实战ISA2004+三层交换机实现多VLAN互通（20130327修正部分错误）

ISA2004+三层交换机实现多VLAN通信        使用设备:

        ISA2004服务器一台

        华为三层交换机一台

        服务器多
台电脑多台
IP设置：
规划将原来四个厂区网络合并更改后为:
VLAN1:192.168.1.0/24
VLAN2:192.168.2.0/24
VLAN3:192.168.3.0/24
VLAN4:192.168.4.0/24

要求使用同一个域服务器,文件服务器,实现资源工享.通过同一个出口上网，而且可以管控所有网段的电脑上网.

ISA：

内：192.168.100.250

外:30.1.1.1(用于ADSL拔号)

IA2004内网卡设置.
交换机配置（设备为华为3600EI版）：
<S3600>sys
System View: return to User View with Ctrl+Z.
[S3600]undo vlan all
This may delete all static VLAN except the VLAN kept by protocol, the voice VLAN
, the default VLAN, the management VLAN and the remote probe VLAN.
Are you sure?[Y/N]:y
Please wait... Done.
[S3600]vlan 11
[S3600-vlan11]description VLAN1
[S3600-vlan11]port ethernet 1/0/1 ethernet 1/0/2
[S3600-vlan11]vlan 12
[S3600-vlan12]port ethernet 1/0/3
[S3600-vlan12]vlan 13
[S3600-vlan13]port ethernet 1/0/4
[S3600-vlan13]vlan 14
[S3600-vlan14]port
[S3600-vlan14]vlan 11
[S3600-vlan11]inte vlan 11
[S3600-Vlan-interface11]
%Apr 2 02:43:21:968 2000 S3600 L2INF/5/VLANIF LINK STATUS CHANGE:- 1 -
Vlan-interface11: is UP

[S3600-Vlan-interface11]ip addr 192.168.1.254 255.255.255.0
[S3600-Vlan-interface11]
%Apr 2 02:44:22:098 2000 S3600 IFNET/5/UPDOWN:- 1 -Line protocol on the interfa
ce Vlan-interface11 is UP

[S3600-Vlan-interface11]vlan 12
[S3600-vlan12]inte vlan 12
[S3600-Vlan-interface12]ip addr 192.168.2.254 255.255.255.0
[S3600-Vlan-interface12]vlan 13
[S3600-vlan13]inte vlan 13
[S3600-Vlan-interface13]ip addr 192.168.3.254 255.255.255.0
[S3600-Vlan-interface13]vlan 14
[S3600-vlan14]inte vlan 14
[S3600-Vlan-interface14]ip addr 192.168.4.254 255.255.255.0
[S3600-Vlan-interface14]vlan 100
[S3600-vlan100]inte vlan 100
[S3600-Vlan-interface100]ip addr 192.168.100.254 255.255.255.0
[S3600-Vlan-interface100]ip route-static 0.0.0.0 0.0.0.0 192.168.0.250
[S3600]save

在ISA上的反向路由可以用,route -p add 命令加进去

例如 route -p add 192.168.1.0 mask 255.255.255.0 192.168.1.254

    route -p add 192.168.2.0 mask 255.255.255.0 192.168.2.254

修正,应该是

    route -p add 192.168.1.0 mask 255.255.255.0 192.168.0.254

    route -p add 192.168.2.0 mask 255.255.255.0 192.168.0.254

多谢,博友@huqiliu指出问题.

(要指向那个网段的网关）.

本文转自 tao61 博客，原文链接：     http://blog.51cto.com/tao61/147108      如需转载请自行联系原作者