In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Experimental configuration diagram and requirements
1. Four host configuration addresses
PC1:PC1 > ip 192.168.100.100 192.168.100.1Checking for duplicate address...PC1: 192.168.100.100 255.255.255.0 gateway 192.168.100.1PC2:PC2 > ip 192.168.10.10 192.168.10.1Checking for duplicate address...PC1: 192.168.10.10 255.255.255.0 gateway 192.168.10.1PC3:PC3 > ip 192.168.10.20 192.168.10.1Checking for duplicate address...PC1: 192.168.10.20 255.255.255.0 gateway 192.168.10.1PC4:PC4 > ip 192.168.20.20 192.168.20.1Checking for duplicate address...PC1: 192.168.20.20 255.255.255.0 gateway 192.168.20.1
2. Configure two VLAN domains on the switch, F1 trunk 1 and F1 vlan 2 in VLAN 10, F1 Unix 3 in VLAN 20, and F1 Universe 0 configure the VLAN link. Finally, the routing function is turned off.
Sw#conf tsw (config) # vlan 10 20sw (config-vlan) # exsw (config) # do show vlan-sw bVLAN Name Status Ports -1 default active Fa1/0 Fa1/1, Fa1/2, Fa1/3 Fa1/4, Fa1/5, Fa1/6, Fa1/7 Fa1/8, Fa1/9, Fa1/10, Fa1/11 Fa1/12, Fa1/13, Fa1/14 Fa1/1510 VLAN0010 active 20 VLAN0020 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup sw (config) # int f1/3sw (config-if) # sw mo accsw (config -if) # sw acc vlan 20sw (config-if) # exsw (config) # do show vlan-sw bVLAN Name Status Ports -- 1 default active Fa1/0 Fa1/4, Fa1/5, Fa1/6 Fa1/7, Fa1/8, Fa1/9, Fa1/10 Fa1/11, Fa1/12, Fa1/13 Fa1/14 Fa1/1510 VLAN0010 active Fa1/1 Fa1/220 VLAN0020 active Fa1/31002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup sw (config) # int f1/0sw (config-if) # sw mo tsw (config-if) # sw t en dotsw (config-if) # exsw (config) # no ip routing / / turn off routing
3. In the layer 3 switch, port f1amp 1 closes the switching port, configures the gateway address, port f1amp 0 configures the trunk link, and puts the gateway address in vlan 10,20.
Sw-3#conf tsw-3 (config) # int f1/1sw-3 (config-if) # no switchport sw-3 (config-if) # ip add 192.168.100.1 255.255.255.0sw-3 (config-if) # no shutsw-3 (config-if) # do show ip int bInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down FastEthernet1/0 unassigned YES unset up up FastEthernet1/1 192.168.100.1 YES manual up up FastEthernet1/2 unassigned YES unset up Down FastEthernet1/3 unassigned YES unset up down FastEthernet1/4 unassigned YES unset up down FastEthernet1/5 unassigned YES unset up down FastEthernet1/6 unassigned YES unset up down FastEthernet1/7 unassigned YES unset up Down FastEthernet1/8 unassigned YES unset up down FastEthernet1/9 unassigned YES unset up down FastEthernet1/10 unassigned YES unset up down FastEthernet1/11 unassigned YES unset up down FastEthernet1/12 unassigned YES unset up down FastEthernet1/13 unassigned YES unset up down FastEthernet1/14 unassigned YES unset up down FastEthernet1/15 unassigned YES unset up down Vlan1 unassigned YES unset up up sw -3 (config-if) # exsw-3 (config) # vlan 10 20swmur3 (config-vlan) # int vlan 10sw-3 (config-if) # ip add 192.168.10.1 255.255.255.0sw-3 (config-if) # no shutsw-3 (config-if) # exsw-3 (config) # int vlan 20sw-3 (config-if) # ip add 192.168.20.1 255.255.255.0sw-3 (config-if) # no shutsw-3 (config-if) # exsw-3 (config) # int f1/0sw-3 (config-if) # sw mo tsw-3 (config-if) # sw t en dotsw-3 (config-if) # do show ip route Codes: C-connected S-static, R-RIP, M-mobile, B-BGP D-EIGRP, EX-EIGRP external, O-OSPF, IA-OSPF inter area N1-OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1-OSPF external type 1, E2-OSPF external type 2i-IS-IS, su-IS-IS summary, L1-IS-IS level-1, L2-IS-IS level-2 ia-IS-IS inter area, *-candidate default U-per-user static route o-ODR, P-periodic downloaded static routeGateway of last resort is not setC 192.168.10, 24 is directly connected, Vlan10C 192.168.20.0, Vlan20C 192.168.100.0, 24 is directly connected, FastEthernet1/1
