某公司的內部辦公網絡有一臺CATALYST3550-24交換機,現要求用VLAN把辦公局域劃分成三個網段。其中,VLAN10- 網絡號爲192.168.1.0,指定的網關爲192.168.1.1;VLAN20- 網絡號爲192.168.2.0,指定的網關爲192.168.2.1;VLAN30- 網絡號爲192.168.30.0,指定的網關爲192.168.30.1;並要求VLAN10和VLAN20之間主機能夠互相通信。請寫具體的劃分方法和相關的配置過程
VLAN實現的配置命令行如下:(僅供參考)
一.中心交換的VLAN配置
(1)激活vlan路由
Switch1#config t
Switch1(config)#ip routing
(2)創建三個VLAN
Switch1#
Switch1#vlan database
Switch1(vlan)#vlan 2
Switch1(vlan)#vlan 3
Switch1(vlan)#vlan 10
Switch1(vlan)#exit
(3)給VLAN分配IP
Switch1#config t
Switch1(config)#config vlan2
Switch1(config-if)#ip address 192.168.2.1 255.255.255.0
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan3
Switch1(config-if)#ip address 192.168.3.1 255.255.255.0
Switch1(config-if)#no shutdown
Switch1#config t
Switch1(config)#config vlan10
Switch1(config-if)#ip address 192.168.10.1 255.255.255.0
Switch1(config-if)#no shutdown
(4)配VTP
Switch1#
Switch1#config t
Switch1(config)#vtp domain china_mobile
Switch1(config)#vtp mode server
Switch1(config)#end
(5)配Trunk
Switch1#
Switch1#config t
Switch1(config)#interface gigabitethernet0/1
Switch1(config-if)#switchport trunk encapsulation isl
Switch1(config-if)#switchport mode trunk
Switch1(config-if)#end
(6)給中心交換機通往路由器的接口配IP
Switch1#
Switch1#config t
Switch1(config)#interface fastethernet0/1
Switch1(config-if)#no switchport
Switch1(config-if)#ip address 200.1.1.1 255.255.255.0
Switch1(config-if)#no shutdown
(7)給中心交換機配置缺省路由
Switch1#
Switch1#config t
Switch(config)#ip route 0.0.0 .0 0.0.0.0 200.1.1.2
(8)把VLAN號分配給IP接口
Switch1#
Switch1#config t
Switch1(config)#interface fastethernet0/2
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan2
Switch1(config-if)#spanning-tree portfast
… …
Switch1#
Switch1#config t
Switch1(config)#interface fastethernet0/13
Switch1(config-if)#switchport mode access
Switch1(config-if)#switchport access vlan3
Switch1(config-if)#spanning-tree portfast
(其它同)
(9)配訪問控制列表ACL禁VLAN3子網的客戶機訪問服務器
Switch1#
Switch1#config t
Switch1(config)#access-list 1 deny 192.168.3.0 0.0.0 .255
Switch1(config)#access-list 1 permit any
Switch1(config)#interface fastethernet0/13 (此接口接服務器)
Switch1(config-if)#ip access-group 1 out
(10)檢查上述配置
Switch1#show vlan
Switch1#show ip route
Switch1#show interface gigabitethernet0/1 switchport
Switch1#show run
Switch1#show vtp status
(11)存配置
Switch1#copy running-config startup-config
二.在接入層交換機Swith2上VLAN的配置
(1)配TRUNK
Switch2#
Swtich2#config t
Switch2(config)#interface gigabitethernet0/1
Switch2(config-if)#switchport trunk encapsulation isl
Switch2(config-if)#switchport mode trunk
Switch2(config-if)#end
Switch2#
Swtich2#config t
Switch2(config)#interface gigabitethernet0/2
Switch2(config-if)#switchport trunk encapsulation isl
Switch2(config-if)#switchport mode trunk
Switch2(config-if)#end
(2)配VTP
Switch2#
Switch2#config t
Switch2(config)#vtp mode client
Switch2(config)#vtp domain china_mobile
Switch2(config)#end
(3)給接口分配VLAN號
Switch2#
Switch2#config t
Switch2(config)#interface fastethernet0/1
Switch2(config-if)#switchport mode access
Switch2(config-if)#switchport access vlan2
Switch2(config-if)#spanning-tree portfast
… …
(其它端口配置同)
(4)存配置
Switch2#copy running-config startup-config
(其它交換機同)