sw1
vlan batch 100 200
inter e0/0/21
port link-type access
port default vlan 100
inter e0/0/22
port link-type access
port default vlan 200
inter e0/0/10
port link-type trunk
port trunk allow-pass vlan all
inter e0/0/1
port link-type trunk
port trunk allow-pass vlan all
sw2
vlan batch 100 200
inter e0/0/21
port link-type access
port default vlan 100
inter e0/0/22
port link-type access
port default vlan 200
inter e0/0/10
port link-type trunk
port trunk allow-pass vlan all
r1
dhcp enable
ip pool vlan100
network 192.168.1.0 mask 26
dns-list 8.8.8.8
gateway-list 192.168.1.1或192.168.1.62 //192.168.1.00 111110/26 掩码26位 后面取最大但不能全1 32+16+8+4+2=62
ip pool vlan200
network 192.168.1.64 mask 26
dns-list 8.8.8.8
gateway-list 192.168.1.65或192.168.1.126
inter g0/0/0.100
ip ad 192.168.1.1 26
dot1q termination vid 100
arp broadcast enable
dhcp select global
inter g0/0/0.200
ip ad 192.168.1.65 26
dot1q termination vid 200
arp broadcast enable
dhcp select global
各pc机应用DHCP 命令行输入ipconfig 查看到获取到的ip
ospf 10 router-id 1.1.1.1
area 0
network 192.168.0.0 0.0.255.255 //相当于一次宣告所有 或分别输入三条network 192.168.1.129 0.0.0.3 //掩码30位的反子网掩码是3 因为掩码30位 剩两位取11
network 192.168.1.0 0.0.0.63 //掩码26位的反子网掩码是63 因为掩码26位 剩六位取111111
network 192.168.1.64 0.0.0.63 //掩码26位的反子网掩码是63 因为掩码26位 剩六位取111111
r2
ospf 10 router-id 2.2.2.2
area 0
network 192.168.1.130 0.0.0.3
等邻居建立到full状态 pc1: ping 192.168.1.130 通 说明内网建立成功
acl 2000
rule permit source 192.168.1.0 0.0.0.63 //掩码26位的反子网掩码是63 因为掩码26位 剩六位取111111
rule permit source 192.168.1.64 0.0.0.63
int g0/0/1
nat outbound 2000
ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
ospf 10
default-route-advertise
此时pc1 Ping 100.1.1.1 通
r1
acl 3000
rule deny icmp source 192.168.1.0 0.0.0.63 destination 100.1.1.1 0.0.0.0 icmp-type echo
inter g0/0/0.100
traffic-filter inbound acl 3000
此时pc1 Ping 100.1.1.1 不通 但Ping100.1.1.254等通 因为只限制vlan100用户不能访问pc5