实验步调
拓扑图
1、规划vlan
xiaoshou vlan10
shichang vlan20
chanpin vlan30
server vlan40
connect vlan50
boss vlan88
2、设置vlan
SW3
vlan 10 //创建vlan
description xiaoshou //描述
vlan 20
description shicahng
vlan 30
description chanpin
vlan 88
description boss
vlan 40
description server
vlan 50
description connect
SW1
vlan 10
description xiaoshou
vlan 20
description shicahng
vlan 30
description chanpin
SW2
vlan 10
description xiaoshou
vlan 20
description shicahng
vlan 30
description chanpin
vlan 88
description boss
3、接口分别vlan
SW1
interface Ethernet0/0/1 //进入接口
port link-type access //设置接口范例
port default vlan 10 //该端口指定的vlan
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface Ethernet0/0/3
port link-type access
port default vlan 30
SW2
interface Ethernet0/0/1
port link-type access
port default vlan 10
interface Ethernet0/0/2
port link-type access
port default vlan 20
interface Ethernet0/0/3
port link-type access
port default vlan 30
interface Ethernet0/0/4
port link-type access
port default vlan 88
SW3
interface GigabitEthernet 0/0/4
port link-type access
port default vlan 40
interface GigabitEthernet 0/0/3
port link-type access
port default vlan 50
4、设置接口范例
SW3
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30 //答应通过的vlan
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 88
SW1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20 30
SW2
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 30 88
5、规划ip地址
vlan10 ---- 192.168.10.0/24
vlan20 ---- 192.168.20.0/24
vlan30 ---- 192.168.30.0/24
vlan40 ---- 192.168.40.0/24
vlan50 ---- 192.168.50.0/24
vlan88 ---- 192.168.88.0/24
svi相当于给每个vlan设置一个逻辑ip
ip基本上都是做vlan的网关
6、设置网段
SW3
interface Vlanif10 //进入vlan10的接口
ip address 192.168.10.254 255.255.255.0
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
interface Vlanif40
ip address 192.168.40.254 255.255.255.0
interface Vlanif50
ip address 192.168.50.254 255.255.255.0
interface Vlanif88
ip address 192.168.88.254 255.255.255.0
7、设置DHCP
SW3当作DHCP 服务器
xiaoshou shichang chanpin
dhcp分配ip地址
每个vlan 对应一个网段
SW3
dhcp enable
ip pool xiaoshou //创建地址池名
gateway-list 192.168.10.254
network 192.168.10.0 mask 255.255.255.0
dns-list 8.8.8.8
ip pool shichang
gateway-list 192.168.20.254
network 192.168.20.0 mask 255.255.255.0
dns-list 8.8.8.8
ip pool chanpin
gateway-list 192.168.30.254
network 192.168.30.0 mask 255.255.255.0
dns-list 8.8.8.8
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
dhcp select global //分配地址池的地址
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
dhcp select global
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
dhcp select global
在pc上设置为dhcp并应用
检察获取的ip
如今就已经可以ping通其他vlan了
为了捧臭脚给老板的ip设一个192.168.88.88招财的静态ip,也是可以访问其他vlan的
8、防火墙设置接口(路由器可以代替)
FW
interface GigabitEthernet0/0/3
ip address 192.168.50.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 202.1.1.1 255.255.255.0
9、分别接口地区
FW
firewall zone trust
add interface GigabitEthernet0/0/3
firewall zone untrust
add interface GigabitEthernet0/0/1
10、设置策略
FW
policy interzone trust untrust outbound
policy 1
action permit
policy source 192.168.0.0 mask 16
11、设置nat
FW
nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.0.0 mask 16
easy-ip GigabitEthernet0/0/1
这个时间还是访问不了外网的由于没有路由
12、设置路由
SW3
ip route-static 0.0.0.0 0.0.0.0 192.168.50.1
FW
ip route-static 192.168.0.0 255.255.0.0 192.168.50.254
设置完路由后就可以访问外网了
到此实验结束!
如有需要ensp安装包的可以批评区留言或者私信。
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
