需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台支持802.1Q的路由器实现VLAN的互通。这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q.
组网:路由器E0端口与交换机的上行trunk端口(第24端口)相连,交换机下行口划分3个VLAN,带若干主机.
拓扑图如下:
1.路由器的配置
[Router]
[Router]inter e0
[Router-Ethernet0]ip add 10.0.0.1 255.255.255.0
[Router-Ethernet0]inter e0.1 //定义子接口E0.1
[Router-Ethernet0.1]ip add 172.16.1.1 255.255.255.0
[Router-Ethernet0.1]vlan-typedot1q vid 1//指定以太网子接口属于VLAN1,此命令应用在以太网子接口上。只有配置了该命令之后,以太网子接口才会根据配置的VLAN ID号在以太网帧头中嵌入VLAN 标签,与该网口相连的交换机接口才能正确处理接收到的帧。
[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2
[Router-Ethernet0.2]ip add 172.16.2.1 255.255.255.0
[Router-Ethernet0.2]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2
[Router-Ethernet0.2]inter e0.3 //定义子接口E0.3
[Router-Ethernet0.3]ip add 172.16.3.1 255.255.255.0
[Router-Ethernet0.3]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3
[Router-Ethernet0.3]inter e0
[Router-Ethernet0]undo shut
% Interface Ethernet0 is up
[Router-Ethernet0] //用网线将E0端口连到S3026第24端口
%19:46:32: Interface Ethernet0 changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.1, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.2, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.3, changed state to UP
2.交换机的配置 sys
Enter system view , return user view with Ctrl+Z.
[Quidway]vlan 1
[Quidway-vlan1]vlan 2
[Quidway-vlan2]port ethernet 0/17 to eth 0/19 eth 0/22 //将第17至19端口,和第22端口加入VLAN2
[Quidway-vlan2]vlan 3
[Quidway-vlan3]port eth 0/21 //将第21端口加入VLAN2
[Quidway-vlan3]inter e0/24
[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口
[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过
Please wait........................................... Done.
[Quidway-Ethernet0/24]dis port trunk //检验TRUNK口配置
Now, the following trunking ports exist:
Ethernet0/24
[Quidway-Ethernet0/24]dis vlan 2 //检验VLAN2的配置
VLAN ID: 2
VLAN Type: static
Route Interface: not configured
Description: VLAN 0002
Tagged Ports:
Ethernet0/24
Untagged Ports:
Ethernet0/17 Ethernet0/18 Ethernet0/19 Ethernet0/22
[Quidway-Ethernet0/24]dis vlan 3 //检验VLAN3的配置
VLAN ID: 3
VLAN Type: static
Route Interface: not configured
Description: VLAN 0003
Tagged Ports:
Ethernet0/24
Untagged Ports:
Ethernet0/21
3.在工作站上检查网络是否连通。此工作站连接S3026第21端口,属于VLAN2。
C:Documents and SettingsAdministrator>ipconfig
Windows2000 IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.2.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.2.1
C:Documents and SettingsAdministrator>ping 172.16.3.1
Pinging 172.16.3.1 with 32 bytes of data:
Reply from 172.16.3.1: bytes=32 time
Reply from 172.16.3.1: bytes=32 time
Reply from 172.16.3.1: bytes=32 time
Reply from 172.16.3.1: bytes=32 time
Ping statistics for 172.16.3.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
4.在路由器上查看路由表。可以发现,由于172.16各网段都是直连路由,故不需启用路由协议或静态路由即能
实现VLAN之间的通讯。
[Router]display ip routing-table
Routing Tables:
Destination/Mask Proto Pref Metric Nexthop Interface
10.0.0.0/24 Direct 0 0 10.0.0.1 Ethernet0
10.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.1.0/24 Direct 0 0 172.16.1.1 Ethernet0.1
172.16.1.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.2.0/24 Direct 0 0 172.16.2.1 Ethernet0.2
172.16.2.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.3.0/24 Direct 0 0 172.16.3.1 Ethernet0.3
172.16.3.1/32 Direct 0 0 127.0.0.1 LoopBack0
组网描述:
PC---------------------3050C-------------------------AR28-31-------------------------INTERNET 组网实现:
3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS [AR28-31]dis cu #
