roteros vlan 问题
1、在二层交换机上划分vlan,1-23口每个端口一个vlan,24口接routeros,routeros上启用vlan划分地址段,交换机一个端口划一个地址,一共3台交换机,都这样配置。2、routeros上4块网卡,内外3块,每个网卡接一个交换机的24口。
3、现在测试每个交换机端口都可以ping通routeros上启用的路由网关,也可以ping通其他网卡上vlan的网关,而且最奇怪的是不同交换机的电脑之间也可以ping通。
4、现在怎样能让不同vlan下的电脑不能互相ping通?
附routeros的配置:
添加vlan的配置/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default comment=\
"\CB\C4\C2\A5" disable-running-check=yes disabled=no full-duplex=yes \
mac-address=00:01:EB:55:63:12 mtu=1500 name=silou speed=100Mbps
set 1 arp=enabled auto-negotiation=yes cable-settings=default comment=\
"\CE\E5\C2\A5" disable-running-check=yes disabled=no full-duplex=yes \
mac-address=00:0A:EB:12:79:30 mtu=1500 name=wulou speed=100Mbps
set 2 arp=enabled auto-negotiation=yes cable-settings=default comment=\
"\C1\F9\C2\A5" disable-running-check=yes disabled=no full-duplex=yes \
mac-address=00:0A:EB:02:26:8C mtu=1500 name=liulou speed=100Mbps
set 3 arp=enabled auto-negotiation=yes cable-settings=default comment=\
"\CD\E2\CD\F8" disable-running-check=yes disabled=no full-duplex=yes \
mac-address=00:14:2A:01:12:B3 mtu=1500 name=wan speed=100Mbps
/interface vlan
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=401 \
vlan-id=401
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=402 \
vlan-id=402
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=403 \
vlan-id=403
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=410 \
vlan-id=410
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=404 \
vlan-id=404
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=405 \
vlan-id=405
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=406 \
vlan-id=406
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=407 \
vlan-id=407
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=408 \
vlan-id=408
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=409 \
vlan-id=409
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=411 \
vlan-id=411
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=412 \
vlan-id=412
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=413 \
vlan-id=413
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=414 \
vlan-id=414
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=415 \
vlan-id=415
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=416 \
vlan-id=416
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=417 \
vlan-id=417
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=418 \
vlan-id=418
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=419 \
vlan-id=419
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=420 \
vlan-id=420
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=421 \
vlan-id=421
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=422 \
vlan-id=422
add arp=enabled comment="" disabled=no interface=silou mtu=1500 name=423 \
vlan-id=423
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=501 \
vlan-id=501
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=502 \
vlan-id=502
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=503 \
vlan-id=503
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=504 \
vlan-id=504
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=505 \
vlan-id=505
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=506 \
vlan-id=506
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=507 \
vlan-id=507
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=508 \
vlan-id=508
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=509 \
vlan-id=509
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=510 \
vlan-id=510
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=511 \
vlan-id=511
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=512 \
vlan-id=512
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=513 \
vlan-id=513
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=514 \
vlan-id=514
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=515 \
vlan-id=515
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=516 \
vlan-id=516
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=517 \
vlan-id=517
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=518 \
vlan-id=518
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=519 \
vlan-id=519
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=520 \
vlan-id=520
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=521 \
vlan-id=521
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=522 \
vlan-id=522
add arp=enabled comment="" disabled=no interface=wulou mtu=1500 name=523 \
vlan-id=523
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=601 \
vlan-id=601
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=602 \
vlan-id=602
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=603 \
