一、组网需求:
1.SwitchA与SwitchB用trunk互连,相同VLAN的PC之间可以互访,不同VLAN的PC之间禁止互访;
2.PC1与PC2之间在不同VLAN,通过设置上层三层交换机SwitchB的VLAN接口10的IP地址为10.1.1.254/24,VLAN接口20的IP地址为20.1.1.254/24可以实现VLAN间的互访。
二、 组网图:
(一)、VLAN内互访,VLAN间禁访
1 实现VLAN内互访VLAN间禁访配置过程
SwitchA相关配置:
1.创建(进入)VLAN10,将E0/1加入到VLAN10
[SwitchA]vlan 10
[SwitchA-vlan10]port Ethernet 0/1
2.创建(进入)VLAN20,将E0/2加入到VLAN20
[SwitchA]vlan 20
[SwitchA-vlan20]port Ethernet 0/2
3.将端口G1/1配置为Trunk端口,并允许VLAN10和VLAN20通过
[SwitchA]interface GigabitEthernet 1/1
[SwitchA-GigabitEthernet1/1]port link-type trunk
[SwitchA-GigabitEthernet1/1]port trunk permit vlan 10 20
SwitchB相关配置:
1.创建(进入)VLAN10,将E0/10加入到VLAN10
[SwitchB]vlan 10
[SwitchB-vlan10]port Ethernet 0/10
2.创建(进入)VLAN20,将E0/20加入到VLAN20
[SwitchB]vlan 20
[SwitchB-vlan20]port Ethernet 0/20
3.将端口G1/1配置为Trunk端口,并允许VLAN10和VLAN20通过
[SwitchB]interface GigabitEthernet 1/1
[SwitchB-GigabitEthernet1/1]port link-type trunk
[SwitchB-GigabitEthernet1/1]port trunk permit vlan 10 20
(二)、通过三层交换机实现VLAN间互访
通过三层交换机实现VLAN间互访的配置
SwitchA相关配置:
1.创建(进入)VLAN10,将E0/1加入到VLAN10
[SwitchA]vlan 10
[SwitchA-vlan10]port Ethernet 0/1
2.创建(进入)VLAN20,将E0/2加入到VLAN20
[SwitchA]vlan 20
[SwitchA-vlan20]port Ethernet 0/2
3.将端口G1/1配置为Trunk端口,并允许VLAN10和VLAN20通过
[SwitchA]interface GigabitEthernet 1/1
[SwitchA-GigabitEthernet1/1]port link-type trunk
[SwitchA-GigabitEthernet1/1]port trunk permit vlan 10 20
SwitchB相关配置:
1.创建VLAN10
[SwitchB]vlan 10
2.设置VLAN10的虚接口地址
[SwitchB]interface vlan 10
[SwitchB-int-vlan10]ip address 10.1.1.254 255.255.255.0
3.创建VLAN20
[SwitchB]vlan 20
4.设置VLAN20的虚接口地址
[SwitchB]interface vlan 20
[SwitchB-int-vlan20]ip address 20.1.1.254 255.255.255.0
5.将端口G1/1配置为Trunk端口,并允许VLAN10和VLAN20通过
[SwitchA]interface GigabitEthernet 1/1
[SwitchA-GigabitEthernet1/1]port link-type trunk
[SwitchA-GigabitEthernet1/1]port trunk permit vlan 10 20