In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Configuration steps and ideas:
One. Create a vlan and add the port to the setting trunk
1. Create a vlan10,vlan20 on lsw4 and join the port
# vlan: vlan 10 interface ge0/0/2 port link-type access port default vlan 10 vlan20 interface ge0/0/3 port link-type access port default vlan20 # trunk: Interface ge0/0/1 port link-type trunk port trunk allow-pass vlan all / / allow all vlan interface ge0/0/4 port link-type trunk port trunk allow-pass vlan all / / allow all vlan 2. Create a vlan10 on lsw5 and add the port. # vlan 10 interface ge0/0/2 port link-type access port default vlan 10 # trunk: interface ge0/0/1 port link-type trunk port trunk allow-pass vlan all / / allows all vlan 3. Create a vlan10 on lsw6 and add the port. # vlan 40 interface ge0/0/2 port link-type access port default vlan 40 interface ge0/0/3 port link-type access port default vlan 40 interface ge0/0/4 Port link-type access port default vlan 40 interface ge0/0/1 port link-type access port default vlan 40 # trunk: interface ge0/0/1 port link-type trunk Port trunk allow-pass vlan all / / allow all vlan
two。 Set the gateway on the layer 3 switch for trunk
1. Trunk on lsw2
# trunk:
Interface ge0/0/2
Port link-type trunk
Port trunk allow-pass vlan all / / allow all vlan
Interface ge0/0/3
Port link-type trunk
Port trunk allow-pass vlan all / / allow all vlan
Interface ge0/0/4
Port link-type trunk
Port trunk allow-pass vlan all / / allow all vlan
Configure the gateway:
Vlan10
Interface vlan 10
Ip address 192.168.1.254 255.255.255.0
Quit exit
Vlan20
Interface vlan 20
Ip address 192.168.2.254 255.255.255.0
Quit exit
Create a vlan30 and join the port
Vlan30
Interface ge0/0/1
Port link-type access
Port default vlan 30
Create vlan50 configuration IP
Vlan50
Ip address 192.168.50.1 255.255.255.0
two。 Trunk # trunk: interface ge0/0/2 port link-type trunk port trunk allow-pass vlan all / / allow all vlan interface ge0/0/1 port link-type trunk on lsw3 Port trunk allow-pass vlan all / / allow all vlan to configure gateway: vlan30 interface vlan30 ip address 192.168.1.254 255.255.255.0 Quit exits vlan40 interface vlan40 ip address 192.168.2.254 255.255.255.0 Quit quit creating vlan50 configuration IP vlan50 ip address 192.168.50.2 255.255.255.0
3. Configure RIP
Configure RIP on lsw2
Rip
Version 2 version
Network segment to be learned by network 192.168.1.0
Network segment to be learned by network 192.168.2.0
Network segment to be learned by network 192.168.30.0
Network segment to be learned by network 192.168.4.0
Configure RIP on lsw3
Rip
Version 2 version
Network segment to be learned by network 192.168.50.0
Network segment to be learned by network 192.168.4.0
Four. Test the interconnection of the whole network
In the client ping x.x.x.x (any client)
If the ping is viewed on a different level
Display vlan to check whether to create vlan and join the port
Display ip interface brief to see if the gateway is configured
Display port vlan to see if trunk is set
Display rip to see if RIP is set
five。 Configure the server
1. Configure in server1
Ip:192.168.30.88
Subnet mask: 255.255.255.0
Gateway: 192.168.30.254
DNSServer configuration in server information
Domain name: www.ntd1711.com
Ip address: 192.168.30.1
Start the server
two。 Configure in server2
Ip:192.168.30.1
Subnet mask: 255.255.255.0
Gateway: 192.168.30.254
HttpServer configuration in server information
Domain name: www.ntd1711.com
Create root directory: create a file in html format on any disk
two。 Configure in Client1
Ip:192.168.4.3
Subnet mask: 255.255.255.0
Gateway: 192.168.4.25
HttpClient configuration in server information
Enter address: www.ntd1711.com
See if you can get the file, if you can, succeed or fail.