sysname Quidway #
FTP server enable #
nat address-group 0 222.222.222.2 222.222.222.10 #
radius scheme system #
domain system #
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4
service-type ftp
local-user huawei password simple huawei service-type telnet level 3 #
dhcp server ip-pool 10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 100.100.100.100 #
dhcp server ip-pool 20 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 100.100.100.100 #
dhcp server ip-pool 30 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 100.100.100.100 #
dhcp server ip-pool 40 network 192.168.40.0 mask 255.255.255.0
用于上公网的地址池 telnet用户,用于远程管理 为VLAN10分配IP地址 为VLAN20分配IP地址 为VLAN30分配IP地址 为VLAN40分配IP地址
gateway-list 192.168.40.1 dns-list 100.100.100.100 #
interface Aux0 async mode flow #
interface Ethernet1/0 用于与交换机的管理IP互通 ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound #
interface Ethernet1/0.1 tcp mss 1024
ip address 192.168.10.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 10 #
interface Ethernet1/0.2 tcp mss 1024
ip address 192.168.20.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 20 #
interface Ethernet1/0.3 tcp mss 1024
ip address 192.168.30.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 30 #
interface Ethernet1/0.4 tcp mss 1024
ip address 192.168.40.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 40 #
interface Ethernet2/0
ip address 222.222.222.1 255.255.255.0
nat outbound 2000 address-group 0 #
interface NULL0 #
acl number 2000 行地址转换
rule 0 permit source 192.168.0.0 0.0.255.255 rule 1 deny
终结交换机上的VLAN10 终结交换机上的VLAN20 终结交换机上的VLAN30 终结交换机上的VLAN40 进行私网到公网的地址转换 允许192.168.0.0 这个网段的地址进
acl number 3000
rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-dgm rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 rule 15 deny tcp destination-port eq 9996 rule 16 deny tcp destination-port eq 5554 rule 17 deny udp destination-port eq 9996 rule 18 deny udp destination-port eq 5554 rule 19 deny tcp destination-port eq 137 rule 20 deny tcp destination-port eq 138 rule 21 deny tcp destination-port eq 1025 rule 22 deny udp destination-port eq 1025 rule 23 deny tcp destination-port eq 9995 rule 24 deny udp destination-port eq 9995 rule 25 deny tcp destination-port eq 1068 rule 26 deny udp destination-port eq 1068 rule 27 deny tcp destination-port eq 1023 rule 28 deny udp destination-port eq 1023 #
ip route-static 0.0.0.0 0.0.0.0 222.222.222.254 preference 60 到电信网关的缺省路由 #
user-interface con 0 user-interface aux 0 user-interface vty 0 4
authentication-mode scheme # return
=============================================================== dis cu #
sysname Quidway
radius scheme system server-type huawei
primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain
domain system
radius-scheme system access-limit disable state active
vlan-assignment-mode integer idle-cut disable
self-service-url disable messenger time disable
domain default enable system #
local-server nas-ip 127.0.0.1 key huawei
local-user huawei password simple huawei service-type telnet level 3 # vlan 1 #
vlan 10 #
vlan 20 #
vlan 30 #
vlan 40 #
interface Vlan-interface1 ip address 192.168.100.2 255.255.255.0 #
interface Aux0/0 #
interface Ethernet0/1 port access vlan 10 #
interface Ethernet0/2 port access vlan 10
用于WEB网管和TELNET 管理IP
interface Ethernet0/3 port access vlan 10 #
interface Ethernet0/4 port access vlan 10 #
interface Ethernet0/5 port access vlan 10 #
interface Ethernet0/6 port access vlan 10 #
