这是因为我忘记了开关。仅当您非常无聊时才继续阅读
SonicWALL NSA 3500 连接到 Cisco Catalyst 3850。SonicWALL 具有“子接口”(VLAN) V2、V800 和 V802。2 和 802 一直运行良好,我现在正在尝试添加 800,但没有流量通过主干。请参阅我的配置的图像。我无法使用要连接的设备获得下游“switchport access vlan 800”端口,并且在交换机上我无法 ping 172.16.16.7,这是 SonicWALL 子接口 IP,而我可以 ping VLAN 的 IP 802。
编辑- 由于使用“ip classless”配置 Cisco,我能够让生成树摆脱“BKN”状态,并且 VLAN 800 现在在“ sh int gi1/0/2 trunk ”中显示为未修剪的 VLAN但我无法通过流量或连接该 VLAN 上的访问设备的主要问题仍然存在。
这是图像的链接,以防它太小而无法在这里看到:http: //oi60.tinypic.com/15cllp1.jpg
编辑
开关# sh span summ
Switch is in pvst mode
Root bridge for: VLAN0800
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 9 9
VLAN0002 0 0 0 14 14
VLAN0003 0 0 0 9 9
VLAN0004 0 0 0 10 10
VLAN0005 0 0 0 10 10
VLAN0006 0 0 0 9 9
VLAN0007 0 0 0 9 9
VLAN0008 0 0 0 9 9
VLAN0009 0 0 0 9 9
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0010 0 0 0 9 9
VLAN0011 0 0 0 9 9
VLAN0012 0 0 0 10 10
VLAN0013 0 0 0 9 9
VLAN0014 0 0 0 9 9
VLAN0015 0 0 0 11 11
VLAN0016 0 0 0 9 9
VLAN0017 0 0 0 9 9
VLAN0018 0 0 0 11 11
VLAN0103 0 0 0 9 9
VLAN0104 0 0 0 10 10
VLAN0105 0 0 0 10 10
VLAN0106 0 0 0 9 9
VLAN0107 0 0 0 9 9
VLAN0111 0 0 0 9 9
VLAN0800 0 0 0 9 9
VLAN0802 0 0 0 10 10
VLAN0803 0 0 0 9 9
---------------------- -------- --------- -------- ---------- ----------
27 vlans 0 0 0 258 258
交换机# sh span vlan 800
VLAN0800
Spanning tree enabled protocol ieee
Root ID Priority 4896
Address dca5.f433.4980
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4896 (priority 4096 sys-id-ext 800)
Address dca5.f433.4980
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/2 Desg FWD 19 128.2 P2p
Gi1/0/14 Desg FWD 4 128.14 P2p
Gi1/0/15 Desg FWD 4 128.15 P2p
Gi1/0/16 Desg FWD 4 128.16 P2p
Gi1/0/17 Desg FWD 4 128.17 P2p
Te1/1/3 Desg FWD 4 128.55 P2p
Te1/1/4 Desg FWD 4 128.56 P2p
Po1 Desg FWD 3 128.2027 P2p
Po2 Desg FWD 3 128.2028 P2p
Switch# sh int gi1/0/2 switchport
Name: Gi1/0/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
*请参阅我的顶部编辑 - VLAN 800 现在作为未修剪的 VLAN 显示在“ sh int gi1/0/2 trunk”中,但这并没有改变我无法在该 VLAN 上连接任何东西的问题,我仍然不能平 172.16.16.7
这听起来像一个路由问题。确保 Cisco Catalyst 3850 具有到 SonicWALL NSA 3500 的默认路由或通过 SonicWALL 直接到 172.16.16.0/24 目标的路由。没有正确的路由会阻止交换机 PING 不在同一子网上的 IP 地址。
我很想知道 vlan 800 上的设备是否可以 PING 172.16.16.7。
从交换机到 172.16.16.7 以及对 vlan 800 上的设备以及从 vlan 800 上的设备到 172.16.16.7 以及交换机,提供一些 TRACEROUTE 结果也将有所帮助。
天哪,我真是个白痴。Cisco 和 SonicWALL 之间有一个交换机,我完全忘记了,直到我在那里准备将我的网络分接头安装到位。它应该一直在传递所有东西,但一时兴起我决定检查它的配置并
switchport trunk allowed vlan 1,2,802,1002-1005在涉及的两个端口上找到。很抱歉浪费了大家的时间和脑力。现在可以了。