[ dr_lafo @ 07.07.2017. 07:29 ] @
Poštovani, imam mrežu na kojoj trenutno postoji dva vlan-a (vlan 1 i vlan 150) jedan je za lan a 150 sa wlan. Pošto smo iskoristili sve hostove iz vlan 1 192.168.2.0/24 hteo bih da dodam novi vlan 20 koji će dobijati ip adrese iz mreže 192.168.3.0/24. Sve je ovo konfigurisano na Cisco L3 Switch-u gde je access list-ama regulisano ko gde može pristupiti. E sad, dodao sam ja novi vlan 20 sa Svi aktivni interfejsi su mi trunk za sve vlan-ove evo nekih kofiguracija da bi vam bilo jasnije kako to izgleda ******************************************** 3560_NOC#sh vlan bri VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/6, Gi0/7, Gi0/8, Gi0/9 Gi0/10, Gi0/11, Gi0/12, Gi0/13 Gi0/14, Gi0/15, Gi0/25, Gi0/26 Gi0/27, Gi0/28 20 CE LAN active 150 WLAN active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup ******************************************** 3560_NOC#sh inter trun Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 1 Gi0/2 on 802.1q trunking 1 Gi0/3 on 802.1q trunking 1 Gi0/4 on 802.1q trunking 1 Gi0/5 on 802.1q trunking 1 Gi0/16 auto n-802.1q trunking 1 Gi0/18 on 802.1q trunking 1 Gi0/21 on 802.1q trunking 1 Gi0/24 on 802.1q trunking 1 Port Vlans allowed on trunk Gi0/1 1-4094 Gi0/2 1-4094 Gi0/3 1-4094 Gi0/4 1-4094 Gi0/5 1-4094 Gi0/16 1-4094 Gi0/18 1-4094 Gi0/21 1-4094 Gi0/24 1-4094 Port Vlans allowed and active in management domain Gi0/1 1-2,20,150 Gi0/2 1-2,20,150 Gi0/3 1-2,20,150 Gi0/4 1-2,20,150 Gi0/5 1-2,20,150 Gi0/16 1-2,20,150 Gi0/18 1-2,20,150 Gi0/21 1-2,20,150 Gi0/24 1-2,20,150 Port Vlans in spanning tree forwarding state and not pruned Gi0/1 1-2,20,150 Gi0/2 1-2,20,150 Gi0/3 1-2,20,150 Gi0/4 1-2,20,150 Gi0/5 1-2,20,150 Gi0/16 1-2,20,150 Gi0/18 1-2,20,150 Gi0/21 1-2,20,150 Gi0/24 1-2,20,150 *********************************************************** Svi aktivni interfejsi na L3 Switch-u su mi npr. interface GigabitEthernet0/1 description #Menadzment# switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/2 description #Racunovodstvo# switchport trunk encapsulation dot1q switchport mode trunk ! *********************************************************** Imam jednu Access Listu gde je na početku sve zabranjeno i onda kako dodajem računare permitujem ih dole ip access-list extended INTERNET deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 192.168.110.0 0.0.0.255 permit ip host 192.168.2.61 any ... Unapred zahvalan!gore navedenim parametrima ali ne znam šta dalje raditi. |