Estamos tentando configurar para que o switch faça o roteamento e a comunicação entre algumas vlans. E então ter uma rede de links até o fw.
Aqui está a configuração:
Configuração em execução:
; J9145A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-24G"
module 1 type j9145a
ip access-list extended "105"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
20 permit ip-in-ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "test"
10 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
11 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
12 permit udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip access-list standard "allow"
10 permit 0.0.0.0 0.0.0.0
exit
ip access-list standard "test2"
10 permit 0.0.0.0 255.255.255.255
exit
ip default-gateway 192.168.16.1
ip route 0.0.0.0 0.0.0.0 192.168.16.1
ip routing
interface 1
ip access-group "test" in
flow-control
exit
interface 2
ip access-group "test" in
exit
interface 3
ip access-group "test" in
exit
interface 4
ip access-group "test" in
exit
interface 5
ip access-group "test" in
exit
interface 6
ip access-group "test" in
exit
interface 7
ip access-group "test" in
exit
interface 8
ip access-group "test" in
exit
interface 9
ip access-group "test" in
exit
interface 10
ip access-group "test" in
exit
interface 11
ip access-group "test" in
exit
interface 12
ip access-group "test" in
exit
interface 13
ip access-group "test" in
exit
interface 14
ip access-group "test" in
exit
interface 15
ip access-group "test" in
exit
interface 16
ip access-group "test" in
exit
interface 17
ip access-group "test" in
exit
interface 18
ip access-group "test" in
exit
interface 19
ip access-group "test" in
exit
interface 20
ip access-group "test" in
exit
interface 21
ip access-group "test" in
exit
interface 22
ip access-group "test" in
exit
interface 23
ip access-group "test" in
exit
interface 24
ip access-group "test" in
exit
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-2,4
untagged 3,5-24
ip address 192.168.16.135 255.255.255.0
exit
vlan 861
name "ine-Back-Localexample.net"
untagged 4
tagged 1-2
ip address 10.250.32.1 255.255.255.128
ip rip 10.250.32.1
ip rip 10.250.32.1 receive v1-only
ip rip 10.250.32.1 send v1-only
protocol "IPv4,ARP"
exit
vlan 862
name "ine-Front-Inetexample.net"
tagged 1-2
ip address 10.250.32.129 255.255.255.128
ip rip 10.250.32.129
ip rip 10.250.32.129 receive v1-only
ip rip 10.250.32.129 send v1-only
protocol "IPv4,ARP"
exit
vlan 863
name "ine-Back-Inetexample.net"
tagged 1-2
ip address 10.250.33.1 255.255.255.0
protocol "IPv4,ARP"
exit
vlan 864
name "ine-Front-s-example.net"
tagged 1-2
ip address 10.250.34.1 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 865
name "ine-Back-s.example.net"
tagged 1-2
ip address 10.250.34.129 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 866
name "ine-esx-uplink.example.net"
untagged 1-2
ip address 10.250.37.2 255.255.255.252
protocol "IPv4,ARP"
exit
vlan 867
name "ine-Front-Ihostnet-example.net"
tagged 1-2
ip address 10.250.35.1 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 868
name "ine-Back-Ihostnet-example.net"
tagged 1-2
ip address 10.250.35.129 255.255.255.128
protocol "IPv4,ARP"
exit
vlan 869
name "ine-Client-nat.example.net"
tagged 1-2
ip address 10.250.36.1 255.255.255.0
protocol "IPv4,ARP"
exit
password manager
Aqui está um pastbin no link de configuração
O roteamento funciona a partir da rede de gerenciamento, podemos acessar todas as variáveis e recursos nelas. Mas a partir do ex Vlan 862 não podemos acessar vlan 861. (podemos sen o tráfego ICMP para todo o host nele), mas bot acessar qualquer servidor em HTTP / SSH etc.
Qualquer conselho seria ótimo!