six。 The specific requirements for creating an acl are as follows:
1. Any type of traffic between PC-1 and PC-2 cannot be intercommunicated.
2. PC-3 can ping 192.168.30.88 (server-2), but cannot ping www.ntd1711.com
3. Any type of traffic between PC-4 and PC-3 cannot be intercommunicated.
4. Client-1 can be ping www.ntd1711.com, but it cannot be opened through its own browser.
Web function in Server-2 (that is, www.ntd1711.com)
Seven.. Make it impossible for any type of traffic between PC-1 and PC-2 to communicate.
1. Create an ACL
[R2] acl 3000
[R2-acl-advance-3000] rule 5 deny ip source 192.168.1.1 0.0.0.0
Destination 192.168.1.2 0.0.0.0
Note: 192.168.1.1 source destination address
192.168.1.2 destination address
2. Call ACL
[R2] interface gi0/0/2
[R2-gi0/0/0] traffic-filter inbound acl 3000
3. Verify, test, save
Display acl 3000 / / View the configuration entry information of ACL
Display traffic-filter applied-record / / View the call information of ACL
PC1:
Ping 192.168.1.2, no
Ping other ok
8. PC-3 can ping 192.168.30.88 (server-2), but cannot ping www.ntd1711.com
1. Create an ACL in lsw2
[R2] acl 3000
[R2-acl-advance-3000] rule 5 deny ip source 192.168.2.1 0.0.0.0 destination 192.168.30.88 0.0.0.0
Note: 192.168.2.1 source destination address
192.168.30.88 destination address
2. Call ACL
[R2] interface gi0/0/3
[R2-gi0/0/0] traffic-filter inbound acl 3000
3. Verify, test, save
Display acl 3000 / / View the configuration entry information of ACL
Display traffic-filter applied-record / / View the call information of ACL
PC1:
Ping 192.168.30.88, no
Ping other ok
IX. Any type of traffic between PC-4 and PC-3 cannot be intercommunicated.
1. Create an ACL in lsw3
[R2] acl 3000
[R2-acl-advance-3000] rule 5 deny ip source 192.168.4.1 0.0.0.0 destination 192.168.1.2 0.0.0.0
Note: 192.168.4.1 source destination address
192.168.1.2 destination address
2. Call ACL
[R2] interface gi0/0/2
[R2-gi0/0/0] traffic-filter inbound acl 3000
3. Verify, test, save
Display acl 3000 / / View the configuration entry information of ACL
Display traffic-filter applied-record / / View the call information of ACL
PC1:
Ping 192.168.1.2, no
Ping other ok
ten。 Client-1 can ping www.ntd1711.com, but cannot turn on the web function in Server-2 through its own browser (that is, www.ntd1711.com)
1. Create an ACL in lsw3
[R2] acl name client1 advance
[R2-acl-advance-3000] rule 10 deny tcp source 192.168.4.3 0.0.0.0 destination 192.168.30.1 0.0.0.0
Note: 192.168.4.1 source destination address
192.168.1.2 destination address
Tcp: a protocol of http
2. Call ACL
[R2] interface gi0/0/2
[R2-gi0/0/0] traffic-filter inbound acl client1
3. Verify, test, save
Display acl name client1 / / View the configuration entry information of ACL
Display traffic-filter applied-record / / View the call information of ACL
Client1:
Enter: http;//www.ntd1711.com in http: ok if the result shows that it doesn't work.
Note:
1. For the same port and in the same direction, only one ACL can exist at the same time
2. If you want to change the ACL called on the port, you must:
First, delete the ACL call command on the port
Again, re-invoke a new ACL
3. ACL on the port, which is not allowed to be directly overwritten.
4. ACL in Huawei does not have matching traffic. It is allowed by default.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
