奇怪的客户端网关问题
本帖最后由 ji191359129 于 2014-6-19 23:30 编辑内网网关奇怪的问题如图,一:三层交换上做vlan间路由,配置静态路由出外网二:各路由器上配置静态路由使得全网互通问题来了。三:在PC2上将网关设置成pc1 的ip地址,也能ping通3.3.3.3, 为什么呢???
我这里用PT做的实验。GNS3下也测试过也有这种问题。PC1 :192.168.0.2 vlan2 gateway:192.168.0.1PC2: 192.168.1.2 vlan3 gateway:192.168.1.1SW1:Vlan2 ip:192.168.0.1Vlan3 ip:192.168.1.1F0/3 ip : 12.0.0.1
R2: G0/0 IP : 12.0.0.2G0/1 IP :23.0.0.2
R3: g0/0 ip :23.0.0.3 Lo0 ip : 3.3.3.3
路由:SW1: ip route 0.0.0.0 0.0.0.0 12.0.0.2R2: ip route 192.168.0.0 255.255.255.012.0.0.1 ip route 192.168.1.0 255.255.255.0 12.0.0.1 ip route 3.3.3.0 255.255.255.0 23.0.0.3R3”: ip route 0.0.0.0 0.0.0.0 23.0.0.2
配置:SW1:Switch#show runBuilding configuration...
Current configuration : 1417 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname Switch!!!!!ip routing!!!!!!!!!!spanning-tree mode pvst!!!!interface FastEthernet0/1 switchport access vlan 3 switchport mode access!interface FastEthernet0/2 switchport access vlan 2 switchport mode access!interface FastEthernet0/3 no switchport ip address 12.0.0.1255.255.255.0 duplex auto speed auto!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 no ip address shutdown!interface Vlan2 ip address 192.168.0.1255.255.255.0!interface Vlan3 ip address 192.168.1.1255.255.255.0!ip classlessip route 0.0.0.0 0.0.0.0 12.0.0.2 !!!!!!!line con 0!line aux 0!line vty 0 4 login!!!end
Switch#Switch#Switch#
R2:R2#show runBuilding configuration...
Current configuration : 773 bytes!version 15.1no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R2!!!!!!!!!!!!license udi pid CISCO2911/K9 sn FTX15240R7A!!!!!spanning-tree mode pvst!!!!interface GigabitEthernet0/0 ipaddress 12.0.0.2 255.255.255.0 duplex auto speed auto!interface GigabitEthernet0/1 ipaddress 23.0.0.2 255.255.255.0 duplex auto speed auto!interface GigabitEthernet0/2 noip address duplex auto speed auto shutdown!interface Vlan1 noip address shutdown!ip classlessip route 192.168.0.0 255.255.255.0 12.0.0.1ip route 192.168.1.0 255.255.255.0 12.0.0.1ip route 3.3.3.0 255.255.255.0 23.0.0.3 !!!!!!!line con 0!line aux 0!line vty 0 4 login!!!end
R2#R3:Router#SHOW RUNBuilding configuration...
Current configuration : 727 bytes!version 15.1no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname Router!!!!!!!!!!!!license udi pid CISCO2911/K9 sn FTX1524696Z!!!!!spanning-tree mode pvst!!!!interface Loopback0 ipaddress 3.3.3.3 255.255.255.0!interface GigabitEthernet0/0 ipaddress 23.0.0.3 255.255.255.0 duplex auto speed auto!interface GigabitEthernet0/1 noip address duplex auto speed auto shutdown!interface GigabitEthernet0/2 noip address duplex auto speed auto shutdown!interface Vlan1 noip address shutdown!ip classlessip route 0.0.0.0 0.0.0.0 23.0.0.2 !!!!!!!line con 0!line aux 0!line vty 0 4 login!!!end
Router#
附件是PT的环境和配置。大家可以安装个PT试下。
理论分析:
你PC2的网关设置成PC1的网关,意思就是让PC1帮你转发数据,那PC2和PC1在不同的网段怎么才能把数据转发出去呢?由于思科的设备接口下的代理ARP默认是开的,所有你能顺利把你需要到达3.3.3.3的数据转发到PC1,然后PC1通过他的默认网关就出去了。
实际测试:
1,你可以在PC2上traceroute下3.3.3.3,看下路径;
2,你可以把VLAN 3的SVI 3接口的代理ARP功能关闭,好像是进入接口,然后no ip proxy-arp,然后再测试连通性。
你可以做这两个验证,我相信你就明白其中的道道了。
祝你好运。 非常感谢。后面试过了。 找到原因了。 是代理arp的问题。
页:
[1]