我有一个SonicWALL NSA 2400configuration重置,我很难重新configuration它。
Sonicwall的WAN端口(X1)连接到互联网。 它的局域网端口(X0)连接到一台3Com 4500G交换机(3层启用),我连接(中继?)到另一台3Com 4500交换机。
交换机指定3个VLAN:
VLAN1 – 数据VLAN – 如果有的话,不用太多
VLAN2 – 语音VLAN – VoIP电话连接在这里。 计算机通过手机连接到networking。
VLAN4094 – 路由VLAN – 似乎用于路由networkingstream量到互联网(?)
这是直接连接到Sonicwall NSA 2400的交换机
4500Gconfiguration
# sysname ############# # dhcp relay server-group 0 ip 192.168.10.4 dhcp relay server-group 0 ip 192.168.11.10 # domain default enable system # local-server nas-ip 127.0.0.1 key 3com # telnet server enable # undo cluster enable # igmp-snooping # vlan 1 description Data VLAN igmp-snooping enable # vlan 11 description Voice VLAN # vlan 4094 description Routing VLAN # radius scheme system server-type extended primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain # domain system access-limit disable state active idle-cut disable self-service-url disable # local-user admin service-type telnet terminal level 3 local-user manager password simple manager service-type telnet terminal level 2 local-user monitor password simple monitor service-type telnet terminal level 1 # interface NULL0 # interface Vlan-interface1 ip address 192.168.10.1 255.255.255.0 dhcp select relay dhcp relay server-select 0 # interface Vlan-interface11 ip address 192.168.11.1 255.255.255.0 dhcp select relay dhcp relay server-select 0 # interface Vlan-interface4094 ip address 192.168.255.2 255.255.255.0 rip poison-reverse rip version 2 multicast # interface GigabitEthernet1/0/1 port access vlan 4094 broadcast-suppression pps 3000 undo jumboframe enable description Uplink to SonicWALL stp edged-port enable # interface GigabitEthernet1/0/2 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/3 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/4 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/5 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/6 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/7 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/8 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/9 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/10 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/11 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/12 port link-type trunk port trunk permit vlan all broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/13 port access vlan 11 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/14 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/15 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/16 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/17 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/18 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/19 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/20 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/21 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/22 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/23 broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/24 port link-type trunk port trunk permit vlan all broadcast-suppression pps 3000 undo jumboframe enable stp edged-port enable # interface GigabitEthernet1/0/25 broadcast-suppression pps 3000 undo jumboframe enable shutdown stp edged-port enable # interface GigabitEthernet1/0/26 broadcast-suppression pps 3000 undo jumboframe enable shutdown stp edged-port enable # interface GigabitEthernet1/0/27 broadcast-suppression pps 3000 undo jumboframe enable shutdown stp edged-port enable # interface GigabitEthernet1/0/28 broadcast-suppression pps 3000 undo jumboframe enable shutdown stp edged-port enable # rip 1 undo summary version 2 network 192.168.10.0 network 192.168.11.0 network 192.168.255.0 import-route direct # snmp-agent snmp-agent local-engineid 8000002B0300247310B641 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all # dhcp enable # user-interface aux 0 authentication-mode scheme user-interface vty 0 4 authentication-mode scheme # return 4500G路由表
Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost NextHop Interface 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.10.0/24 Direct 0 0 192.168.10.1 Vlan1 192.168.10.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.11.0/24 Direct 0 0 192.168.11.1 Vlan11 192.168.11.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.255.0/24 Direct 0 0 192.168.255.2 Vlan4094 192.168.255.2/32 Direct 0 0 127.0.0.1 InLoop0
这是VoIP系统连接的交换机
4500configuration
