三层交换+单臂路由+ACL网络配置

张开发
2026/4/3 15:16:48 15 分钟阅读

最新文章

推荐文章

相关文章

分享文章

三层交换+单臂路由+ACL网络配置
一、拓扑与IP规划设备VLAN网关IP地址PC1/PC32192.168.2.254192.168.2.1/2PC23192.168.3.254192.168.3.1PC44192.168.4.254192.168.4.1PC55192.168.5.254192.168.5.1PC66192.168.6.254192.168.6.1二、交换机配置LSW1system-view vlan batch 2 3 4 5 6 interface GigabitEthernet 0/0/1 port link-type access port default vlan 2 quit interface GigabitEthernet 0/0/2 port link-type access port default vlan 3 quit interface GigabitEthernet 0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 6 quit interface GigabitEthernet 0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 6 quit saveLSW2system-view vlan batch 2 3 4 5 6 interface GigabitEthernet 0/0/1 port link-type access port default vlan 2 quit interface GigabitEthernet 0/0/2 port link-type access port default vlan 4 quit interface GigabitEthernet 0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 6 quit interface GigabitEthernet 0/0/4 port link-type trunk port trunk allow-pass vlan 2 to 6 quit saveLSW3system-view vlan batch 2 3 4 5 6 interface GigabitEthernet 0/0/1 port link-type access port default vlan 5 quit interface GigabitEthernet 0/0/2 port link-type access port default vlan 6 quit interface GigabitEthernet 0/0/3 port link-type trunk port trunk allow-pass vlan 2 to 6 quit save三、路由器配置system-view dhcp enable interface GigabitEthernet 0/0/0 ip address 192.168.3.254 255.255.255.0 dhcp select interface quit interface GigabitEthernet 0/0/0.2 dot1q termination vid 2 ip address 192.168.2.254 255.255.255.0 arp broadcast enable dhcp select interface quit interface GigabitEthernet 0/0/0.4 dot1q termination vid 4 ip address 192.168.4.254 255.255.255.0 arp broadcast enable dhcp select interface quit interface GigabitEthernet 0/0/0.5 dot1q termination vid 5 ip address 192.168.5.254 255.255.255.0 arp broadcast enable dhcp select interface quit interface GigabitEthernet 0/0/0.6 dot1q termination vid 6 ip address 192.168.6.254 255.255.255.0 arp broadcast enable dhcp select interface quit四、ACL配置acl number 3000 rule 5 permit ip source 192.168.2.0 0.0.0.255 rule 10 permit ip source 192.168.3.0 0.0.0.255 rule 20 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.5.0 0.0.0.255 rule 30 deny ip source 192.168.4.0 0.0.0.255 destination 192.168.6.0 0.0.0.255 rule 40 deny ip source 192.168.5.0 0.0.0.255 destination 192.168.6.0 0.0.0.255 rule 100 permit ip quit interface GigabitEthernet 0/0/0 traffic-filter inbound acl 3000 quit save五、PC配置PC1: 192.168.2.1/24, GW 192.168.2.254PC2: 192.168.3.1/24, GW 192.168.3.254PC3: 192.168.2.2/24, GW 192.168.2.254PC4: 192.168.4.1/24, GW 192.168.4.254PC5: 192.168.5.1/24, GW 192.168.5.254PC6: 192.168.6.1/24, GW 192.168.6.254六、验证测试# PC4测试PC5 ping 192.168.5.1 # 应该通 # PC4测试PC6 ping 192.168.6.1 # 应该不通 # PC5测试PC6 ping 192.168.6.1 # 应该不通七、查看命令display vlan display ip interface brief display dhcp server ip-in-use display acl 3000

更多文章