致谢刘同学和林同学的帮助
拓扑
https://download.csdn.net/download/weixin_48495493/75289848
L2S1
- 创建vlan
vlan batch 11 to 14
- 配置生成树,创建实例
stp mode mstp
stp en
stp region-config
region-name instance1
revision-level 1
instance 1 vlan 11 12
instance 2 vlan 13 14
active region-config
- 配置LSW1各端口类型
interface Ethernet0/0/1
port link-type access
port default vlan 11
interface Ethernet0/0/2
port link-type access
port default vlan 12
interface Ethernet0/0/3
port link-type access
port default vlan 13
interface Ethernet0/0/4
port link-type access
port default vlan 14
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
- 配置内网主机访问权限
source any / destination any 可以不写
time-range worktime 09:00 to 17:00 working-day
acl number 3000
rule permit tcp (source any) destination 192.168.15.100 0 destination-port eq ftp time-ran
ge worktime
rule permit tcp (source any) destination 192.168.15.100 0 destination-port eq www time-ra
nge worktime
rule deny tcp (source any destination any) destination-port eq ftp time-range worktime
rule deny tcp (source any destination any) destination-port eq www time-range worktime
rule permit ip (source any destination any)
- 不允许vlan11与vlan12互相访问,创建acl3001
acl number 3001
rule 5 deny ip source 192.168.11.0 0.0.0.255 destination 192.168.12.0 0.0.0.255
- 加入对应访问控制列表
interface GigabitEthernet0/0/1
traffic-filter outbound acl 3000
interface GigabitEthernet0/0/2
traffic-filter outbound acl 3000
interface Ethernet0/0/1
traffic-filter inbound acl 3001
L3S1
- 创建vlan,并配置相应端口(23和24端口不用配置,一会要链路聚合)
vlan batch 11 to 15 21
interface GigabitEthernet0/0/1
port link-type access
port default vlan 21
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet0/0/10
port link-type a
最低0.47元/天 解锁文章
2976
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
