HCIP阶段交换机VLAN技术

一、实验拓扑

 

二、实验需求

1、PC1/3的接口均为access模式，且属于van2在同一网段

2、PC2/4/5/6的IP地址在同一网段，与PC1/3不在同一网段，所有PC通过DHCP获取ip地址

3、PC2可以访问4/5/6

4、PC4不能访问5/6

5、PC5不能访问PC6

6、PC1/3可以访问PC2/4/5/6

三、实验步骤

1、将PC1和PC3划入VLAN2中

[SW1]interface e0/0/1  
[SW1-Ethernet0/0/1]port link-type access 
[SW1-Ethernet0/0/1]
Aug 18 2023 23:09:12-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW1-Ethernet0/0/1]port default vlan 2
[SW1-Ethernet0/0/1]
Aug 18 2023 23:09:52-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 7, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW1-Ethernet0/0/1]q
[SW1]int e0/0/3
[SW1-Ethernet0/0/3]port link-type access 
[SW1-Ethernet0/0/3]
Aug 18 2023 23:10:32-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 8, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW1-Ethernet0/0/3]port default vlan 2
[SW1-Ethernet0/0/3]
 

2、修改trunk接口

[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type trunk 
[SW1-GigabitEthernet0/0/1]
Aug 18 2023 23:58:54-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 12, the 
change loop count is 0, and the maximum number of records is 4095.     
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all

[SW1-GigabitEthernet0/0/1]int g0/0/2

[SW1-GigabitEthernet0/0/2]port link-type trunk 
Aug 18 2023 23:11:42-08:00 SW1 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 10, the 
change loop count is 0, and the maximum number of records is 4095.po    
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all

 [R1]int g0/0/0.1
[R1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[R1-GigabitEthernet0/0/0.1]ip address 192.168.2.1 24
Aug 19 2023 00:00:36-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0.1 has entered the UP state.    
[R1-GigabitEthernet0/0/0.1]arp broadcast enable 

[SW2]int g0/0/2
Aug 19 2023 01:28:39-08:00 SW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 4, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW2-GigabitEthernet0/0/2]port link-type trunk 
[SW2-GigabitEthernet0/0/2]
Aug 19 2023 01:31:19-08:00 SW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 5, the c
hange loop count is 0, and the maximum number of records is 4095.
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/2]
Aug 19 2023 01:31:39-08:00 SW2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.

3、在R1上开启DHCP服务

[R1]dhcp enable 
Info: The operation may take a few seconds. Please wait for a moment.done.
[R1]ip pool v2
Info: It's successful to create an IP address pool.
[R1-ip-pool-v2]network 192.168.2.0 mask 24  
[R1-ip-pool-v2]gateway-list 192.168.2.1
[R1-ip-pool-v2]q
[R1]interface g0/0/0.1  
[R1-GigabitEthernet0/0/0.1]dhcp select global 
[R1-GigabitEthernet0/0/0.1]q
[R1]ip pool v1
Info: It's successful to create an IP address pool.
[R1-ip-pool-v1]network 192.168.1.0 mask 24
[R1-ip-pool-v1]gateway-list 192.168.1.1
[R1-ip-pool-v1]q
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
Aug 19 2023 00:06:19-08:00 R1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state. 
[R1-GigabitEthernet0/0/0]dhcp select global 
[R1-GigabitEthernet0/0/0]q

4、更改pvid

[SW1-Ethernet0/0/2] port hybrid pvid vlan 12

[SW1-Ethernet0/0/4] port hybrid pvid vlan 14

[SW2-Ethernet0/0/1] port hybrid pvid vlan 15

[SW2-Ethernet0/0/2] port hybrid pvid vlan 16

5、修改每个接口的 hybrid 允许列表

SW1

[SW1-Ethernet0/0/2]port hybrid untagged vlan 12 14 15 16  （PC2可以访问PC4/5/6）

[SW1-Ethernet0/0/4]port hybrid untagged vlan 2 12 14   （PC4拒绝访问PC5/6）

SW2：

[SW2-Ethernet0/0/1] port hybrid untagged vlan 2 12 15  （PC5拒绝访问PC4/6）

[SW2-Ethernet0/0/2] port hybrid untagged vlan 2 12 16  （PC6拒绝访问PC4/5）
 

四、测试

 

 2不能ping通5、6