一、实验拓扑
二、实验要求
- PC1和PC3所在接口为access;pvlan vlan2
- PC2/4/5/6处于同一网段,其中PC2可以访问PC4/5/6;但PC4可以访问PC5,不能访问PC6
- PC5不能访问PC6
- PC1/3与PC2/4/6不在一个网段
- 所有PC通过DHCP获取IP地址,且PC1/3可以正常访问PC2/4/5/6
三、实验思路
- pc1/pc3–>vlan2 给它们划分一个固定网段为192.168.2.0/24 ,路由器R1为vlan2设置子接口专门管理pc1/pc3,并在子接口上设置DHCP池塘获取IP。因为PC1/3可以正常访问PC2/4/5/6,它们又不在同一个网段,需要路由器进行路由,普通二层交换机无法实现。
- 由要求2,PC2/4/5/6处于同一网段,需要在交换机上把他们隔离开。 pc2–>vlan3,pc4/pc5–>vlan4,pc6–>vlan5 。
因为PC2可以访问PC4/5/6;但PC4可以访问PC5,不能访问PC6,
v3 -----> v4/5
v4 --/–>v5
所以pc2与sw1的接口允许vlan3上去,允许vlan3/4 /5下来,且剥离标签
pc4与sw2的接口和pc5与sw3的接口 允许vlan4上去,允许vlan 3/4下来 pc6与sw3的接口允许vlan5
上,允许vlan3/5下来。 - sw1与sw2之间左边配trunk,右边配混杂
- 由于2456都在一个范围,且都属于混杂模式,允许vlan1进入。在路由器那块,就把2456都看作在vlan1
四、实验配置
1.将接口划入vlan
[sw1]vlan batch 2 to 5
[sw1] int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access
[sw1-GigabitEthernet0/0/1]port default vlan 2
[sw1]int g0/0/2
[sw1-GigabitEthernet0/0/2]port hybrid untagged vlan 3 to 5
[sw1-GigabitEthernet0/0/2]port hybrid pvid vlan 3
[sw1]int g0/0/23
[sw1-GigabitEthernet0/0/23]port link-type trunk
[sw1-GigabitEthernet0/0/23]port trunk allow-pass vlan 2 to 5
[sw2] vlan batch 2 to 5
[sw2]int g0/0/23
[sw2-GigabitEthernet0/0/23]port hybrid tagged vlan 2 to 5
[sw2]int g0/0/1
[sw2-GigabitEthernet0/0/1]port link-type access
[sw2-GigabitEthernet0/0/1]port default vlan 2
[sw2]int g0/0/2
[sw2-GigabitEthernet0/0/2]port hybrid untagged vlan 3 to 4
[sw2-GigabitEthernet0/0/2]port hybrid pvid vlan 4
[sw2]int g0/0/24
[sw2-GigabitEthernet0/0/24]port hybrid tagged vlan 2 to 5
[sw3]int g0/0/24
[sw3-GigabitEthernet0/0/24]port hybrid tagged vlan 2 to 5
[sw3]vlan batch 2 to 5
[sw3]int g0/0/1
[sw3-GigabitEthernet0/0/1]port hybrid pvid vlan 4
[sw3-GigabitEthernet0/0/1]port hybrid untagged vlan 3 to 4
[sw3]int g0/0/2
[sw3-GigabitEthernet0/0/2]port hybrid pvid vlan 5
[sw3-GigabitEthernet0/0/2]port hybrid untagged vlan 3 5
2.配置路由器,通过池塘下发地址
[sw1]int g0/0/24
[sw1-GigabitEthernet0/0/24]port hybrid tagged vlan 2
[sw1-GigabitEthernet0/0/24]port hybrid untagged vlan 3 to 5
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24
[r1-GigabitEthernet0/0/0]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]dot1q termination vid 2
[r1-GigabitEthernet0/0/0.1]ip address 192.168.2.1 24
[r1-GigabitEthernet0/0/0.1]arp broadcast enable
[r1]dhcp enable
Info: It’s successful to create an IP address pool.
[r1-ip-pool-v1]network 192.168.1.0 mask 24
[r1-ip-pool-v1]gateway-list 192.168.1.1
[r1-ip-pool-v1]dns-list 114.114.114.114 8.8.8.8
[r1-ip-pool-v1]q
[r1]ip pool v2
[r1-ip-pool-v2]network 192.168.2.0 mask 24
[r1-ip-pool-v2]gateway-list 192.168.2.1
[r1-ip-pool-v2]dns-list 114.114.114.114 8.8.8.8
[r1-ip-pool-v2]q
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]dhcp select global
[r1-GigabitEthernet0/0/0]int g0/0/0.1
[r1-GigabitEthernet0/0/0.1]dhcp select global
3.PC端获取地址
4. 测试
pc1可访问23456
pc2可访问456
pc4可访问5
pc4不可访问6