园网smoothwall 解决方案--多VLAN问题的解决
[attach]1171[/attach][color=#cccccc][size=2][color=red]非常感谢smoothwall的斑竹 情灭缘尽和天外飞星,在我初次使用smoothwall做为校园代理服
务器的时候,是他们细心和不倦的传授,让我能够在短短2天的时间里在我们学校成功部署。[/color]
[color=Black]内容概要:[/color]
[color=Black]在这篇文章里,我们将讨论在一个典型的校园网环境下如何部署smoothwall代理服务器,其[/color]
[color=Black]中主要讨论多vlan里配置静态路由问题(因为其他的如汉化、更新、端口镜象、回流等其他[/color]
[color=Black]情灭缘尽已经演示得非常的清楚了)[/color]
[color=Black]学校校园网拓扑图如图 [/color]
[b]Smoothwall 配置:[/b]
[color=Black]Internet[/color]
[color=Black]ip: 202.98.30.69[/color]
[color=Black]mask: 255.255.255.224[/color]
[color=Black]DG: 202.98.56.94[/color]
[color=Black]DNS: 61.128.128.68[/color]
[color=Black]LAN:[/color]
[color=Black]ip:172.16.200.1[/color]
[color=Black]mask: 255.255.255.0[/color]
[color=Black]核心交换机配置:(划分了20个vlan)[/color]
[color=Black]interface "tech" [/color]
[color=Black]ip address 172.16.6.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan6" [/color]
[color=Black]! [/color]
[color=Black]interface "server" [/color]
[color=Black]ip address 172.16.7.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan7" [/color]
[color=Black]! [/color]
[color=Black]interface "zonghe" [/color]
[color=Black]ip address 172.16.8.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan8" [/color]
[color=Black]! [/color]
[color=Black]interface "lib" [/color]
[color=Black]ip address 172.16.9.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan9" [/color]
[color=Black]! [/color]
[color=Black]interface "yijiao" [/color]
[color=Black]ip address 172.16.12.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan12" [/color]
[color=Black]! [/color]
[color=Black]interface "sanjiao" [/color]
[color=Black]ip address 172.16.11.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan11" [/color]
[color=Black]! [/color]
[color=Black]interface "2jiao" [/color]
[color=Black]ip address 172.16.13.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan13" [/color]
[color=Black]! [/color]
[color=Black]interface "jifang-5" [/color]
[color=Black]ip address 172.16.14.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan14" [/color]
[color=Black]! [/color]
[color=Black]interface "art" [/color]
[color=Black]ip address 172.16.15.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan15" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan2" [/color]
[color=Black]ip address 172.16.2.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan2" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan3" [/color]
[color=Black]ip address 172.16.3.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan3" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan4" [/color]
[color=Black]ip address 172.16.4.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan4" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan5" [/color]
[color=Black]ip address 172.16.5.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan5" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan16" [/color]
[color=Black]ip address 172.16.16.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan16" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan17" [/color]
[color=Black]ip address 172.16.17.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan17" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan18" [/color]
[color=Black]ip address 172.16.18.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan18" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan19" [/color]
[color=Black]ip address 172.16.19.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan19" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan20" [/color]
[color=Black]ip address 172.16.20.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan20" [/color]
[color=Black]! [/color]
[color=Black]interface "upload" [/color]
[color=Black]ip address 172.16.200.2 255.255.255.0 [/color]
[color=Black]ip vlan name "upload" [/color]
[color=Black]! [/color]
[color=Black]interface "vlan10" [/color]
[color=Black]ip address 172.16.10.1 255.255.255.0 [/color]
[color=Black]ip vlan name "vlan10" [/color]
[color=Black]! [/color]
[color=Black]ip route 0.0.0.0 0.0.0.0 172.16.200.1 1 low (默认路由)[/color]
[color=Black]A 为vlan 7 里一台主机配置如下:[/color]
[color=Black]ip: 172.16.7.5[/color]
[color=Black]mask: 255.255.255.0[/color]
[color=Black]DG: 172.16.7.1[/color]
[color=Black]DNS: 61.128.128.68[/color]
[color=Black]这个网络 我们可以简单归结如下:[/color]
[color=Black]A---核心交换机----代理服务器----Internet[/color]
[color=Black]我们假设在A ping 重庆电信的DNS 61.128.128.68 的数据包进行分析[/color]
[color=Black]a 发出一个icmp包 首先到达本机的网关172.16.7.1 检查目标地址非本网段地址,于是转发[/color]
[color=Black]最后到达172.16.7.200.2,然后核心交换机根据默认路由将数据包发送给172.16.200.1[/color]
[color=Black]SW 通过NAT 将该包向外转发到达61.128.128.68。通过这个分析我们发现默认配置情况下,[/color]
[color=Black]发送出去的包是可以顺利到达目的地址。[/color]
[color=Black]那么返回的数据包呢?通过分析我们知道返回的数据包可以顺利到达172.16.200.1,那是不是[/color]
[color=Black]说他也可以顺利返回到172.16.7.5呢,[/color]
[color=Black]让我们登陆到sw的root界面,来看看[/color]
[color=Black]#route[/color]
[color=Black]Kernel IP routing table[/color]
[color=Black]Destination Gateway Genmask Flags Metric Ref Use Iface[/color]
[color=Black]202.98.30.69 0.0.0.0 255.255.255.224 U 0 0 0 eth1[/color]
[color=Black]172.16.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0[/color]
[color=Black]0.0.0.0 202.98.56.94 0.0.0.0 UG 0 0 0 eth1[/color]
[color=Black]从这个路由表中我们可以清楚知道只有三条路由,返回的数据包在172.16.200.1的时候就把[/color]
[color=Black]包给丢弃了,从而无法返回。[/color]
[color=Black]在这里我们可以通过在root 登陆sw 手动添加静态路由,就可以解决这个问题了[/color]
[color=Black]经过情灭缘尽和天外飞星的指点,我们学会了这样的命令:[/color]
[color=Black]route add -net 172.16.2.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.3.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.4.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.5.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.6.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.7.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.8.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.8.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.10.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.11.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.12.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.13.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.14.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.15.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.16.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.17.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.18.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.19.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]route add -net 172.16.20.0 netmask 255.255.255.0 gw 172.16.200.2[/color]
[color=Black]这些路由信息就是告诉我们的sw 如果返回的数据包目标地址是172.16.7.0/24 就把数据发送[/color]
[color=Black]给172.16.200.2(交换机),到了交换机 数据包就可以根据里面vlan 找到自己对应的机器了[/color]
[color=Black]。[/color]
[color=Black]通过这样我们学校的每台电脑就可以上网了。[/color]
[color=Black]我找了一台p4 1.6 +256M+40G硬盘+2个8139网卡 代理我们学校500多台电脑上网(同时在线[/color]
[color=Black]一般在300台),大家都觉得很快,高兴死我了。[/color]
[color=Black]当我们重新启动sw的时候,我们会发现路由信息丢失了,如何解决这个问题呢,[/color]
[color=Black]其实和解决回流的办法是一样的,不过脚本不同而[/color]已,下次我继续写吧[/size][/color] avaya的设备就没有摸过呃.. 高手啊!!!! 我也没听过avaya avaya 势头大啊。 在统一通信市场占有率中, 他牛过cisco。 avaya以前可算是电信核心交换路由上的小牛
可惜华为崛起后日子不好过
还好在voip统一通信等领域找到了新力量 y188 y188 y188
页:
[1]