interface Ethernet0/7 port access vlan 10 #
interface Ethernet0/8 port access vlan 10 #
interface Ethernet0/9 port access vlan 10 #
interface Ethernet0/10 port access vlan 10 #
interface Ethernet0/11 port access vlan 20 #
interface Ethernet0/12 port access vlan 20 #
interface Ethernet0/13 port access vlan 20 #
interface Ethernet0/14 port access vlan 20 #
interface Ethernet0/15 port access vlan 20 #
interface Ethernet0/16 port access vlan 20 #
interface Ethernet0/17
port access vlan 20
#
interface Ethernet0/18
port access vlan 20
#
interface Ethernet0/19
port access vlan 20
#
interface Ethernet0/20
port access vlan 20
#
interface Ethernet0/21
port access vlan 30
#
interface Ethernet0/22
port access vlan 30
#
interface Ethernet0/23
port access vlan 30
#
interface Ethernet0/24
port access vlan 30
#
interface Ethernet0/25
port access vlan 30
#
interface Ethernet0/26
port access vlan 30
#
interface Ethernet0/27
port access vlan 30
#
interface Ethernet0/28
port access vlan 30
#
interface Ethernet0/29
port access vlan 30
#
interface Ethernet0/30
port access vlan 30
#
interface Ethernet0/31
port access vlan 40
#
interface Ethernet0/32
port access vlan 40
#
interface Ethernet0/33
port access vlan 40
#
interface Ethernet0/34
port access vlan 40
#
interface Ethernet0/35
port access vlan 40
#
interface Ethernet0/36
port access vlan 40
#
interface Ethernet0/37
port access vlan 40
#
interface Ethernet0/38
port access vlan 40
#
interface Ethernet0/39
port access vlan 40
#
interface Ethernet0/40
port access vlan 40
#
interface Ethernet0/41
port access vlan 40
#
interface Ethernet0/42
port access vlan 40
#
interface Ethernet0/43
port access vlan 40
#
interface Ethernet0/44
port access vlan 40
#
interface Ethernet0/45
port access vlan 40
#
interface Ethernet0/46
port access vlan 40
#
interface Ethernet0/47
port access vlan 40
#
interface Ethernet0/48 上行口
port link-type trunk
port trunk permit vlan 1 10 20 30 40 只允许这几个VLAN标签透传
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
#
return
CISCO的单臂路由
单臂路由实验是一个基本的路由实验,现在把我个人的配置方法写出来,和大家一起探讨。以下是拓扑图!(本实验在BOSON模拟实验中完成
)
首先对SW进行VLAN配置 >enable #(config)hostname sw #(config)vlan database进入vlan配置模式 #(config)vlan 10 name test1划分vlan并命名 #(config)vlan 20 name test2 #(config)exit退出vlan配置模式 #(config)int f0/1进入端口f0/1 将相应端口划分到相应的vlan中
#(config)switchport access vlan 10
#(config)int f0/2
#(config)switchport access vlan 20
我们知道,如果没有路由支持的情况下,vlan10与vlan 20 是不能进行通信的。这里,我们就用到单臂路由来作为各vlan 间的桥梁。在这个实验里,我们要用到dot1q封装协议。同时,在交换机上配置trunk,并进行封装。
#(config)int f0/12
#(config)switchport mode trunk
#(config)switchport trunk encapsulation dot1q
在交换机上配置trunk,并进行封装。
由于本节只探讨单臂路由,所以交换机就配置到这里
下面进行router配置
>enable
#(config)int e0进入e0并激活
#(config)no shut
#(config)int e0.10 建立子接口,并分配IP地址,这里的IP将成
为后面加入各vlan电脑的网关
#(config)encapsulation dot1q 10
#(config)ip add 192.168.1.1 255.255.255.0
#(config)no shut
#(config)exit
#(config)int e0.20
#(config)encapsulation dot1q 20
#(config)ip add 192.168.2.1 255.255.255.0
#(config)no shut
现在我们对pc 进行配置,这里介绍两种方法,一种图形界面,一种命令界面。首先用图形#winipcfg 当输入些命后有一个图形界面弹出,把相应的IP与网关填上。以PC1为例,我们就应填入。192.168.1.X 255.255.255.0网关:192.168.1.1
下面对PC2进行配置(命令模式)
#ipconfig /ip 192.168.2.X 255.255.255.0 #ipconfig /dg 192.168.2.1到些我们的单臂路由就已经做完了,这时我们在PC2 上PING PC1就能P通,实验成功!
我是一个网络新手,这也是第一次写博,如有不道之处还请大家多多指教。
需求:在局域网中,通过交换机上配置VLAN可以减少主机通信广播域的范围,当VLAN之间有部分主机需要通信,但交换机不支持三层交换时,可以采用一台支持802.1Q的路由器实现VLAN的互通。这需要在以太口上建立子接口,分配IP地址作为该VLAN的网关,同时启动802.1Q.
组网:路由器E0端口与交换机的上行trunk端口(第24端口)相连,交换机下行口划分3个VLAN,带若干主机.
