服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Etherchannel / Inter-vlan问题
Intereting Posts
Active Directory委派帮助 Perfmon返回不寻常的性能对象 设置SSH,让FreeNAS无需密码即可连接到Mac 如何在使用IIS 7和Server 2003上的WebDAV的工作组中共享Outlook日历? 主机名查找失败,名称服务器设置正确 24磁盘arrays的RAID考虑 如果我要为DBA开发一个软件来帮助他们进行查询优化,我可以使用哪些function? Active Directory用户和组策略 理想的iSCSI设置 IPtables:DNS查询是否有一个最小的UDP数据包大小? Nagios磁盘检查使用硬值而不是百分比的Windows服务器 将您的DHCP作用域分成多个服务器? configurationUbuntu允许sshlogin通过pulic /私钥和sudo没有密码 NPS和RHEL的sshconfiguration 在Server 2012组策略中,如何强制所有用户拥有密码locking屏幕保护程序?

Etherchannel / Inter-vlan问题

我有两个Cisco 3850交换机(3850-1,3850-2)。 我有使用从3850-1的内置DHCP的VLAN 1,2,3,4,5设置(192.168.1.0 – 192.168.5.0)。

3850-1是192.168.1.3 3850-2是192.168.1.4

我有一个etherchannelbuild立之间的两个。 我有他们目前设置为允许所有的VLAN(将在稍后限制)。

每个VLAN都configuration了HSRP,以便VIP保持活动状态,作为每个VLAN子网的默认网关。

我有一个新的Cisco 1852e WAP(MObility Express模式)。 这是192.168.1.5上的Mobility Express Manager。

如果我将设备(如iPhone)连接到为VLAN 3设置的SSID(客户),则效果很好。 设备获得IP地址192.168.3.51,D / G 192.168.3.1。 我可以ping每个IP,但一个(我的3850-1交换机,IP 192.168.1.3)。

如果我将设备连接到SSID Employees,则设置为VLAN 2,设备将获得IP地址192.168.2.54 d / g 192.168.2.1。 我可以ping一切,但192.168.1.3(3850-1)。

疯狂的事情:192.168.1.3(3850-1)可以ping任何设备的给定的IP,所以可以192.168.1.4(3850-2)。 如果我SSH进入任一,他们都可以ping SSID /子网/ VLAN上的设备。

但是两台设备都不能Ping 192.168.1.3(3850-1)。

我想知道如果我的Etherchannel设置错了一些如何?

这让我疯狂。 我不是这方面的专家 让我们把它放在那里。 我到目前为止还无法弄清楚为什么每台交换机可以成功ping任何SSID的设备,但设备不能ping通192.168.1.3(3850-1)。

这是我从3850-1的备用信息: 

3850-1#show standby br P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Vl2 10 100 P Standby 192.168.2.3 local 192.168.2.1 Vl3 30 100 P Standby 192.168.3.3 local 192.168.3.1 Vl4 40 100 P Standby 192.168.4.3 local 192.168.4.1

这是从3850-2: 

 3850-2#sho standby br P indicates configured to preempt. | Interface Grp Pri P State Active Standby Virtual IP Vl2 10 100 P Active local 192.168.2.2 192.168.2.1 Vl3 30 100 P Active local 192.168.3.2 192.168.3.1 Vl4 40 100 P Active local 192.168.4.2 192.168.4.1

这里是我从3850-1的vlan中继信息: 

 3850-1#show int trunk Port Mode Encapsulation Status Native vlan Gi1/0/5 on 802.1q trunking 1 Gi1/0/23 on 802.1q trunking 1 Gi1/0/24 on 802.1q trunking 1 Port Vlans allowed on trunk Gi1/0/5 1-4094 Gi1/0/23 1-4094 Gi1/0/24 1-4094 Port Vlans allowed and active in management domain Gi1/0/5 1-5,13 Gi1/0/23 1-5,13 Gi1/0/24 1-5,13 Port Vlans in spanning tree forwarding state and not pruned Gi1/0/5 1-5,13 Gi1/0/23 none Gi1/0/24 1-5,13

从3850-2: 

