Shulou(Shulou.com)06/02 Report--

Rip realizes network interworking, and the application of acl

Network topology diagram

# configuration idea: first of all, the premise of configuring ACL can only be achieved if the interconnection of the whole network is ensured.

# next, let's get through the whole network.

# first configure the ip address of pc7,pc8,pc9 and switch lsw5.lsw6,lsw3 / / configure the left half first

# configure pc7

Ip address 192.168.10.1 255.255.255.0

Gateway 192.168.10.254

Other pc7, pc8 .pc9 are also available.

# configure switches lsw5,lsw6 and lsw3, and create vlan, add the corresponding ports to vlan, and the links between switches are all trunk links

# configure switch lsw5

# vlan 10, vlan 20

# interface g0/0/1

Pork link-type access

Port defautl vlan 10

Interface g0/0/2

Port link-type access

Port default vlan 20

# port-group group- member g0qqqqq3g0Uniqq0and5

Port link-type trunk

Port trunk allow-pass vlan all

# configure switching lsw6

# vlan 10

Interface g0/0/1

Port link-type access

Port default vlan 10

# port-group group-member g0amp 0ram 5g0amp 0 / 4

Port link-type trunk

Port trunk allow-pass vlan all

# configure switch lsw3

Create virtual gateway addresses for vlan 10, vlan 20, vlan 30, vlan 50, and configure vlan 10, vlan 20, vlan 30

Vlan 10, vlan 20, vlan 30, vlan 50

# port-group group-member g0/0/3 g0/0/4

Port link-type trunk

Port trunk allow-pass vlan all

Port-group group-member g0/0/2 g0/0/5

Port link-type access

Pork default vlan 30

# interface vlan 10

Ip address 192.168.10.254 255.255.255.0

Undo shutdown

Interface vlan 20

Ip address 192.168.20.254 255.255.255.0

Undo shutdown

Interface vlan 30

Ip address 192.168.30.254 255.255.255.0

Undo shutdown

# configure dns server and web server address

Ip address 192.168.30.1 255.255.255.0

Gate way 192.168.30.254 / / dns server

Ip address 192.168.30.88 255.255.255.0

Gateway 192.168.30.254 / / web server

# the left half of the company has been interconnected. Use the ping command to test:

# ping 192.168.30.88 / ping 192.168.30.1 / / as shown below

# from the above picture, we can see that the left side has been connected.

# next, configure the right side:

# match the ip address of pc 10 and pc 11 to client 1

Client 1

Ip address 192.168.40.3 255.255.255.0

Gateway 192.168.40.254

# other pc configurations are omitted

# configure switch lsw7 and create vlan40

# vlan 40

Port-group group-member g0Compact 1 g0qqqqqq0x0xxxxxxxxxxxxxxxxxxxxxxxxx

Port link-type access

Port default vlan 40

Interface g0/0/2

Port-link type trunk

Port trunk allow pass vlan all

Interface vlan 40

Ip address 192.168.40.254 255.255.255.0

Undo shutdown / / vlan40 virtual gateway

# configure lsw4

# interface g0/0/2

Port link type trunk

Port trunk allow pass vlan all

# create a vlan50 on lsw4,lsw3, and configure the ip address to join the corresponding port to vlan50

# vlan 50 / / on lsw4

Interface g0/0/1

Port link-type access

Port default vlan 50

# interface vlan 50

Ip address 192.168.50.2 255.255.255.0

# vlan 50 / / on lsw3

Interface g0/0/1

Port link-type access

Port default vlan 50

Undo shutdown

# interface vlan 50

Ip address 192.168.50.1 255.255.255.0

# next, configure rip routing to allow interconnection across the network

# configure rip routing on lsw3,lsw4

# rip

Version 2

Undo summary

Network 192.168.10.0

Network 192.168.20.0

Network 192.168.30.0

Network 192.168.50.0 / / configuration on lsw3

# rip

Version 2

Undo summary

Network 192.168.40.0

Network 192.168.50.0 / / configured on lsw4

# next, the entire network has been interconnected: ping command test:

# the above pictures show that the test is successful

# Let's do a little experiment:

1. No traffic can pass through pc 7 and pc 8:

# configure acl on lsw3 g0Compact 0Compact 3, deny outgoing, pc8 traffic

# Test with the command ping

2.pc9 can ping 192.168.30.88, but can't get through www.ntd1711.com.

# configure acl on lsw3 G0UniUniverse 4

Rule 5 deny ip source 192.168.10.2 0.0.0.0 destination 192.168.30.1 0.0.0.0 / / because www.ntd171.com relies on the dns server to resolve domain names, so I asked it to deny access to dns traffic, so it cannot access www.ntd1711.com, and it can also ping 192.168.30.88

# Test with the ping command as shown below:

There is no traffic between 3.pc9 and pc 10.

# configure acl in lsw4

/ / the traffic denied to pc10 is ok.

# Test with the ping command:

4.client1 can ping www.ntd1711.com, but web functions cannot be accessed through client

# configure acl

/ / reject tcp protocol for ok rule 5 deny tcp source 192.168.40.3 0.0.0.0 destination 192.168.30.88 0.0.0.0

# Test with ping command

# the above tests show that the test is successful

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.