close

abc.png 

 

說明:

此Lab是上次Vlan溝通的三種方式的延伸版本,重點是右邊。

以上次Lab來比較,需要多打的指令都會用綠色做註解。

為了減少行數,刪掉不必要的設定。

 

實作條件:

一、建立Vlan21與Vlan22。

二、PC3、PC4、PC6、PC7皆為Vlan21;PC5、PC8皆為Vlan22。

三、建立Eigrp AS 100在Core_SW兩台,SW_3F的靜態路由用Redistribute導入EIGRP。

三、建立一條ACL:Vlan21的PC不得PING的到Vlan22,反之可以。

四、除了ACL規定以外的電腦皆為能互通。

 

Core_SW_A Show Run如下:

Core_SW_A #sh run

Building configuration...

Current configuration : 2252 bytes

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Core_SW_A

!

ip routing

!

interface FastEthernet0/1

channel-group 1 mode on

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

channel-group 1 mode on

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/3

channel-group 2 mode active

switchport access vlan 12

switchport mode access

!

interface FastEthernet0/4

channel-group 2 mode active

switchport access vlan 12

switchport mode access

!

interface FastEthernet0/5

no switchport

channel-group 3 mode desirable

no ip address

duplex auto

speed auto

!

interface FastEthernet0/6

no switchport

channel-group 3 mode desirable

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1

no switchport

ip address 100.100.100.10 255.255.255.252

duplex auto

speed auto

!

interface Port-channel 1

switchport trunk allowed vlan 1,11

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel 2

switchport access vlan 12

switchport mode access

!

interface Port-channel 3

no switchport

ip address 10.1.1.1 255.255.255.252

!

interface Vlan1

no ip address

shutdown

!

interface Vlan11

ip address 192.168.11.254 255.255.255.0

!

interface Vlan12

ip address 192.168.12.254 255.255.255.0

!

router eigrp 100 建立EIGRP AS 100

redistribute static metric 1500 1000 1 255 1500 將靜態路由導入EIGRP

network 100.100.100.0 0.0.0.255

network 192.168.11.0

network 192.168.12.0

auto-summary

!

ip classless

ip route 192.168.13.0 255.255.255.0 10.1.1.2

!

end

 

Core_SW_B Show Run如下:

Core_SW_B #sh run

Building configuration...

Current configuration : 1616 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Core_SW_B

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q 設定Trunk 封裝格式為dot1q

switchport mode trunk 設定成Trunk Port

!

interface FastEthernet0/2

switchport trunk encapsulation dot1q 設定Trunk 封裝格式為dot1q

switchport mode trunk 設定成Trunk Port

!

interface GigabitEthernet0/1

no switchport 設成Route Port

ip address 100.100.100.9 255.255.255.252 設定IP

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

interface Vlan21

ip address 192.168.21.254 255.255.255.0 設定IP

ip access-group 100 in ACL 100 綁在Vlan的In

!

interface Vlan22

ip address 192.168.22.254 255.255.255.0 設定IP

!

router eigrp 100 建立EIGRP AS 100

network 192.168.21.0

network 192.168.22.0

network 100.100.100.0 0.0.0.255

auto-summary

!

ip classless

!

建立一條ACL,阻擋來源192.168.21.x、目的192.168.22.x 的 echo 封包。

access-list 100 deny icmp 192.168.21.0 0.0.0.255 192.168.22.0 0.0.0.255 echo

access-list 100 permit icmp any any

!

end

 

SiteB_1F Show Run如下:

SiteB_1F#sh run

Building configuration...

Current configuration : 1187 bytes

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SiteB_1F

!

interface FastEthernet0/21

switchport access vlan 21 把Port設定在Vlan21

switchport mode access 設定成Access Port

!

interface FastEthernet0/22

switchport access vlan 21 把Port設定在Vlan21

switchport mode access 把Port設定在Vlan21

!

interface FastEthernet0/23

switchport access vlan 22 把Port設定在Vlan22

switchport mode access 把Port設定在Vlan21

!

interface FastEthernet0/24

switchport mode trunk 設定成Trunk Port

!

interface Vlan1

no ip address

shutdown

!

end

 

SiteB_2F Show Run如下:

SiteB_2F#sh run

Building configuration...

Current configuration : 1187 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname SiteB_2F

!

interface FastEthernet0/21

switchport access vlan 21 把Port設定在Vlan21

switchport mode access 設定成Access Port

!

interface FastEthernet0/22

switchport access vlan 21 把Port設定在Vlan21

switchport mode access 設定成Access Port

!

interface FastEthernet0/23

switchport access vlan 22 把Port設定在Vlan22

switchport mode access 設定成Access Port

!

interface FastEthernet0/24

switchport mode trunk 設定成Trunk Port

!

interface Vlan1

no ip address

shutdown

!

end

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 EdisonChang 的頭像
    EdisonChang

    Coolking's CCNP 筆記

    EdisonChang 發表在 痞客邦 留言(0) 人氣()