 3850-2#show int trunk Port Mode Encapsulation Status Native vlan Gi1/0/11 on 802.1q trunking 1 Gi1/0/23 on 802.1q trunking 1 Gi1/0/24 on 802.1q trunking 1 Port Vlans allowed on trunk Gi1/0/11 1-4094 Gi1/0/23 1-4094 Gi1/0/24 1-4094 Port Vlans allowed and active in management domain Gi1/0/11 1-5,13 Gi1/0/23 1-5,13 Gi1/0/24 1-5,13 Port Vlans in spanning tree forwarding state and not pruned Gi1/0/11 1-5,13 Gi1/0/23 1-5,13 Gi1/0/24 1

我的1852e在3850-2 G1 / 0/11。 它被设置为每个思科的MObility express文档的TRUNK端口,以方便在不同的VLAN上使用SSID。

我的ether通道configuration为每个交换机上的g1 / 0/23和g1 / 0/24。

这是我的configuration(3850-1): 

 ! ! Last configuration change at 14:13:22 UTC Mon Jun 27 2016 ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname 3850-1 ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging console emergencies enable secret 4 h0Ne.6akbVdjXZ6DzRvN1DHQNFi/WK0h2CApUGBYEF2 ! no aaa new-model clock timezone UTC -5 0 clock summer-time UTC recurring switch 1 provision ws-c3850-24t ! ! ! ! ! ip routing ! no ip dhcp conflict logging ip dhcp excluded-address 192.168.1.1 192.168.1.50 ip dhcp excluded-address 192.168.2.1 192.168.2.50 ip dhcp excluded-address 192.168.3.1 192.168.3.50 ip dhcp excluded-address 192.168.4.1 192.168.4.50 ! ip dhcp pool 192.168.2.1 network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 192.168.13.250 8.8.8.8 192.168.13.251 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ip dhcp pool 192.168.1.0 network 192.168.1.0 255.255.255.0 dns-server 192.168.13.250 8.8.8.8 192.168.13.251 default-router 192.168.1.3 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ip dhcp pool 192.168.3.1 network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server 192.168.13.250 8.8.8.8 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ip dhcp pool 192.168.4.1 network 192.168.4.0 255.255.255.0 dns-server 192.168.13.250 8.8.8.8 192.168.13.251 default-router 192.168.4.1 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ! qos wireless-default-untrust qos queue-softmax-multiplier 100 ! crypto pki trustpoint TP-self-signed-1939811358 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1939811358 revocation-check none rsakeypair TP-self-signed-1939811358 ! ! crypto pki certificate chain TP-self-signed-1939811358 certificate self-signed 01 3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393339 38313133 3538301E 170D3136 30353236 30383135 33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39333938 31313335 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E6B8 E8FF2963 DEE3DD17 10EE39CB F2CB7271 9E9AD651 97446D51 BDE3D7A7 76B97FE8 C2E04D64 10123FE4 D407301C 30CFFFBC E813B22C 7F2C0253 FD2890C5 46BA859E 6950720F 585E3D02 1BE7E7EB 1E450758 1E496631 2FF61BCD BEC5035F FEBCB503 88E5D05B 2A0262F7 CE0471CD AA8E3027 487730E0 F78BE317 BBFB4B67 4C130203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104 0A300882 06537769 74636830 1F060355 1D230418 30168014 A195FE1A E1181495 C0D78655 DE8FA75D 8EBBA017 301D0603 551D0E04 160414A1 95FE1AE1 181495C0 D78655DE 8FA75D8E BBA01730 0D06092A 864886F7 