1.在S1上设置VTP
Switch(config)#vtp domain vtp1
Changing VTP domain name from NULL to vtp1
Switch(config)#vtp mode server
Setting device to VTP server mode.
Switch(config)#vtp password 123
Setting device VLAN database password to 123
2.在S1上建立三个VLAN
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#vlan 30
Switch(config-vlan)#
3.在S1上定义三个VLAN
Switch(config)#int vlan 10
%LINK-5-CHANGED: Interface Vlan10, changed state to up
Switch(config-if)#ip add 192.168.10.1 255.255.255.0
Switch(config-if)#int vlan 20
%LINK-5-CHANGED: Interface Vlan20, changed state to up
Switch(config-if)#ip add 192.168.20.1 255.255.255.0
Switch(config-if)#int vlan 30
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan30, changed state to up
Switch(config-if)#ip add 192.168.30.1 255.255.255.0
4.把S1的三个接口全部开起TRUNK
Switch(config-if)#int range fa0/1 - 3
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
5.S2.S3.S4分别设置VTP
Switch(config)#vtp domain vtp1
Changing VTP domain name from NULL to vtp1
Switch(config)#vtp mode client \\注意模式
Setting device to VTP CLIENT mode.
Switch(config)#vtp password 123
Setting device VLAN database password to 123
6.S2.S3.S4的端口分别加入VLAN
Switch(config)#int fa0/2
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int fa0/3
Switch(config-if)#switchport access vlan 30 \\格式一样 我只抄我S4的给你参考
7.分别设置各PC的IP,测试,各PC全部可以相互PING通.
8.做ACL
Switch(config)#access-list 1 permit 192.168.10.0 0.0.0.255
Switch(config)#access-list 1 permit 192.168.30.0 0.0.0.255
Switch(config)#access-list 1 deny 192.168.20.0 0.0.0.255 \\定义ACL
Switch(config-if)#int vlan 10
Switch(config-if)#ip access-group 1 in
Switch(config-if)#int vlan 20
Switch(config-if)#ip access-group 1 in
Switch(config-if)#int vlan 30
Switch(config-if)#ip access-group 1 in
Switch(config-if)#exi \\在VLAN上使用ACL
到此已经完成此实验,测试,192.168.10.0 可以和 192.168.30.0 通讯
192.168.20.0不能和其他两个网段通讯.