4. At this time, the four hosts can ping each other, that is, the interconnection of the whole network.
PC2 > ping 192.168.100.100192.168.100.100 icmp_seq=1 timeout84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=35.971 ms84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=41.517 ms84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=31.738 ms84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=35.188 msPC2 > ping 192.168.10.20 84 bytes from 192.168.10.20 Icmp_seq=1 ttl=64 time=0.505 ms84 bytes from 192.168.10.20 icmp_seq=2 ttl=64 time=0.000 ms84 bytes from 192.168.10.20 icmp_seq=3 ttl=64 time=0.000 ms84 bytes from 192.168.10.20 icmp_seq=4 ttl=64 time=0.000 ms84 bytes from 192.168.10.20 icmp_seq=5 ttl=64 time=0.000 msPC2 > ping 192.168.20.20192.168.20.20 icmp_seq=1 timeout84 bytes from 192.168.20.20 icmp_seq=2 ttl=63 time=31.229 ms84 bytes from 192.168.20.20 Icmp_seq=3 ttl=63 time=37.597 ms84 bytes from 192.168.20.20 icmp_seq=4 ttl=63 time=31.007 ms84 bytes from 192.168.20.20 icmp_seq=5 ttl=63 time=40.123 ms
5. Create a named control list on a layer 3 switch and define the rules in it
Sw-3 (config) # ip access-list standard kgcsw-3 (config-std-nacl) # permit host 192.168.10.10sw-3 (config-std-nacl) # deny 192.168.10.0 0.0.0.255sw-3 (config-std-nacl) # permit anysw-3 (config-std-nacl) # exsw-3 (config) # do show access-listStandard IP access list kgc 10 permit 192.168.10.10 20 deny 192.168.10.0 Wildcard bits 0.0.0.255 30 permit anysw-3 (config) # int f1/1sw-3 (config-if) # ip access-group kgc out / / Policy is applied to the gateway
6. Result test
PC3 in vlan 10 is prohibited from accessing PC1
PC3 > ping 192.168.100.100 * 192.168.10.1 icmp_seq=1 ttl=255 time=30.919 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=2 ttl=255 time=16.133 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=3 ttl=255 time=31.012 ms (ICMP type:3, code:13, Communication administratively prohibited) * 192.168.10.1 icmp_seq=4 ttl=255 time=22.354 ms (ICMP type:3, code:13) Communication administratively prohibited) * 192.168.10.1 icmp_seq=5 ttl=255 time=15.630 ms (ICMP type:3, code:13, Communication administratively prohibited)
PC2 in vlan 10 is allowed to access PC1
PC2 > ping 192.168.100.100 192.168.100.100 icmp_seq=1 timeout192.168.100.100 icmp_seq=2 timeout84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=35.353 ms84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=31.321 ms84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=31.239 ms
Hosts of other network segments (20 network segments) are allowed to access PC1
PC4 > ping 192.168.100.10084 bytes from 192.168.100.100 icmp_seq=1 ttl=63 time=32.766 ms84 bytes from 192.168.100.100 icmp_seq=2 ttl=63 time=31.240 ms84 bytes from 192.168.100.100 icmp_seq=3 ttl=63 time=31.244 ms84 bytes from 192.168.100.100 icmp_seq=4 ttl=63 time=31.329 ms84 bytes from 192.168.100.100 icmp_seq=5 ttl=63 time=31.067 ms
The experiment is successful, thank you for your encouragement and support!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
