Настройка VLAN на ESR-21
Добавлено: 14 сен 2022 19:04
Добрый день!
Обращаюсь к вам за помощью, ибо мануал от маршрутизатора дал информацию, но мало.
Необходимо на маршрутизаторе Eltex ESR-21 настроить VLAN:
порт 3 и 4 - VLAN2 с ip 192.168.2.1/24
порт 5 и 6 - VLAN3 с ip 192.168.3.1/24
порт 7 и 8 - VLAN4 с ip 192.168.4.1/24
Вот весь конфиг который я настроил на данный момент:
vlan 2
name "VLAN2"
exit
vlan 3
name "VLAN3"
exit
vlan 4
name "VLAN4"
exit
security zone trusted
exit
security zone untrusted
exit
security zone VLAN
exit
security zone PC1
exit
security zone PC2
exit
bridge 1
vlan 1
security-zone trusted
ip address 192.168.1.1/24
enable
exit
bridge 2
vlan 2
security-zone VLAN
ip firewall disable
ip address 192.168.2.1/24
enable
exit
bridge 3
vlan 3
security-zone VLAN
ip firewall disable
ip address 192.168.3.1/24
enable
exit
bridge 4
vlan 4
security-zone VLAN
ip firewall disable
ip address 192.168.4.1/24
enable
exit
interface gigabitethernet 1/0/1
mode switchport
switchport access vlan 2
exit
interface gigabitethernet 1/0/2
mode switchport
exit
interface gigabitethernet 1/0/3
mode switchport
security-zone PC1
switchport forbidden default-vlan
switchport mode trunk
switchport access vlan 3
switchport trunk allowed vlan add 2
exit
interface gigabitethernet 1/0/4
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport access vlan 3
switchport trunk allowed vlan add 2
exit
interface gigabitethernet 1/0/5
mode switchport
security-zone PC2
switchport forbidden default-vlan
switchport mode trunk
switchport access vlan 2
switchport trunk allowed vlan add 3
exit
interface gigabitethernet 1/0/6
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk allowed vlan add 3
exit
interface gigabitethernet 1/0/7
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk allowed vlan add 4
exit
interface gigabitethernet 1/0/8
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk allowed vlan add 4
exit
interface gigabitethernet 1/0/9
mode switchport
exit
interface gigabitethernet 1/0/10
mode switchport
exit
interface gigabitethernet 1/0/11
mode switchport
exit
interface gigabitethernet 1/0/12
mode switchport
exit
security zone-pair trusted untrusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted self
rule 10
action permit
match protocol tcp
match destination-port ssh
enable
exit
rule 20
action permit
match protocol icmp
enable
exit
rule 30
action permit
match protocol udp
match source-port dhcp_client
match destination-port dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match destination-port ntp
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port dhcp_server
match destination-port dhcp_client
enable
exit
exit
security passwords default-expired
nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
action source-nat interface
enable
exit
exit
exit
ip dhcp-server
ip dhcp-server pool lan-pool
network 192.168.1.0/24
address-range 192.168.1.2-192.168.1.254
default-router 192.168.1.1
exit
Пробовал пинговать с ноутбука (на нем статика 192.168.2.2) порт 3 (ВЛАН2 - 192.168.2.1) - ноутбук (статика 192.168.3.2) порт 5 (ВЛАН3 192.168.3.1)
И увы "УЗЕЛ НЕДОСТУПЕН"
------------------------------------
Очень прошу помочь в настройке.
Строго не судите, первый опыт в настройке такого оборудования
Обращаюсь к вам за помощью, ибо мануал от маршрутизатора дал информацию, но мало.
Необходимо на маршрутизаторе Eltex ESR-21 настроить VLAN:
порт 3 и 4 - VLAN2 с ip 192.168.2.1/24
порт 5 и 6 - VLAN3 с ip 192.168.3.1/24
порт 7 и 8 - VLAN4 с ip 192.168.4.1/24
Вот весь конфиг который я настроил на данный момент:
vlan 2
name "VLAN2"
exit
vlan 3
name "VLAN3"
exit
vlan 4
name "VLAN4"
exit
security zone trusted
exit
security zone untrusted
exit
security zone VLAN
exit
security zone PC1
exit
security zone PC2
exit
bridge 1
vlan 1
security-zone trusted
ip address 192.168.1.1/24
enable
exit
bridge 2
vlan 2
security-zone VLAN
ip firewall disable
ip address 192.168.2.1/24
enable
exit
bridge 3
vlan 3
security-zone VLAN
ip firewall disable
ip address 192.168.3.1/24
enable
exit
bridge 4
vlan 4
security-zone VLAN
ip firewall disable
ip address 192.168.4.1/24
enable
exit
interface gigabitethernet 1/0/1
mode switchport
switchport access vlan 2
exit
interface gigabitethernet 1/0/2
mode switchport
exit
interface gigabitethernet 1/0/3
mode switchport
security-zone PC1
switchport forbidden default-vlan
switchport mode trunk
switchport access vlan 3
switchport trunk allowed vlan add 2
exit
interface gigabitethernet 1/0/4
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport access vlan 3
switchport trunk allowed vlan add 2
exit
interface gigabitethernet 1/0/5
mode switchport
security-zone PC2
switchport forbidden default-vlan
switchport mode trunk
switchport access vlan 2
switchport trunk allowed vlan add 3
exit
interface gigabitethernet 1/0/6
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk allowed vlan add 3
exit
interface gigabitethernet 1/0/7
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk allowed vlan add 4
exit
interface gigabitethernet 1/0/8
mode switchport
switchport forbidden default-vlan
switchport mode trunk
switchport trunk allowed vlan add 4
exit
interface gigabitethernet 1/0/9
mode switchport
exit
interface gigabitethernet 1/0/10
mode switchport
exit
interface gigabitethernet 1/0/11
mode switchport
exit
interface gigabitethernet 1/0/12
mode switchport
exit
security zone-pair trusted untrusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security zone-pair trusted self
rule 10
action permit
match protocol tcp
match destination-port ssh
enable
exit
rule 20
action permit
match protocol icmp
enable
exit
rule 30
action permit
match protocol udp
match source-port dhcp_client
match destination-port dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match destination-port ntp
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-port dhcp_server
match destination-port dhcp_client
enable
exit
exit
security passwords default-expired
nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
action source-nat interface
enable
exit
exit
exit
ip dhcp-server
ip dhcp-server pool lan-pool
network 192.168.1.0/24
address-range 192.168.1.2-192.168.1.254
default-router 192.168.1.1
exit
Пробовал пинговать с ноутбука (на нем статика 192.168.2.2) порт 3 (ВЛАН2 - 192.168.2.1) - ноутбук (статика 192.168.3.2) порт 5 (ВЛАН3 192.168.3.1)
И увы "УЗЕЛ НЕДОСТУПЕН"
------------------------------------
Очень прошу помочь в настройке.
Строго не судите, первый опыт в настройке такого оборудования
