思科路由与交换技术--实现扩展访问列表控制
三层交换SW:ip dhcp pool pc1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
ip dhcp pool pc3
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
ip routing
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
no switchport
ip address 192.168.3.1 255.255.255.0
ip access-group 100 out
duplex auto
speed auto
interface Vlan1
ip address 192.168.1.254 255.255.255.0
!
interface Vlan2
ip address 192.168.2.254 255.255.255.0
!
router rip
version 2
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
no auto-summary
access-list 100 deny tcp 192.168.1.0 0.0.0.255 host 192.168.4.1 eq www
access-list 100 permit ip any host 192.168.4.1
交换机switch1:
switch()#vlan database
switch(vlan)#vlan 2
interface FastEthernet0/3
switchport access vlan 2
ROUTER1:
ip dhcp pool pc2
network 192.168.4.0 255.255.255.0
default-router 192.168.4.254
interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.4.254 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 192.168.3.0
network 192.168.4.0
no auto-summary
实验总结:
实现前提:全网通信
所用知识点:
1.route rip动态路由
2. 单臂路由,trunk链路
3.ip dhcp
4.扩展访问控制列表
5.vlan虚拟局域网划分
页:
[1]