vlan-id=603
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=604 \
vlan-id=604
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=605 \
vlan-id=605
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=606 \
vlan-id=606
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=607 \
vlan-id=607
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=608 \
vlan-id=608
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=609 \
vlan-id=609
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=610 \
vlan-id=610
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=611 \
vlan-id=611
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=612 \
vlan-id=612
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=613 \
vlan-id=613
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=614 \
vlan-id=614
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=615 \
vlan-id=615
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=616 \
vlan-id=616
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=617 \
vlan-id=617
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=618 \
vlan-id=618
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=619 \
vlan-id=619
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=620 \
vlan-id=620
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=621 \
vlan-id=621
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=622 \
vlan-id=622
add arp=enabled comment="" disabled=no interface=liulou mtu=1500 name=623 \
vlan-id=623
添加ip地址的配置/ip address
add address=192.168.4.1/28 broadcast=192.168.4.15 comment="" disabled=no \
interface=404 network=192.168.4.0
add address=192.168.2.1/28 broadcast=192.168.2.15 comment="" disabled=no \
interface=402 network=192.168.2.0
add address=192.168.3.1/28 broadcast=192.168.3.15 comment="" disabled=no \
interface=403 network=192.168.3.0
add address=192.168.1.1/28 broadcast=192.168.1.15 comment="" disabled=no \
interface=401 network=192.168.1.0
add address=192.168.10.1/28 broadcast=192.168.10.15 comment="" disabled=no \
interface=410 network=192.168.10.0
add address=192.168.5.1/28 broadcast=192.168.5.15 comment="" disabled=no \
interface=405 network=192.168.5.0
add address=192.168.6.1/28 broadcast=192.168.6.15 comment="" disabled=no \
interface=406 network=192.168.6.0
add address=192.168.7.1/28 broadcast=192.168.7.15 comment="" disabled=no \
interface=407 network=192.168.7.0
add address=192.168.8.1/28 broadcast=192.168.8.15 comment="" disabled=no \
interface=408 network=192.168.8.0
add address=192.168.9.1/28 broadcast=192.168.9.15 comment="" disabled=no \
interface=409 network=192.168.9.0
add address=192.168.11.1/28 broadcast=192.168.11.15 comment="" disabled=no \
interface=411 network=192.168.11.0
add address=192.168.12.1/28 broadcast=192.168.12.15 comment="" disabled=no \
interface=412 network=192.168.12.0
add address=192.168.13.1/28 broadcast=192.168.13.15 comment="" disabled=no \
interface=413 network=192.168.13.0
add address=192.168.14.1/28 broadcast=192.168.14.15 comment="" disabled=no \
interface=414 network=192.168.14.0
add address=192.168.15.1/28 broadcast=192.168.15.15 comment="" disabled=no \
interface=415 network=192.168.15.0
add address=192.168.16.1/28 broadcast=192.168.16.15 comment="" disabled=no \
interface=416 network=192.168.16.0
add address=192.168.17.1/28 broadcast=192.168.17.15 comment="" disabled=no \
interface=417 network=192.168.17.0
add address=192.168.18.1/28 broadcast=192.168.18.15 comment="" disabled=no \
interface=418 network=192.168.18.0
add address=192.168.19.1/28 broadcast=192.168.19.15 comment="" disabled=no \
interface=419 network=192.168.19.0
add address=192.168.20.1/28 broadcast=192.168.20.15 comment="" disabled=no \
interface=420 network=192.168.20.0
add address=192.168.21.1/28 broadcast=192.168.21.15 comment="" disabled=no \
interface=421 network=192.168.21.0
add address=192.168.22.1/28 broadcast=192.168.22.15 comment="" disabled=no \
interface=422 network=192.168.22.0
add address=192.168.23.1/28 broadcast=192.168.23.15 comment="" disabled=no \
interface=423 network=192.168.23.0
add address=192.168.101.1/28 broadcast=192.168.101.15 comment="" disabled=no \
interface=501 network=192.168.101.0
add address=192.168.102.1/28 broadcast=192.168.102.15 comment="" disabled=no \
interface=502 network=192.168.102.0
add address=192.168.103.1/28 broadcast=192.168.103.15 comment="" disabled=no \
interface=503 network=192.168.103.0
add address=192.168.104.1/28 broadcast=192.168.104.15 comment="" disabled=no \
interface=504 network=192.168.104.0
add address=192.168.105.1/28 broadcast=192.168.105.15 comment="" disabled=no \
interface=505 network=192.168.105.0