0D010104 05000381 8100D556 C2170C0D FDD8DE80 40B96CBF 7D63D893 A6480140 D1A16E36 FB10A6A8 C626DCC6 62066503 002CD936 573C6A08 0F618DAF 5791F89A 0759E261 6E4E2E6F 062430D8 E6B7D922 1EADA08E 4BB3D45E E9744A8C 74F2CEBC AA442D6A EDEB7446 B05C4335 A8E40C8B E8175A36 6A11A057 9D8323BA 42F7214E C93A16F4 EED8C496 3D90 quit diagnostic bootup level minimal spanning-tree mode pvst spanning-tree extend system-id hw-switch switch 1 logging onboard message level 3 ! redundancy mode sso ! ! ! class-map match-any non-client-nrt-class ! policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Port-channel1 ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address 192.168.1.2 255.255.255.0 negotiation auto ! interface GigabitEthernet1/0/1 description Uplink to Firewall to TimeWarner switchport mode access ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 description was to fiber transceiver in room west of W1 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 description long haul to box room (west) into 5 port switch switchport mode trunk ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 switchport mode access ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 switchport access vlan 3 switchport mode access ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 switchport mode access ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 switchport mode trunk channel-group 1 mode auto ! interface GigabitEthernet1/0/24 switchport mode trunk channel-group 1 mode auto ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface Vlan1 ip address 192.168.1.3 255.255.255.0 ip helper-address 192.168.1.3 ! interface Vlan2 ip address 192.168.2.2 255.255.255.0 ip helper-address 192.168.2.1 standby 10 ip 192.168.2.1 standby 10 timers msec 200 msec 750 standby 10 preempt delay minimum 300 ! interface Vlan3 ip address 192.168.3.2 255.255.255.0 ip helper-address 192.168.3.1 standby 30 ip 192.168.3.1 standby 30 timers msec 200 msec 750 standby 30 preempt delay minimum 300 ! interface Vlan4 ip address 192.168.4.2 255.255.255.0 ip helper-address 192.168.4.1 standby 40 ip 192.168.4.1 standby 40 timers msec 200 msec 750 standby 40 preempt delay minimum 300 ! interface Vlan5 ip address 192.168.5.1 255.255.255.0 ! interface Vlan13 ip address 192.168.13.1 255.255.255.0 ! ip forward-protocol nd no ip http server ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip route 192.168.1.0 255.255.255.0 Vlan1 ip route 192.168.2.0 255.255.255.0 Vlan2 ip route 192.168.3.0 255.255.255.0 Vlan3 ip route 192.168.4.0 255.255.255.0 Vlan4 ! ! ! ! ! line con 0 exec-timeout 0 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 password 275woodward login line vty 5 15 password 275woodward login ! wsma agent exec profile httplistener profile httpslistener ! wsma agent config profile httplistener profile httpslistener ! wsma agent filesys profile httplistener profile httpslistener ! wsma agent notify profile httplistener profile httpslistener ! ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ! ap group default-group end

