一、实验要求以及拓扑图
二、IP划分:
R1/3: 192.168.2.0 24
R2/4/5/6: 192.168.1.0 24
三、启用dhcp
SW1 :
[SW1]vlan batch 2 to 5
[SW1-Ethernet0/0/2] port link-type access
[SW1-Ethernet0/0/2] port default vlan 2
[SW1-Ethernet0/0/4] port link-type access
[SW1-Ethernet0/0/4] port default vlan 2
[SW1-Ethernet0/0/6]port link-type trunk
[SW1-Ethernet0/0/6]port trunk allow-pass vlan all
[SW1-Ethernet0/0/1]port link-type trunk
[SW1-Ethernet0/0/1]port trunk allow-pass vlan all
SW2:
[SW1-Ethernet0/0/6]port link-type trunk
[SW1-Ethernet0/0/6]port trunk allow-pass vlan all
R1:
[R1-GigabitEthernet0/0/0] ip address 192.168.1.1 255.255.255.0
[R1-GigabitEthernet0/0/0] dhcp select global
[R1-GigabitEthernet0/0/0.1] ip address 192.168.2.1 255.255.255.0
[R1-GigabitEthernet0/0/0.1] dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1] arp broadcast enable
[R1-GigabitEthernet0/0/0.1] dhcp select global
[R1]dhcp enable
[R1]ip pool v1
[R1-ip-pool-v1]network 192.168.1.0 mask 255.255.255.0
[R1-ip-pool-v1]gateway-list 192.168.1.1
[R1]ip pool v2
[R1-ip-pool-v2]network 192.168.2.0 mask 255.255.255.0
[R1-ip-pool-v2]gateway-list 192.168.2.1
四、设置 hybrid 规则满足实验要求
1、更改pvid
SW1:
[SW1-Ethernet0/0/5] port hybrid pvid vlan 3
SW2:
[SW2-Ethernet0/0/1] port hybrid pvid vlan 4
[SW2-Ethernet0/0/2] port hybrid pvid vlan 5
2、修改每个接口的 hybrid 允许列表
SW1:
[SW1-Ethernet0/0/3]port hybrid untagged vlan 2 to 5 (PC2可以访问所有PC)
[SW1-Ethernet0/0/5]port hybrid untagged vlan 2 to 3 (PC4拒绝访问PC5/6)
sw2:
[SW2-Ethernet0/0/1] port hybrid untagged vlan 2 4 (PC5拒绝访问PC4/6)
[SW2-Ethernet0/0/2] port hybrid untagged vlan 2 5 (PC6拒绝访问PC4/5)
此时满足PC2可以访问4/5/6,PC4不能访问5/6,PC5不能访问PC6;但PC1/3不能访问其他PC,需更改SW1 上e0/01接口类型为 hybird 并且设置其规则为 :pvid2带标签通过,其余pvid均为不带标签通过。(R1身上只能之别Pvid1/2其余均不识别,故如此更改)
[SW1-Ethernet0/0/1] undo port trunk allow-pass vlan all
[SW1-Ethernet0/0/1] port link-type hybrid
[SW1-Ethernet0/0/1] port hybrid tagged vlan 2
[SW1-Ethernet0/0/1] port hybrid untagged vlan 3 to 5
此时SW1与SW2 的接口VLAN转发规则如下:
五、测试
PC1/3可以访问PC2/4/5/6(PC1为例):
PC2可以访问4/5/6
PC4不能访问5/6
PC5不能访问PC6
1796
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