add address=192.168.106.1/28 broadcast=192.168.106.15 comment="" disabled=no \
interface=506 network=192.168.106.0
add address=192.168.107.1/28 broadcast=192.168.107.15 comment="" disabled=no \
interface=507 network=192.168.107.0
add address=192.168.108.1/28 broadcast=192.168.108.15 comment="" disabled=no \
interface=508 network=192.168.108.0
add address=192.168.109.1/28 broadcast=192.168.109.15 comment="" disabled=no \
interface=509 network=192.168.109.0
add address=192.168.110.1/28 broadcast=192.168.110.15 comment="" disabled=no \
interface=510 network=192.168.110.0
add address=192.168.111.1/28 broadcast=192.168.111.15 comment="" disabled=no \
interface=511 network=192.168.111.0
add address=192.168.112.1/28 broadcast=192.168.112.15 comment="" disabled=no \
interface=512 network=192.168.112.0
add address=192.168.113.1/28 broadcast=192.168.113.15 comment="" disabled=no \
interface=513 network=192.168.113.0
add address=192.168.114.1/28 broadcast=192.168.114.15 comment="" disabled=no \
interface=514 network=192.168.114.0
add address=192.168.115.1/28 broadcast=192.168.115.15 comment="" disabled=no \
interface=515 network=192.168.115.0
add address=192.168.116.1/28 broadcast=192.168.116.15 comment="" disabled=no \
interface=516 network=192.168.116.0
add address=192.168.117.1/28 broadcast=192.168.117.15 comment="" disabled=no \
interface=517 network=192.168.117.0
add address=192.168.118.1/28 broadcast=192.168.118.15 comment="" disabled=no \
interface=518 network=192.168.118.0
add address=192.168.119.1/28 broadcast=192.168.119.15 comment="" disabled=no \
interface=519 network=192.168.119.0
add address=192.168.120.1/28 broadcast=192.168.120.15 comment="" disabled=no \
interface=520 network=192.168.120.0
add address=192.168.121.1/28 broadcast=192.168.121.15 comment="" disabled=no \
interface=521 network=192.168.121.0
add address=192.168.122.1/28 broadcast=192.168.122.15 comment="" disabled=no \
interface=522 network=192.168.122.0
add address=192.168.123.1/28 broadcast=192.168.123.15 comment="" disabled=no \
interface=523 network=192.168.123.0
add address=192.168.201.1/28 broadcast=192.168.201.15 comment="" disabled=no \
interface=601 network=192.168.201.0
add address=192.168.202.1/28 broadcast=192.168.202.15 comment="" disabled=no \
interface=602 network=192.168.202.0
add address=192.168.203.1/28 broadcast=192.168.203.15 comment="" disabled=no \
interface=603 network=192.168.203.0
add address=192.168.204.1/28 broadcast=192.168.204.15 comment="" disabled=no \
interface=604 network=192.168.204.0
add address=192.168.205.1/28 broadcast=192.168.205.15 comment="" disabled=no \
interface=605 network=192.168.205.0
add address=192.168.206.1/28 broadcast=192.168.206.15 comment="" disabled=no \
interface=606 network=192.168.206.0
add address=192.168.207.1/28 broadcast=192.168.207.15 comment="" disabled=no \
interface=607 network=192.168.207.0
add address=192.168.208.1/28 broadcast=192.168.208.15 comment="" disabled=no \
interface=608 network=192.168.208.0
add address=192.168.209.1/28 broadcast=192.168.209.15 comment="" disabled=no \
interface=609 network=192.168.209.0
add address=192.168.210.1/28 broadcast=192.168.210.15 comment="" disabled=no \
interface=610 network=192.168.210.0
add address=192.168.211.1/28 broadcast=192.168.211.15 comment="" disabled=no \
interface=611 network=192.168.211.0
add address=192.168.212.1/28 broadcast=192.168.212.15 comment="" disabled=no \
interface=612 network=192.168.212.0
add address=192.168.213.1/28 broadcast=192.168.213.15 comment="" disabled=no \
interface=613 network=192.168.213.0
add address=192.168.214.1/28 broadcast=192.168.214.15 comment="" disabled=no \
interface=614 network=192.168.214.0
add address=192.168.215.1/28 broadcast=192.168.215.15 comment="" disabled=no \
interface=615 network=192.168.215.0
add address=192.168.216.1/28 broadcast=192.168.216.15 comment="" disabled=no \
interface=616 network=192.168.216.0
add address=192.168.217.1/28 broadcast=192.168.217.15 comment="" disabled=no \
interface=617 network=192.168.217.0
add address=192.168.218.1/28 broadcast=192.168.218.15 comment="" disabled=no \
interface=618 network=192.168.218.0
add address=192.168.219.1/28 broadcast=192.168.219.15 comment="" disabled=no \
interface=619 network=192.168.219.0
add address=192.168.220.1/28 broadcast=192.168.220.15 comment="" disabled=no \
interface=620 network=192.168.220.0
add address=192.168.221.1/28 broadcast=192.168.221.15 comment="" disabled=no \
interface=621 network=192.168.221.0
add address=192.168.222.1/28 broadcast=192.168.222.15 comment="" disabled=no \
interface=622 network=192.168.222.0
add address=192.168.223.1/28 broadcast=192.168.223.15 comment="" disabled=no \