最后,这里是3850-2的configuration: 

 ! ! Last configuration change at 14:13:22 UTC Mon Jun 27 2016 ! version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname 3850-1 ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging console emergencies enable secret 4 h0Ne.6akbVdjXZ6DzRvN1DHQNFi/WK0h2CApUGBYEF2 ! no aaa new-model clock timezone UTC -5 0 clock summer-time UTC recurring switch 1 provision ws-c3850-24t ! ! ! ! ! ip routing ! no ip dhcp conflict logging ip dhcp excluded-address 192.168.1.1 192.168.1.50 ip dhcp excluded-address 192.168.2.1 192.168.2.50 ip dhcp excluded-address 192.168.3.1 192.168.3.50 ip dhcp excluded-address 192.168.4.1 192.168.4.50 ! ip dhcp pool 192.168.2.1 network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 192.168.13.250 8.8.8.8 192.168.13.251 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ip dhcp pool 192.168.1.0 network 192.168.1.0 255.255.255.0 dns-server 192.168.13.250 8.8.8.8 192.168.13.251 default-router 192.168.1.3 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ip dhcp pool 192.168.3.1 network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server 192.168.13.250 8.8.8.8 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ip dhcp pool 192.168.4.1 network 192.168.4.0 255.255.255.0 dns-server 192.168.13.250 8.8.8.8 192.168.13.251 default-router 192.168.4.1 netbios-name-server 192.168.13.250 192.168.13.251 netbios-node-type h-node ! ! qos wireless-default-untrust qos queue-softmax-multiplier 100 ! crypto pki trustpoint TP-self-signed-1939811358 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1939811358 revocation-check none rsakeypair TP-self-signed-1939811358 ! ! crypto pki certificate chain TP-self-signed-1939811358 certificate self-signed 01 3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393339 38313133 3538301E 170D3136 30353236 30383135 33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39333938 31313335 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E6B8 E8FF2963 DEE3DD17 10EE39CB F2CB7271 9E9AD651 97446D51 BDE3D7A7 76B97FE8 C2E04D64 10123FE4 D407301C 30CFFFBC E813B22C 7F2C0253 FD2890C5 46BA859E 6950720F 585E3D02 1BE7E7EB 1E450758 1E496631 2FF61BCD BEC5035F FEBCB503 88E5D05B 2A0262F7 CE0471CD AA8E3027 487730E0 F78BE317 BBFB4B67 4C130203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104 0A300882 06537769 74636830 1F060355 1D230418 30168014 A195FE1A E1181495 C0D78655 DE8FA75D 8EBBA017 301D0603 551D0E04 160414A1 95FE1AE1 181495C0 D78655DE 8FA75D8E BBA01730 0D06092A 864886F7 0D010104 05000381 8100D556 C2170C0D FDD8DE80 40B96CBF 7D63D893 A6480140 D1A16E36 FB10A6A8 C626DCC6 62066503 002CD936 573C6A08 0F618DAF 5791F89A 0759E261 6E4E2E6F 062430D8 E6B7D922 1EADA08E 4BB3D45E E9744A8C 74F2CEBC AA442D6A EDEB7446 B05C4335 A8E40C8B E8175A36 6A11A057 9D8323BA 42F7214E C93A16F4 EED8C496 3D90 quit diagnostic bootup level minimal spanning-tree mode pvst spanning-tree extend system-id hw-switch switch 1 logging onboard message level 3 ! redundancy mode sso ! ! ! class-map match-any non-client-nrt-class ! policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Port-channel1 ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address 192.168.1.2 255.255.255.0 negotiation auto ! interface GigabitEthernet1/0/1 description Uplink to Firewall to TimeWarner switchport mode access ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 description was to fiber transceiver in room west of W1 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 description long haul to box room (west) into 5 port switch switchport mode trunk ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 switchport mode access ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 switchport access vlan 3 switchport mode access ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 switchport mode access ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 switchport mode trunk channel-group 1 mode auto ! interface GigabitEthernet1/0/24 switchport mode trunk channel-group 1 mode auto ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface Vlan1 ip address 192.168.1.3 255.255.255.0 ip helper-address 192.168.1.3 ! interface Vlan2 ip address 192.168.2.2 255.255.255.0 ip helper-address 192.168.2.1 standby 10 ip 192.168.2.1 standby 10 timers msec 200 msec 750 standby 10 preempt delay minimum 300 ! interface Vlan3 ip address 192.168.3.2 255.255.255.0 ip helper-address 192.168.3.1 standby 30 ip 192.168.3.1 standby 30 timers msec 200 msec 750 standby 30 preempt delay minimum 300 ! interface Vlan4 ip address 192.168.4.2 255.255.255.0 ip helper-address 192.168.4.1 standby 40 ip 192.168.4.1 standby 40 timers msec 200 msec 750 standby 40 preempt delay minimum 300 ! interface Vlan5 ip address 192.168.5.1 255.255.255.0 ! interface Vlan13 ip address 192.168.13.1 255.255.255.0 ! ip forward-protocol nd no ip http server ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip route 192.168.1.0 255.255.255.0 Vlan1 ip route 192.168.2.0 255.255.255.0 Vlan2 ip route 192.168.3.0 255.255.255.0 Vlan3 ip route 192.168.4.0 255.255.255.0 Vlan4 ! ! ! ! ! line con 0 exec-timeout 0 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 password 275woodward login line vty 5 15 password 275woodward login ! wsma agent exec profile httplistener profile httpslistener ! wsma agent config profile httplistener profile httpslistener ! wsma agent filesys profile httplistener profile httpslistener ! wsma agent notify profile httplistener profile httpslistener ! ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ! ap group default-group end

Etherchannel没有完全设置。 从PAgP切换到LACP。 这个链接帮助。

基本上,我在一端有一个不完整的configuration。 在每台交换机上使用LACP而不是PAgP重新构buildint PO1来修复它。 很好用。

https://www.quora.com/What-is-difference-between-LACP-and-PAGP-protocol