cisco 3560 三层交换 实现vlan间相互访问
2013-03-04 10:17
453 查看
最近遇到一个问题,在cisco3560上划4个vlan,分别为vlan2、 vlan3、vlan4和vlan5
要求:
1.vlan2里的计算机可以访问到其它任何的vlan里的计算机;
2.vlan3和vlan4之间的计算机可以相互访问;
3.vlan5内的计算机不能访问任何其它vlan的计算机;
4.vlan2、vlan3和vlan5的计算机可以上网,vlan4的计算机不能上网。
现在配置如下,但不能实现,请各朋友指教:
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname chsw1
!
enable secret 5 $1$lVgh$ZeA9vSCTNbX12ubvvsNah/
enable password 11111111
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool global
network 192.168.0.0 255.255.0.0
default-router 192.168.0.10
dns-server 202.96.134.133 202.96.128.166
lease 7
!
ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 202.96.134.133 202.96.128.166
!
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0
dns-server 202.96.134.133 202.96.128.166
default-router 192.168.3.1
!
ip dhcp pool vlan4
network 192.168.4.0 255.255.255.0
dns-server 202.96.134.133 202.96.128.166
default-router 192.168.4.1
!
ip dhcp pool vlan5
network 192.168.5.0 255.255.255.0
dns-server 202.96.134.133 202.96.128.166
default-router 192.168.5.1
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.0.10 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip access-group fi-main in
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip access-group fi-access-limit in
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip access-group fi-access-limit in
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip access-group 5 in
!
ip default-gateway 192.168.0.1
ip classless
ip http server
!
ip access-list extend in-filter
permit ip any any reflect abcd
ip access-list extend out-filter
evaluate abcd
deny ip any 192.168.3.0 0.0.0.255
deny ip any 192.168.4.0 0.0.0.255
deny ip any 192.168.5.0 0.0.0.255
permit ip any any
access-list 5 deny 192.168.2.0 0.0.0.255
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 deny 192.168.4.0 0.0.0.255
access-list 5 permit any
!
control-plane
!
!
line con 0
line vty 0 4
password 22222222
login
line vty 5 15
password 22222222
login
!
end
要求:
1.vlan2里的计算机可以访问到其它任何的vlan里的计算机;
2.vlan3和vlan4之间的计算机可以相互访问;
3.vlan5内的计算机不能访问任何其它vlan的计算机;
4.vlan2、vlan3和vlan5的计算机可以上网,vlan4的计算机不能上网。
现在配置如下,但不能实现,请各朋友指教:
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname chsw1
!
enable secret 5 $1$lVgh$ZeA9vSCTNbX12ubvvsNah/
enable password 11111111
!
no aaa new-model
ip subnet-zero
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool global
network 192.168.0.0 255.255.0.0
default-router 192.168.0.10
dns-server 202.96.134.133 202.96.128.166
lease 7
!
ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 202.96.134.133 202.96.128.166
!
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0
dns-server 202.96.134.133 202.96.128.166
default-router 192.168.3.1
!
ip dhcp pool vlan4
network 192.168.4.0 255.255.255.0
dns-server 202.96.134.133 202.96.128.166
default-router 192.168.4.1
!
ip dhcp pool vlan5
network 192.168.5.0 255.255.255.0
dns-server 202.96.134.133 202.96.128.166
default-router 192.168.5.1
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 3
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.0.10 255.255.255.0
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip access-group fi-main in
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip access-group fi-access-limit in
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip access-group fi-access-limit in
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip access-group 5 in
!
ip default-gateway 192.168.0.1
ip classless
ip http server
!
ip access-list extend in-filter
permit ip any any reflect abcd
ip access-list extend out-filter
evaluate abcd
deny ip any 192.168.3.0 0.0.0.255
deny ip any 192.168.4.0 0.0.0.255
deny ip any 192.168.5.0 0.0.0.255
permit ip any any
access-list 5 deny 192.168.2.0 0.0.0.255
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 deny 192.168.4.0 0.0.0.255
access-list 5 permit any
!
control-plane
!
!
line con 0
line vty 0 4
password 22222222
login
line vty 5 15
password 22222222
login
!
end
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Cisco 三层交换 实现vlan间路由与dhcp配置
- 在一台三层交换上,通过配置dhcp和路由实现不同VLAN相互通信
- 两层交换机上划分VLAN借三层交换机路由功能实现跨网段访问(Cisco Packer Tracer 模拟器)
- 不同VLAN之间相互通信的两种方式(单臂路由、三层交换)
- Cisco思科三层交换典型VLAN配置
- 不同VLAN之间相互通信的两种方式(单臂路由、三层交换)
- cisco 三层交换配置vlan详细报告
- 三层交换实现不同VLAN之间的通信
- 三层交换实现vlan的互通
- NA-NP-IE系列实验51: 三层交换实现VLAN 间路由
- 不同VLAN之间相互通信的两种方式(单臂路由、三层交换)
- 三层交换实现不同VLAN之间的通信 推荐
- 无NAT功能三层交换网络中利用远程与路由访问服务实现外网连接
- 通过三层交换实现VLAN间互通 推荐
- 配置在一台三层交换上,不同VLAN相互通信 推荐
- Linux实现的IEEE 802.1Q及VLAN/Trunk以及三层交换
- 在Cisco交换换机上实现隔离访问
- 配置多台三层交换VLAN间相互通信 推荐
- 实验 22 利用三层交换实现以太网建立多个 VLAN
- 三层交换实现VLAN路由