电脑技术学习

交换机配置:三层核心+防火墙

dn001

  三层的出口连接防火墙的内口
三层核心交换机最好别用VLAN1连接防火墙内口。
可能会因为IP;重定向问题导致内网访问外网速度奇慢!!
具体事例及解决办法如下:
Word>某企业网核心为4506,接入基本为2950系列。核心有一块X;4548;GB&nbs p;-RJ业务板,其中48口上联到防火墙,其他下联到客户端。客户端网关指向核心交换机,上网速度奇慢。指向防火墙则速度正常,防火墙地址为172.16.1.1;核心配置如下:

core_switch#show;run
Building;configuration...

Current;configuration;:;6061;bytes
!
version;12.1
no;service;pad
service;timestamps;debug;uptime
service;timestamps;log;uptime
no;service;password-encryption
service;compress-config
!
hostname;core_switch
!
enable;secret;5;$1$21p4$rcisbziyY7iFWx0w7jm6d.
enable;password;kindy
!
vtp;mode;transparent
ip;subnet-zero
!
spanning-tree;extend;system-id
!
!
vlan;2
name;vlan2
!
interface;GigabitEthernet1/1
!
interface;GigabitEthernet1/2
!
interface;GigabitEthernet2/1
description;To;ZXC
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet2/2
description;To;HYS-310
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet2/3
description;To;HYS-303
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet2/4
description;To;PGZ
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet2/5
description;To;WLZ
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet2/6
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet3/1
description;To;BACK_24
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet3/2
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet3/3
!
interface;GigabitEthernet3/4
!
interface;GigabitEthernet3/5
!
interface;GigabitEthernet3/6
!
interface;GigabitEthernet4/1
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
....

....
....
!
interface;GigabitEthernet4/47
switchport;trunk;encapsulation;dot1q
switchport;mode;trunk
!
interface;GigabitEthernet4/48
!
interface;Vlan1
ip;address;172.16.1.121;255.255.255.0
!
interface;Vlan2
ip;address;172.16.2.1;255.255.255.0
!
ip;classless
ip;route;0.0.0.0;0.0.0.0;172.16.1.1
no;ip;http;server
!
!
!
line;con;0
password;******
login
stopbits;1
line;vty;0;4
password;******
login
!
end
--------------------------------------------
因为上面的配置是把防火墙的内口直接接如了三层核心的VLAN1内,所以出现访问外网速度奇慢的现象。。
解决办法如下:
1、关闭VLAN;1的重定向功能
int;vlan;1
no;ip;redirects
2、将防火墙的内网线接如核心的其他VLAN