拓扑图如下:
配置命令如下:
iou1:
interface ethernet 0/0 //进入接口
ip address 10.0.0.1 255.255.255.252 //指定IP
no shutdown //开启接口
interface loopback 0 //进入0号回环接口
ip address 123.0.1.1 255.255.255.0 //指定IP
ip route 192.168.0.0 255.255.0.0 10.0.0.2 //指定静态路由
interface loopback 1 //进入1号回环接口
ip address 1.1.1.1 255.255.255.255 //指定IP
配置TELNET登录
access-list 1 permit 192.168.2.0 0.0.0.255
username benet password test
line vty 0 4
login local
access-class 1 in
exit
iou2:
vlan 2
vlan 3
vlan 4
vlan 100 //创建vlan
interface ethernet 0/2 //进入接口0/2
no switchport //开启接口
ip address 10.0.0.2 255.255.255.252 //指定IP
ip route 0.0.0.0 0 0.0.0.0 10.0.0.1 //设置静态路由
interface range ethernet 0/0-1 //进入0号和1号接口
switchport trunk encapsulation dolt1q //配置封装
switchport mode trunk //配置干道封装
interface vlan 2 //进入vlan2
ip address 192.168.2.1 255.255.255.0 //指定IP
no shutdown //开启接口
interface vlan 3 //进入vlan3
ip address 192.168.3.1 255.255.255.0 //指定IP
no shutdown //开启接口
interface vlan 4 //进入vlan4
ip address 192.168.4.1 255.255.255.0 //指定IP
no shutdown //开启接口
ip routing //开启路由功能
interface vlan 1 //进入vlan1
ip address 192.168.0.1 255.255.255.0 //指定IP
no shutdown //开启接口
配置TELNET登录
access-list 1 permit 192.168.2.0 0.0.0.255
username benet password test
line vty 0 4
login local
access-class 1 in
exit
其他要求配置:
access-list 100 permit ip 192.168.2.0 0.0.0.255 host 192.168.100.2 //允许192.168.2.0网段访问服务器
access-list 100 deny tcp 192.168.0.0 0.0.0.255 host 192.168.100.2 eq telnet
access-list 100 deny tcp 192.168.0.0 0.0.0.255 host 192.168.100.2 eq 22
access-list 100 deny tcp 192.168.0.0 0.0.0.255 host 192.168.100.2 eq 3389
//上述表示除2.0网段其他所有内地网址不能通过Telnet,SSH,和远程桌面登录服务器
access-list 100 permit ip 192.168.0.0 0.0.0.255 host 192.168.100.2
access-list 100 permit tcp any host 192.168.100.2 eq 80
//允许内网主机访问服务,允许外网主机访问服务器的80端口
access-list 100 deny ip any any
interface vlan 100
ip access-group 100 out //应用到出方向
exit
access-list 101 permit ip 192.168.3.0 0.0.0.255 host 192.168.100.2
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip any any
interface vlan 3
ip access-group 101 in //应用到入方向
exit
//ACL101表示3.0网段主机可以访问服务器,管理员网段,但不能访问其他部门,也不能访问外网
access-list 121 permit ip 192.168.4.0 0.0.0.255 host 192.168.100.2
access-list 101 permit ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip any any
interface vlan 4
ip access-group 102 in //应用到入方向
exit
//ACL102表示4.0网段主机可以访问服务器,管理员网段,但不能访问其他部门,也不能访问外网
iou3:
vlan 2
vlan 3
vlan 4 //创建vlan
interface ethernet 0/0 //进入0/0接口
switchport mode trunk //配置干道封装
interface ethernet 0/1 //进入接口0/1
switchport mode access //配置接入模式
switchport access vlan 2 //加入vlan2
interface ethernet 0/2 //进入接口0/2
switchport mode access //配置接入模式
switchport access vlan 3 //加入vlan3
interface ethernet 0/3 //进入接口0/3
switchport mode access //配置接入模式
switchport access vlan 4 //加入vlan4
interface vlan 1 //进入vlan1
ip address 192.168.0.2 255.255.255.0 //指定IP
no shutdown //开启接口
ip default-gateay 192.168.0.1 //配置默认网关
配置TELNET登录
access-list 1 permit 192.168.2.0 0.0.0.255
username benet password test
line vty 0 4
login local
access-class 1 in
exit
iou4
vlan 100 //创建vlan100
exit //退出
interface ethernet 0/0 //进入0/0接口
switchport mode trunk //配置干道封装
interface ethernet 0/1 //进入接口0/1
switchport mode access //配置接入模式
switchport access vlan 100 //加入vlan100
interface vlan 1 //进入vlan1
ip address 192.168.0.3 255.255.255.0 //指定IP
no shutdown //开启接口
ip default-gateay 192.168.0.1 //配置默认网关
配置TELNET登录
access-list 1 permit 192.168.2.0 0.0.0.255
username benet password test
line vty 0 4
login local
access-class 1 in
exit