交流 › RouterOS › cisco3560+ROS 划分VLAN后的PPPOE问题？

heartsdal 发表于 2010-5-15 10:57:37

cisco3560+ROS 划分VLAN后的PPPOE问题？

本帖最后由 heartsdal 于 2010-5-17 11:14 编辑

本人参考此文http://bbs.routerclub.com/viewthread.php?tid=35608&highlight=%C8%FD%B2%E3%BD%BB%BB%BB%BB%FA
划分了VLAN，一模一样，但现在出现只有192.168.0.0 VLAN网段能上网，其它网段都不能上网。

是不是我原先ROS 在192.168.0.0 网段绑定了MAC地址缘故？

如果IP绑定了MAC 地址，三层交换机下面与ROS不同VLAN的MAC怎么绑定？？？

xiasha11 发表于 2010-5-15 11:01:22

src-address=192.168.0.0/16 action=masquerade   

注意这一句

heartsdal 发表于 2010-5-15 11:14:32

回复 2# xiasha11


   已经做了，


Switch#show run
Building configuration...

Current configuration : 2888 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$vTC5$AGGqXIeN8S22a7zVHiG/7/
enable password cisco
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 2
!
interface GigabitEthernet0/2
switchport access vlan 3
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.0.2 255.255.255.0
!
interface Vlan3
ip address 192.168.20.1 255.255.255.0
!
interface Vlan4
ip address 192.168.30.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
length 0
line vty 5 15
login
!
end

heartsdal 发表于 2010-5-15 13:07:07

既然ROS读不到三层交换机下面MAC地址，那要通过 什么方法来限制下面个别电脑不能上网呢？

xiasha11 发表于 2010-5-15 14:35:39

在ROS设置VLAN ID

xiasha11 发表于 2010-5-15 14:36:36

本帖最后由 xiasha11 于 2010-5-15 14:39 编辑

你在VLAN交换机内打开VLAN间的路由没有？各VLAN之间能不能PING通

heartsdal 发表于 2010-5-15 18:15:55

各VLAN之间已通，说明CISCO3560工作正常，奇怪的是如果把3560 F0/1口 上进行switchport mode trunk 再把ROS 的LAN口插入到3560的F0/1口，整个网络都不通，看起来不用做TRUNK，但很多教程都要进行sw mo tr。

测试了一下，果然是ARP 的reply-only 的缘故，改成enable就正常了，其它VLAN也能上网了。

现在又碰到新的问题了，其它VLAN怎么禁止个别电脑上网？，如果选择reply-only后，ROS又不能读取其它VLAN的MAC地址，怎么让其它VLAN的电脑上网？ 用PPPOE server?,但是PPPOE 不能跨VLAN啊，如何是好？总不能让我装监控软件禁止吧，麻烦。

heartsdal 发表于 2010-5-17 08:38:38

各位怎么控制下面电脑上网？

heartsdal 发表于 2010-5-17 11:12:59

本想用PPPOE拨入上网，但是其它VLAN不能连接，，，PPPOE不能跨VLAN。。。急救

heartsdal 发表于 2010-5-17 14:48:14

急救~~~找了2天，问了CISCO工程师，也没有结果~~~

xxxyyy888 发表于 2010-5-17 21:43:37

ROS里做防火墙，通过IP禁止某台电脑上网呀

查看完整版本: cisco3560+ROS 划分VLAN后的PPPOE问题？