紧急求助 CISCO问题!!
我在工作中遇到一关于cisco方面的问题,不能解决,还请大侠们帮助一下。
我在给一个中专院校安装防火墙时,他的要求是将防火墙接在swich3500下,分一个段给学生使用。
拓扑图是
{ 三层 :2600router inside eth0/0 ipaddr 172.16.1.5
2611router inside eth0/0 ipaddr 172.16.1.6
两个路由在最上面,接电信
{二层}:swich3500 int vlan 1 172.16.200.1
swich2924 int vlan 1 172.16.201.1
两个router都连在swich3500上,以前他们学校的计算机都是以172.16.1.5或者172.16.1.6为网关上网。
防火墙配置:eth0 Link encap:Ethernet HWaddr
inet addr:172.16.1.1 Bcast:172.16.1.255 Mask:255.255.255.0
eth1 Link encap:Ethernet
inet addr:172.16.20.1 Bcast:172.16.20.255 Mask:255.255.255.0
NETWORKING=yes
HOSTNAME=firewall
GATEWAY=172.16.1.5
防火墙是连在swich3500的11口上的。
下面计算机地址:172.16.20.2 gw:172.16.20.1
是连在一直接从防火墙对内口出来的新交换机。
现在问题出来了,计算机172.16.20.2能ping通防火墙上两个地址,也能上网,ping通外面,但是不能ping通路由器172.16.1.5或172.16.1.6,他们学校有个web和点播系统在1172.16.1.9和172.16.1.10上,防火墙下的计算机访问不了。
我在两个路由器上都加了返回路由:
ip route 172.16.20.0 255.255.255.0 172.168.1.1
还是不能ping通172.16.1.5。怪事!
我在公司将一防火墙走在cisco2600下,我再走防火墙下,加了返回路由就能ping通路由,上网。不加只能到防火墙,出不去的。
真是不清楚问题出在那里了,请侯帮忙看一下。
下面是该校route2600和swich3500 配置
#########################################
Cisco2611#show ip route
Gateway of last resort is 218.4.***.241 to network 0.0.0.0
218.4.***.0/29 is subnetted, 1 subnets
C 218.4.***.240 is directly connected, Ethernet0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.20.0/24 [1/0] via 172.16.1.1
C 172.16.0.0/16 is directly connected, Ethernet0/0
S* 0.0.0.0/0 [1/0] via 218.4.82.241
###############################################
Cisco2611#show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco2611
!
enable password 7 091D1C5A
!
ip subnet-zero
ip name-server 202.102.14.141
!
!
!
interface Ethernet0/0
description connected to EthernetLAN
ip address 172.16.1.5 255.255.0.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet0/1
description connected to Internet
ip address 218.4.***.245 255.255.255.248
no ip directed-broadcast
ip nat outside
!
router rip
version 2
passive-interface Ethernet0/1
network 172.16.0.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 218.4.***.241
ip route 172.16.20.0 255.255.255.0 172.16.1.1
!
access-list 1 permit 172.16.0.0 0.0.255.255
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 055A545C
login
transport input none
line aux 0
line vty 0 4
password 7 075E731F
login
!
no scheduler allocate
end
###############################################
cisco3500#show run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco3500
!
enable secret 5 $1$4eSD$aK4/dbNs7jbXtRhjHI.v11
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport access vlan 2
!
interface FastEthernet0/14
switchport access vlan 2
!
interface FastEthernet0/15
switchport access vlan 2
!
interface FastEthernet0/16
switchport access vlan 2
!
interface FastEthernet0/17
switchport access vlan 2
!
interface FastEthernet0/18
switchport access vlan 2
!
interface FastEthernet0/19
switchport multi vlan 1,2
switchport mode multi
!
interface FastEthernet0/20
switchport multi vlan 1,2
switchport mode multi
!
interface FastEthernet0/21
switchport multi vlan 1,2
switchport mode multi
!
interface FastEthernet0/22
switchport multi vlan 1,2
switchport mode multi
!
interface FastEthernet0/23
switchport multi vlan 1,2
switchport mode multi
!
interface FastEthernet0/24
switchport multi vlan 1,2
switchport mode multi
!
interface GigabitEthernet0/1
switchport multi vlan 1,2
switchport mode multi
!
interface GigabitEthernet0/2
!
interface VLAN1
ip address 172.16.200.1 255.255.0.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN88
no ip directed-broadcast
no ip route-cache
shutdown
!
snmp-server engineID local 00000009020000049AD73A00
snmp-server community private RW
snmp-server community public RO
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
password 123
login
line vty 5 15
password 123
login
!
end
############################################
cisco3500#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
#地址:172.16.200.1 Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/19, Fa0/20, Fa0/21, Fa0/22,
Fa0/23, Fa0/24, Gi0/1, Gi0/2
2 VLAN0002 active Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
# 地址我看不到,好象是172.16.5.0的 Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gi0/1 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
77 enet 100077 1500 - - - - - 0 0
88 enet 100088 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
###############################################
cisco3500#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 254
Number of existing VLANs : 8
VTP Operating Mode : Transparent
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x23 0x91 0x4D 0x00 0x1B 0x12 0x6A 0x14
Configuration last modified by 172.16.200.1 at 6-2-93 23:47:32
###################################
cisco3500#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
2621xm Fas 0/8 122 R 2621XM Fas 0/0
Switch Gig 0/2 127 T S WS-C3524-XGig 0/1
Switch Fas 0/19 146 S WS-C2924C-Fas 0/5
Cisco2611 Fas 0/9 159 R 2611 Eth 0/0
###############################################
cisco3500#show cdp neighbors detail
Device ID: Switch
Entry address(es):
IP address: 172.16.5.32##########不知道这个设备在那里,没找到
Platform: cisco WS-C3524-XL, Capabilities: Trans-Bridge Switch
Interface: GigabitEthernet0/2, Port ID (outgoing port): GigabitEthernet0/1
Holdtime : 177 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5.4)WC(1), MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Tue 10-Jul-01 12:32 by devgoyal
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF010131FF0000000000000008E3BC4BC0FF0001
VTP Management Domain: ''
Native VLAN: 1
Duplex: full
-------------------------
Device ID: Switch
Entry address(es):
IP address: 172.16.201.1###########这个发现了,看后,什么都没配
Platform: cisco WS-C2924C-XL, Capabilities: Switch
Interface: FastEthernet0/19, Port ID (outgoing port): FastEthernet0/5
Holdtime : 176 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-H2-M), Version 11.2(8.2)SA6, MAINTENANCE INTERIM SOFTWARE
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 23-Jun-99 17:56 by boba
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=25, value=00000000FFFFFFFF010101FF00000000000000D09763B440FF
问题是在3500交换上吗?可是我找不到路由模块,请您帮忙看一下!
谢谢!
2003.5.22
