取消
显示结果 
搜索替代 
您的意思是: 
cancel
2403
查看次数
0
有帮助
6
回复

关于3560的软件版本问题

qianyui
Level 1
Level 1

公司现有1台WS-C3560-24T交换机,软件版本12.2(35)SE5-IP-BASE,是否具备增强型多层映像 (EMI)功能。微信图片_20211125154004.png

1 个已接受解答

已接受的解答

YilinChen
Spotlight
Spotlight

看着是好老的版本了吧,还在用IP-BASE /IP-SERVICE的命名规划,能升级尽量升级吧。

查了下官方文档,硬件本身是可以支持的,需要升极IOS到IP-SERVICE才支持高级特性。

在原帖中查看解决方案

6 条回复6

YilinChen
Spotlight
Spotlight

看着是好老的版本了吧,还在用IP-BASE /IP-SERVICE的命名规划,能升级尽量升级吧。

查了下官方文档,硬件本身是可以支持的,需要升极IOS到IP-SERVICE才支持高级特性。

使用很长时间了,2009年购买的,一直没有升级过IOS,各VLAN间无法通讯,估计是软件版本问题

3560开启三层功能需要在命令行里面配置 ip routing,不然默认是不通的,和软件版本没关系,ip base支持基本的路由功能。

之前全局配置过ip routing,目前是各vlan间网关均可以ping通,但其它地址均无法通讯。如vlan20接入一台PC,配置192.168.20.2,255.255.255.0 网关192.168.20.1,ping 192.168.1.199/192.168.9.1/192.168.8.1~~~均可ping通,但无法ping通各vlan接入的主机,在思科模拟器配置过,vlan间可以正常通讯。本人网络小白,没系统学习过网络路由交换知识,还请专家赐教,指点迷津。交换机配置如下:

hostname hnzb-c3560
!
enable password
!
no aaa new-model
system mtu routing 1500
vtp domain hngj
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
ip name-server 192.168.1.199
!
!
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan internal allocation policy ascending
!
vlan 2
name gg
!
vlan 3
name rlcw
!
vlan 4
name jgqt
!
vlan 5
name cdbg
!
vlan 6
name cddd
!
vlan 7
name cjck
!
vlan 8
name jk
!
vlan 9
name vlan9
!
vlan 10
name jiguan
!
vlan 20
!
vlan 30
name fuwuqi
!
vlan 40
name manager
!
vlan 50
name yilou
!
vlan 60
name shouyinzhongxin
!
vlan 70
name chedui
!
vlan 80
name chukou
!
vlan 100,200
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 9
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/18
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/21
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
flowcontrol receive desired
spanning-tree portfast trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip access-group 111 in
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip access-group 113 in
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip access-group 114 in
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip access-group 115 in
!
interface Vlan6
ip address 192.168.6.1 255.255.255.0
ip access-group 116 in
!
interface Vlan7
ip address 192.168.7.1 255.255.255.0
ip access-group 117 in
!
interface Vlan8
ip address 192.168.8.1 255.255.255.0
ip access-group 118 in
!
interface Vlan9
ip address 192.168.9.1 255.255.255.0
!
interface Vlan10
ip address 192.168.1.199 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
no ip address
!
interface Vlan40
no ip address
!
interface Vlan50
no ip address
!
interface Vlan60
no ip address
!
interface Vlan70
no ip address
!
router rip
passive-interface Vlan10
passive-interface Vlan20
network 192.168.1.0
!
ip default-gateway 192.168.1.10
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.2
ip route 0.0.0.0 0.0.0.0 192.168.1.10
ip http server
!
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 deny tcp 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 111 deny ip 192.168.2.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 111 permit ip any any
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 113 deny ip 192.168.3.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 113 permit ip any any
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 114 deny ip 192.168.4.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 114 permit ip any any
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 115 deny ip 192.168.5.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 115 permit ip any any
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 116 deny ip 192.168.6.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 116 permit ip any any
access-list 117 deny ip 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 117 deny ip 192.168.7.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 117 deny ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 117 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 117 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 117 deny ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 117 permit ip any any
access-list 118 deny ip 192.168.8.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 118 deny ip 192.168.8.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 118 deny ip 192.168.8.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 118 deny ip 192.168.8.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 118 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 118 deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 118 permit ip any any
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password
login
length 0
line vty 5 15
login
!
end

c3560#

确保每个主机到各自的网关是通的,主机的默认网关设置要正确,被ping的机器最好临时关闭一下系统的防火墙。

yangwang38276
Level 1
Level 1

我也是非专科出身,但是根据个人习惯,发现你配置中几处不当配置,不知道是否有影响,可以清掉在做测试

从上往下说。

1、与上联设备或下联设备交互要么不启用VTP,要么设置与上联设备(VTP mode Server)domain一样的域名,domain不同,透明模式依然不能保证正常通信(前提上下联配置trunk模式,access不受影响)

2、端口8下trunk与本征Vlan可以共存,但是不能与access共存

3、端口11-23本征Vlan没必要设置

4、G0/1端口与8口如出一辙

5、inter vlan1 根据IOS版本不同,有所不同,老版本IOS12.0以前的vlan1 shutdown 旗下所有vlan无法通讯,其后版本更新了这个措施

6、route rip  是否本意应该向外发布192.168.0.0

7、在开启IP routing的时候,ip default-gateway是不生效的,各Vlan间靠路由通讯

8、看了你的acl就不觉得奇怪了,你的需求本身就是各Vlan自己通讯,只允许访问缺省,不通是正常的,需要哪个通讯拿掉ip access-group就可以了

 

以上纯属个人见解,如有不对,敬请谅解。

快捷链接