# sysname ############ # local-server nas-ip 127.0.0.1 key 3com # igmp-snooping enable # radius scheme system # domain system # local-user admin service-type ssh telnet terminal level 3 local-user manager password simple manager service-type ssh telnet terminal level 2 local-user monitor password simple monitor service-type ssh telnet terminal level 1 # acl number 4999 rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff # vlan 1 igmp-snooping enable # vlan 11 description Voice VLAN # vlan 4094 description Routing VLAN # interface Vlan-interface1 description Data vlan # interface Vlan-interface4094 ip address 192.168.255.3 255.255.255.0 # interface Aux1/0/0 # interface Ethernet1/0/1 poe enable stp edged-port enable broadcast-suppression pps 3000 port access vlan 11 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/2 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/3 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/4 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/5 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/6 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/7 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/8 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/9 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/10 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/11 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/12 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/13 poe enable stp edged-port enable broadcast-suppression pps 3000 port access vlan 11 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/14 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/15 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/16 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/17 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/18 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/19 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/20 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/21 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/22 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/23 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface Ethernet1/0/24 poe enable stp edged-port enable port link-type hybrid port hybrid vlan 11 tagged port hybrid vlan 1 untagged broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 # interface GigabitEthernet1/0/25 port link-type trunk port trunk permit vlan all shutdown # interface GigabitEthernet1/0/26 port link-type trunk port trunk permit vlan all shutdown # interface GigabitEthernet1/0/27 port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/28 port link-type trunk port trunk permit vlan all # undo xrn-fabric authentication-mode # interface NULL0 # voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Siemens AG phone voice vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone voice vlan mac-address 0013-1900-0000 mask ffff-ff00-0000 description Cisco 7960 phone voice vlan mac-address 0015-2b00-0000 mask ffff-ff00-0000 description Cisco 7940 phone voice vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips and NEC AG phone # ip route-static 0.0.0.0 0.0.0.0 192.168.255.2 preference 60 # snmp-agent snmp-agent local-engineid 8000002B00247373B0406877 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all # user-interface aux 0 7 authentication-mode scheme screen-length 22 user-interface vty 0 4 authentication-mode scheme # return
4500路由表
Routing Table: public net Destination/Mask Protocol Pre Cost Nexthop Interface 0.0.0.0/0 STATIC 60 0 192.168.255.2 Vlan-interface4094 127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0 127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0 192.168.255.0/24 DIRECT 0 0 192.168.255.3 Vlan-interface4094 192.168.255.3/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Sonicwall的LAN端口(X0)configuration有:
IP: 192.168.255.1 Mask: 255.255.255.0
LAN端口(X0)上configuration了两个子接口
X0:V1 IP: 192.168.10.1 Mask: 255.255.255.0 XO:V11 IP: 192.168.11.1 Mask: 255.255.255.0
在Sonicwall上启用DHCP,每个X0接口在其子网内有一个范围
我想获得连接到互联网的VLAN11(如果可能的话也是VLAN1)。 我希望一旦完成,电话系统将继续工作。
我想保持开关设置,因为他们仍然应该configuration的方式,当networkingfunction。
现在可能相当明显,但我相当新手一个VLAN和防火墙。 有没有人有任何build议如何让我的VLAN连接到互联网?
我得到了它的工作。
我有一个便宜的Linksys交换机插入Sonicwall的LAN(X0)端口。 3Com 4500G交换机和我的笔记本电脑连接到便宜的交换机。 这样,交换机和笔记本电脑都可以连接到Sonicwall上的LAN(X0)端口。
原来,3Com交换机被插入廉价的o交换机的一个坏端口,使软件设置无法正确testing。 我把3Com切换到廉价的o交换机上的另一个端口。
在Sonicwall上,我configuration了两条路由,以便所有发往VLAN 1或VLAN 11 IP地址的stream量都通过VLAN 4094路由。
然后,在3Com交换机上,我build立了一条到Sonicwall IP的静态路由,如果交换机不知道还有什么地方要发送,那么就可以通知交换机向Sonicwall发送stream量。
通过这种组合,stream量开始在networking上向上,向下stream动。
注意:除了在交换机上设置静态路由之外,我可以在Sonicwall上启用RIP,并将Sonicwall IP作为默认路由广播到3Com交换机。 它最终会在交换机路由表的相同位置,据说做同样的事情。 我可能会启用RIP并最终禁用当前的静态路由,但现在正在运行,所以我将暂时搁置一会儿。