友回答

网友（1）：

首先你交换机 vlanif 10 掩码错了是192.168.10.254 255.255.255.0 不是255.255.0.0 。

我的配置思路是要控制A网和B网不能互通,C网可以同时访问A网和B网.使用静态路由方式控制访问。

交换机C上配置vlan10 20 30 配置vlanif 192.168.10.254/20.254/30.254。设置G0/0/2为trunk 允许vlan 10 通过设置G0/0/1为trunk 允许vlan 20 通过 E0/0/1 端口为vlan 30

交换机A上配置vlan10 设置vlanif 192.168.10.1 并作为pc电脑的网关。设置G0/0/2为trunk 允许vlan 10 通过设置 E0/0/1 端口为vlan10

交换机B上配置vlan20 设置vlanIF 192.168.20.1并作为PC地址的网关设置G0/0/2为trunk 允许vlan 20 通过设置 E0/0/1 端口为vlan 20

PCA 配置ip 192.168.10.10 255.255.255.0 192.168.10.1

PCB 配置IP 192.168.20.20 255.255.255.0 192.168.20.1

PCC 配置IP 192.168.30.30 255.255.255.0 192.168.30.254

如果现在ping 测试你会发现PCA 、pcb、pcc 都是能通的。假如你把PCA 和PCB 的网关改为254的话你会发现PCA 、pcb、pcc 都是互通的，因为使用网关都是254 的话都在交换机C上面进行路由交换由于A和B 不能互通所以这里种方式就不可行。因此我们才在交换机A 和B 上设置vlanif 192.168.10.1 和192.168.20.1 后,我就可以在交换机A和B上设置静态路由控制A网和B网不能互通,C网可以同时访问A网和B网。

A交换机静态路由设置 ip route-static 192.168.30.0 24 192.168.10.254 （C网可以访问A）

B交换机静态路由设置 ip route-static 192.168.30.0 24 192.168.20.254 (C网可以访问B)

现在就可以实现了A网和B网不能互通,C网可以同时访问A网和B网

交换机配置如下

交换机A

sysname swa

vlan batch 10

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface Vlanif10

ip address 192.168.10.1 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 10

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10

interface NULL0

ip route-static 192.168.30.0 255.255.255.0 192.168.10.254

user-interface con 0

user-interface vty 0 4

交换机B

sysname SWB

vlan batch 20

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface Vlanif20

ip address 192.168.20.1 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 20

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 20

interface NULL0

ip route-static 192.168.30.0 255.255.255.0 192.168.20.254

user-interface con 0

user-interface vty 0 4

交换机C

sysname SWC

vlan batch 10 20 30

cluster enable

ntdp enable

ndp enable

drop illegal-mac alarm

diffserv domain default

drop-profile default

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface Vlanif10

ip address 192.168.10.254 255.255.255.0

interface Vlanif20

ip address 192.168.20.254 255.255.255.0

interface Vlanif30

ip address 192.168.30.254 255.255.255.0

interface MEth0/0/1

interface Ethernet0/0/1

port link-type access

port default vlan 30

interface Ethernet0/0/2

interface Ethernet0/0/3

interface Ethernet0/0/4

interface Ethernet0/0/5

interface Ethernet0/0/6

interface Ethernet0/0/7

interface Ethernet0/0/8

interface Ethernet0/0/9

interface Ethernet0/0/10

interface Ethernet0/0/11

interface Ethernet0/0/12

interface Ethernet0/0/13

interface Ethernet0/0/14

interface Ethernet0/0/15

interface Ethernet0/0/16

interface Ethernet0/0/17

interface Ethernet0/0/18

interface Ethernet0/0/19

interface Ethernet0/0/20

interface Ethernet0/0/21

interface Ethernet0/0/22

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 20

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10

interface NULL0

user-interface con 0

user-interface vty 0 4