用了一個上午的時間查看配置的問題,其實配置並沒有任何問題,如果是配置的問題可能很快就會得到答案,也不會浪費這麼多時間了,後來終於找到了問題的答案,很是驚喜。我把它共享出來,希望博友們不要在同樣的問題上浪費時間,也希望自己能更深刻的記住這個經歷。
問題描述:
PC機(ip:10.140.60.56)直連到交換機的f0/40端口後,可以telnet 10.140.60.254 登陸交換機,但是telnet 10.140.254.254 提示打開23端口失敗。。。。。。。。。。。。。。
以下是交換機的配置信息。
waiwang#show run
Building configuration...
Building configuration...
Current configuration : 5585 byt
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname waiwang
!
enable secret 5 $1$KZxI$/YmqPXFI
!
no aaa new-model
ip subnet-zero
ip routing
!
ip dhcp-server 10.140.0.3
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
------------------------------------------------------------
!
vlan internal allocation policy a
!
interface FastEthernet0/1
switchport access vlan 140
!
interface FastEthernet0/2
switchport access vlan 148
!
interface FastEthernet0/3
switchport access vlan 140
!
interface FastEthernet0/4
switchport access vlan 140
!
interface FastEthernet0/5
switchport access vlan 140
!
interface FastEthernet0/6
switchport access vlan 140
!
interface FastEthernet0/7
switchport access vlan 140
!
interface FastEthernet0/8
switchport access vlan 140
!
interface FastEthernet0/9
switchport access vlan 140
!
interface FastEthernet0/10
switchport access vlan 140
!
interface FastEthernet0/11
switchport access vlan 140
!
interface FastEthernet0/12
switchport access vlan 140
!
interface FastEthernet0/13
switchport access vlan 140
!
interface FastEthernet0/14
switchport access vlan 140
!
interface FastEthernet0/15
switchport access vlan 140
!
interface FastEthernet0/16
switchport access vlan 140
!
interface FastEthernet0/17
switchport access vlan 140
!
interface FastEthernet0/18
switchport access vlan 140
!
interface FastEthernet0/19
switchport access vlan 140
!
interface FastEthernet0/20
switchport access vlan 140
!
interface FastEthernet0/21
switchport access vlan 140
!
interface FastEthernet0/22
switchport access vlan 140
!
interface FastEthernet0/23
switchport access vlan 140
!
interface FastEthernet0/24
switchport access vlan 140
!
interface FastEthernet0/25
switchport access vlan 140
!
interface FastEthernet0/26
switchport access vlan 140
!
interface FastEthernet0/27
switchport access vlan 140
!
interface FastEthernet0/28
switchport access vlan 140
!
interface FastEthernet0/29
switchport access vlan 140
!
interface FastEthernet0/30
switchport access vlan 140
!
interface FastEthernet0/31
switchport access vlan 140
!
interface FastEthernet0/32
switchport access vlan 140
!
interface FastEthernet0/33
switchport access vlan 140
!
interface FastEthernet0/34
switchport access vlan 140
!
interface FastEthernet0/35
switchport access vlan 140
!
interface FastEthernet0/36
switchport access vlan 140
!
interface FastEthernet0/37
switchport access vlan 140
!
interface FastEthernet0/38
switchport access vlan 140
!
interface FastEthernet0/39
switchport access vlan 160
!
interface FastEthernet0/40
switchport access vlan 160
!
interface FastEthernet0/41
switchport access vlan 160
!
interface FastEthernet0/42
switchport access vlan 140
!
interface FastEthernet0/43
switchport access vlan 148
!
interface FastEthernet0/44
switchport access vlan 144
!
interface FastEthernet0/45
switchport access vlan 140
!
interface FastEthernet0/46
switchport access vlan 100
!
interface FastEthernet0/47
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 99
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
description "Switch Default GateWay"
ip address 10.140.254.254 255.255.255.0
!
interface Vlan99
description "to TianRongXing Firewall"
ip address 10.140.8.254 255.255.255.0
ip access-group attack-port in
ip access-group attack-port out
!
interface Vlan100
ip address 10.140.0.254 255.255.255.0
!
interface Vlan140
description "to XingZhengLou"
ip address 10.140.40.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan144
description "caiwu"
ip address 10.140.44.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan148
ip address 10.140.48.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan160
ip address 10.140.60.254 255.255.255.0
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname waiwang
!
enable secret 5 $1$KZxI$/YmqPXFI
!
no aaa new-model
ip subnet-zero
ip routing
!
ip dhcp-server 10.140.0.3
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
------------------------------------------------------------
!
vlan internal allocation policy a
!
interface FastEthernet0/1
switchport access vlan 140
!
interface FastEthernet0/2
switchport access vlan 148
!
interface FastEthernet0/3
switchport access vlan 140
!
interface FastEthernet0/4
switchport access vlan 140
!
interface FastEthernet0/5
switchport access vlan 140
!
interface FastEthernet0/6
switchport access vlan 140
!
interface FastEthernet0/7
switchport access vlan 140
!
interface FastEthernet0/8
switchport access vlan 140
!
interface FastEthernet0/9
switchport access vlan 140
!
interface FastEthernet0/10
switchport access vlan 140
!
interface FastEthernet0/11
switchport access vlan 140
!
interface FastEthernet0/12
switchport access vlan 140
!
interface FastEthernet0/13
switchport access vlan 140
!
interface FastEthernet0/14
switchport access vlan 140
!
interface FastEthernet0/15
switchport access vlan 140
!
interface FastEthernet0/16
switchport access vlan 140
!
interface FastEthernet0/17
switchport access vlan 140
!
interface FastEthernet0/18
switchport access vlan 140
!
interface FastEthernet0/19
switchport access vlan 140
!
