该实验涉及创建不同VLAN来限制PC之间的网络访问,如PC2能访问PC4/5/6,但PC4不能访问PC6。通过配置交换机SW1、SW2和SW3的接口,以及路由器R1的VLAN和DHCP设置,实现了跨VLAN通信并确保了特定的网络访问策略。R1的接口配置允许从VLAN2到VLAN1的转换,以实现不同网段间的通信。
实验要求
PC1/3与PC2/4/5/6不在同一个网段
PC1和PC3所在接口为access,属于vlan2,并且在同一网段
PC2/4/5/6处于同一网段,其中PC2可以访问PC4/5/6,PC4可以访问访问PC5,不能访问PC6,PC5不能访问PC6
所有PC通过DHCP获取IP地址,且PC1/3可正常访问PC2/4/5/6
实验手绘图
构建网络拓扑图
实验分析:
PC1和PC3处于VLAN2
PC2可以访问访问PC4/5/6,并且是同一网段,但是由于PC4/PC5不能访问PC6,我们可以知道,PC2/4/5/6不能属于同一个VLAN,如果属于同一个VLAN,那么我们就不好做在PC5/PC6上不能访问PC6的策略,但是PC4和PC5可以放到同一VLAN,但为了实验方便,我们将R2/4/5/6分别放到不同的VLAN中,R2为VLAN3,R4为VLAN4,R5为VLAN5,R6为VLAN6.
根据题目要求,我们可以知道在R2上可以允许VLAN3/4/5/6通过,在R4上允许VLAN3/4/5通过,在R5上允许VLAN3/4/5通过,在R6上只允许VLAN3/6通过。
R1/R2是另一个VLAN,IP地址为另一个网段,所以在访问R2/4/5/6时,需要通过路由器转换为VLAN1,R2/4/5/6默认VLAN1可以通过。
配置SW1的三个接口
[SW1]int e 0/0/1
[SW1-Ethernet0/0/1]port link-type access
[SW1-Ethernet0/0/1]port default vlan 2
[SW1-Ethernet0/0/1]int e0/0/2
[SW1-Ethernet0/0/2]port hybrid pvid vlan 3
[SW1-Ethernet0/0/2]port hybrid untagged vlan 3 to 6
[SW1-Ethernet0/0/2]q
[SW1]int g 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]
配置SW2的四个接口
[SW2]vlan batch 2 to 6
[SW2]int e0/0/1
[SW2-Ethernet0/0/1]port link-type access
[SW2-Ethernet0/0/1]port default vlan 2
[SW2-Ethernet0/0/1]q
[SW2]int e0/0/2
[SW2-Ethernet0/0/2]port hybrid pvid vlan 4
[SW2-Ethernet0/0/2]port hybrid untagged vlan 3 to 5
[SW2-Ethernet0/0/2]
[SW2-Ethernet0/0/2]int g 0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]int g0/0/2
[SW2-GigabitEthernet0/0/2]port hybrid tagged vlan 2 to 6
[SW2-GigabitEthernet0/0/2]display port vlan active
T=TAG U=UNTAG
-------------------------------------------------------------------------------
Port Link Type PVID VLAN List
-------------------------------------------------------------------------------
Eth0/0/1 access 2 U: 2
Eth0/0/2 hybrid 4 U: 1 3 to 5
Eth0/0/3 hybrid 1 U: 1
Eth0/0/4 hybrid 1 U: 1
Eth0/0/5 hybrid 1 U: 1
Eth0/0/6 hybrid 1 U: 1
Eth0/0/7 hybrid 1 U: 1
Eth0/0/8 hybrid 1 U: 1
Eth0/0/9 hybrid 1 U: 1
Eth0/0/10 hybrid 1 U: 1
Eth0/0/11 hybrid 1 U: 1
Eth0/0/12 hybrid 1 U: 1
Eth0/0/13 hybrid 1 U: 1
Eth0/0/14 hybrid 1 U: 1
Eth0/0/15 hybrid 1 U: 1
Eth0/0/16 hybrid 1 U: 1
Eth0/0/17 hybrid 1 U: 1
Eth0/0/18 hybrid 1 U: 1
Eth0/0/19 hybrid 1 U: 1
Eth0/0/20 hybrid 1 U: 1
Eth0/0/21 hybrid 1 U: 1
Eth0/0/22 hybrid 1 U: 1
GE0/0/1 trunk 1 U: 1
T: 2 to 6
GE0/0/2 hybrid 1 U: 1
T: 2 to 6
查看SW3的四个接口配置
[SW3]vlan batch 2 to 6
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW3]int e0/0/1
[SW3-Ethernet0/0/1]port hybrid pvid vlan 5
[SW3-Ethernet0/0/1]port hybrid untagged vlan 3 to 5
[SW3-Ethernet0/0/1]
[SW3-Ethernet0/0/1]int e0/0/2
[SW3-Ethernet0/0/2]port hybrid pvid vlan 6
[SW3-Ethernet0/0/2]
[SW3-Ethernet0/0/2]port hybrid untagged vlan 3 6
[SW3-Ethernet0/0/2]int g0/0/2
[SW3-GigabitEthernet0/0/2]port hybrid tagged vlan 2 to 6
[SW3-GigabitEthernet0/0/2]
对于这三个接口配置之后,我们配置SW1到R1的接口
SW1
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port hybrid tagged vlan 2
[SW1-GigabitEthernet0/0/1]port hybrid untagged vlan 3 to 6
[SW1-GigabitEthernet0/0/1]
R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.2.1 24
Feb 9 2023 21:29:11-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[R1-GigabitEthernet0/0/0]q
[R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1]ip add 192.168.1.1 24
Feb 9 2023 21:29:34-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0.1 has entered the UP state.
[R1-GigabitEthernet0/0/0.1]
[R1-GigabitEthernet0/0/0.1]arp broadcast enable
[R1-GigabitEthernet0/0/0.1]q
[R1]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]ip pool a
Info: It's successful to create an IP address pool.
[R1-ip-pool-a]network 192.168.1.0 ma 24
[R1-ip-pool-a]gateway-list 192.168.1.1
[R1-ip-pool-a]q
[R1]ip pool b
Info: It's successful to create an IP address pool.
[R1-ip-pool-b]network 192.168.2.0 mask 24
[R1-ip-pool-b]gateway-list 192.168.2.1
[R1-ip-pool-b]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]dhcp select global
[R1-GigabitEthernet0/0/0]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dhcp select global
[R1-GigabitEthernet0/0/0.1]q
[R1]
最后,我们将所有的终端都通过dhcp获取IP地址
PC1
PC2
PC3
PC4
PC5
PC6
根据题目要求,R1/3和R2/4/5/6可以相互ping通
R4无法ping通R6,
R4可以ping通R2/5
R5也无法ping通R6
本次实验完成!
444
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
