配置了两台交换机LSW1和LSW2的VLAN、端口聚合、端口安全和ACL,用于控制网络流量和访问权限。同时,配置了OSPF路由协议和默认路由以实现网络间通信。AR系列路由器作为OSPF的一部分,宣告网络并配置默认路由。DNS服务器和Web服务器被设置为通过特定域名访问,客户端进行了域名解析测试以验证配置有效性。
LSW2:
vlan batch 10 20
#
interface Eth-Trunk1 //端口聚合
trunkport Ethernet 0/0/3 to 0/0/4 //将端口3和4端口聚合
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
port-security enable //开启端口安全功能
port-security protect-action protect //配置端口功能的保护动作
port-security mac-address sticky //配置接口Sticky MAC功能
port-security max-mac-num 1 //配置只允许连接一台设备
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/5
port link-type access
port default vlan 10
LSW1:
#
vlan batch 10 12 20 50
#
acl number 3000 //创建ACL300,Pc1(192.168.10.1)不能够访问FTP服务器
rule 5 deny ip source 192.168.10.1 0 destination 200.200.200.1 0
acl number 3001 //创建ACL3001,PC2(192.168.20.1)不能访问DNs服务器和wEB服务器
rule 5 deny ip source 192.168.20.1 0 destination 192.168.50.10 0
#
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
#
interface Vlanif12
ip address 172.16.12.1 255.255.255.0
#
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
#
interface Vlanif50
ip address 192.168.50.254 255.255.255.0
#
interface Eth-Trunk1 //端口聚合
trunkport GigabitEthernet 0/0/1 to 0/0/2 //将端口1和2端口聚合
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 50
traffic-filter outbound acl 3001 //将ACL应用到接口上
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 12
traffic-filter outbound acl 3000 //将ACL应用到接口上
#
ospf 1
default-route-advertise always //宣告默认路由
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 192.168.20.0 0.0.0.255
network 192.168.50.0 0.0.0.255
network 172.16.12.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 172.16.12.2 //默认路由
AR1:
#
interface GigabitEthernet0/0/0
ip address 172.16.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.13.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 172.16.14.1 255.255.255.0
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 172.16.12.0 0.0.0.255
network 172.16.13.0 0.0.0.255
network 172.16.14.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 172.16.12.1
AR2:
interface GigabitEthernet0/0/0
ip address 172.16.13.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.100.100.254 255.255.255.0
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 100.100.100.0 0.0.0.255
network 172.16.0.0 0.0.255.255
#
AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.14.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 200.200.200.254 255.255.255.0
#
ospf 1
default-route-advertise always
area 0.0.0.0
network 172.16.0.0 0.0.255.255
network 200.200.200.0 0.0.0.255
#
最后测试网络的连通性及域名解析
在DNs服务器和wEB服务上配置域名解析,使得pc机通过域名“wnw.gxxd.com"来访问时wEB服务器。
在DNS服务器上配置域名并启动FTP/HTTP
在client上进行域名解析测试,如下:
扫一扫
653
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
