In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Rip realizes network interworking, and the application of acl
Network topology diagram
# configuration idea: first of all, the premise of configuring ACL can only be achieved if the interconnection of the whole network is ensured.
# next, let's get through the whole network.
# first configure the ip address of pc7,pc8,pc9 and switch lsw5.lsw6,lsw3 / / configure the left half first
# configure pc7
Ip address 192.168.10.1 255.255.255.0
Gateway 192.168.10.254
Other pc7, pc8 .pc9 are also available.
# configure switches lsw5,lsw6 and lsw3, and create vlan, add the corresponding ports to vlan, and the links between switches are all trunk links
# configure switch lsw5
# vlan 10, vlan 20
# interface g0/0/1
Pork link-type access
Port defautl vlan 10
Interface g0/0/2
Port link-type access
Port default vlan 20
# port-group group- member g0qqqqq3g0Uniqq0and5
Port link-type trunk
Port trunk allow-pass vlan all
# configure switching lsw6
# vlan 10
Interface g0/0/1
Port link-type access
Port default vlan 10
# port-group group-member g0amp 0ram 5g0amp 0 / 4
Port link-type trunk
Port trunk allow-pass vlan all
# configure switch lsw3
Create virtual gateway addresses for vlan 10, vlan 20, vlan 30, vlan 50, and configure vlan 10, vlan 20, vlan 30
Vlan 10, vlan 20, vlan 30, vlan 50
# port-group group-member g0/0/3 g0/0/4
Port link-type trunk
Port trunk allow-pass vlan all
Port-group group-member g0/0/2 g0/0/5
Port link-type access
Pork default vlan 30
# interface vlan 10
Ip address 192.168.10.254 255.255.255.0
Undo shutdown
Interface vlan 20
Ip address 192.168.20.254 255.255.255.0
Undo shutdown
Interface vlan 30
Ip address 192.168.30.254 255.255.255.0
Undo shutdown
# configure dns server and web server address
Ip address 192.168.30.1 255.255.255.0
Gate way 192.168.30.254 / / dns server
Ip address 192.168.30.88 255.255.255.0
Gateway 192.168.30.254 / / web server
# the left half of the company has been interconnected. Use the ping command to test:
# ping 192.168.30.88 / ping 192.168.30.1 / / as shown below
# from the above picture, we can see that the left side has been connected.
# next, configure the right side:
# match the ip address of pc 10 and pc 11 to client 1
Client 1
Ip address 192.168.40.3 255.255.255.0
Gateway 192.168.40.254
# other pc configurations are omitted
# configure switch lsw7 and create vlan40
# vlan 40
Port-group group-member g0Compact 1 g0qqqqqq0x0xxxxxxxxxxxxxxxxxxxxxxxxx
Port link-type access
Port default vlan 40
Interface g0/0/2
Port-link type trunk
Port trunk allow pass vlan all
Interface vlan 40
Ip address 192.168.40.254 255.255.255.0
Undo shutdown / / vlan40 virtual gateway
# configure lsw4
# interface g0/0/2
Port link type trunk
Port trunk allow pass vlan all
# create a vlan50 on lsw4,lsw3, and configure the ip address to join the corresponding port to vlan50
# vlan 50 / / on lsw4
Interface g0/0/1
Port link-type access
Port default vlan 50
# interface vlan 50
Ip address 192.168.50.2 255.255.255.0
# vlan 50 / / on lsw3
Interface g0/0/1
Port link-type access
Port default vlan 50
Undo shutdown
# interface vlan 50
Ip address 192.168.50.1 255.255.255.0
# next, configure rip routing to allow interconnection across the network
# configure rip routing on lsw3,lsw4
# rip
Version 2
Undo summary
Network 192.168.10.0
Network 192.168.20.0
Network 192.168.30.0
Network 192.168.50.0 / / configuration on lsw3
# rip
Version 2
Undo summary
Network 192.168.40.0
Network 192.168.50.0 / / configured on lsw4
# next, the entire network has been interconnected: ping command test:
# the above pictures show that the test is successful
# Let's do a little experiment:
1. No traffic can pass through pc 7 and pc 8:
# configure acl on lsw3 g0Compact 0Compact 3, deny outgoing, pc8 traffic
# Test with the command ping
2.pc9 can ping 192.168.30.88, but can't get through www.ntd1711.com.
# configure acl on lsw3 G0UniUniverse 4
Rule 5 deny ip source 192.168.10.2 0.0.0.0 destination 192.168.30.1 0.0.0.0 / / because www.ntd171.com relies on the dns server to resolve domain names, so I asked it to deny access to dns traffic, so it cannot access www.ntd1711.com, and it can also ping 192.168.30.88
# Test with the ping command as shown below:
There is no traffic between 3.pc9 and pc 10.
# configure acl in lsw4
/ / the traffic denied to pc10 is ok.
# Test with the ping command:
4.client1 can ping www.ntd1711.com, but web functions cannot be accessed through client
# configure acl
/ / reject tcp protocol for ok rule 5 deny tcp source 192.168.40.3 0.0.0.0 destination 192.168.30.88 0.0.0.0
# Test with ping command
# the above tests show that the test is successful
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.