Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Configuration and Analysis of VLAN

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Request:

Vlan10 internal mainframe interconnection: 192.168.10.Universe 24 GW=192.168.10.254

Vlan10 internal mainframe interconnection: 192.168.10.Universe 24 GW=192.168.10.254

Vlan10/88 interworking

Vlan10/20 's IP address plan remains unchanged

The address of vlan88 is random, so make sure it is interoperable.

Method one is to use ACL

Ideas and steps:

1. Configure sw1 to create vlan10 20 add 1 / 2 ports to their respective vlan 3 4 ports in trunk mode

two。 Configure sw2 to create vlan10 20 add 1 / 2 ports to their respective vlan 3 4 ports in trunk mode

3. Configure sw3 to create vlan10 20 88 will be 1. Port 2 is trunk mode and port 3 joins vlan88

Configure vlanif 10 ip:192.168.10.254 255.255.255.0

Configure vlanif 20 ip:192.168.20.254 255.255.255.0

Configure vlanif 88 ip:192.168.88.254 255.255.255.0

4. Configure pc1 ip192.168.10.1 255.255.255.0 gw 192.168.10.254

Configure pc2 ip192.168.20.1 255.255.255.0 gw 192.168.20.254

Configure pc3 ip192.168.10.2 255.255.255.0 gw 192.168.10.254

Configure pc4 ip192.168.20.2 255.255.255.0 gw 192.168.20.254

Configure server1 ip 192.168.88.1 gw 192.168.88.254

At this time, the whole network can be connected with ping.

5. Create an acl on sw3 so that the 10 network segment cannot ping the 88 network segment

Acl name pc10-88

Rule 5 deny ip sourse 192.168.10.0 0.0.0.255 destianation 192.168.88.1 0.0.0.0

When entering port 24, call

Interface g0/0/24

Traffic-filter outbound acl name pc10-88

(at this time, the host of the 10 network segment cannot access the server)

6. Create an acl on the sw1 so that the 10 network segment cannot ping the 20 network segment (see STP to know the 0 side of the sw3

Port is a blocking port)

Acl name pc10-20

Rule 5 deny ip sourse 192.168.10.0 0.0.0.255 destianation 192.168.20.0 0.0.0.255

When entering port 3, call

Interface g0/0/3

Traffic-filter outbound acl name pc10-20

(hosts with 10 network segments cannot access 20 network segments at this time)

-= =

Method 2 use hybird

Looking at the switch stp, we can see that port 2 of sw3 is blocking port sw2 is the root bridge

You can know the direction of the traffic.

Ideas and steps:

1. Configure sw1 to create vlan10 20 88

Configure hybrid on port 1

Port hybrid untagged vlan 10

Port hybrid pvid vlan 10

Configure hybrid on port 2:

Port hybrid untagged vlan 20 88

Port hybrid pvid vlan 20

Configure hybrid on port 3:

Port hybrid tagged vlan 10 20 88

Configure hybrid on port 4:

Port hybrid tagged vlan 10 20 88

two。 Configure sw2 to create vlan10 20 88

Configure hybrid on port 1

Port hybrid untagged vlan 10

Port hybrid pvid vlan 10

Configure hybrid on port 2:

Port hybrid untagged vlan 20 88

Port hybrid pvid vlan 20

Configure hybrid on port 3:

Port hybrid tagged vlan 10 20 88

Configure hybrid on port 4:

Port hybrid tagged vlan 10 20 88

3. Configure sw3 to create vlan10 20 88

Configure hybrid on port 1

Port hybrid tagged vlan 10 20 88

Configure hybrid on port 2:

Port hybrid tagged vlan 10 20 88

Configure hybrid on port 3:

Port hybrid untagged vlan 20 88

Port hybrid pvid vlan 88

4. Configure the gateway for vlan 10 20 88 on sw3

Vlan10:192.168.10.254 255.255.255.0

Vlan20:192.168.20.254 255.255.255.0

Vlan88:192.168.88.254 255.255.255.0

5. Configure pc1 ip192.168.10.1 255.255.255.0 gw 192.168.10.254

Configure pc2 ip192.168.20.1 255.255.255.0 gw 192.168.20.254

Configure pc3 ip192.168.10.2 255.255.255.0 gw 192.168.10.254

Configure pc4 ip192.168.20.2 255.255.255.0 gw 192.168.20.254

Configure server1 ip 192.168.88.1 gw 192.168.88.254

6.vlan10 PCs can communicate with each other by ping, but not ping between service machines and vlan20 PCs.

Vlan20PC can ping the server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration ports network segments hosts modes services ideas methods steps blocking between switches whole networks addresses traffic gateways bridges planning analysis vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Information MySQL Docker Shulou Technology Xiaomi MariaDB Huawei NVidia Redmi Linux Apple OPPO Reno macOS Shulou Tech Info vpn Microsoft Shulou Information MySQL Docker Shulou Technology Xiaomi MariaDB Huawei NVidia Redmi Linux Apple OPPO Reno macOS Shulou Tech Info vpn Microsoft

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report