3750 配置 : 3750#conf t 3750(config)#int f0/15 3750(config-if)#switchport mode trunk 3750(config)#end 3750#vlan database 3750(vlan)#vtp server 3750(vlan)#vtp domain sy 3750(vlan)#vtp password cisco 3750(vlan)#vlan 10 3750(vlan)#vlan 20 37
3750配置:
3750#conf t
3750(config)#int f0/15
3750(config-if)#switchport mode trunk
3750(config)#end
3750#vlan database
3750(vlan)#vtp server
3750(vlan)#vtp domain sy
3750(vlan)#vtp password cisco
3750(vlan)#vlan 10
3750(vlan)#vlan 20
3750(vlan)#vlan 30
3750(vlan)#vlan 40
3750(vlan)#vlan 100
3750(vlan)#exit
3750(config)#ip routing
3750(config)#int vlan 10
3750(config-if)#ip address 192.168.10.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 20
3750(config-if)#ip address 192.168.20.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 30
3750(config-if)#ip address 192.168.30.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 40
3750(config-if)#ip address 192.168.40.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#int vlan 100
3750(config-if)#ip address 192.168.100.1 255.255.255.0
3750(config-if)#no shutdown
3750(config-if)#exit
3750(config)#end
3750(config)#int f0/1
3750(config-if)#switchport access vlan 100
3750(config-if)#end
配置ACL
3750#conf t
3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
3750(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255
3750(config)#access-list 100 permit ip any any
3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
3750(config)#access-list 101 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
3750(config)#access-list 101 permit ip any any
3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
3750(config)#access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
3750(config)#access-list 102 permit ip any any
3750(config)#ip access-list extended infilter //在入方向放置reflect//
3750(config-ext-nacl)#permit ip any any reflect ccna
3750(config-ext-nacl)#exit
3750(config)#ip access-list extended outfilter //在出方向放置evaluate//
3750(config-ext-nacl)#evaluate ccna
3750(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 any
3750(config-ext-nacl)#deny ip 192.168.20.0 0.0.0.255 any
3750(config-ext-nacl)#deny ip 192.168.30.0 0.0.0.255 any
3750(config-ext-nacl)#permit ip any any
3750(config-ext-nacl)#exit
3750(config)#int vlan 40 //应用到管理接口//
3750(config-if)#ip access-group infilter in
3750(config-if)#ip access-group outfilter out
3750(config-if)#exit
3750(config)#int vlan 10
3750(config-if)#ip access-group 100 in
3750(config-if)#exit
3750(config)#int vlan 20
3750(config-if)#ip access-group 101 in
3750(config-if)#exit
3750(config)#int vlan 30
3750(config-if)#ip access-group 102 in
3750(config-if)#end
2960配置:
2960#conf t
2960(config)#int f0/15
2960(config-if)#switchport mode trunk
2960(config-if)#switchport trunk encapsulation dot1q
2960(config-if)#end
2960#vlan database
2960(vlan)#vtp client
2960(vlan)#vtp domain sy
2960(vlan)#vtp password cisco
2960(vlan)#exit
2960#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 256
Number of existing VLANs : 10
VTP Operating Mode : Client
VTP Domain Name : sy
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x4D 0xA8 0xC9 0x00 0xDC 0x58 0x2F 0xDD
Configuration last modified by 0.0.0.0 at 3-1-02 00:13:34
2960#show vlan-sw brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
100 VLAN0100 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
2960#conf t
2960(config)#int f0/1
2960(config-if)#switchport access vlan 10
2960(config-if)#int f0/2
2960(config-if)#switchport access vlan 20
2960(config-if)#int f0/3
2960(config-if)#switchport access vlan 30
2960(config-if)#int f0/4
2960(config-if)#switchport access vlan 40
2960(config-if)#end
客户机验证:
PC1:
PC1#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC1#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC1#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC1#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/268/336 ms
PC2:
PC2#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC2#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC2#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC2#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/170/336 ms
PC3:
PC3#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.U.U.
Success rate is 0 percent (0/5)
PC3#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC3#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PC3#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/218/416 ms
PC4:
PC4#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 240/331/508 ms
PC4#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 220/288/356 ms
PC4#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/207/268 ms
PC4#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/219/440 ms
PC5:
PC5#ping 192.168.10.10Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/194/284 ms
PC5#ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/209/336 ms
PC5#ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/184/372 ms
PC5#ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/239/308 ms
收藏