interface=623 network=192.168.223.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.1.0/28 comment="" dns-server=202.100.96.68 gateway=\
192.168.1.1
add address=192.168.2.0/28 comment="" gateway=192.168.2.1
add address=192.168.3.0/28 comment="" gateway=192.168.3.1
add address=192.168.4.0/28 comment="" gateway=192.168.4.1
add address=192.168.5.0/28 comment="" gateway=192.168.5.1
add address=192.168.6.0/28 comment="" gateway=192.168.6.1
add address=192.168.7.0/28 comment="" gateway=192.168.7.1
add address=192.168.8.0/28 comment="" gateway=192.168.8.1
add address=192.168.9.0/28 comment="" gateway=192.168.9.1
add address=192.168.10.0/28 comment="" gateway=192.168.10.1
add address=192.168.11.0/28 comment="" gateway=192.168.11.1
add address=192.168.12.0/28 comment="" gateway=192.168.12.1
add address=192.168.13.0/28 comment="" gateway=192.168.13.1
add address=192.168.14.0/28 comment="" gateway=192.168.14.1
add address=192.168.15.0/28 comment="" gateway=192.168.15.1
add address=192.168.16.0/28 comment="" gateway=192.168.16.1
add address=192.168.17.0/28 comment="" gateway=192.168.17.1
add address=192.168.18.0/28 comment="" gateway=192.168.18.1
add address=192.168.19.0/28 comment="" gateway=192.168.19.1
add address=192.168.20.0/28 comment="" gateway=192.168.20.1
add address=192.168.21.0/28 comment="" gateway=192.168.21.1
add address=192.168.22.0/28 comment="" gateway=192.168.22.1
add address=192.168.23.0/28 comment="" gateway=192.168.23.1
add address=192.168.101.0/28 comment="" gateway=192.168.101.1
add address=192.168.102.0/28 comment="" gateway=192.168.102.1
add address=192.168.103.0/28 comment="" gateway=192.168.103.1
add address=192.168.104.0/28 comment="" gateway=192.168.104.1
add address=192.168.105.0/28 comment="" gateway=192.168.105.1
add address=192.168.106.0/28 comment="" gateway=192.168.106.1
add address=192.168.107.0/28 comment="" gateway=192.168.107.1
add address=192.168.108.0/28 comment="" gateway=192.168.108.1
add address=192.168.109.0/28 comment="" gateway=192.168.109.1
add address=192.168.110.0/28 comment="" gateway=192.168.110.1
add address=192.168.111.0/28 comment="" gateway=192.168.111.1
add address=192.168.112.0/28 comment="" gateway=192.168.112.1
add address=192.168.113.0/28 comment="" gateway=192.168.113.1
add address=192.168.114.0/28 comment="" gateway=192.168.114.1
add address=192.168.115.0/28 comment="" gateway=192.168.115.1
add address=192.168.116.0/28 comment="" gateway=192.168.116.1
add address=192.168.117.0/28 comment="" gateway=192.168.117.1
add address=192.168.118.0/28 comment="" gateway=192.168.118.1
add address=192.168.119.0/28 comment="" gateway=192.168.119.1
add address=192.168.120.0/28 comment="" gateway=192.168.120.1
add address=192.168.121.0/28 comment="" gateway=192.168.121.1
add address=192.168.122.0/28 comment="" gateway=192.168.122.1
add address=192.168.123.0/28 comment="" gateway=192.168.123.1
add address=192.168.201.0/28 comment="" dns-server=\
202.100.96.68,222.75.152.129 gateway=192.168.201.1
add address=192.168.202.0/28 comment="" gateway=192.168.202.1
add address=192.168.203.0/28 comment="" gateway=192.168.203.1
add address=192.168.204.0/28 comment="" gateway=192.168.204.1
add address=192.168.205.0/28 comment="" gateway=192.168.205.1
add address=192.168.206.0/28 comment="" gateway=192.168.206.1
add address=192.168.207.0/28 comment="" gateway=192.168.207.1
add address=192.168.208.0/28 comment="" gateway=192.168.208.1
add address=192.168.209.0/28 comment="" gateway=192.168.209.1
add address=192.168.210.0/28 comment="" gateway=192.168.210.1
add address=192.168.211.0/28 comment="" gateway=192.168.211.1
add address=192.168.212.0/28 comment="" gateway=192.168.212.1
add address=192.168.213.0/28 comment="" gateway=192.168.213.1
add address=192.168.214.0/28 comment="" gateway=192.168.214.1
add address=192.168.215.0/28 comment="" gateway=192.168.215.1
add address=192.168.216.0/28 comment="" gateway=192.168.216.1
add address=192.168.217.0/28 comment="" gateway=192.168.217.1
add address=192.168.218.0/28 comment="" gateway=192.168.218.1
add address=192.168.219.0/28 comment="" gateway=192.168.219.1
add address=192.168.220.0/28 comment="" gateway=192.168.220.1
add address=192.168.221.0/28 comment="" gateway=192.168.221.1
add address=192.168.222.0/28 comment="" gateway=192.168.222.1
add address=192.168.223.0/28 comment="" gateway=192.168.223.1 bobwalker 发表于 2013-1-7 13:29 static/image/common/back.gif
默认就通的。加一条防火墙过滤规则就行。
推荐使用端口隔离交换机就全搞定了,还不用做这么多VLAN划这么 ...
具体的规则怎么写?请指教,没有三层交换机,二层的交换机上没有办法起路由! 有人会吗?
/ip firewall filter
add action=drop chain=forward dst-address=192.168.0.0/16 src-address=\
192.168.0.0/16
页:
[1]