一、实验拓扑
二、实验需求
如图:设备、接口类型及接口IP
1、使用RIP使全网互通。
2、创建acl列表使pc1可以访问pc4 而 pc2不可以访问pc4
3、创建acl列表使server机所在网络除pc3都有权访问pc4
三、实验步骤
如图:设备、接口类型及接口IP
[SERVER]int g0/0
[SERVER-GigabitEthernet0/0]ip add 192.168.20.10 24
[SERVER]ip route-static 0.0.0.0 0 192.168.20.1
[SW2]int g1/0/1
[SW2-GigabitEthernet1/0/1]port link-type trunk
[SW2-GigabitEthernet1/0/1]port trunk permit vlan all
[SW2]vlan 10
[SW2-vlan10]vlan 20
[SW2-vlan20]int range g1/0/10 to g1/0/19
[SW2-if-range]port access vlan 10
[SW2]int range g1/0/20 to g1/0/22
[SW2-if-range]port access vlan 20
<SW2>display vlan brief
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 FGE1/0/53 FGE1/0/54 GE1/0/1
GE1/0/2 GE1/0/3 GE1/0/4 GE1/0/5
GE1/0/6 GE1/0/7 GE1/0/8 GE1/0/9
GE1/0/23 GE1/0/24 GE1/0/25
GE1/0/26 GE1/0/27 GE1/0/28
GE1/0/29 GE1/0/30 GE1/0/31
GE1/0/32 GE1/0/33 GE1/0/34
GE1/0/35 GE1/0/36 GE1/0/37
GE1/0/38 GE1/0/39 GE1/0/40
GE1/0/41 GE1/0/42 GE1/0/43
GE1/0/44 GE1/0/45 GE1/0/46
GE1/0/47 GE1/0/48 XGE1/0/49
XGE1/0/50 XGE1/0/51 XGE1/0/52
10 VLAN 0010 GE1/0/1 GE1/0/10 GE1/0/11
GE1/0/12 GE1/0/13 GE1/0/14
GE1/0/15 GE1/0/16 GE1/0/17
GE1/0/18 GE1/0/19
20 VLAN 0020 GE1/0/1 GE1/0/20 GE1/0/21
GE1/0/22
[SW1]int g1/0/1
[SW1-GigabitEthernet1/0/1]port link-type trunk
[SW1-GigabitEthernet1/0/1]port trunk permit vlan all
[SW1]vlan 10
[SW1-vlan10]vlan 20
[SW1-vlan20]int g1/0/20
[SW1-GigabitEthernet1/0/20]port access vlan 20
[SW1]int vlan20
[SW1-Vlan-interface20]ip add 192.168.20.1 24
[SW1]int vlan10
[SW1-Vlan-interface10]ip add 192.168.10.1 24
[SW1-Vlan-interface10]int g1/0/10
[SW1-GigabitEthernet1/0/10]port access vlan 10
[SW1-GigabitEthernet1/0/10]int range g1/0/15 to g1/0/18
[SW1-if-range]port access vlan 10
[SW1]vlan 100
[SW1-vlan100]port g1/0/24
[SW1]int vlan100
[SW1-Vlan-interface100]ip add 192.168.100.1 24
[SW1-Vlan-interface100]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
MGE0/0/0 down down -- --
Vlan10 up up 192.168.10.1 --
Vlan20 up up 192.168.20.1 --
Vlan100 up up 192.168.100.1 --
[SW1]display vlan brief
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID Name Port
1 VLAN 0001 FGE1/0/53 FGE1/0/54 GE1/0/1
GE1/0/2 GE1/0/3 GE1/0/4 GE1/0/5
GE1/0/6 GE1/0/7 GE1/0/8 GE1/0/9
GE1/0/11 GE1/0/12 GE1/0/13
GE1/0/14 GE1/0/19 GE1/0/21
GE1/0/22 GE1/0/23 GE1/0/25
GE1/0/26 GE1/0/27 GE1/0/28
GE1/0/29 GE1/0/30 GE1/0/31
GE1/0/32 GE1/0/33 GE1/0/34
GE1/0/35 GE1/0/36 GE1/0/37
GE1/0/38 GE1/0/39 GE1/0/40
GE1/0/41 GE1/0/42 GE1/0/43
GE1/0/44 GE1/0/45 GE1/0/46
GE1/0/47 GE1/0/48 XGE1/0/49
XGE1/0/50 XGE1/0/51 XGE1/0/52
10 VLAN 0010 GE1/0/1 GE1/0/10 GE1/0/15
GE1/0/16 GE1/0/17 GE1/0/18
20 VLAN 0020 GE1/0/1 GE1/0/20
100 VLAN 0100 GE1/0/1 GE1/0/24
[RTA]int g0/0
[RTA-GigabitEthernet0/0]ip add 172.16.1.1 24
[RTA]int g0/1
[RTA-GigabitEthernet0/1]ip add 192.168.100.2 24
[RTA]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 172.16.1.1/24 -- --
GE0/1 up up 192.168.100.2/24 -- --
[RTB]display ip int br
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 172.16.1.2/24 -- --
GE0/1 up up 172.16.2.1/24 -- --
1、使用RIP使全网互通。
[RTA]rip 1
[RTA-rip-1]network 172.16.1.0
[RTA-rip-1]network 192.168.100.0
[RTA-rip-1]undo summary
[RTA-rip-1]version 2
[SW1]rip 1
[SW1-rip-1]network 192.168.100.0
[SW1-rip-1]network 192.168.20.0
[SW1-rip-1]network 192.168.10.0
[SW1-rip-1]undo summary
[SW1-rip-1]version 2
[RTB]rip 1
[RTB-rip-1]network 172.16.1.0
[RTB-rip-1]network 172.16.2.0
[RTB-rip-1]undo summary
[RTB-rip-1]version 2
2、创建acl列表使pc1可以访问pc4 而 pc2不可以访问pc4
[SW2]acl advanced 3000
[SW2-acl-ipv4-adv-3000]rule deny icmp source 192.168.10.20 0 destination 172.16.2.10 0
[SW2]int g1/0/10
[SW2-GigabitEthernet1/0/10]packet-filter 3000 inbound
3、创建acl列表使server机所在网络除pc3都有权访问pc4
[RTB]acl basic 2000
[RTB-acl-ipv4-basic-2000]rule deny source 192.168.20.20 0
[RTB]int g0/1
[RTB-GigabitEthernet0/1]packet-filter 2000 outbound
四、实验结果