interface FastEthernet0/20
switchport access vlan 140
!
interface FastEthernet0/21
switchport access vlan 140
!
interface FastEthernet0/22
switchport access vlan 140
!
interface FastEthernet0/23
switchport access vlan 140
!
interface FastEthernet0/24
switchport access vlan 140
!
interface FastEthernet0/25
switchport access vlan 140
!
interface FastEthernet0/26
switchport access vlan 140
!
interface FastEthernet0/27
switchport access vlan 140
!
interface FastEthernet0/28
switchport access vlan 140
!
interface FastEthernet0/29
switchport access vlan 140
!
interface FastEthernet0/30
switchport access vlan 140
!
interface FastEthernet0/31
switchport access vlan 140
!
interface FastEthernet0/32
switchport access vlan 140
!
interface FastEthernet0/33
switchport access vlan 140
!
interface FastEthernet0/34
switchport access vlan 140
!
interface FastEthernet0/35
switchport access vlan 140
!
interface FastEthernet0/36
switchport access vlan 140
!
interface FastEthernet0/37
switchport access vlan 140
!
interface FastEthernet0/38
switchport access vlan 140
!
interface FastEthernet0/39
switchport access vlan 160
!
interface FastEthernet0/40
switchport access vlan 160
!
interface FastEthernet0/41
switchport access vlan 160
!
interface FastEthernet0/42
switchport access vlan 140
!
interface FastEthernet0/43
switchport access vlan 148
!
interface FastEthernet0/44
switchport access vlan 144
!
interface FastEthernet0/45
switchport access vlan 140
!
interface FastEthernet0/46
switchport access vlan 100
!
interface FastEthernet0/47
switchport access vlan 99
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 99
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
description "Switch Default GateWay"
ip address 10.140.254.254 255.255.255.0
!
interface Vlan99
description "to TianRongXing Firewall"
ip address 10.140.8.254 255.255.255.0
ip access-group attack-port in
ip access-group attack-port out
!
interface Vlan100
ip address 10.140.0.254 255.255.255.0
!
interface Vlan140
description "to XingZhengLou"
ip address 10.140.40.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan144
description "caiwu"
ip address 10.140.44.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan148
ip address 10.140.48.254 255.255.255.0
ip access-group permit600 in
ip helper-address 10.140.0.3
!
interface Vlan160
ip address 10.140.60.254 255.255.255.0
ip helper-address 10.140.0.3
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.140.8.1
ip http server
!
ip access-list extended attack-port
deny udp any any eq tftp
deny tcp any any eq 4444
deny tcp any any eq 135
deny udp any any eq 135
deny tcp any any eq 1024
deny udp any any eq netbios-ns
deny tcp any any eq 6667
deny tcp any any eq 2644
deny udp any any eq 2644
deny tcp any any eq 2645
deny udp any any eq 2645
deny udp any any eq netbios-dgm
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq 213
deny udp any any eq 213
deny udp any any eq 593
deny tcp any any eq 593
deny tcp any any eq 445
deny tcp any any eq 5554
deny tcp any any eq 9995
deny tcp any any eq 9996
deny udp any any eq 1434
deny tcp any any eq 1068
deny tcp any any eq 5800
deny tcp any any eq 5900
deny tcp any any eq 10080
deny tcp any any eq 455
deny udp any any eq 455
deny tcp any any eq 3208
deny tcp any any eq 1871
deny tcp any any eq 4510
deny udp any any eq 4334
deny tcp any any eq 4331
deny tcp any any eq 4557
deny tcp any eq exec any
deny tcp any any eq exec
permit ip any any
ip access-list extended permit600
permit ip any 10.140.0.0 0.0.0.255
permit ip any 10.140.254.0 0.0.0.255
permit ip any 10.140.8.0 0.0.0.255
deny ip any 10.140.0.0 0.0.255.255
permit ip any any
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.140.8.1
ip http server
!
ip access-list extended attack-port
deny udp any any eq tftp
deny tcp any any eq 4444
deny tcp any any eq 135
deny udp any any eq 135
deny tcp any any eq 1024
deny udp any any eq netbios-ns
deny tcp any any eq 6667
deny tcp any any eq 2644
deny udp any any eq 2644
deny tcp any any eq 2645
deny udp any any eq 2645
deny udp any any eq netbios-dgm
deny udp any any eq netbios-ss
deny tcp any any eq 139
deny tcp any any eq 213
deny udp any any eq 213
deny udp any any eq 593
deny tcp any any eq 593
deny tcp any any eq 445
deny tcp any any eq 5554
deny tcp any any eq 9995
deny tcp any any eq 9996
deny udp any any eq 1434
deny tcp any any eq 1068
deny tcp any any eq 5800
deny tcp any any eq 5900
deny tcp any any eq 10080
deny tcp any any eq 455
deny udp any any eq 455
deny tcp any any eq 3208
deny tcp any any eq 1871
deny tcp any any eq 4510
deny udp any any eq 4334
deny tcp any any eq 4331
deny tcp any any eq 4557
deny tcp any eq exec any
deny tcp any any eq exec
permit ip any any
ip access-list extended permit600
permit ip any 10.140.0.0 0.0.0.255
permit ip any 10.140.254.0 0.0.0.255
permit ip any 10.140.8.0 0.0.0.255
deny ip any 10.140.0.0 0.0.255.255
permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
no login
!
!
end
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
no login
!
!
end
waiwang#
問題解決:
使用show ip interface brief便得到了答案
看到了嗎,vlan1的protocol is down,這便是原因所在;必須至少有一個 active client 接入vlan1 ,一旦存在一個 active client 在這個switch 的vlan1上,你將要看到vlan 1 up/up ,此刻 telnet 10.140.254.254 將不會報23端口打開失敗!