最终实现效果:
sub各vlan 10、20之间的pc不能互通,但vlan内的pc可以互通,实现了同网段不通,二层广播隔离
pc都用dhcp获取地址,地址池在supber 主vlan上做
都能上公网ping通8.8.8.254
如果要让vlan间的pc都互相通就在super vlan下做arp代理:
inter vlan 100
arp-proxy inter-sub-valn-proxy enable
//注意一定要inter-sub-vlan-proxy如果是inner-sub-vlan-proxy就是一个vlan内通
sw1
vlan batch 10 20 80 100
dhcp enable
vlan 80
aggregate-vlan
access-vlan 10 20
interface Vlanif80
ip address 192.168.80.1 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable //这条命令开启vlan间的arp代理
dhcp select interface
interface Vlanif100
ip address 192.168.100.2 255.255.255.0
interface GigabitEthernet0/0/1
port link-type access
port default vlan 100
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
R1
acl number 2000
rule 5 permit source 192.168.80.0 0.0.0.255
interface GigabitEthernet0/0/0
ip address 1.1.1.2 255.255.255.0
nat outbound 2000
interface GigabitEthernet0/0/1
ip address 192.168.100.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
ip route-static 192.168.80.0 255.255.255.0 192.168.100.2
