有什么新的,我不知道用新的思科设备。 为了pipe理我的交换机,我通常必须分配一个VLAN 1接口并添加一个默认路由(或者ip default-gateway)来访问其他子网。
我插上这个交换机,并简单地给了它一个VLAN 1的IP地址(10.0.0.50 255.255.255.0),我可以神奇地到达我的子网旁边的东西。
这是一个便宜的2960:
编辑,configuration如下:
switch1#sh run Building configuration... Current configuration : 6835 bytes ! ! Last configuration change at 18:00:35 EST Wed Aug 21 2013 by user ! NVRAM config last updated at 18:01:23 EST Wed Aug 21 2013 by user ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname switch1 ! boot-start-marker boot-end-marker ! logging buffered 65536 enable secret 5 OMIT ! username OMIT privilege 15 secret 5 OMIT ! ! aaa new-model ! ! aaa authentication login default group tacacs+ local aaa authorization commands 15 default group tacacs+ none aaa accounting commands 15 default stop-only group tacacs+ ! ! ! aaa session-id common clock timezone EST -5 clock summer-time EST recurring switch 1 provision ws-c2960s-48ts-l ! ! no ip domain-lookup ip domain-name nope.com.net.org vtp mode off ! ! ! ! spanning-tree mode rapid-pvst spanning-tree portfast bpduguard default spanning-tree extend system-id spanning-tree vlan 1-4094 priority 61440 ! ! ! ! vlan internal allocation policy ascending ! ip ssh version 2 ! ! interface FastEthernet0 no ip address ! interface GigabitEthernet1/0/1 switchport mode access no cdp enable ! interface GigabitEthernet1/0/2 switchport mode access no cdp enable ! interface GigabitEthernet1/0/3 switchport mode access no cdp enable ! interface GigabitEthernet1/0/4 switchport mode access no cdp enable ! interface GigabitEthernet1/0/5 switchport mode access no cdp enable ! interface GigabitEthernet1/0/6 switchport mode access no cdp enable ! interface GigabitEthernet1/0/7 switchport mode access no cdp enable ! interface GigabitEthernet1/0/8 switchport mode access no cdp enable ! interface GigabitEthernet1/0/9 switchport mode access no cdp enable ! interface GigabitEthernet1/0/10 switchport mode access no cdp enable ! interface GigabitEthernet1/0/11 switchport mode access no cdp enable ! interface GigabitEthernet1/0/12 switchport mode access no cdp enable ! interface GigabitEthernet1/0/13 switchport mode access no cdp enable ! interface GigabitEthernet1/0/14 switchport mode access no cdp enable ! interface GigabitEthernet1/0/15 switchport mode access no cdp enable ! interface GigabitEthernet1/0/16 switchport mode access no cdp enable ! interface GigabitEthernet1/0/17 switchport mode access no cdp enable ! interface GigabitEthernet1/0/18 switchport mode access no cdp enable ! interface GigabitEthernet1/0/19 switchport mode access no cdp enable ! interface GigabitEthernet1/0/20 switchport mode access no cdp enable ! interface GigabitEthernet1/0/21 switchport mode access no cdp enable ! interface GigabitEthernet1/0/22 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/23 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/24 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/25 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/26 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/27 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/28 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/29 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/30 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/31 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/32 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/33 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/34 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/35 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/36 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/37 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/38 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/39 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/40 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/41 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/42 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/43 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/44 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/45 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/46 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/47 switchport mode access shutdown no cdp enable ! interface GigabitEthernet1/0/48 description trunk to switch2-Gi1/0/48 switchport mode trunk ! interface GigabitEthernet1/0/49 shutdown ! interface GigabitEthernet1/0/50 shutdown ! interface GigabitEthernet1/0/51 shutdown ! interface GigabitEthernet1/0/52 description trunk to switch3-1/45 switchport mode trunk ! interface Vlan1 ip address 10.191.2.61 255.255.255.0 ! no ip http server no ip http secure-server logging source-interface Vlan1 logging 10.191.4.65 snmp-server community NOPE RO 3 snmp-server community NOPE RO 23 snmp-server trap-source Vlan1 snmp-server contact NOPE snmp-server enable traps snmp linkdown linkup coldstart warmstart snmp-server enable traps config snmp-server enable traps envmon fan shutdown supply temperature status snmp ifmib ifindex persist tacacs-server host 10.191.5.102 tacacs-server directed-request tacacs-server key 7 NOPE ! line con 0 session-timeout 120 privilege level 15 password 7 NOPE logging synchronous transport output none stopbits 1 line vty 0 4 session-timeout 120 privilege level 15 password 7 NOPE logging synchronous transport input ssh line vty 5 15 session-timeout 120 privilege level 15 password 7 NOPE logging synchronous transport input ssh ! ntp clock-period 22518669 ntp source Vlan1 ntp server 10.191.4.39 end ping出子网的一个例子:
ping 10.191.4.39 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.191.4.39, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/6 ms
连接到其中一个交换机活动接口的路由器可能正在执行代理ARP 。 缺less路由configuration,交换机正在广播一个10.191.4.39的ARP请求。 该地址不在本地网段,但您的路由器知道如何达到它。 运行代理ARP的路由器回复交换机说:“我可以为你做到这一点,发送这个地址的数据包给我。 您可以通过检查路由器上的configuration来确认。
tl; dr:Cisco交换机向其他子网中的主机发送ARP请求,Cisco路由器默认启用代理ARP。
我知道我迟到了,但最近我偶然发现了这个问题,做了一些研究,并在这个过程中发现了这个问题。 第一个答案其实是正确的。 不幸的是,我没有足够的声望来添加评论,所以我必须添加自己的答案。
我使用运行IOS 12.2(35r)SE2的Cisco WS-C2960G-8TC-L交换机和运行IOS 12.4(15)T6的Cisco 1812W路由器来重现和调查问题。
路由器configuration的相关部分是(其余configuration是默认的):
interface FastEthernet0 ip address 10.1.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet1 ip address 10.1.2.2 255.255.255.0 duplex auto speed auto
Fa0连接到开关,Fa1连接到计算机。 两个设备都configuration有相应子网中的其他IP地址。 计算机具有通过路由器(10.1.1.0/24通过10.1.2.2 dev eth1)到Fa0networking的路由表条目。 交换机configuration的相关部分是:
interface Vlan1 ip address 10.1.1.1 255.255.255.0 no ip route-cache
剩余的configuration是默认的,即VLAN1中的所有端口,没有默认网关。 也:
Switch#sh ip default-gateway 0.0.0.0
现在我尝试从交换机ping计算机:
Switch#ping 10.1.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms Switch#sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.2.1 25 0021.d8c8.6b36 ARPA Vlan1 Internet 10.1.1.2 33 0021.d8c8.6b36 ARPA Vlan1 Internet 10.1.1.1 - 0022.0cea.1540 ARPA Vlan1
使用Wireshark我确认交换机确实发送了一个ARP请求的计算机的IP地址,即使它在另一个子网。 然后,它从路由器获得对IP地址的ARP答复,从而将所有发往计算机IP地址的数据包发送给路由器,路由器再转发数据包。
这是有效的,因为Cisco路由器默认启用代理ARP:
思科的接口必须configuration为接受和响应代理ARP。 这是默认启用的。
( http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html )
也:
Router#sh ip int fa0 FastEthernet0 is up, line protocol is up Internet address is 10.1.1.2/24 [...] Proxy ARP is enabled [...]