說明:
此Lab是上次Vlan溝通的三種方式的延伸版本,重點是右邊。
以上次Lab來比較,需要多打的指令都會用綠色做註解。
為了減少行數,刪掉不必要的設定。
實作條件:
一、建立Vlan21與Vlan22。
二、PC3、PC4、PC6、PC7皆為Vlan21;PC5、PC8皆為Vlan22。
三、建立Eigrp AS 100在Core_SW兩台,SW_3F的靜態路由用Redistribute導入EIGRP。
三、建立一條ACL:Vlan21的PC不得PING的到Vlan22,反之可以。
四、除了ACL規定以外的電腦皆為能互通。
Core_SW_A Show Run如下:
Core_SW_A #sh run
Building configuration...
Current configuration : 2252 bytes
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname Core_SW_A
!
ip routing
!
interface FastEthernet0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
channel-group 2 mode active
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/4
channel-group 2 mode active
switchport access vlan 12
switchport mode access
!
interface FastEthernet0/5
no switchport
channel-group 3 mode desirable
no ip address
duplex auto
speed auto
!
interface FastEthernet0/6
no switchport
channel-group 3 mode desirable
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1
no switchport
ip address 100.100.100.10 255.255.255.252
duplex auto
speed auto
!
interface Port-channel 1
switchport trunk allowed vlan 1,11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel 2
switchport access vlan 12
switchport mode access
!
interface Port-channel 3
no switchport
ip address 10.1.1.1 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
interface Vlan11
ip address 192.168.11.254 255.255.255.0
!
interface Vlan12
ip address 192.168.12.254 255.255.255.0
!
router eigrp 100 建立EIGRP AS 100
redistribute static metric 1500 1000 1 255 1500 將靜態路由導入EIGRP
network 100.100.100.0 0.0.0.255
network 192.168.11.0
network 192.168.12.0
auto-summary
!
ip classless
ip route 192.168.13.0 255.255.255.0 10.1.1.2
!
end
Core_SW_B Show Run如下:
Core_SW_B #sh run
Building configuration...
Current configuration : 1616 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname Core_SW_B
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q 設定Trunk 封裝格式為dot1q
switchport mode trunk 設定成Trunk Port
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q 設定Trunk 封裝格式為dot1q
switchport mode trunk 設定成Trunk Port
!
interface GigabitEthernet0/1
no switchport 設成Route Port
ip address 100.100.100.9 255.255.255.252 設定IP
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan21
ip address 192.168.21.254 255.255.255.0 設定IP
ip access-group 100 in ACL 100 綁在Vlan的In
!
interface Vlan22
ip address 192.168.22.254 255.255.255.0 設定IP
!
router eigrp 100 建立EIGRP AS 100
network 192.168.21.0
network 192.168.22.0
network 100.100.100.0 0.0.0.255
auto-summary
!
ip classless
!
建立一條ACL,阻擋來源192.168.21.x、目的192.168.22.x 的 echo 封包。
access-list 100 deny icmp 192.168.21.0 0.0.0.255 192.168.22.0 0.0.0.255 echo
access-list 100 permit icmp any any
!
end
SiteB_1F Show Run如下:
SiteB_1F#sh run
Building configuration...
Current configuration : 1187 bytes
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SiteB_1F
!
interface FastEthernet0/21
switchport access vlan 21 把Port設定在Vlan21
switchport mode access 設定成Access Port
!
interface FastEthernet0/22
switchport access vlan 21 把Port設定在Vlan21
switchport mode access 把Port設定在Vlan21
!
interface FastEthernet0/23
switchport access vlan 22 把Port設定在Vlan22
switchport mode access 把Port設定在Vlan21
!
interface FastEthernet0/24
switchport mode trunk 設定成Trunk Port
!
interface Vlan1
no ip address
shutdown
!
end
SiteB_2F Show Run如下:
SiteB_2F#sh run
Building configuration...
Current configuration : 1187 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
hostname SiteB_2F
!
interface FastEthernet0/21
switchport access vlan 21 把Port設定在Vlan21
switchport mode access 設定成Access Port
!
interface FastEthernet0/22
switchport access vlan 21 把Port設定在Vlan21
switchport mode access 設定成Access Port
!
interface FastEthernet0/23
switchport access vlan 22 把Port設定在Vlan22
switchport mode access 設定成Access Port
!
interface FastEthernet0/24
switchport mode trunk 設定成Trunk Port
!
interface Vlan1
no ip address
shutdown
!
end
留言列表