拓扑图如下:
1.路由器的配置
[Router]
[Router]inter e0
[Router-Ethernet0]ip add 10.0.0.1 255.255.255.0
[Router-Ethernet0]inter e0.1 //定义子接口E0.1
[Router-Ethernet0.1]ip add 172.16.1.1 255.255.255.0
[Router-Ethernet0.1]vlan-typedot1q vid 1//指定以太网子接口属于VLAN1,此命令应用在以太网子接口上。只有配置了该命令之后,以太网子接口才会根据配置的VLAN ID号在以太网帧头中嵌入VLAN 标签,与该网口相连的交换机接口才能正确处理接收到的帧。
[Router-Ethernet0.1]inter e0.2 //定义子接口E0.2
[Router-Ethernet0.2]ip add 172.16.2.1 255.255.255.0
[Router-Ethernet0.2]vlan-type dot1q vid 2 //指定以太网子接口属于VLAN2
[Router-Ethernet0.2]inter e0.3 //定义子接口E0.3
[Router-Ethernet0.3]ip add 172.16.3.1 255.255.255.0
[Router-Ethernet0.3]vlan-type dot1q vid 3 //指定以太网子接口属于VLAN3
[Router-Ethernet0.3]inter e0
[Router-Ethernet0]undo shut
% Interface Ethernet0 is up
[Router-Ethernet0] //用网线将E0端口连到S3026第24端口
%19:46:32: Interface Ethernet0 changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.1, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.2, changed state to UP
%19:46:32: Line protocol ip on interface Ethernet0.3, changed state to UP
2.交换机的配置 sys
Enter system view , return user view with Ctrl+Z.
[Quidway]vlan 1
[Quidway-vlan1]vlan 2
[Quidway-vlan2]port ethernet 0/17 to eth 0/19 eth 0/22 //将第17至19端口,和第22端口加入VLAN2
[Quidway-vlan2]vlan 3
[Quidway-vlan3]port eth 0/21 //将第21端口加入VLAN2
[Quidway-vlan3]inter e0/24
[Quidway-Ethernet0/24]port link-type trunk //将第24端口设为trunk口
[Quidway-Ethernet0/24]port trunk permit vlan all//允许所有VLAN流量通过
Please wait........................................... Done.
[Quidway-Ethernet0/24]dis port trunk //检验TRUNK口配置
Now, the following trunking ports exist:
Ethernet0/24
[Quidway-Ethernet0/24]dis vlan 2 //检验VLAN2的配置
VLAN ID: 2
VLAN Type: static
Route Interface: not configured
Description: VLAN 0002
Tagged Ports:
Ethernet0/24
Untagged Ports:
Ethernet0/17 Ethernet0/18 Ethernet0/19 Ethernet0/22
[Quidway-Ethernet0/24]dis vlan 3 //检验VLAN3的配置
VLAN ID: 3
VLAN Type: static
Route Interface: not configured
Description: VLAN 0003
Tagged Ports:
Ethernet0/24
Untagged Ports:
Ethernet0/21
3.在工作站上检查网络是否连通。此工作站连接S3026第21端口,属于VLAN2。
C:Documents and SettingsAdministrator>ipconfig
Windows2000 IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.2.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.2.1
C:Documents and SettingsAdministrator>ping 172.16.3.1
Pinging 172.16.3.1 with 32 bytes of data:
Reply from 172.16.3.1: bytes=32 time
Reply from 172.16.3.1: bytes=32 time
Reply from 172.16.3.1: bytes=32 time
Reply from 172.16.3.1: bytes=32 time
Ping statistics for 172.16.3.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
4.在路由器上查看路由表。可以发现,由于172.16各网段都是直连路由,故不需启用路由协议或静态路由即能
实现VLAN之间的通讯。
[Router]display ip routing-table
Routing Tables:
Destination/Mask Proto Pref Metric Nexthop Interface
10.0.0.0/24 Direct 0 0 10.0.0.1 Ethernet0
10.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.1.0/24 Direct 0 0 172.16.1.1 Ethernet0.1
172.16.1.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.2.0/24 Direct 0 0 172.16.2.1 Ethernet0.2
172.16.2.1/32 Direct 0 0 127.0.0.1 LoopBack0
172.16.3.0/24 Direct 0 0 172.16.3.1 Ethernet0.3
172.16.3.1/32 Direct 0 0 127.0.0.1 LoopBack0
组网描述:
PC---------------------3050C-------------------------AR28-31-------------------------INTERNET 组网实现:
3050C上划分多个VLAN,在AR28-31上终结VLAN信息,下面的所有VLAN中的PC都可以上公网,所有的PC机都通过AR28-31分配IP地址和DNS [AR28-31]dis cu #
sysname Quidway #
FTP server enable #
nat address-group 0 222.222.222.2 222.222.222.10 #
radius scheme system #
domain system #
