一、实验拓扑
二、实验步骤
1、创建vlan
[SW1]vlan 10
[SW1-vlan10]vlan 100
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW1]int g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 100
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 100
[R1]int g0/0/2.10
[R1-GigabitEthernet0/0/2.10]ip add 192.168.10.254 24
[R1-GigabitEthernet0/0/2.10]dot1q termination vid 10
[R1-GigabitEthernet0/0/2.10]arp broadcast enable
[R1]int g0/0/2.100
[R1-GigabitEthernet0/0/2.100]ip add 192.168.100.254 24
[R1-GigabitEthernet0/0/2.100]dot1q termination vid 100
[R1-GigabitEthernet0/0/2.100]arp broadcast enable
[SW3]vlan 30
[SW3-vlan30]vlan 120
[SW3]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port default vlan 30
[SW3-GigabitEthernet0/0/2]int g0/0/3
[SW3-GigabitEthernet0/0/3]port link-type access
[SW3-GigabitEthernet0/0/3]port default vlan 120
[SW3-GigabitEthernet0/0/3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 30 120
[R3]int g0/0/2.30
[R3-GigabitEthernet0/0/2.30]ip add 192.168.30.254 24
[R3-GigabitEthernet0/0/2.30]dot1q termination vid 30
[R3-GigabitEthernet0/0/2.30]arp broadcast enable
[R3]int g0/0/2.120
[R3-GigabitEthernet0/0/2.120]ip add 192.168.120.254 24
[R3-GigabitEthernet0/0/2.120]dot1q termination vid 120
[R3-GigabitEthernet0/0/2.120]arp broadcast enable
[SW2]vlan 20
[SW2-vlan20]vlan 110
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 20
[SW2]int g0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 110
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 110
[R4]int g0/0/2.20
[R4-GigabitEthernet0/0/2.20]ip add 192.168.20.254 24
[R4-GigabitEthernet0/0/2.20]dot1q termination vid 20
[R4-GigabitEthernet0/0/2.20]arp broadcast enable
[R4]int g0/0/2.110
[R4-GigabitEthernet0/0/2.110]ip add 192.168.110.254 24
[R4-GigabitEthernet0/0/2.110]dot1q termination vid 110
[R4-GigabitEthernet0/0/2.110]arp broadcast enable
2、开启DHCP服务
[R1]dhcp enable
[R1]ip pool aa
[R1-ip-pool-aa]network 192.168.10.0
[R1-ip-pool-aa]gateway-list 192.168.10.254
[R1-ip-pool-aa]dns-list 8.8.8.8 114.114.114.114
[R1]int g0/0/2.10
[R1-GigabitEthernet0/0/2.10]dhcp select global
[R1]ip pool bb
[R1-ip-pool-bb]network 192.168.100.0
[R1-ip-pool-bb]gateway-list 192.168.100.254
[R1-ip-pool-bb]dns-list 8.8.8.8 114.114.114.114
[R1]int g0/0/2.100
[R1-GigabitEthernet0/0/2.100]dhcp select global
[R3]dhcp enable
[R3]ip pool cc
[R3-ip-pool-cc]network 192.168.30.0
[R3-ip-pool-cc]gateway-list 192.168.30.254
[R3-ip-pool-cc]dns-list 8.8.8.8 114.114.114.114
[R3]int g0/0/2.30
[R3-GigabitEthernet0/0/2.30]dhcp select global
[R3]ip pool dd
[R3-ip-pool-dd]network 192.168.120.0
[R3-ip-pool-dd]gateway-list 192.168.120.254
[R3-ip-pool-dd]dns-list 8.8.8.8 114.114.114.114
[R3]int g0/0/2.120
[R3-GigabitEthernet0/0/2.120]dhcp select global
[R4]dhcp enable
[R4]ip pool ee
[R4-ip-pool-ee]network 192.168.20.0
[R4-ip-pool-ee]gateway-list 192.168.20.254
[R4-ip-pool-ee]dns-list 8.8.8.8 114.114.114.114
[R4]int g0/0/2.20
[R4-GigabitEthernet0/0/2.20]dhcp select global
[R4]ip pool ff
[R4-ip-pool-ff]network 192.168.110.0
[R4-ip-pool-ff]gateway-list 192.168.110.254
[R4-ip-pool-ff]dns-list 8.8.8.8 114.114.114.114
[R4]int g0/0/2.110
[R4-GigabitEthernet0/0/2.110]dhcp select global
3、配置ospf
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 14.1.1.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 14.1.1.1 24
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 13.1.1.2 24
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 14.1.1.3 24
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]ip add 34.1.1.3 24
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 14.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.120.0 0.0.0.255
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]ip add 13.1.1.4 24
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]ip add 34.1.1.4 24
[R4]ospf 1 router-id 4.4.4.4
[R4-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.110.0 0.0.0.255
[R1]dis ospf peer brief
[R2]dis ospf peer b[R3]dis ospf peer brief
[R4]dis ospf peer brief
[R2]dis ip routing-table protocol ospf
PC2 ping PC5
全网通了
4、配置acl规则
[R1]acl 3000
[R1-acl-adv-3000]rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.
100.0 0.0.0.255
[R1-acl-adv-3000]rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.
120.0 0.0.0.255
[R1-acl-adv-3000]rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168
.30.0 0.0.0.255
[R1-acl-adv-3000]rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.
20.0 0.0.0.255
[R1-acl-adv-3000]rule deny ip source 192.168.10.0 0.0.0.255 destination 192.168.
110.0 0.0.0.255
[R3]acl 3000
[R3-acl-adv-3000]rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.
10.0 0.0.0.255
[R3-acl-adv-3000]rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.
100.0 0.0.0.255
[R3-acl-adv-3000]rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.
20.0 0.0.0.25
[R3-acl-adv-3000]rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.
110.0 0.0.0.255
[R3-acl-adv-3000]rule deny ip source 192.168.30.0 0.0.0.255 destination 192.168.
120.0 0.0.0.255
5、交换机和路由器配置console密码,设置最高权限等级
[R1]user-interface console 0
[R1-ui-console0]authentication-mode aaa
[R1]aaa
[R1-aaa]local-user admin password cipher admin
[R1-aaa]local-user admin privilege level 15
[R3]user-interface console 0
[R3-ui-console0]authentication-mode aaa
[R3]aaa
[R3-aaa]local-user admin password cipher admin
[R3-aaa]local-user admin privilege level 15
[R4]user-interface console 0
[R4-ui-console0]authentication-mode aaa
[R4]aaa
[R4-aaa]local-user admin password cipher admin
[R4-aaa]local-user admin privilege level 15