网络环境:cisco三层交换机一台,分为三个vlan 。vlan2所在网络有一台服务器,配置为http和dns服务器,还有一台主机。vlan3和vlan4各有一台主机。
实验要求:
vlan3和vlan4不能相互访问,但是可以访问vlan2
下面是交换机的配置:
Switch#show running-config
Building configuration...
Current configuration : 2428 bytes
!
version 12.2
no service password-encryption
!
hostname Switch
!
!
ip routing
!
!
!
!
ip ssh version 1
!
port-channel load-balance src-mac
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 2
!
interface FastEthernet0/6
switchport access vlan 2
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/8
switchport access vlan 2
!
interface FastEthernet0/9
switchport access vlan 3
!
interface FastEthernet0/10
switchport access vlan 3
!
interface FastEthernet0/11
switchport access vlan 3
!
interface FastEthernet0/12
switchport access vlan 3
!
interface FastEthernet0/13
switchport access vlan 3
!
interface FastEthernet0/14
switchport access vlan 3
!
interface FastEthernet0/15
switchport access vlan 3
!
interface FastEthernet0/16
switchport access vlan 3
!
interface FastEthernet0/17
switchport access vlan 4
!
interface FastEthernet0/18
switchport access vlan 4
!
interface FastEthernet0/19
switchport access vlan 4
!
interface FastEthernet0/20
switchport access vlan 4
!
interface FastEthernet0/21
switchport access vlan 4
!
interface FastEthernet0/22
switchport access vlan 4
!
interface FastEthernet0/23
switchport access vlan 4
!
interface FastEthernet0/24
switchport access vlan 4
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip access-group 103 out
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip access-group 104 out
!
ip classless
!
!
access-list 103 permit ip 192.168.2.0 0.0.0 .255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0 .255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.2.0 0.0.0 .255 192.168.4.0 0.0.0.255
access-list 104 permit ip 192.168.4.0 0.0.0 .255 192.168.2.0 0.0.0.255
!
!
ip dhcp pool 2
network 192.168.2.0 255.255.255.0 #在做这里的
default-router 192.168.2.1 配置可以和在windows
dns-server 192.168.2.10 中配置dhcp服务器相比
ip dhcp pool 3 较下映像会更深些
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.2.10
ip dhcp pool 4
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 192.168.2.10
!
line con 0
line vty 0 4
login
!
!
end
在dhcp的客户端还要注意运用两个命令,就是ipconfig /release 和ipconfig /renew
在实验中的服务器是一个web服务器,同是也是一个dns服务器。
最后测试:
PC5>ipconfig /all
Physical Address................: 0090.0C6E.494A
IP Address......................: 192.168.4.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.4.1
DNS Servers.....................: 192.168.2.10
IP Address......................: 192.168.4.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.4.1
DNS Servers.....................: 192.168.2.10
实验成功