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4
service-type ftp
local-user huawei password simple huawei service-type telnet level 3 #
dhcp server ip-pool 10 network 192.168.10.0 mask 255.255.255.0 gateway-list 192.168.10.1 dns-list 100.100.100.100 #
dhcp server ip-pool 20 network 192.168.20.0 mask 255.255.255.0 gateway-list 192.168.20.1 dns-list 100.100.100.100 #
dhcp server ip-pool 30 network 192.168.30.0 mask 255.255.255.0 gateway-list 192.168.30.1 dns-list 100.100.100.100 #
dhcp server ip-pool 40 network 192.168.40.0 mask 255.255.255.0
用于上公网的地址池 telnet用户,用于远程管理 为VLAN10分配IP地址 为VLAN20分配IP地址 为VLAN30分配IP地址 为VLAN40分配IP地址
gateway-list 192.168.40.1 dns-list 100.100.100.100 #
interface Aux0 async mode flow #
interface Ethernet1/0 用于与交换机的管理IP互通 ip address 192.168.100.1 255.255.255.0 firewall packet-filter 3000 inbound #
interface Ethernet1/0.1 tcp mss 1024
ip address 192.168.10.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 10 #
interface Ethernet1/0.2 tcp mss 1024
ip address 192.168.20.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 20 #
interface Ethernet1/0.3 tcp mss 1024
ip address 192.168.30.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 30 #
interface Ethernet1/0.4 tcp mss 1024
ip address 192.168.40.1 255.255.255.0 firewall packet-filter 3000 inbound vlan-type dot1q vid 40 #
interface Ethernet2/0
ip address 222.222.222.1 255.255.255.0
nat outbound 2000 address-group 0 #
interface NULL0 #
acl number 2000 行地址转换
rule 0 permit source 192.168.0.0 0.0.255.255 rule 1 deny
终结交换机上的VLAN10 终结交换机上的VLAN20 终结交换机上的VLAN30 终结交换机上的VLAN40 进行私网到公网的地址转换 允许192.168.0.0 这个网段的地址进
acl number 3000
rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns rule 4 deny udp destination-port eq netbios-dgm rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny udp destination-port eq 593 rule 12 deny tcp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 rule 15 deny tcp destination-port eq 9996 rule 16 deny tcp destination-port eq 5554 rule 17 deny udp destination-port eq 9996 rule 18 deny udp destination-port eq 5554 rule 19 deny tcp destination-port eq 137 rule 20 deny tcp destination-port eq 138 rule 21 deny tcp destination-port eq 1025 rule 22 deny udp destination-port eq 1025 rule 23 deny tcp destination-port eq 9995 rule 24 deny udp destination-port eq 9995 rule 25 deny tcp destination-port eq 1068 rule 26 deny udp destination-port eq 1068 rule 27 deny tcp destination-port eq 1023 rule 28 deny udp destination-port eq 1023 #
ip route-static 0.0.0.0 0.0.0.0 222.222.222.254 preference 60 到电信网关的缺省路由 #
user-interface con 0 user-interface aux 0 user-interface vty 0 4
authentication-mode scheme # return
=============================================================== dis cu #
sysname Quidway
radius scheme system server-type huawei
primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain
domain system
radius-scheme system access-limit disable state active
vlan-assignment-mode integer idle-cut disable
self-service-url disable messenger time disable
domain default enable system #
local-server nas-ip 127.0.0.1 key huawei
local-user huawei password simple huawei service-type telnet level 3 # vlan 1 #
vlan 10 #
vlan 20 #
vlan 30 #
vlan 40 #
interface Vlan-interface1 ip address 192.168.100.2 255.255.255.0 #
interface Aux0/0 #
interface Ethernet0/1 port access vlan 10 #
interface Ethernet0/2 port access vlan 10
用于WEB网管和TELNET 管理IP
interface Ethernet0/3 port access vlan 10 #
interface Ethernet0/4 port access vlan 10 #
interface Ethernet0/5 port access vlan 10 #
interface Ethernet0/6 port access vlan 10 #
interface Ethernet0/7 port access vlan 10 #
interface Ethernet0/8 port access vlan 10 #
interface Ethernet0/9 port access vlan 10 #
interface Ethernet0/10 port access vlan 10 #
interface Ethernet0/11 port access vlan 20 #
interface Ethernet0/12 port access vlan 20 #
interface Ethernet0/13 port access vlan 20 #
interface Ethernet0/14 port access vlan 20 #
interface Ethernet0/15 port access vlan 20 #
interface Ethernet0/16 port access vlan 20 #
interface Ethernet0/17
port access vlan 20
#
interface Ethernet0/18
port access vlan 20
#
interface Ethernet0/19
port access vlan 20
#
interface Ethernet0/20
port access vlan 20
#
interface Ethernet0/21
port access vlan 30
#
interface Ethernet0/22
port access vlan 30
#
interface Ethernet0/23
port access vlan 30
#
interface Ethernet0/24
port access vlan 30
#
interface Ethernet0/25
port access vlan 30
#
interface Ethernet0/26
port access vlan 30
#
interface Ethernet0/27
port access vlan 30
#
interface Ethernet0/28
port access vlan 30
#
interface Ethernet0/29
port access vlan 30
#
interface Ethernet0/30
port access vlan 30
#
interface Ethernet0/31
port access vlan 40
#
interface Ethernet0/32
port access vlan 40
#
interface Ethernet0/33
port access vlan 40
#
interface Ethernet0/34
port access vlan 40
#
interface Ethernet0/35
port access vlan 40
#
interface Ethernet0/36
port access vlan 40
#
interface Ethernet0/37
port access vlan 40
#
interface Ethernet0/38
port access vlan 40
#
interface Ethernet0/39
port access vlan 40
#
interface Ethernet0/40
port access vlan 40
#
interface Ethernet0/41
port access vlan 40
#
interface Ethernet0/42
port access vlan 40
#
interface Ethernet0/43
port access vlan 40
#
interface Ethernet0/44
port access vlan 40
#
interface Ethernet0/45
port access vlan 40
#
interface Ethernet0/46
port access vlan 40
#
interface Ethernet0/47
port access vlan 40
#
interface Ethernet0/48 上行口
port link-type trunk
port trunk permit vlan 1 10 20 30 40 只允许这几个VLAN标签透传
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
#
return
CISCO的单臂路由
单臂路由实验是一个基本的路由实验,现在把我个人的配置方法写出来,和大家一起探讨。以下是拓扑图!(本实验在BOSON模拟实验中完成
)
首先对SW进行VLAN配置 >enable #(config)hostname sw #(config)vlan database进入vlan配置模式 #(config)vlan 10 name test1划分vlan并命名 #(config)vlan 20 name test2 #(config)exit退出vlan配置模式 #(config)int f0/1进入端口f0/1 将相应端口划分到相应的vlan中
#(config)switchport access vlan 10
#(config)int f0/2
#(config)switchport access vlan 20
我们知道,如果没有路由支持的情况下,vlan10与vlan 20 是不能进行通信的。这里,我们就用到单臂路由来作为各vlan 间的桥梁。在这个实验里,我们要用到dot1q封装协议。同时,在交换机上配置trunk,并进行封装。
#(config)int f0/12
#(config)switchport mode trunk
#(config)switchport trunk encapsulation dot1q
在交换机上配置trunk,并进行封装。
由于本节只探讨单臂路由,所以交换机就配置到这里
下面进行router配置
>enable
#(config)int e0进入e0并激活
#(config)no shut
#(config)int e0.10 建立子接口,并分配IP地址,这里的IP将成
为后面加入各vlan电脑的网关
#(config)encapsulation dot1q 10
#(config)ip add 192.168.1.1 255.255.255.0
#(config)no shut
#(config)exit
#(config)int e0.20
#(config)encapsulation dot1q 20
#(config)ip add 192.168.2.1 255.255.255.0
#(config)no shut
现在我们对pc 进行配置,这里介绍两种方法,一种图形界面,一种命令界面。首先用图形#winipcfg 当输入些命后有一个图形界面弹出,把相应的IP与网关填上。以PC1为例,我们就应填入。192.168.1.X 255.255.255.0网关:192.168.1.1
下面对PC2进行配置(命令模式)
#ipconfig /ip 192.168.2.X 255.255.255.0 #ipconfig /dg 192.168.2.1到些我们的单臂路由就已经做完了,这时我们在PC2 上PING PC1就能P通,实验成功!
我是一个网络新手,这也是第一次写博,如有不道之处还请大家多多指教。